Management Network
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Management Network

  1. #1
    Member
    Join Date
    Jan 2004
    Posts
    33

    Question Management Network

    I wanted to open this thread to discuss the benifits to having a "Management network". I have heard this term used loosely and in regards to several different elements almost like a catch all buzz word........When I try to find a way to define it I can not. When I try to justify the existance of a seperate network that handles administrative traffic I can not get my mind around it.
    Is there anyone who has this implemented and can illustrate its usefullness for me?

    Thanks all....There really is an awesome brain trust here.

  2. #2
    Hmm...I'm not sure I follow you...Could you elaborate perhaps?

    From what I gather so far, you're referring to a network set aside from the main corporate network to be used by management only? If that's the question, then consider:

    1) Speed. A seperate LAN or subnetwork dedicated to management would be free of traffic from other departments/staff. Since managers of all types rely on speed for their work, this is no doubt advantageous. If the corporation is large enough, it may need a dedicated network for managment traffic only.

    2) Security. A seperate LAN/subnetwork for management would also be more secure than including its traffic with the rest of corporate traffic. It would further ensure that unauthorized staff could not gain access to sensitive data on the management-level network, by accident or by more sinister means.

    3) Organization. This relates relates to both points (1) and (2). In a large corporation with many departments and subdivions as well as multiple layers of management, having seperated networks and subnetworks can aid with the overall organization and necessary separation of different kinds of corporate data. It's like roads within your state -- each city has it's own unique road system catered to its specific local traffic level and needs, rather than one mess of roads designed with no more detail in mind than the entire state's needs.

    I hope that's the down the lines of what you're shooting for, forgive me if I'm going in the wrong direction...

  3. #3
    Senior Member
    Join Date
    Jun 2004
    Posts
    281
    Angelic did a good job with a the question on how it was given (nice work Angelic) however I have only heard Management Network in another way. I have heard management network as a network of people, computers, paper, articles, picture etc. all organized by a main control point and hence you have a management network.

    I am sorry if this is completely different from what you are trying to get at but that is my take on the subject.

    To have a network specifically set aside for management does seem slightly wastful. However if that network will increase productivity beyond the amount paid for it then it is worth it. I am not sure how much more will get done or how much more secure the management network described above would be.

    - MilitantEidolon
    Yeah thats right........I said It!

    Ultimately everyone will have their own opinion--this is mine.

  4. #4
    Well, what you're describing is what a true MIS is (Managment Information System -- what I have a degree in ). In a huge corporation, you may very well have a network for every level, starting with a TIS (Transaction IS -- if memory serves correct -- been a while since I was in the class that discussed that) on up through the ranks to MIS. Let's see...trying to churn around my head for stuff I need to remember from my classes...on the executive level, you may even have what I think is called a DSS (Decision Support System)...bear with me, it's been a while since I had to remember this for a test.

    Anyway, I think this kind of stuff is definately geared towards the big corporations though -- the ones with thousands of staff to organize and communicate with. So your MIS (or management network) would be for only your uber 1337 people.

  5. #5
    Member
    Join Date
    Jan 2004
    Posts
    33
    Knight-- "IT" in my case is on a separate subnet and is isolated from the other elements of the business and yet is part of one VLAN. When mitigating security risks for 'SNMP vulnerabilities' one of the documented mitigating factors is to create a "management network". Another example is when setting up an IDS system with centralized logging, recommendations includes making the centralized log server a part of the "management network".
    This may be a matter of semantics. This is what I am trying to figure out :-). Your explanation makes sense and it is the path I am going down, but I want to make sure there are others that are defining this the same as I am interpreting it. If this is not the case then I need to be educated.

  6. #6
    Ok, well "management network" is indeed a fuzzy term with lots of room for leeway, so it could mean any number of things. Now if you ever hear "MIS", it's either a managers-only network or an accounting network (going by academic textbook definitions, anyway).

    So let me see if I'm following you a little better now -- The network in question here sounds like it's for the IT staff only, and in existance for the sole purpose of manageing security (IDS, log watching, etc.). Sort of like one network policing the others perhaps?

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Hosting providers, for example in colo situations, often have such "management" networks.

    The advantages are:

    - Bandwidth contention - "management" traffic does not interfere with "front door" traffic for things like web and email.
    - Bandwidth charging - if the provider is charging for bandwidth, you won't want to get charged for the provider's own systems monitoring your kit, right?
    - Security - some protocols might be enabled on the management network that aren't on the public network (although of course a firewall could distinguish them anyway)

    These management networks are typically used for monitoring, backups, and other systems management purposes either by the customer or the provider (in the case of managed systems).

    In the case of networked backups, it's quite useful to have separate network hardware for backups, because they tend to create a large amount of traffic which can "max out" the network interfaces delaying other traffic.

    Under some circumstances there might be a different route into such a management network, for instance dial-up (although these days a VPN is more likely)

    Slarty

  8. #8
    Senior Member
    Join Date
    Jun 2004
    Posts
    281
    I am still trying to understand what you are getting at. Are talking about putting your IT staff on a separate network just so they can manage it the IT functions of the business?


    [edit] I see I am not the only one wondering [/edit]

    - MilitantEidolon
    Yeah thats right........I said It!

    Ultimately everyone will have their own opinion--this is mine.

  9. #9
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    What Slarty said...
    (I'd have greened Slarty's post to give value but I'm maxed out on Slarty )


    Ammo
    Credit travels up, blame travels down -- The Boss

  10. #10
    Member
    Join Date
    Jan 2004
    Posts
    33
    Ok, here is a good example of bad security. Telnet is being used by the network admins to connect to the routers on the network (Please hold the boo's til the end). Having over 100 devices to change over to ssh and implement an authenication method will take a significant amount of time to coordinate with networking.....Y, because they are resisting the change........
    Anyway, from the sounds of some things I was reading there was a "silver bullet" that I could put in place to limit the netwrork traffic and mitigate the risk of some of this clear text traffic IT is creating (a management network).
    It could help with management of the SNMP traffic and IDS logging.
    From the sounds of the folks in the thread, this silver bullet is a flight of fantasy.....not reality. In trying to look at all my options I was hoping to use the management network as a layer to protect the IT department from Telnet and SNMP traffic being grabbed, but I now see so many things wrong with this theory.
    I think in this case the confusion I have caused is because a management network just does not do what I thought it would. I appreciate the input and your sharing my state of confusion.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •