One of the monumental shifts in telecommunications and enterprise networking during the past century was the ascendency of the Internet protocol. The reason that it is so powerful is simple: Everything is divisible to the same basic language. Instead of French, English, Russian and Turkish, the world’s networks all talk in Esperanto.
Myriad advantages come with this, but one big issue: Video, voice and data are sent through the same network. Vital and incidental pieces of information – sales results and the menu in the cafeteria – are carried alongside each other. The comingling of so many applications and so much data actually has two implications: If the network goes down, losers have no connectivity, and the data that must be secured becomes more cumbersome.
Writing at Continuity Central, Multitone Marketing Director Andrew Jones deals with the practical issues of offering VoIP over Wi-Fi. While his comments do not focus on security and business continuity issues, the basic idea of the prudence of integrating functions on a selective and non-universal basis is relevant to that discussion. Jones writes that unifying communications in one network is a general trend. However, he suggests that it may be prudent to make a counter-intuitive move and separate voice and data.
There are, of course, ways of keeping things separate without going to the extreme of creating completely discrete networks (such as legacy phone and cable networks). Two of these are described in this response to a question posed by an AVNetwork reader to Phil Hippensteel, an instructor at Penn State Harrisburg.
A virtual local-area network (VLAN) segregates tenants on a network based on their hardware or media access control (MAC) addresses. A subnet is a range of IP addresses. The details, of course, are very complicated. The bottom line is that each enables unique attributes, including security, to be implemented. The subnet detailing how the company did last quarter would have higher security than the one informing folks that the lunch on Thursday will be mac and cheese.
Conceptually, what Aaron Hand at AutomationWorld and Dan McGrath at Manufacturing Business Technology discuss in relation to industrial operations covers the same ground that network planners should cover. The goal is security through segmentation into separate subnets and VLANs.
Writes McGrath, who is the industrial automation solutions manager at Panduit:
In these open networks, different areas of the plant should be split into their own separate VLANs based on functionality or location. These zones establish domains of trust for security access and smaller local area networks (LANs) to shape and manage network traffic. For example, establish an Automation DMZ between the Enterprise Zone and the Manufacturing Zone, which creates a barrier between the Industrial and Enterprise Zones that still allows data and services to be shared securely. All network traffic from either Enterprise or Manufacturing Zones terminates in the Automation DMZ.
The thread running through the creation of discrete networks, VLANs and subnets in either telecommunications or enterprise networking is clear: Savvy segregation of traffic is an important step in disaster recovery, business continuity and security. For networks, the saying well can be: United we fall, divided we stand.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at [email protected] and via twitter at @DailyMusicBrk.