WP_Dooley_NetworkOptimize

8/9/2019 WP_Dooley_NetworkOptimize

1/16

Optimizing YourNetwork on a Budget

1-800-COURSES www.globalknowledge.com

Expert Reference Series of White Papers


2/16

IntroductionThe purpose of this paper is to define the issues related to optimizing an enterprise network, identify severalnew network technologies related to networking, and draw some conclusions on how best to satisfy therequirements defined. The paper uses the following format:

1. Definition of roles and examples of the relationship of corporate objectives and goals to network tech-nology and optimization

2. Mission-critical network technology examples

3. Importance of staffing and technical certifications in network optimization, compared to out-sourcing,and use of consultants for each technology example

4. Role of a training provider in network optimization for an enterprise with a limited training budget

The role of an Information Technology (IT) Manager in an enterprise is to implement and maintain systemsand procedures to support the operational processes and strategic initiatives of the enterprise. One of themost important (and costly) of the managed systems is the enterprise network, including the enterprise cam-

pus network, the enterprise edge, the service provider edge, and all the equipment and topologies that definethe network infrastructure. There are several forces that drive the process:

1. The enterprise develops new strategic initiatives that require the implementation of new technology

2. New technology is developed that offers an opportunity to lower costs, increase efficiency, or developnew strategic initiatives

3. Growth, sometimes complicated by acquisitions, may occur

4. Changes in operational processes (such as manufacturing or accounting) may require a change in ITtechnology or networking

5. Network solutions provided by network equipment and service providers change and evolve. For exam-ple, Service-Oriented Network Architectures (SONA) is one of the latest approaches

If numbers one and two look a bit like the classic "chicken and egg" dilemma, they are. It is never certainwhether a business strategy drove a technology, or a technology drove a new business strategy. Luckily, the IT

Raymond B. Dooley, CEO, International Communications Management, Inc.,CCNP, CCDP, and CCSI

Optimizing Your Network on a Budget

Copyright 2006 Global Knowledge Training LLC. All rights reserved. Page 2


3/16

manager does not have to solve this problem; instead, he implements the requirements and solutions createdby the new development.

All of this involves network optimization. Network optimization is implementing technology and service toprovide the most efficient network service to all users, meet all the organizational goals of the enterprise, andminimize costs. It is much easier to define than implement. It has numerous components:

1. Create and update a comprehensive network plan and design, starting with an accurate baseline ofexisting systems.

2. Implement new systems to meet new strategic initiatives without any network outages before, during,or after implementation.

3. Evaluate new technologies and network architectures (solutions), such as SONA, to determine if theywill contribute to network optimization.

4. Utilize all available features of network equipment and services to support high availability networking,

security, network management, and quality of service.

5. Prevent network outages. This will include a network design for high availability and a comprehensivenetwork management system. Insure that the operating systems and other software for all networkdevices are installed and maintained based on a compatibility standard to avoid costly version and fea-ture mismatches.

6. Provide network security for the enterprise.

7. Recruit and train a staff to implement steps 1 6, troubleshoot, and maintain the optimized network.Use of outsourcing, consultants, and the technical level of the network staff must be analyzed and com-pared based on networking objectives versus cost.

A CEO of a Fortune 100 Company once said (paraphrased), "I consider Information Technology to be a weaponin the battle to win global market share." While a firm believer in corporate missions and vision statements, theCEO thought that an enterprise achieved success by following no more than four simply stated strategic initia-tives.An IT or network manager in the various corporate divisions was required to understand these initiatives,how to implement the systems to support them, and how to optimize the network for them. This had to be doneat the lowest possible cost, because lowering costs was always one of the initiatives. Using various methods,most enterprises work the same way. All CEOs may not be as successful in articulating the requirements as thisone was, but the idea is the same: creating identical challenges for IT and network managers.

The implementation of Automatic Teller Machines (ATMs) in the banking industry is a classic example of the

impact of a new strategy on technology, and it provides a lead-in to a description of new network technolo-gies and the importance of network optimization. In the early 1970s, a bank or banker (no one knows whohad the idea first) visualized a machine that would provide banking services separate from a teller window.The vision included machines in non-traditional locations, 24-hour banking, and added services. Of course,these are things taken for granted today.



