all ipThe following example will probably clarify the issue we had last week regarding the alternative approaches to ALL IP solution. A system which is automatically provisioned with basic functions such as Internet access, registering SIP/VoIP accounts, and a setup for basic telephony should also provide Wi-Fi for guests and business partners.

Guests can use Wi-Fi by entering a preshared key. It is advisable to logically separate the network for guests from the internal network and probably apply a special set of security rules. Furthermore, it must be ensured that the whole bandwidth is not completely used up. Another solution could be to use a dedicated, separate Internet access for the guest network. In this context, issues such as VLAN, firewall rules and Wi-Fi management arise, thus, no trivial task to solve, but all necessary functions are usually available via a graphical user interface or similar configuration tools. Nevertheless, in the course of installing such scenarios, some conceptual considerations are necessary ensuring that no undesired side effects occur, such as faulty firewall configurations.

The aim is therefore that all necessary functions for the setup of various scenarios are available in such a manner that even users with less experience have the possibility to cope with this task. This leads to the aggregation, abstraction, and serialization of configuration steps towards a guided configuration. It is especially important that this kind of configuration is reentrant. This means that in any configuration step modifications can be made without destroying the whole configuration in order to have in any case an executable configuration.

Moreover, the strength and professionalism of a system is recognized besides the installation of functionalities by the creation of diagnostic information. ALL IP means in fact anything with IP, thus, all applications with their different properties and characteristics use IP. Consequently, in case of failures or unexpected system behavior, it is necessary to generate qualified data analysis. Optimally this should be done, in a generally processible format directly from the system and if it is possible, already filtered, which means not to monitor the whole network traffic but only that at a certain interface where the problem has been localized.

Anyhow, the reduced configuration complexity has its limits, due to the need of keeping the balance between configuration’s simplicity and preserving the context. In other words, a simplified configuration which only turns a firewall on and off and thus applies a hardly comprehensible set of rules is highly questionable. IT security cannot be achieved at the touch of a button. The other extreme is a sheer endless chain of configuration steps which try to cover all possible (or even impossible) and de facto hardly relevant applications. Thereby, as many case distinctions as possible are taken into account.

However, in any case, additional consulting and service is mandatory for special developments, adjustments or even more complex scenarios. Network infrastructures using wired and wireless technologies have to meet the dynamic requirements of its users. They need a thorough care and a high competence during the phase of conception and design.

Teldat as a qualified manufacturer for SMEs, large corporations, integrators and carriers provides user-friendly as well as advanced IT and telecommunication solutions.


About the author

Bernd Buettner

Share this post

Tweet about this on TwitterShare on LinkedInShare on Google+Email this to someone