Networks have transformed over the years from disparate, hardwired systems to integrated multi-layered systems with a combination of hardwired and wireless access points, and an amalgamation of devices all going back to the same place.
But modern network design doesn’t have to be a headache for security integrators. In fact, as Julian Kennedy, vertical lead at NVT Phybridge, Oakville, Ontario, Canada, puts it, “You don’t need to be a network guru to set up a safe, secure network.” Following is advice that experts in this arena say integrators should consider with any network design project.
1 Communicate with the customer.
Something to keep in mind throughout an entire network design process, say experts, is for integrators to keep up a line of communication between themselves and the end users. “Communicate with the end user’s IT department,” says Bob Dolan, director of technology at Anixter Inc., Glenview, Ill. “They usually have very specific design requirements that they want followed for manufacturer, physical layout, network design, IP address schemes, etc.”
Frank (Skip) Haight, vice president of marketing at Communication Networks (ComNet), Danbury, Conn., advocates talking to the customer about their expectations for the network. “Look into the future with them and talk about the resolution of their cameras, talk about where they want to be and where they think they are going to be,” he says.
When it comes to communication during the design phase, budget is up there at the forefront in terms of challenges for the integrator to manage, balancing performance, network needs, reliability and more. “You’ve got to be upfront with customers and help them recognize that the infrastructure you put in has a direct impact on the performance of the network,” says John Epeneter, product manager at Luxul, Draper, Utah.
2 Complete a site survey.
Another challenge for security integrators when it comes to network design is preparation, says Evan Davis, senior manager of solutions engineering at TRENDnet, Torrance, Calif. “Knowing how to do a proper site survey to determine what types of technology you have and would use is important,” Davis says. For example, with devices that will run wirelessly, he says to take a look at the neighboring networks, see what bands those devices are running on, and make sure there isn’t any interference.
Michael Brandenburg, industry analyst, connected work and digital transformation at Frost & Sullivan, San Antonio, Texas, and author of the white paper, “The Modern LAN: Rethinking Network Design for the Modern Age,” says that there are very few green field projects when it comes to network design today. Therefore, a security integrator needs to consider what is already on the network before adding more. “Understanding what has been living on the network is huge. There needs to be a more holistic approach, because often we just layer things on top of the network without thinking of the whole solution,” he says.
“Questions include, what’s the purpose of the network; what are the types of devices utilized on the network; what is the load of usage and the quantity of devices and quantity of users; and what type of access does [the customer] want,” says Mike Grubb, vice president of marketing at Luxul. If the project will use Wi-Fi access points, security integrators must research the area of coverage and the construction type as certain construction materials such as rock or mirrors may inhibit signals from transferring data, Grubb adds.
Dolan says that when different systems technologies, such as video, access control and mass notification are combined, decisions change at the design level. In addition, he says, with video surveillance, each application — whether it be identification, recognition, observation, detection or monitoring — requires a specific performance level of a particular device, which will ultimately affect the design.
The site survey also allows security integrators to take inventory and determine what, if anything, on the existing network or infrastructure could possibly be reused or repurposed, potentially saving the integrator and end user money, says John Kirkpatrick, vice president of marketing at NVT Phybridge.
3 Plan from the outside in.
One of the fundamental mindsets that can help a security integrator solve the challenge of what infrastructure is needed for a network design project is beginning with the devices that will be going onto the network, says Brandenburg of Frost & Sullivan, who spent 15 years in the IT industry before becoming an analyst. “You have to look at things differently. In the past, everything was focused on the data center and a push toward consistency for the same hardware to create a homogeneous network, but that doesn’t necessarily reflect the needs of the network. You may be overbuying in the end or it doesn’t reflect the network survey,” he says.
Brandenburg says that integrators should start from the outside, looking at the device that will be connected and what power, speed and bandwidth that particular device needs to function optimally. “It’s a conscious right-sizing, tailoring to what you actually need. You will end up having a broader set of network switch tools that fit exactly with what is being deployed rather than having something that serves everything adequately well.”
Looking at endpoints first helps security integrators determine product needs for the infrastructure of a project, according to Kirkpatrick.
4 Plan for security.
One of the simplest ways for security integrators to plan a secure network during the design phase is to separate like devices on different subnets and then converge them into a shared network, according to Giancarlo Fanelli, CTO at Domotz, Salt Lake City. “A good recommendation, especially in the security space, is to segregate the network across multiple VLANs for several purposes, including cyber security and traffic distribution, in order not to saturate the main network,” he says. Fanelli says that it is a good practice to build dedicated subnets with only audio/video, access control or security devices. By segregating the routes behind a firewall (or managed switch) the security integrator both improves network security and isolates endpoint problems to a specific network segment, allowing the rest of the main network to remain secure.
“Cyber security issues can bleed across the network, so we advocate connecting similar devices together,” Brandenburg says. He goes on to say that there are always exceptions that have to be dealt with during the designing of a network, such as long range or wireless devices sitting 500 feet away from the rest of the similar devices, but that those exceptions should be dealt with in a consistent way.
5 Determine how the customer wants access.
Another important consideration is how the customer wants to access the data from the security devices that will be on the network and how many people will be accessing the information — on premise or remotely. “Integrators need to consider the type of access [the customer] wants,” Epeneter says. “Do they want access to NVR only or do they want access to NVR and individual cameras? Do they want to access the data remotely or only locally?”
While it might not substantially change the network design itself, the integrator must look at the configuration of the router at the edge and ensure that the data coming out of the network to the cloud will be secure. “If the customer wants to access video on the premise and not on the cloud, integrators must consider an appropriate VPN solution that is not only secure, but easy to use and also consider whether the internet provider has a static or dynamic IP address,” Epeneter explains. If the customer wants to access security devices remotely, they may need a Dynamic DNS (Domain Name System) service to do that depending on their ISP (Internet Service Provider).”
Davis adds that if the end user or integrator will need to remotely manage and troubleshoot the network, then they should consider managed switches during the design phase that will ultimately allow them to do that. “If you want to manage everything on the network remotely, that’s where you want a switch that has management capabilities. That’s not always the case with all services, but it needs to be considered,” Davis says.