Manage Learn to apply best practices and optimize your operations.

Protect access layers from BYOD node creep

Bring your own device doesn't mean bring your own network support. What is BYOD doing to your data center's network resources?

CIOs, system administrators and other IT decision makers, take note -- the supposed cost savings associated with BYOD may actually cost you in other areas.

The bring your own device (BYOD) phenomenon is a peculiar development in technological evolution, and it isn't going away. The many tentacles of this relatively new concept reach into various areas of the enterprise, most profoundly, the data center.

Wi-Fi connectivity to wireless local area networks places an increasingly heavy burden on network resources. As more enterprise networks reside in data center architectures, this increased load is the hidden cost of BYOD.

Rather than restrict consumerization to conserve network resources, many organizations embrace BYOD. Employees are permitted to bring their own wireless devices into their respective networks, as opposed to the enterprise furnishing hardware. BYOD exponentially increases the number of wireless access points (WAPs) on the network. This, in turn, creates a domino effect with respect to data center architecture: Each WAP is a member of a virtual LAN, which necessitates more layer 2 network switches, which changes the data center's access layer topology, which at some point forces the distribution layer configuration to change, and so on and so forth.

Every item in a traditional data center architecture resides in the access layer, the aggregation (or distribution) layer or the core. Access layers are closest to the end users. The aggregation layer pulls together every packet from access layers and properly delivers them to the core. The core layer, or backbone of the data center, typically faces the Internet. Its routers normally use interfaces rated for a minimum of 10 Gigabit Ethernet (GbE), or 40 GbE and 100 GbE at some Internet service providers. In this scenario, access layers are most prone to node creep from BYOD. As WAPs grow, layer 2 switches reach capacity and admins need to deploy more to accommodate additional wireless infrastructure.

Learn more about BYOD and networking

Four IT shops, four BYOD strategies

Tips for securing BYOD access

Unusual 'Ds' in the BYOD scheme

One way to approach this problem is via a bandwidth-conservation policy. System administrators block throughput hogs such as YouTube and other audio/video applications that strain networks.

If restrictions are too simplistic or draconian, CIOs may lobby for a rapid migration to the up-and-coming IEEE 802.11ac, or Gigabit Wi-Fi technology. More end users can use fewer wireless access points, protecting the access layer from major changes. Each organization must evaluate IEEE 802.11ac on a case-by-case basis.

Organizations can implement Wi-Fi hotspots, outfitting certain areas with WAPs. All attempts to access network resources via Wi-Fi must take place within those areas, effectively limiting node creep. Wi-Fi hotspots also allow system administrators to more accurately monitor what exactly is connected to their network, giving a narrowed threat vector. Hotspots may not be so unpalatable for end users, either, due greatly to the growing popularity of 4G cellular technology.

The continued improvement of 4G may render BYOD accommodations moot -- to a certain degree.

Dig Deeper on SDN and other network strategies

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Does your enterprise allow BYOD? Why or why not?
Due to less hardware purchase and only allowed 3G device technology, and it allows user to have it in their possession all the time. when device is connected, the same organization rules applies as work policy.
Sure. But we're small enough that each person is their own IT department. See my note on BYOIT elsewhere. My philosophy as the business owner is that if the device makes you more productive and doesn't jeopardize company data, then use it. Simple as that.
Having implemented wireless at a former employer I don't understand why if there is a proper wireless strategy in place there would be a need for additional WAPs. In my case a scoping exercise and collaboration with LOBs identified areas which were required, following heat mapping for proper placement we never had the need to alter WAP locations nor add additional WAPs.

Additionally the team took into account indicative throughput levels to ensure user response times were not impacted, especially given the need to publish several internal SSIDs and integrating the system with the digital radio system for emergency response staff on site.