Building the Intelligent Edge
Transition from simple devices to intelligent edge functionality almost complete
- By Vince Ricco
- May 01, 2014
Philosophical and physical shifts in intelligence
and management at the edge are remaking
corporate networks. A move toward
decentralization and the pushing of intelligence
to the edges are changing how companies
handle security, data and storage.
In the beginning, there was the network core, and at the heart
of the core was heavy iron, otherwise known as the “blade chassis.”
The concept was centralized management and wiring at the
inception of network switching and the dawn of hubs. IT would
invest significant resources in the core, and then sprinkle the occasional
edge switch or router on the fringe to get to those hardto-
reach desktops and printers. It was a reasonable strategy in
its day.
However, more than a decade ago, even the staunchest, heavyiron
manufacturers were looking at more intelligent edge switching
as a means of freeing up core fabric memory and CPU cycles.
The goal was to have the edge take on the role of a data super
highway. Early on, the barrier to the release and deployment of
more distributed network topology was the disruptive effect it
would have on the vendors’ then-popular products and the investments
IT had already made.
The Early Edge
The first widely-adopted, intelligent edge devices showed up in
service-provider markets; these were home routers. It is interesting
that even now there are not many noticeable changes to
home-router features. They are a little bit more secure, and there
are more configuration options, but basic NATing and firewall
functionality has not really changed.
It was not too long ago that network hardware manufacturers
made a shift to widespread adoption of off-the-shelf processors
to build their offerings. The processors contained the gamut of
Layer II and Layer III to VII functionality, and came with basic reference codes that could be used by the
vendors. The same chipsets were used by
low-cost, basic switch and router providers
and the big-league, “my-OS-is-the-only-
OS” manufacturers.
The real difference was found in the
ability of coders to make the chips dance.
Even within the same manufacturer, the
chipset would be used across multiple
product families, offering a varied level
of functionality. The real difference in the
products was the firmware and the features
it enabled.
Stage 2:
Advanced Features
The chipset’s capabilities set the stage for
the next round of edge technology. Due to
economies of scale, the Basic Layer II edge
switch supported features like SNMP, discover
protocols, data-flow sampling statistics
and more advanced discovery protocols,
like LLDP.
The significance of this is that administrators
could have greater control of network
traffic at the port level of their edge
switches and routers. In addition, the edge
switch could also discover edge devices,
such as IP-based video cameras, access
control devices, audio and video devices,
and so on.
While convergence is exploding as the
industry moves from traditional analog
technology to IP, the ability to discover
a device, make network policy based on
template rules and better manage the numerous
add-on elements is making this
process less disruptive and easier to maintain.
Auto discovery and auto policy also
helps busy administrators manage constant
moves and changes. Switch, router
and Wi-Fi manufacturers are refining this
intelligence at an unprecedented scale.
One could even consider these features as
a subset or precursor to Software Defined
Networks (SDN).
True-edge Intelligence
While this level of intelligence takes us
near the edge, exciting advances are taking
place at the actual end node, or customer
premise equipment (CPE). We
are now seeing capabilities, such as IP to
MPLS, residing directly in an end access
point. This simplifies both deployment
and maintenance concerns. We are also
seeing prebuilt, complex policies scripted
into easy-to-follow, one-click steps such
as a Voice over IP circuit or establishing a
service level for Internet access.
From a physical security perspective,
the really exciting and pertinent advances
are coming in the form of onboard storage
capabilities in IP video cameras: the ability
to upload resident programs for video analytics;
advance event triggers and traps;
and optimization agents, such as video
over Wi-Fi, that can identify itself to the
network infrastructure and allow for automated
Quality of Service settings for the
camera output.
IP video cameras are an interesting case
as they essentially become miniature PCs
with lenses and sensors. Axis cameras, for
instance, employ a Linux OS, an Apache
Web server and a user interface that is not
unlike that of a home router. This allows
for wide support of critical network requirements,
including advanced cybersecurity
protocols ranging from basic 802.1x
to RAS, and PKI and HTTPS to SLL.
The real system value that comes from
this next generation of intelligent edge
technology is the ability for IT to operate
and support a specific network OS strategy
while extending the system’s capabilities
to third-party network elements in a
secure and manageable fashion. We are
now seeing previously unparalleled cooperation
between technology partners,
who are working toward optimized and
validated solutions to provide the best in
end-customer satisfaction and experience.
IT departments looking to provide reliable
and scalable services to their organizations
in a manageable service model
need only look to vendor websites to find
a list of hardware and software technology
partnerships including servers, storage, IP
cameras, access controls, IP audio, intelligent
building automation and so on.
This article originally appeared in the May 2014 issue of Security Today.