Media conversion is a critical network function for growing data centers, but too many purchase decisions are based solely on data sheet information or worse yet, from price lists. There is a difference in media converters and a strategic way to plan and implement them. The always increasing demand on data center networks requires constant upgrades to network size, reach and throughput levels. Trends such as virtualization, big data, cloud access and mobility are key factors behind an increase in demand for data center bandwidth. In this scenario of rapid change, media conversion is more important than ever to ensure connectivity, rapid service turn up and to maximize the cable plant investment.
This seven-part blog series will provide a glimpse beyond the speeds and feeds to other key factors data center operators need to consider when adding or expanding a media conversion system.
Today's topic: Keep Management Data Secure
In my previous blog posts, I’ve talked about media conversion at the physical layer and how to use optical time-domain reflectometer (OTDR)-equipped small form-factor pluggables (SFP) to detect fiber breaks. Today I want to talk about keeping management data safe.
When it comes to data integrity in media conversion, it is important to evaluate the security of network management data. Access to management data, while not compromising the integrity of the data itself, allows hackers to change configurations and potentially redirect data flows. Certainly a big part of protecting management data lies in ensuring that the network is physically secure; that access to network management consoles are restricted.
But the management system itself must also provide security. The first step is to ensure that system access is restricted by passwords and that access is recorded and available for investigation if necessary. This authentication must extend to all methods of access including remote web or telnet log-ins.
The next big part of a secure management system is protecting the data while in transit. Management systems should look for support of secure sockets layer (SSL) or secure shell (SSH & TLS) encryption on all management connections. Like most encryption schemes, an SSL connection is secured through the exchange of public and private keys. SSH works similarly but it encrypts the data twice requiring hackers to break two 128-bit codes before gaining access to the underlying data. Other secure management tools to look for could include a Management VLAN, support for 802.1x/RADIUS, and ACL Rules.
This best practice, combined with products that are designed with the right network technology, can make the correct media conversion decision a lot easier. Stay tuned for more best practices on how to build the most strategic solution.