Campus Networks: Are You Seeing Everything?
Designing a secure multi-site Visibility Architecture
Some of us may hear the word campus and picture that classic movie scene of a college campus buzzing with energy and laughter, its trees burning bright red and orange at the peak of autumn. Maybe an old clocktower ringing in the distance as students rush to class or toss a football in front of the library.
But, for you IT gurus, a campus network probably comes to mind first along with the understanding that campus networks aren’t only for college and university settings as the name might imply. A campus network is a network of interconnected local area networks (LANs) that delivers connectivity to end users and devices in a single geographical area.
A campus network is much smaller than a wide area network (WAN) with a typical range being less than a mile and up to a few miles in some instances. Campus networks can entail multiple floors in a building, a wing, an entire building or a cluster of buildings within a limited geographic area. Sure, campus network deployment on college and university campuses is common, but this type of network is also typical for military bases, corporate and industrial campuses, retail districts or groups of government buildings in close proximity.
*Example of a campus visibility network architecture *
As you can imagine, a campus network in itself is somewhat complex. Creating a visibility architecture, an end-to-end infrastructure of hardware and software that enables IT to control and optimize network performance and security is equally complex. A simple hub and spoke design will not work for a campus network.
When designing and building a visibility architecture for a multisite campus network, there are several things to consider in implementing a reliable and scalable solution that includes:
- Network topology and clustering options
You’ll have to decide how you want to connect multiple network packet brokers (NPBs) and other visibility architecture components like network taps and bypass switches. You may want to start with a basic spine-and-leaf topology. - Flexibility and agility to make changes
You must be able to reconfigure NPB clusters to adapt to changes and quickly add, remove or reconfigure security and monitoring tools. - Taps or SPANs?
SPAN ports get overloaded as traffic increases, resulting in dropped data packets before they even leave the campus network. Your security tools won’t have full visibility across the network if packets are missing. While network taps cost more than SPAN ports, taps are physical devices that are un-hackable. They copy data packets so you can monitor your network without jeopardizing network performance or integrity. Taps are plug-and-play and easy to install with no costly hands-on management or engineering required. To help you make this critical design decision, visit our Taps vs SPAN webpage. - Inline Security - Transport Layer Security (TLS) 1.3 offers tighter network security but it also poses visibility challenges for encrypted traffic. Tools that don’t support TLS 1.3 can’t see into this traffic, but you can centrally manage decryption with an inline deployment of NPBs that offload your expensive tools and deliver decrypted and filtered traffic to them for analysis. Cybercriminals often hide malware and viruses in encrypted data packets so your NPB must be able to perform SSL decryption to identify malicious traffic and prevent attacks. This is especially critical for multi-site campus network environments.
Keysight's NPB software stack includes NetStack, AppStack, PacketStack, and SecureStack. These solutions unlock advanced capabilities that enable intelligent context aware visibility with features such as deduplication, header stripping, geo location and tagging, data masking, burst protection and of course SSL decryption.
I may not know all of the ins and outs of network design, but our Product Managers do and they created a helpful guide to get you started. If you manage a campus network or are thinking about one, get all the details in Keysight’s Campus Visibility Deployment Guide. Our network experts have packed this 29-page AppNote with everything you need to know to build a secure end-to-end visibility architecture for your campus.
Explore Keysight’s full network visibility portfolio at: https://www.keysight.com/us/en/solutions/network-visibility.html