4/16

The challenge to implementing the new idea was that none of the requirements already defined for the IT andnetwork managers in the previous paragraphs were met.

1. The banking industry could not agree on the location and contents of the magnetic stripe on the bankcard.

2. There were no technology or network standards for ATMs; it was all vendor-driven.

3. The networks were optimized for IBM mainframe-to-terminal communications. The network managerswere not consulted about the idea of ATMs and how to attach them to the corporate network.

4. The ATM machines contained a mini-computer that could only be networked with low-speed asynchro-nous communications protocols, which were incompatible with the mainframe and the existing net-work. However, the mainframe had to "talk" to the ATMs for them to work properly.

This is not a short story, but a saga, greatly shortened. During five years of trial and error, costing millions ofdollars and countless man-hours, the ATM strategy was a total loser. The cost to implement, maintain, and net-

work the machines was far greater than the revenue.The Return on Investment (ROI) was a large negativenumber. One banking executive was quoted, "If I could, I would take every ATM machine out, but I cannotbecause the other banks will leave them in, and I won't be competitive." This statement sums up why thebanks continued to pour millions of dollars into this project. The war for market share dictated it.

Not surprisingly, the vision and strategy was valid. Once the banking customers accepted the ATMs and actual-ly began to prefer them over going into the bank during banking hours, the banks were able to cut the tellerforce up to 70 percent and the ROI shot up dramatically.

If todays managers were able to go back and use modern IT and network management techniques for theproject, most of the errors and much of the cost could have been avoided by proper planning and deploymentof IT and network technology. However, this is a smug view. The author was involved in the implementation of

ATM machines and will verify that all of the techniques available at the time were utilized. From today's view,those techniques seem archaic and costly. The question any IT or network manager must consider is, "Are thetechniques and technologies in place for the network suitable to handle a completely new corporate strategicinitiative?" In other words, is there an ATM-like project in the future for this enterprise? And if so, can it beimplemented and optimized at the lowest possible cost?

The previous example is a description of actual events. Several years from now, similar business cases will bewritten about network technologies that are emerging now, such as IP telephony, wireless, and virtual privatenetworks (VPNs) related to new developments such as medical multi-media, and virtualization of business andtechnology functions (SONA). Modern solutions are based on the idea that hardware, software, and networkapplications are built-in to network technologies and can then be implemented (turned on) as needed. It is

important for IT and network managers of today to avoid the technology traps shown by the banking example.

One point becomes paramount from the information presented so far. Optimization and cost are two of themost important items for a network manager to consider. Before any conclusions are made about the bestways to meet optimization and cost requirements, several new and important network technologies must bedescribed. Each of these technologies could have an impact on optimization, costs, or both. The first issue isdetermining if the technology is appropriate to meet the objectives of the enterprise, and the second is having



5/16

the expertise to properly plan, design, and implement the new technology into the existing network. The fol-lowing technologies will be considered:

1. Security2. Virtual Private Networks (VPNs)3. IP telephony and Quality of Service (QoS)

4. Wireless networking5. IP Multicasting and IPv6

Many additional technologies such as high-availability networking, content networking, and storage network-ing could also be included, but this paper would become a textbookmuch too long.

SecurityIf the CEO of Boeing Company were asked what the financial loss associated with Airbus obtaining the designplans for Boeing's newest airplane would be, he would respond with a number in the billions of dollars, proba-bly over $100 billion.

The next issue would be the odds of such a break-in: 1,000 to 1; 10,000 to 1; 100,000 to 1; or 1,000,000 to 1?The amount of corporate resources and budget allocated to security should be directly related to the value ofthe loss and the probability. If it is not, the corporate security policy is lacking.

