The health and performance of an enterprise network is largely dependant on the way an enterprise manages it. Network management is much more challenging today because not only they are a complex set of devices and applications but also because of their ever-growing size.

Challenges
The network is doing much more today: Enterprise networks today are doing much more than what they were doing earlier in terms of the number of applications that run on them and growing number of users who access them.

Also, enterprise networks are today not only being accessed by internal users but by external people (business partners, suppliers, customers etc.). All this is leading to an exponential increase in network traffic. And as network traffic grows and as the requirements for redundancy, performance, and mission-critical applications grow networks are generating huge and often complex sets of statistical information also.

Network's more complex: Enterprise networks are much more complex then they were earlier as a result of the growing complexity of various network elements.

The increased complexity has led to explosion of statistics and configuration information. The data generated does not always provide useful information for effective network management. In fact, the growing volume of data is adding to complexity of network management. The challenge here is to find relevant data for any given problem.

Too many silos: Enterprise network managers usually try to look at infrastructure management, security management, and storage management in silos such as: network management, systems management, database management, applications management, Web server management, threat management, identity and access management, security incident management, data protection, or storage resource management etc.

A lot of different element managers are deployed to handle these different domains resulting in different functional groups within the IT organization. This leads to a lot of delay in pinpointing the problems in the IT infrastructure and subsequently a delay in resolving them. There is an apparent mismatch between what is perceived by these different functional groups and the end users. This phenomenon is known as the fallacy of availability. Considering the expectations and demands of availability, performance, and service levels from the business side; the above strategy becomes inadequate in today's context.

VoIP management: VoIP has introduced two major challenges: coping with the increase in network traffic and ensuring reliability and appropriate service levels to support enterprise VoIP applications. The challenge is for the network to have the ability to deliver a toll-quality voice.

To meet the needs for voice traffic, the network must be able to provide QoS features such as classification, queuing, and prioritizing the voice traffic. Within the LAN environment, QoS for voice traffic is not an issue as bandwidth is abundant and cheap. A VoIP conversation requires 64 kbps, much lower than the 100 Mbps available per user over a LAN. The challenge is to implement QoS on VoIP traffic over the WAN, as the bandwidth over WAN is expensive.

VPN: The challenge is again security and how to protect your internal users from being infected with viruses from external users (business partners, suppliers, customers etc).

Tips
• It would be best for network managers to go for a single, central management platform that can take care of the entire network. The management platform should not only have the ability to provide relevant and accurate information on what is going on the network but should also do it without affecting the performance of the network. A good network management platform should also provide high levels of visibility to all the critical network elements.

• The use of remote monitoring and management services has emerged as a platform for optimized service delivery to manage the evolution, administration and availability of the corporate IT infrastructure. Remote monitoring and management is also mutually beneficial proposition: lower costs for the provider and reduced price points for the customer.

• Most of the data generated by the network elements are at the informational level. They can be avoided in normal operational conditions. The network elements can be fine-tuned to generate only relevant information along with data aggregation. This will help in reducing the man-hours required for analysis and storage space. Another important aspect of network management is the ability to correlate events/alarms that are generated.

• It is important to look at whether standards-based, open APIs such as XML are supported on the network devices that allow network managers to flexibly define and collect statistics as per their needs.

• Integration of management platforms for different products such as routers, switches, firewalls, intrusion detection and prevention systems, wireless devices, etc. is a critical aspect of today's networks. This requires that the management platforms selected have open APIs for integration.

• Network and systems management is no longer just about monitoring the health and availability of your enterprise network and systems. It's about prioritizing network and system management events based on their impact on the business. It's about analyzing events to predict and prevent problems before they occur. It's about self-managing systems that dynamically re-allocate over-utilized resources to under-utilized devices. It's about managing on demand.

• It is important to do a baselining exercise for the network to learn its normal behavior. As long as the normal behavior of the network is not properly understood, no meaningful data/events can be generated. Also, the network managers should be aware and be up-to-date on any new application/host's introduction into the network. The network manager should also make sure that capabilities such as event/alarm correlation and alarm/event aggregation are available on the management platforms.

