I have heard plenty this past year from CIOs and other IT leaders about concerns over the endpoint management of mobile devices and of mobile apps – both areas for which enterprise-class tools have emerged to assuage those fears without straitjacketing users. In other words, they are tools to enable the post-PC era to take root. What I had not considered is that the network itself is not architected to handle the post-PC environment rapidly developing at many businesses. LANs are generally designed under the assumption each user works in a designated space, so an Ethernet port is a proxy for a specific user. LANs were designed at a time when people used desktop PCs, not laptops, so the assumption was that the PC attached to that port was the same on each occasion. Why the old network doesn't fit the post-PC workplace
Even as many users switched to laptops, the LAN architecture assumed the fixed relationship. And as businesses deployed wireless LANs, in most cases they relied on simple access-point password management: If you knew the password, you were on the network. After all, confidential information was behind the VPN (or should have been), so there was an extra layer of protection for critical data and apps. But this essentially anonymous connection to the network via wireless LANs meant that IT had no idea who was doing what where. IT could see the traffic on each subnet and access point, but not really understand the reasons for the traffic or the nature of who was on the network. Now, as employees bring in iPads, iPhones, and other mobile devices, they can connect via wireless LANs only, as there are no Ethernet ports on these devices. All the new devices connect as essentially unknown quantities. Paranoid organisations have locked their PCs (desktop and laptop) with credentials and restrictive administration policies, so only the computers and applications they issued could access the wired or wireless LANs. Such people could also track where the credentials were being used, to monitor employee network behaviour, whether for security purposes or for reprovisioning of network resources on the fly (or both). But this reliance on locked-down, credentialed PCs also meant that the new breed of devices are locked out completely, as their PC management tools are clueless about mobile devices and have no way to issue credentials to them. That has the danger of turning these paranoid companies into dinosaurs where no one under the age of 35 would want to work. Mobile device management tools can issue such credentials on iOS devices, and BlackBerry Enterprise Server does so for BlackBerrys. However, these tools are typically triggered by requests for email access through mail servers that support the Exchange ActveSync (EAS) protocol, so many devices remain uncredentialed. A unified network that assumes multiple, heterogenous devices
Those are the circumstances that network engineers at its client companies described to Aruba Networks. From these reports, Aruba developed the notion of a single network, one that doesn't act differently for wired and wireless connections and doesn't assume only one type of device. Also, any device accessing the network should be issued a credential and tracked, whether for security or resource management purposes. Aruba has released a set of wired switches, wireless access points, iPad/iPhone self-registration, VPN and other network management tools under the Mobile Virtual Enterprise moniker to address this notion. If deployed, the system gives you a universal network fabric across wired, wi-fi, and outside-the-building internet and 3G connections that can tell what specific devices are on the network, without traffic and management tools having to jump on and off different network systems. If your concern is security, you can quarantine new devices until they pass whatever verification you set up, then associate them to a user profile and manage their network access accordingly. If your concern is network resource management, you can track the now-identified devices' usage and location patterns, then provision resources on the fly as needed. For example, if 12 users bring their iPads to a conference room and their usage histories show they consume a lot of streaming media (aha! a marketing meeting), you can have the network increase the bandwdith to that room or direct surrounding users' traffic elsewhere. The focus of the new tools is mainly on iPads and iPhones, Melkote notes, for two reasons: First, those are primarily what users are bringing in to the workplace. Second, iOS supports credentials and has the other supporting technologies needed for Aruba to deliver its management capabilities. Melkote expects Android support later, as that platform's security and management capabilities improve and as users start to bring them to work in significant numbers. Given the rise of people taking their own MacBooks to the office, Melokite says Mac OS X support is also in the works for credential delivery; Mac VPN support is now available. What Aruba has done makes a lot of sense. In the post-PC world, the devices people use will vary considerably. They will work with multiple devices, and the device mix will change over time. The application picture will remain heterogeneous. Your network should be designed for this post-PC world – after all, the network is what connects your company, your information, and your people. It needs to be as smart and flexible as they are. Gruman is an executive editor at InfoWorld