There is consensus that the one best practice in designing and implementing network security is first to definea security policy. This is based on the idea that money allocated for security in the network will be wasted ifthe system is not optimized. This will be explored further in the certification and training section. There are sev-eral parts to a security policy:

1. Corporate Informationa. Identify assets

b.Assess riskc. Identify areas of protectiond. Define responsibilities

2. Network Access Control Policy3. Acceptable Use Policy4. Security Management Policy5. Incident-Handling Policy

Ciscos Security Architecture for Enterprise (SAFE) defines four steps in their security wheel after the securitypolicy has been defined:

1. Secure2. Monitor3. Test4. Improve

Two elements of network security will be explored: firewalls and intrusion detection/prevention. Neither ofthese is new, but there are new features and capabilities being introduced regularly.



6/16

The first step of the network implementation consists of four parts: user and data authentication; encryption;vulnerability patching; and firewalling. Firewalling includes three primary functions: user authentication, denialof service (DoS) prevention, and packet filtering. A good number of firewalling solutions offload the userauthentication to specialized servers called Authentication, Authorization, and Accounting (AAA). The DoS pre-vention is offloaded to specialized solutions for Intrusion Detection Service (IDS) or Intrusion PreventionService (IPS). Firewall devices then specialize in filtering network traffic to allow only valid packets to cross

firewall interfaces.

The firewall hardware is located between the outside filter (the router connected to the Internet) and theinside filter (the router connected to the enterprise campus). One type of firewall interface is untrusted (a De-militarized Zone - DMZ), connected to such devices as web servers, DNS servers, E-mail servers, VPN concentra-tors, or access servers (for dial-up users), and the connection to the Internet. Trusted interfaces are connectedeither to the enterprise campus, or with application and database servers associated with the web servers onthe non-trusted interface. In a network design, the systems described in this paragraph are called the InternetConnectivity Module and the E-Commerce Module.A firewall system should support:

1. Packet filtering (main job)

2. Network Address Translation3. Fail-over and hot standby4. AAAAuthentication, Authorization, and Accounting (usually offloaded)5. Virtual Private NetworksVPNs may terminate on the firewall as one option)

One major security vendor, Cisco Systems, has offered the Private Exchange (PIX) firewall system for manyyears. It includes:

1. Finesse operating system2. Adaptive security algorithm3. Cut-through proxy operation4. Stateful fail-over and hot standby

5. Translations6. Access control7. Object grouping8. Attack guards and intrusion detection9. AAA10.VPNs11. PIX device manager

The cost of firewalls varies widely, depending on the size and complexity of the design, and the speed andnumber of firewall interfaces required and the size of the network. In addition, the cost must be weighedagainst the cost of a major break-in. As a manager is optimizing the network for an enterprise, he should be

aware of the present level of network security threats, have a valid security policy, and implement the latestsolutions. As a philosopher once said, The devil is in the details, and it has never been more accurate thanwhen trying to keep up with the latest solutions.

Cisco Systems has recently announced the Adaptive Security Appliance 5500 (ASA 5500), which has the abilityto replace the existing PIX firewall, the VPN concentrator, the AAA server, and, perhaps, the IntrusionPrevention System. The ASA 5500 has the following abilities:



7/16

1. Layer 2 transparent firewall allows implementation transparency with no address changes. It also pro-vides integration with existing complex routing, high-availability, and IP multicasting.

2. Services virtualization enables the logical partitioning of a single ASA 5500 into existing networks intovirtual firewalls, each with its own unique policies and administration. It allows consolidation of multi-ple firewalls into one device.

3. Standard IEEE 802.1Q Virtual LAN (VLAN) trunking support.

4. OSPF routing support.

5. Support for Protocol Independent Multicast (PIM) for IP multicast

6. IPv6 support

7. QoS support for Low-Latency Queuing (LLQ) and traffic policing to support real time traffic

8. IP telephony support for IP phone deployments

9. Stateful active/standby for fail-over

Intrusion detection/prevention systems operate at step two of the security implementation to detect and auto-matically stop intruders at the enterprise edge, as the first line of defense. IDS/IPS solutions are used to inspectpackets traversing network links and may be deployed in network modules within the enterprise campus, aswell as at the enterprise edge. The server farm module is another prime candidate for these solutions. IDSdeployed as an application on a server is called Host IDS (HIDS). IDS/IPS also can ensure that the securitydevices in step 1 (secure) have been configured properly. There are three basic types of attacks:

1. Reconnaissance

2. Access3. Denial of Service (DoS)

Many times, a reconnaissance attack will precede an access or DOS attack. The Cisco IPS 4200 series is onesystem for intrusion detection/prevention. It would be part of the enterprise implementation in the InternetConnectivity/E-Commerce module of the network design.

