Seemingly taking a page from Cisco Systems's playbook, Hewlett-Packard on Monday introduced a network planning and design blueprint for enterprise customers.
Dubbed Adaptive EDGE Architecture, HP's strategy conjures memories of San Jose, Calif-based Cisco Systems' successful Architecture for Voice, Video, and Integrated Data (AVVID), which was introduced in September 2000. Like AVVID, HP's strategy defines a single network that is multiservice running voice, data, and video.
Additionally HP's new design preaches security and mobility and focuses on the use of network applications, such as VoIP (voice over IP).
According to Brice Clark, worldwide director of strategy for HPS' ProCurve Networking business, security and mobility are "urgent needs for enterprises."
"Enterprises want to add more intelligence to the edge of their networks to manage security and deploy new applications," says Clark. "Networks today are supporting a broader range of data, not just databases."
Under the strategy, a network can be secured and a user's access to network services and resources can be personalized all the way from the device where a PC or other client device meets the network, according to HP. Companies also will be able to prioritize voice conversations and video sessions all the way across the network using HP edge switches that can recognize types of traffic that need special treatment.
This kind of capability traditionally has been located on relatively expensive devices at the core of a LAN. HP wants to let companies easily define network rules and enforce them on affordable hardware, Clark said.
It's almost an inside-out reversal of how we've thought about networks traditionally," Clark said.
Two key pieces of the strategy are RADIUS (Remote Authentication Dial-In User Service) technology for authenticating users and the IEEE 802.1x standard for port-based access control.
A central database will provide the brains in the architecture, holding information about what groups the user belongs to and what resources he or she should be able to access. When a user logs in to the network, the switch will get information from the central database that is then translated into specific network commands that the switch uses to configure the port.
HP already offers an AAA (authentication, authorization, and accounting) server that could be used for these profiles, but the information also could be attached to an Oracle human resources database, for example, he said. That might make it easier to change an employee's privileges upon hiring, transfer, or resignation, he added. The system can be implemented on many different kinds of databases as long as they support RADIUS and 802.1x, he said.
With network privileges enforced at each port, unauthorized users get cut off right at the edge of the network. In addition, administrators will be able to set up special profiles for visiting partners or customers who want to use the LAN but shouldn't see everything on it, Clark said.
The idea is to shift from giving users network rights based on where they are, such as at a certain port where the PC is always plugged in, to giving them rights based on who they are -- even if they're accessing the network from a remote location, he said.
LAN switching has become more complicated with the need to give many different kinds of users secure access to the LAN from any location, said Vijay Bhagavath, an analyst at Forrester Research, in Cambridge, Mass.
"Security has to be designed into the network's architecture, and the best place to design security and mobility is the edge of the network," Bhagavath said. For one thing, port-based access control helps prevent DoS (denial of service) attacks because it won't let a stream of unauthorized packets clog the part of the network between the entry port and a firewall, he said.
HP's plan for traffic prioritization could help midsized enterprises by giving them the infrastructure to integrate voice calling into the data network, said Paul Strauss, an analyst at IDC, in Framingham, Mass. For example, a computer telephony system in a distributed organization could make it much easier for employees to make calls, he said. However, quality of service is key.
"You can hear any delays, so it has to be prioritized. It has to be built into the system and provided relatively inexpensively," Strauss said.
Aspects of the edge networking architecture already exist in some HP products today, Clark said. For example, administrators can manually assign a user to a virtual LAN and use 802.1x to enforce that assignment.
Products built to support the full strategy will be rolled out in several phases over the course of this year, with a first generation that supports one or two types of databases and future phases that support more, he said.
Also Monday, HP introduced a wireless LAN access point that includes 802.1x access control. The HP ProCurve Wireless Enterprise Access Point 520wl has two CardBus slots that can be used for a variety of different wireless LAN technologies. It can be equipped with the HP ProCurve Wireless 802.11b Access Point Card 150wl and is already equipped for the addition of a card that uses IEEE 802.11a technology, which operates on a different radio band, Clark said. Companies also can buy the same access point for facilities around the world and install cards that meet each region's requirements, he added.
The 802.1x-equipped access point could help to secure corporate LANs at facilities where wireless LAN access is provided in an atrium or other public space, Forrester's Bhagavath said.
The Access Point 520wl carries a list price of $699, and the Access Point Card 150wl is priced at $119. A Range Extender Antenna 100wl also is available, priced at $139. All the products are available now.