Blog

3 First Steps When Migrating Security Services to a 100Gb Network

André Vink By: André Vink December 28, 2017

There are many reasons why you might need to migrate to a newer, faster network, such as the need to reduce costs, upgrade from obsolete hardware, or the need for more bandwidth. Where there was once a time when 1Gb was considered the standard for cutting edge networks, today's IT managers and network administrators have their eyes set on the 100Gb network challenge.

While this option opens up a world of possibilities for network functionality and capabilities, it’s important to consider certain factors when upgrading your network.

Careful planning is fundamental in order to ensure no delays or downtime. In this blog, we focus on 3 important aspects you should consider when migrating security services to a 100Gb network.

1. Supporting a 100Gb data interface

It's important to remember that deployed security devices may lack the necessary 100Gb interface link to connect to a 100Gb network, and the cost of such an integrated interface can be prohibitively expensive.

Next generation network packet brokers are cost-effective solutions that are able to facilitate this type of service migration. They allow you to connect a lower rate interface to a higher rate link by handling traffic grooming and aggregation. Moreover, next generation packet brokers can be combined with a failsafe bypass technology that safeguards the network link even when the inline security appliance is down, ensuring service availability.

 2. Tools needed to cope with increasing amounts of traffic

Once you have successfully connected your security devices to the new network, your next challenge to address is how to support the gradual increase in data throughput and the increased traffic processing requirements that it generates. Some inline security appliances, such as firewalls, may have a significantly higher incremental cost of increasing processing power to handle the increased data throughputs. A more cost-effective solution, such as continuing to utilize existing legacy security appliances, would be a preferred option.

Next-Generation Network Packet Brokers (NPBs) can load balance the traffic over multiple ports, allowing you to make use of your older security appliances by sharing the total traffic. Niagara Networks NPBs will be able to support load balancing while also offering improved availability.

Migrating Security Services to a 100Gb Network next-generation network packet brokers

3. Configuring Multiple Security Device Solutions

While it would have been desirable to have a single security solution that can handle a 100Gb data link, the reality is that our current threat environment is constantly changing. You now need to deal with the complexity of implementing multiple devices to handle all of your security risks and vulnerabilities. Making this situation even more complicated is the fact that more and more security appliances are becoming specialized and may need to be connected to the data link.

For example, you may have two inline security solutions, but also need to include an additional intrusion detection solution to assist with monitoring of traffic. Using packet brokers, you can allow these tools to be installed inline with a higher rate network segment. Get this white paper for details on how to do it.

Summary

The above discussed are three of the challenges you may face when migrating security services to a 100Gb network. For more detailed information on migration best practices, be sure to download the white paper: Security Challenges in Migrating to 100Gb Network. If you’d like more information about upgrading your network, network appliances, network bypasses or network visibility, be sure to contact us and book a consultation with one of our experts today.

New Call-to-action