The cost of these systems will vary and must be weighed against the cost of an outage. A denial of serviceattack, for example, may cause the corporate servers to be down for a day or more. These are launched againstcompanies like Yahoo and Goggle on a regular basis with a wave of publicity. For example, suppose the cost ofan IDS/IPS system is $40,000, including $10,000 for training of key personnel. The gross profit lost from a day

of server outage is $75,000. The ROI for the IDS system, based on this one outage, is 50 percent. A ROI exam-ple for an individual enterprise would reflect actual system cost and the cost of a server outage, but securityfalls into the category of "not being able to afford to not do it."

Trained and competent network personnel are absolutely necessary to make security systems work. Not only toimplement the system, but also to decide if it is needed, select which system to purchase, alter the networkplan and design to include it, and optimize the network after implementing it. The manager now faces some



8/16

difficult and important choices related to network security optimization, which will be covered in more detailin the conclusion portion of this paper.

Virtual Private NetworksA Virtual Private Network (VPN) allows a "tunnel" to be constructed through a public network such as the

Internet, for the purpose of transporting private data. The tunnel must be secured by public and/or private keysand a combination of a data integrity hash and encryption. A typical data authentication is either Secure HashAlgorithm (SHA) or Message Digest 5 (MD5). The encryption method can be Triple DES (3DES) or AdvancedEncryption Standard (AES). The entire process of key exchange, data authentication, and data encryption isincluded in IP Security (IPSec). VPNs are being used for many purposes in the enterprise.

1. Remote Access VPNs, when used with PC, router, or VPN appliances, as the client in homes or smalloffices (usually with DSL or cable modem access to the local ISP) are rapidly replacing the traditionalmodem and Integrated Services Digital Network (ISDN) dial-up remote access solutions.

2. Site-to-site VPNs are being used to replace traditional WAN services such as frame relay and leased

lines. The major drawback is the absence of a Service Level Agreement (SLA) from a provider to supportQoS requirements.

3. Peer-to-peer or Turnkey VPNs are being offered by providers such as SBC, Verizon, Qwest, andBellSouth to replace traditional WAN services and offer a SLA to support QoS.The technology is Multi-Protocol Label Switching (MPLS) over BGP and is defined by Request For Comments (RFCs).

The VPN endpoints can be any of the following:

1. At the client end:a. PCb. VPN appliance (Cisco VPN 3002)

c. Router

2. At the corporate end:a. VPN concentrator, such as Cisco 30xxb. Routerc. Firewalld. Cisco ASA 5500 (mentioned earlier)

One of the reasons for the growing popularity of VPNs is low cost and implementation flexibility. It is true thatVPN terminations are either inexpensive or already built into existing equipment such as routers, VPN concen-trators, and security systems. In Europe, Multi-Protocol Label Switching- (MPLS) based VPNs are usually pre-ferred for the enterprise WAN as opposed to traditional WAN services. Of course, in Europe, these types ofVPNs are universally available. The Europeans do not have to deal with branch offices in Montana and NewMexico where advanced technologies may be scarce. Moreover, there are several issues related to networkoptimization:

1. Cost for additional bandwidth to the ISP at both remote and headquarters locations2. Cost of developing network personnel skills to negotiate SLAs and pricing contracts or consultants



9/16

3. Costs related to designing, implementing and maintaining VPN networks4. Selection of terminating equipment5. Use of VPNs in the IP telephony environment to support QoS

IP Telephony and QoSFor years, it has been said that voice and data are converged on the same network. The first time was whenvoice analog signals from a telephone and analog signals from a modem were sent over the same wire usingfrequency division multiplexing (Voila!). The second time was when analog signals from telephones and analogsignals from modems were both digitized with a common method and sent over the same wire using TimeDivision Multiplexing (Double Voila!). The third time was when the modem was eliminated and digital tele-phones were introduced so everything could be digital end-to-end (ISDN was developed at about the sametime). The digital voice was also compressed. (Another Voila!)