• For technologies such as VoIP, network management platforms should be capable of collecting parameters such as network latency and jitter etc., to provide the network administrator insight into how the network is behaving and if the voice traffic can be carried with the assured quality. These are real-time challenges that network administrators and the network components must be equipped to handle. Video traffic will task the network even harder.

• The security readiness of the network is one of the most important parameters for a mission-critical network. Security management includes maintaining and monitoring the baseline (normal operating condition) of the network and monitoring the network for any unauthorized host and applications added to the network. Effective user authentication, authorization, and segmentation mechanisms should be in place for controlling access to the enterprise resources.

• There are different levels of security management. Baselining the network and setting threshold alarms and events are managed through the network management system. Managing security policies that get pushed into the various security products such as firewalls, intrusion detection and prevention system, IP Sec encryption management, SSL-VPN etc., should be managed separately since the skill sets and the expertise required for these are different from the network management skill sets. Also, the security policy definition and monitoring should be handled by a select set of people to avoid any leakage of information. As much as possible, security mechanisms that lighten the load of the network administrator, while increasing overall protection, should be considered.

Outsourcing Network Management
Managed network services and network management outsourcing can play key roles in reducing TCO. Under these arrangements cost reductions can come from a variety of sources. For example, an outsourcing arrangement can minimize a company's financial exposure when it comes to technology investments. A service offered under an outsourcing agreement usually comes with equipment that is owned and managed by the provider. This eliminates the high start-up costs typically associated with subscribing to a new service and minimizes the risk of early equipment obsolescence.

In cases where the equipment malfunctions, repairs or replacements are accomplished at no cost to the subscriber. Even upgrades that are required to accommodate additional access lines are available at no cost to the subscriber. Outsourcing allows companies to reduce their own head count. With staff more engaged with strategic responsibilities, instead of daily network operations, the company can prepare for technology migrations, thoroughly test new productivity tools before making them available to employees over the WAN, or build self-service applications that customers can access over the Internet with Web browsers.

• Making the Decision
Determining the need for an outsourcer should only come after careful consideration of the following issues.

- Is the network infrastructure up-to-date?
- Can the capital expenditure be handled?
- To what extent is TCO reduction a concern?
- Is network performance currently an issue?
- Can the technical staff be better used elsewhere?
- Are there any regulatory mandates that need to be addressed?
- What needs to be managed?

Having answers to these questions will also help in selection of the right kind of management provider.

Another issue concerns what has to be managed-voice systems, the data network, or both? Perhaps migration to a converged voice-data network is a possibility in the future. If so, the management provider must be up for the challenge.

A related issue concerns the scope of the management service: should it include just the premises equipment, access lines, transport, or all of these?

• Selecting a Network Management Provider

- The evaluation of potential management providers should reveal a well-organized and staffed infrastructure that is enthusiastic about helping to reach the company's networking objectives.
- When network faults occur, the most critical thing is restoring service to end-users. A savvy network executive will enlist a service provider with SLAs addressing the 'mean time to restore'. Restoring service should be the measured goal.
- Competent integrators will insist on performing a due diligence survey that includes an inspection of the current logical and physical configurations of a company's network.
- With carrier-diversity becoming an essential ingredient of business continuity planning, reliance on multiple transport providers is likely to become the norm for large corporate networks.
- Capable network integrators will provide details on how faults are detected and isolated, stepping you through a few common scenarios.
- Security is most often a joint responsibility of the company and its management provider. The company will usually have responsibility for physical security at its locations, limiting access to sensitive areas like the data center, equipment rooms, and internal cabling. The management provider will have responsibility for the network all the way up to and including the firewall and intrusion detection system. Establishing firm boundaries of responsibility will eliminate finger-pointing when security problems surface later.
- The management provider must appreciate how network events correlate to the client's business processes. If a circuit goes down it should not be seen as merely a 'link down' alarm. Instead, it should interpret this alarm as, "Customer is losing $10,000 per minute in e-commerce transactions until this circuit is fully restored to service." The management provider should have the same level of awareness when it comes to security.

(Extracted from an MCI white paper)