Building the Intelligent Edge

Transition from simple devices to intelligent edge functionality almost complete

• By Vince Ricco
• May 01, 2014

Philosophical and physical shifts in intelligence and management at the edge are remaking corporate networks. A move toward decentralization and the pushing of intelligence to the edges are changing how companies handle security, data and storage.

In the beginning, there was the network core, and at the heart of the core was heavy iron, otherwise known as the “blade chassis.” The concept was centralized management and wiring at the inception of network switching and the dawn of hubs. IT would invest significant resources in the core, and then sprinkle the occasional edge switch or router on the fringe to get to those hardto- reach desktops and printers. It was a reasonable strategy in its day.

However, more than a decade ago, even the staunchest, heavyiron manufacturers were looking at more intelligent edge switching as a means of freeing up core fabric memory and CPU cycles. The goal was to have the edge take on the role of a data super highway. Early on, the barrier to the release and deployment of more distributed network topology was the disruptive effect it would have on the vendors’ then-popular products and the investments IT had already made.

The Early Edge

The first widely-adopted, intelligent edge devices showed up in service-provider markets; these were home routers. It is interesting that even now there are not many noticeable changes to home-router features. They are a little bit more secure, and there are more configuration options, but basic NATing and firewall functionality has not really changed.

It was not too long ago that network hardware manufacturers made a shift to widespread adoption of off-the-shelf processors to build their offerings. The processors contained the gamut of Layer II and Layer III to VII functionality, and came with basic reference codes that could be used by the vendors. The same chipsets were used by low-cost, basic switch and router providers and the big-league, “my-OS-is-the-only- OS” manufacturers.

The real difference was found in the ability of coders to make the chips dance. Even within the same manufacturer, the chipset would be used across multiple product families, offering a varied level of functionality. The real difference in the products was the firmware and the features it enabled.

Stage 2: Advanced Features

The chipset’s capabilities set the stage for the next round of edge technology. Due to economies of scale, the Basic Layer II edge switch supported features like SNMP, discover protocols, data-flow sampling statistics and more advanced discovery protocols, like LLDP.

The significance of this is that administrators could have greater control of network traffic at the port level of their edge switches and routers. In addition, the edge switch could also discover edge devices, such as IP-based video cameras, access control devices, audio and video devices, and so on.

While convergence is exploding as the industry moves from traditional analog technology to IP, the ability to discover a device, make network policy based on template rules and better manage the numerous add-on elements is making this process less disruptive and easier to maintain. Auto discovery and auto policy also helps busy administrators manage constant moves and changes. Switch, router and Wi-Fi manufacturers are refining this intelligence at an unprecedented scale. One could even consider these features as a subset or precursor to Software Defined Networks (SDN).

True-edge Intelligence

While this level of intelligence takes us near the edge, exciting advances are taking place at the actual end node, or customer premise equipment (CPE). We are now seeing capabilities, such as IP to MPLS, residing directly in an end access point. This simplifies both deployment and maintenance concerns. We are also seeing prebuilt, complex policies scripted into easy-to-follow, one-click steps such as a Voice over IP circuit or establishing a service level for Internet access.

From a physical security perspective, the really exciting and pertinent advances are coming in the form of onboard storage capabilities in IP video cameras: the ability to upload resident programs for video analytics; advance event triggers and traps; and optimization agents, such as video over Wi-Fi, that can identify itself to the network infrastructure and allow for automated Quality of Service settings for the camera output.

IP video cameras are an interesting case as they essentially become miniature PCs with lenses and sensors. Axis cameras, for instance, employ a Linux OS, an Apache Web server and a user interface that is not unlike that of a home router. This allows for wide support of critical network requirements, including advanced cybersecurity protocols ranging from basic 802.1x to RAS, and PKI and HTTPS to SLL.

The real system value that comes from this next generation of intelligent edge technology is the ability for IT to operate and support a specific network OS strategy while extending the system’s capabilities to third-party network elements in a secure and manageable fashion. We are now seeing previously unparalleled cooperation between technology partners, who are working toward optimized and validated solutions to provide the best in end-customer satisfaction and experience.

IT departments looking to provide reliable and scalable services to their organizations in a manageable service model need only look to vendor websites to find a list of hardware and software technology partnerships including servers, storage, IP cameras, access controls, IP audio, intelligent building automation and so on.

This article originally appeared in the May 2014 issue of Security Today.