During all these developments, data was in packets and voice was in bits. Today, voice cannot only be com-pressed, but also constructed into packets, frames, or cells (IP, frame relay, or ATM). The idea was to moveaway from circuit switching (Time Division Multiplexing [TDM]) and to packet switching to converge the net-

work. (All still over one wire, by the way.) It was a terrific idea because existing data switching and routingequipment can be utilized to move the packets, frames, or cells, and the enterprise network infrastructure usedto support voice traffic can gradually be removed.

Voice over X (FR, IP, ATM) can be implemented on the gigabit Ethernet campus, the enterprise WAN, and overthe Internet and the Public Switched Telephone Network (PSTN). The technology was integrated into Ethernetswitches, WAN switches, routers, and access servers. The driving force of the first phase of IP telephony (VoX)was cost of transport. The next step in the evolution of the solution is IP telephony.

1. The common factor for IP telephony convergence is IP. Voice over frame relay and voice over ATM arenot current solutions.

2. IP telephones are now heavily implemented. The cost of IP telephones is low (on par with digital handsets $600 - $900).

3. Costs of legacy PBX equipment are high traditional phone switches and the maintenance contractsare very expensive.

5. The legacy PBX is replaced with a Call Manager (or cluster) that is a PC platform.

6. The IP telephony solution must include voice messaging and third-party applications.

7. Consolidation of support staff into IT could reduce costs.

8. Additional applications for the IP telephone are being developed daily.

9. The entire enterprise network infrastructure must be redesigned to support IP telephony and QoS.

Voice and video traffic are real-time protocols. IP was not designed to transport them with the proper controlson latency, packet jitter, and packet loss. The solution to this problem is to provide additional features in the



10/16

network equipment to overcome this limitation and provide the proper controls. This process is called theimplementation of QoS.

The first step in QoS is to identify a QoS policy, which involves ranking all of the packet flows traversing theenterprise networks related to their latency, jitter, and packet loss parameters, as well as their importance tothe enterprise. No solution can be implemented without this policy. A typical ranking would be:

1. Voice traffic2. Voice signaling and video3. Mission-critical data4. Important data5. Default data6. Scavenger data (less than best effort)

With the policy in place, congestion avoidance, policing, traffic shaping, and congestion management tech-niques may be implemented. However, the methodology to implement a consistent end-to-end QoS policy mayvary for a Layer 2 switch, a multi-layer switch, and a router. To optimize the network, technicians and network

professionals have to be able to properly configure an end-to-end QoS policy using LLQ on routers, WeightedRound Robin (WRR) on multiplayer switch routed ports, and IEEE 802.1p on Layer 2 switches accurately andwith effective cost control.

Once again, trained, experienced, and extremely creative network personnel will be required to evaluate,select, implement, and optimize an IP telephony solution and the QoS to support it.

Wireless NetworkingWhen wireless networking is mentioned, most networkers think of cellular telephones or other hand-helddevices, microwave or satellite. Wireless solutions use radio frequencies, usually in the unregulated FCC fre-quencies (which means anyone can use them). Wireless is a viable enterprise networking solution. Wireless

LAN standards are in place from the IEEE (802.11), wireless bridges provide inter-building connections, and anentire set of WiFi specifications are evolving under the 802.11 standard. Security has improved with the adventof IEEE 802.1x and a new encryption key to replace Wired Equivalent Privacy (WEP).

The advantages of not requiring copper wire for a LAN environment and the mobility possible for users areobvious. Cisco Systems offers a group of products (Aironet) for Wireless LAN and has just acquired anotherwireless company, Airspace.This is a highly competitive marketplace with many start-up companies offeringproducts and solutions.

An early study commissioned by Cisco revealed that using Wireless LANs to improve connectivity to the corpo-rate network saved workers an average of 70 minutes per day. .

Once again, the importance of technically qualified personnel to implement this solution is critical, not only toconfigure wireless solutions and appropriate security measures, but also to decide where and how much wire-less technology is required in an enterprise network.



11/16

MulticastingIn the past, a one-to-many networking topology was implemented using multi-point dedicated analog circuits.As one-to-many applications evolved (conference calling, video conferencing, electronic mail multicasts, andinterest rate announcements in the banking industry) schemes to split the bandwidth from a source to the manypoints were devised.These systems worked as long as the "many" in the many-to-one was a fixed, unchanging

group.There was no way to dynamically create a group or to have potential members dynamically join a group.

With IP multicasting, it is possible to define a multicast group with an IP address that can be used by a multi-casting source to send packets. Routers can be configured to dynamically poll potential members of the multi-cast group and keep track of "joiners." Once the members of the group are located, the routers will constructa "tree" so that each multicast packet can be forwarded on the router interfaces where users are active. Thisprocess requires the following:

1. A multicast server application

2. A multicast client application

3. An IP multicast address and an equivalent Ethernet multicast address

4. A protocol for users to join and leave the group (Internet Group Message Protocol [IGMP])

5. A routing protocol to create and control two types of trees, source trees and shared trees (ProtocolIndependent Multicast [PIM]dense, sparse, and sparse-dense modes)

6. A method to keep layer two multicast frames from flooding layer two switchesIGMP Snooping andCiscos Group Management Protocol (CGMP).

Multicast applications are usually specific and can provide a benefit to an enterprise.A few examples are:

1. Distance learning for education institutions and companies needing training2. Tibco Software for stock traders and for specific categories of stock ticker information3. Data warehousing for management of inventory to and from remote locations to headquarters4. Corporate communications for video and/or audio conferencing5. Streaming audio and video on demand for entertainment and simulation training6. Internet gaming for interactive entertainment and simulation training7. Data collection for polling information and multicast auction

There are many more, such as radio and TV broadcasts to the desktop and a number of financial applications.

A simple cost-benefit analysis of IP multicasting versus normal IP unicasting for a data warehousing provides aconcrete example of the benefits of IP multicasting. At headquarters of a typical company like Toys R Us, thereis a warehouse full of inventory. Also, there are stores all across the nation that have inventory. The inventoryin the remote locations needs to be known at headquarters on a daily basis and vice versa. Also, the size ofthe database to update the remote locations is 250 megabytes (actual size of Toys R Us data base would bemuch larger), and there are 200 stores nation-wide, (Toys R Us would be many more than that), and head-quarters has a T-1 WAN connection at 1.544 megabits per second.



12/16

Therefore, since 250 megabytes equals 2,000 megabits, the T-1 would transfer the database in 1,295 seconds orjust less than 22 minutes. Now that does not seem like a problem until headquarters needs to send 200 differ-ent unicast data streams to the 200 individual stores on a daily basis. The T-1 would need just less than 72hours to transmit to 200 stores, and it could not be done in a day. Even a T-3 would need almost 2.5 hoursusing unicasting.With an IP multicasting application, only one data stream needs to be sent from headquartersto a pre-defined group (in this case the 200 stores). Cost savings will vary, depending on the monthly cost of the

WAN, the savings of 22 minutes on a T-1 versus 2.5 hours on a T-3 to perform the same task are obvious.

There are numerous issues for the implementation and optimization of IP multicast:

1. Application requirements - unidirectional or bi-directional; reliable or best effort; intra-domain or inter-domain

2. PIM Dense mode with flood and prune, sparse mode with shared tree, or sparse-dense mode

3. Session directory services

4. An evolving standard

If multicasting is required, IP multicasting will be less expensive than other alternatives, such as unicasting orbroadcasting.

IP Version Six (IPv6)This has been announced many times:

1. The IPv4 address space is exhausted2. Many new applications require many, many more IP addresses to function correctly3. Something must be done

The following are hard facts:

1. Cisco is shipping all router IOSes with dual-stack IPv4 and IPv62. Microsoft, Sun, and Linux platforms are supporting dual-stack3. Several IPv4 to IPv6 transition strategies are in place4. There is an ISP open for business in Japan offering only IPv6

The following are network optimization issues:

1. Determine how IPv6 will affect the enterprise network design and staffing2. Determine the impact of IPv6 on DNS, IP address assignment, and IP routing protocols3. Determine if IPv6 will lead to higher costs

IP multicasting and IPv6 are two more technologies that will require highly trained and competent networkpersonnel to design and implement.



