In our ongoing blog series covering the “must-haves” for a true enterprise Passive Optical LAN, I first covered Bridging, Port Isolation and Port Security, then I discussed the critical needs for LLDP, E911 and Source Multicast Streams. Now, I need to add the equally important Network Access Control and 802.1x, Geo-Redundant OLT protection and Publicly Accessible System and Security Test Results.
Your LAN requires Network Access Control (NAC) and IEEE 802.1x.
- Cybersecurity is top-of-mind of all IT professionals today and unfortunately humans are the leading cause of security breaches. Therefore, you need to trust your Passive Optical LAN system supports sophisticated Network Access Control, including security protocols like IEEE 802.1x, that all together unifies endpoint security technology, authentication, authorization and network security enforcement. Furthermore, your enterprise LAN must support integration with best-of-breed security policy providers, such as:
- ForeScout CounterACT
- Juniper Unified Access Control (UAC)
- Cisco Identity Services Engine (ISE)
- HP/Aruba ClearPass Policy Management
- Microsoft Network Policy Server (NPS)
- You should ask your Passive Optical LAN equipment vendor to provide you with their advanced security design guidelines and their LAN hardening procedures. Not supporting these Network Access Control security functions adds unnecessary risk that can cost your company millions of dollars if a breach occurs.
Your LAN also needs to support Geo-Redundant OLT protection for ultimate High Availability.
- Your enterprise LAN must be a High Availability system. Hundreds of thousands of dollars are lost every year due to hours of extended downtime. For your critical network needs, you need a system that provides a standards based (e.g. ITU Type-B PON redundancy), geographically-redundant OLT protection offering 99.9999% network uptime, and less that a 2-second failover across a 6,000+ port network.
- Anything less for your critical LAN needs just will not suffice.
Your LAN must be backed by Public Accessible System and Security Test Results.
- Wouldn’t you want your enterprise LAN system hardware and software to be certified by the U.S. Department of Defense (DoD) rigorous testing known as Joint Interoperability Test Command (JITC) and for it to have received Information Assurance (IA) accreditation in accordance with the DoD and met strict Risk Management Framework (RMF) for DoD Information Technology (IT)? All of these test results are readily available for the Tellabs Optical LAN systems through JITC.
- Thinking about how your LAN system may be HIPAA compliant (e.g. healthcare electronic medical records) and/or PCI compliant (e.g. retail point of sale activities) this 3rd party test confirmation becomes imperative. With all the different risks your LAN is exposed to with BYOD, and guest systems, why would you settle for a less secure non-accredited LAN system and put you, your employees and your company at greater risk?
To learn all about True Enterprise Optical LAN Must-Have features, you can read our comprehensive white paper on the topic.