Optimizing Your
Network on a Budget
1-800-COURSES
www.globalknowledge.com
Expert Reference Series of White Papers
Introduction
The purpose of this paper is to define the issues related to optimizing an enterprise network, identify several
new network technologies related to networking, and draw some conclusions on how best to satisfy the
requirements defined. The paper uses the following format:
1. Definition of roles and examples of the relationship of corporate objectives and goals to network tech-
nology and optimization
2. Mission-critical network technology examples
3. Importance of staffing and technical certifications in network optimization, compared to out-sourcing,
and use of consultants for each technology example
4. Role of a training provider in network optimization for an enterprise with a limited training budget
The role of an Information Technology (IT) Manager in an enterprise is to implement and maintain systems
and procedures to support the operational processes and strategic initiatives of the enterprise. One of the
most important (and costly) of the managed systems is the enterprise network, including the enterprise cam-
pus network, the enterprise edge
, the service provider edge, and all the equipment and topologies that define
the network infrastructure. There are several forces that drive the process:
1. The enterprise develops new strategic initiatives that require the implementation of new technology
2. New technology is developed that offers an opportunity to lower costs, increase efficiency, or develop
new strategic initiatives
3. Growth, sometimes complicated by acquisitions, may occur
4.
Changes in operational processes (such as manufacturing or accounting) may require a change in IT
technology or networking
5. Network solutions provided by network equipment and service providers change and evolve. For exam-
ple, Service-Oriented Network Architectures (SONA) is one of the latest approaches
If numbers one and two look a bit like the classic "chicken and egg" dilemma, they are. It is never certain

Use of outsourcing, consultants, and the technical level of the network staff must be analyzed and com-
pared based on networking objectives versus cost.
A CEO of a Fortune 100 Company once said (paraphrased), "I consider Information Technology to be a weapon
in the battle to win global market share." While a firm believer in corporate missions and vision statements, the
CEO thought that an enterprise achieved success by following no more than four simply stated strategic initia-
tives. An IT or network manager in the various corporate divisions was required to understand these initiatives,
how to implement the systems to support them,
and how to optimize the network for them.
T
his had to be done
at the lowest possible cost,
because lowering costs was always one of the initiatives. Using various methods,
most enterprises work the same way. All CEOs may not be as successful in articulating the requirements as this
one was, but the idea is the same: creating identical challenges for IT and network managers.
T
he implementation of
Automatic
T
eller Machines (A
TMs) in the banking industry is a classic example of the
impact of a new strategy on technology
,
and it provides a lead-in to a description of new network technolo
-
gies and the importance of network optimization. In the early 1970s, a bank or banker (no one knows who
had the idea first) visualized a machine that would provide banking services separate from a teller window.
The vision included machines in non-traditional locations, 24-hour banking, and added services. Of course,
these are things taken for granted today.
Copyright ©2006 Global Knowledge T
raining LLC. All rights reserved.

those techniques seem archaic and costly. The question any IT or network manager must consider is, "Are the
techniques and technologies in place for the network suitable to handle a completely new corporate strategic
initiative?" In other words, is there an ATM-like project in the future for this enterprise? And if so, can it be
implemented and optimized at the lowest possible cost?
T
he previous example is a description of actual events. Several years from now, similar business cases will be
written about network technologies that are emerging now, such as IP telephony, wireless, and virtual private
networks (VPNs) related to new developments such as medical multi-media, and virtualization of business and
technology functions (SONA). Modern solutions are based on the idea that hardware, software, and network
applications are
“built-in”
to network technologies and can then be implemented (turned on) as needed.
It is
important for IT and network managers of today to avoid the technology traps shown by the banking example
.
One point becomes paramount from the information presented so far. Optimization and cost are two of the
most important items for a network manager to consider. Before any conclusions are made about the best
ways to meet optimization and cost requirements, several new and important network technologies must be
described. Each of these technologies could have an impact on optimization,
costs
, or both. The first issue is
determining if the technology is appropriate to meet the objectives of the enterprise
, and the second is having
Copyright ©2006 Global Knowledge T
raining LLC. All rights reserved.
Page 4
t
he expertise to properly plan, design, and implement the new technology into the existing network. The fol-
lowing technologies will be considered:
1. Security

policy has been defined:
1.
Secure
2. Monitor
3. Test
4.
Improve
Two elements of network security will be explored: firewalls and intrusion detection/prevention. Neither of
these is new
, but there are new features and capabilities being introduced regularly.
Copyright ©2006 Global Knowledge T
raining LLC. All rights reserved.
Page 5
The first step of the network implementation consists of four parts: user and data authentication; encryption;
vulnerability patching; and firewalling. Firewalling includes three primary functions: user authentication, denial
of service (DoS) prevention, and packet filtering. A good number of firewalling solutions offload the user
authentication to specialized servers called Authentication, Authorization, and Accounting (AAA). The DoS pre-
vention is offloaded to specialized solutions for Intrusion Detection Service (IDS) or Intrusion Prevention
Service (IPS). Firewall devices then specialize in filtering network traffic to allow only valid packets to cross
firewall interfaces.
The firewall hardware is located between the outside filter (the router connected to the Internet) and the
inside filter (the router connected to the enterprise campus). One type of firewall interface is untrusted (a De-
militarized Zone - DMZ), connected to such devices as web servers, DNS servers, E-mail servers, VPN concentra-
tors, or access servers (for dial-up users), and the connection to the Internet. Trusted interfaces are connected
either to the enterprise campus, or with application and database servers associated with the web servers on
the non-trusted interface. In a network design, the systems described in this paragraph are called the Internet
Connectivity Module and the E-Commerce Module. A firewall system should support:
1. Packet filtering (main job)
2. Network Address Translation
3. Fail-over and hot standby

VPN concentrator
,
the AAA server, and, perhaps, the Intrusion
Prevention System.
T
he ASA 5500 has the following abilities:
Copyright ©2006 Global Knowledge T
raining LLC. All rights reserved.
Page 6