13/16

TrainingThe point has repeatedly been made that a technically competent network staff is a major concern of a networkmanager (if not themajor concern). To meet the technical, design, and administrative challenges of the tech-nologies described previously: Security, VPNs, IP telephony and QoS, wireless networking, as well as IP multi-casting and IPv6, two major challenges must be overcome to achieve network optimization within a budget.

1. Network services and products must be obtained at the lowest possible cost of ownership, and the net-work must be properly designed. These costs are partially fixed, partially variable, and possibly capitalizedand depreciated.

2. The selection and deployment of network personnel is one of the largest and most controllable costsunder the authority of the network manager.

Most network managers deal well with item 1, but item 2 is more of a struggle. The following are two exam-ples of strategies used by large enterprises.

1. Recruit and train network specialists in all of the technology areas described and in others such as contentnetworking and storage networking. Maintain a core staff of intermediate to advanced general networkingpersonnel, with entry-level programs for beginners.The specialists only get involved in major designs orredesigns, major procurements of equipment, big upgrades, and mission-critical troubleshooting.The core staffhandles everything else. This is an ideal approach, and proper training and accurate deployment of specialistscan minimize staff costs.

2. Recruit and train a network staff with minimal skills and outsource all of the complicated technical require-ments to site-management companies or to consultants. The local staff handles only simple day-to-day prob-lems. This is the same concept as just in time inventory systems, where costs are only incurred when there isa need. In a large modern network, the costs could still be high due to extensive use of consultants and outsource companies. In some cases, it is much higher than option 1.

Mid-size companies are rarely able to implement either of the two options above and must find another way.The most common method is a combination of the two approaches. A core staff of intermediate to advancedtechnical personnel in general networking is the starting point. The other specialized functions may be out-sourced selectively to consultants and vendors. For example, the large providers offer several turn-key securi-ty, IP telephony, and VPN solutions, and will provide expert technical support while working with the localstaff.

Management studies conducted by numerous independent companies have concluded that middle managerslack the skill to objectively and completely evaluate the technical skills of members of their staff. Because ofthis lack, industry technical certifications are viewed as an objective method to determine at least baselinenetwork-related skill sets.

The most critical aspect with any certification is to ensure that the certification is meaningful. There are a num-ber of different certifications that focus upon different areas of the network, ranging from certificationsdesigned for entry level to advanced network engineers to managers. Certifications can come from independ-ent third parties, like Comptia, ISC2, and TruSecure, to corporate industry-accepted certifications, such as thoseprovided by Cisco or Microsoft.



14/16

One thing common to all of the alternatives listed is an absolute requirement for technical training, mentoring,and on-the-job experience.

Listed below are some common third-party certifications and some vendor authorized certifications. Details areprovided for the Cisco Certifications.

Networking Certifications Network + (entry level)

Security Certifications TICSA (entry level) Security+ (entry level) CISSP (expert level)

Operating Systems Certifications MCSA (entry level) MCSE (expert level)

Web Certifications I Net+ (entry level) CIW (entry level)

In the Cisco arena, for example, the following certifications are common:

Cisco Certified Network Associate (CCNA) Cisco Certified Design Associate (CCDA) Cisco Certified Design Professional (CCDP) Cisco Certified Network Professional (CCNP Cisco Certified Internetworking Professional (CCIP)

Cisco Certified Security Specialist (CCSS) Cisco Certified Voice Specialist (CCVS) Cisco Certified Internetworking Expert (CCIE), several specialties Other Cisco Specialist certifications

The Cisco certifications are regarded in the networking field as fair, objective, and valuable in determining theskills of an employee or contractor and their pay rate. However, there are additional issues from the perspec-tive of the network manager.

In many cases, training for certification is given to employees as a reward for long service, a job well done, orsimply passed out in a round-robin fashion. In many cases, the employee enjoys the benefit of the company pay-

ing for the training necessary to achieve the certification and then leaves the company for a better paying job.

