Just imagine what your life would be like if you were freed up from that constant stream of routine configuration tasks that come up every day—or hundreds—or thousands of times a day?
What if, rather than dispatching a technician every time someone plugs an IP phone into the network just to make sure it is properly configured, you could have the LAN itself handle the job, based on profiles and policies you set up?
Seem too good to be true? The notion is not altogether a pipe dream; Santa Clara, California-based Extreme Networks has endowed its entire portfolio of switching infrastructure with just such capabilities—a configuration/management framework it calls Universal Port.
Harpreet Chada, Extreme's senior director of product management, explained to Enterprise Networking Planet that the Universal Port framework rests on the foundation of the Extreme Operating System (XOS), which is deployed across the entire product line.
"One of the things we do well at Extreme—and I think we've kind of set a new bar for the industry —is running a common operating system across our entire portfolio," Chada said. "XOS is running everything from a 10 meg [switch] to a 10 gig [switch]—edge to data center." This in turn provides a strong foundation to introduce new capabilities on the network.
"About a year ago, we added a new capability—Universal Port," Chada continued. "What it does—at a high level is simplify configuration at the network edge." This not only significantly reduces the workload associated with running a network, it gives the administrator increased control over network resources.
With Universal Port, the network responds to dynamic "trigger" events by executing profiles or scripts that the administrator has deployed—stored out in the network switches. Triggers fall into three categories: device discovery, user authentication or time.
XOS uses the IEEE standard Link Layer Discovery Protocol (LLDP, also known as 802.1AB) to recognize when devices such as IP phones, Wi-Fi access points, surveillance cameras, or mobile computing devices connect to the network, and responds by exchanging information with the device, both querying it for its MAC address or other ID information, and setting the parameters—power over Ethernet requirements, VLAN tag, QoS (802.1p) requirements, and IP address—set forth in the script or policy.
"Ten years ago, if somebody gave you a phone, you could basically plug that copper cable into [the phone network] and everything worked," Chada told Enterprise Networking Planet. "Today, when you put in an IP phone, you get a lot more intelligence, but there's also a lot of manual configuration that is required: What VLAN should it be part of? What is the IP address of the call server? We've made that automatic."
Sure, you can still do that configuration by hand, Chada said, but "if you have 4,000 users on the network, typically there will be 4,000 phones, so you want to be able to have a single policy that you can leverage across the entire user base."
When users log onto the network Universal Port invokes the appropriate network access rights and resources for those users. XOS supports three types of authentication: MAC-address-based, Web-based (user login/password), and IEEE standard 802.1x. Typically, the user's identity is associated with a role profile that's stored in a database.
"We have customers that have tied that to a RADIUS database," Chada explained, "so that when a user comes on the network they quickly check is that user one of the allowed users on the network, based on the RADIUS setting. And from the RADIUS database you can pick which policy you have selected for that type of user, and that policy gets automatically applied to the port. The beauty is that you don't have to distribute these configurations down to thousands of devices on the network; you can store them in one place and replicate across the network."
Moreover, when a user moves—logging off in one location and back on in another, say—the access and resource rights move with him or her, dynamically, rather than being statically associated with a particular port.
The time trigger gives a network administrator a high degree of control over how things operate on the LAN. With the one-time creation of a script (incidentally, Universal Port scripts can be written in virtually any recognized scripting language) an admin can, say, turn off selected phones at the end of the normal work day, for power savings and security—or, in a university setting, for an entire time block (e.g., summer vacation).
Again, in theory, these jobs could be done manually, but in a sizable network, it just isn't going to be logistically feasible—and wont be done.
While managing the configuration of IP phones is perhaps the most commonplace device-discovery task for Universal Port, the range of its capabilities is pretty much "the sky's the limit," according to David Boyer, senior network administrator at Iowa-based Buena Vista University, which upgraded its LAN in 2008 with Extreme's switches.