The role of the network manager is to include certification training as part of a career plan for the employeethat will insure that the employee sees a reason to stay with the enterprise. This requires thought, planning,and creativity on the part of the manager. Promising job security is not an acceptable approach. Markets andeconomies change so quickly that even government jobs are no longer secure.



15/16

The results of a recent survey revealed that the average salary of a CCNA is $75,000 per year and the averagesalary of a CCNP is $88,000 per year. A CCSP is worth $96,000 per year. If the network manager is successfulin properly utilizing the certification and training process, optimizing the network is more possible and costbenefits are realized. For example, if three CCNPs can do the work of four CCNAs, the following cost model ispossible:

Salary for a CCNA is $75,000 Salary for a CCNP is $88,000 Cost of training each CCNP is $10,000

If the training and certification are accomplished in one year, in the second year, the salary paid is $264,000versus $300,000 for a saving of $36,000. A ROI of 120 percent is reached in one year and a savings of$36,000 per year accrues after that. Whatever the model, there is no doubt that well-trained, experienced per-sonnel are going to be better able to optimize the network than inexperienced personnel.

All of the facts presented regarding employees would also be true of contractors with one additional proviso.Recently, it was reported by a representative of a company that was paying about $10,000 per month for con-

sultants, that the network manager had identified another method to achieve a high ROI by effectively utilizingtraining. The idea was to provide additional training to employees, eliminate the consultants, and eliminate$10,000 per month in expense without adding any fixed cost. In this example, the cost of training wasrecouped very quickly.

Attributes of a Training ProviderIt is relevant that the idea of training has appeared many times in the description of professionals capable ofachieving and managing network optimization.Training and certification, along with on-the-job experienceshould be part of any network management and optimization strategy. For maximum results, a trainingprovider should become a strategic partner in reaching the objectives defined. An appropriate training providershould meet the following requirements:

1. The training provider should assist in developing the training plan to meet the goals of the networkmanager to maximize network optimization and minimize costs

2. The training provider should provide a complete range of training solutionsa. Self-paced e-learningb. Web-based trainingc. Instructor-led general trainingd. Customized e-based or instructor-led traininge. Contractors and consultants as required

3. The training provider should offer competitive and volume-discount pricing

4. The training provider should stand behind the skill development promised

If a training provider meets these requirements, developing the staff competence to meet the stringentdemands of optimizing modern networks is within the reach of all network managers, even with the restrictionof reduced spending.



16/16

ConclusionNetwork optimization cannot be achieved without a professional, well-trained group of network professionalsdesigning, implementing, managing, and troubleshooting the enterprise network. Maintaining the appropriatelevel of training and technical certification of the network staff by the network manager is extremely challeng-ing with reduced budgets. IT managers can develop a strategy for training and certification of personnel that

will reduce costs. A training provider is an important part of the strategy.

Learn MoreLearn more about how you can improve productivity, enhance efficiency, and sharpen your competitive edge.Check out the following Global Knowledge courses:Understanding Networking FundamentalsTCP/IP NetworkingEssentials of Network SecurityTelecommunications Fundamentals

For more information or to register, visit www.globalknowledge.com or call 1-800-COURSES to speak with asales representative.

Our courses and enhanced, hands-on labs offer practical skills and tips that you can immediately put to use.Our expert instructors draw upon their experiences to help you understand key concepts and how to applythem to your specific work situation. Choose from our more than 700 courses, delivered through Classrooms,e-Learning, and On-site sessions, to meet your IT and management training needs.

About the AuthorRaymond B. Dooley is CEO of International Communications Management, Inc. (ICM), a training companyheadquartered in Redmond, WA. In the past, he has led a team that designed, developed, and implemented a

network-related training curriculum for United Airlines,Ameritech, and General Electric. More recently, he hasled a team of instructors focused primarily on Cisco-certified training. His academic and technical credentialsare BS, MBA, CCNP, CCDP, and CCSI. Mr. Dooley was assisted by David Stahl, Debby Phelps, BK Jones, WilliamTreneer, Jason Wyatte, and Carol Kavalla, all of whom are experienced network instructors, along with NormaDouthit as editor.


Documents

WP_Dooley_NetworkOptimize