Q&A: Managing Explosive Network Growth in Education

How one University tackled rapidly growing network traffic.

As one of the 100 largest public universities in the nation, Central Michigan University (CMU) prides itself on providing students with ultra-modern facilities and state-of-the-art technology. As a population, college students in particular are early and avid adopters of emerging technology. For example, every year the institution typically experiences a 25 percent increase in the number of mobile devices used on its network.

How did CMU tackle its staggering growth in network traffic? We asked Ryan Laus, Network Manager at the school, to bring us up to date on what factors he considered when choosing a solution.

Enterprise Strategies: What was the problem CMU was trying to solve?

Ryan Laus: With the constant proliferation of and demand for technologies such as mobile applications, wireless connectivity, and social media, our small staff needed a more effective way to monitor both internal and external threats to our network, as well as more quickly pinpoint and resolve issues affecting network security and performance. Supporting more than 28,000 students and 64,000 total user accounts across academic and administrative facilities, residence halls, and research centers, our existing technologies were no longer a match for the tremendous volume of traffic on our network.

What approaches did CMU take to solve the problem? Why weren't you successful?

As a Cisco shop, we previously monitored and solved problems on our network using a combination of our custom-built NetFlow analysis system and an off-the-shelf intrusion detection system (IDS). As the number of accounts on our network continued to grow, and as we continued to modernize our infrastructure with new technologies, our custom NetFlow analysis system was no longer effective because it only allowed us to analyze network traffic summaries as opposed to monitor traffic in real time.

Originally developed to curb the use of excessive bandwidth by students using peer-to-peer (P2P) file-sharing applications, our custom NetFlow analysis technology also became obsolete when students figured out how to bypass the system by changing their IP address, allowing them to continue to abuse their bandwidth privileges.

With our IDS, we were experiencing such high volumes of network traffic on campus that it could only monitor our academic and administrative facilities, and could not process the additional traffic volumes from the residence halls.

Overall, our network traffic volume was too much for our existing systems to handle. The existing systems basically provided us with massive amounts of data that my small team and I had to manually sort through to investigate issues and uncover each issue’s root cause. Once we began to receive complaints from the Recording Industry Association of America (RIAA) regarding the illegal music sharing practices of some of our students, we knew it was time to find a better solution for monitoring and protecting our network.

What solution did you choose and why (what were your criteria; were there any criteria you considered then decided not to measure -- that kind of thing)?

Realizing that we needed a better way to protect the network, our users and the reputation of our school, CMU eventually chose the StealthWatch system from Lancope to more comprehensively monitor and secure our network and optimize its performance. We chose StealthWatch because we needed a system that was cost-effective but also highly scalable and customizable for obtaining the best possible network visibility over our unique infrastructure. We wanted a technology that could significantly streamline both our network and security operations by leveraging the existing systems we already had in place, enabling us to work smarter and faster without sacrificing previous investments. We also needed a means of more accurately identifying user accounts that were abusing P2P applications and draining our bandwidth.

The StealthWatch unified network performance and security management system leverages NetFlow data from our Cisco routers and switches to provide us with a detailed yet understandable view of what is going on in our network at any given time. We can now identify the source of network anomalies in real time without having to manually analyze traffic patterns or incident data, and can also accurately identify machines running P2P applications.

Easily digestible charts and graphs depict for us exactly how our network is being utilized. If a user complains of a slow system, its traffic can be quickly analyzed to determine the most effective troubleshooting steps. The system also automatically elevates serious security events so we are focusing on the most risky issues first. This saves us vast amounts of time and resources and allows us to focus more attention on strategic initiatives.

The system also gives us access to historical data for baseline and troubleshooting purposes, versus our previous system, which could only store four days worth of data. Lastly, it seamlessly integrates with our Network Access Control (NAC) system, which allows us to temporarily block P2P application abusers from accessing the network as well as quarantine computers that are compromised by viruses or other security issues until they are patched. These actions prevent unnecessary drains on bandwidth and the spread of security issues throughout campus systems.

What was the impact to the organization?

Overall, our new network and security monitoring system has provided us with unprecedented visibility across our entire network, as well as allowed us to more quickly and easily uncover and respond to issues. It has enhanced our security levels, providing us with further peace of mind that we will not be the next university exposed in the news for a data compromise. It has also enabled us to improve the overall reliability and performance of the network so our students, faculty, and staff can work more efficiently.

We have reduced the amount of time and effort we spend reactively responding to issues and increased the time and focus we can devote to proactive projects that will enhance life on campus, such as further expanding wireless access. The system has also helped us to keep students’ bandwidth use to a reasonable level, as well as significantly reduce any potential issues our school might experience with the RIAA.

What best practices would you recommend based on your experience?

Before purchasing a system, estimate how much you will need the system to scale over the years, and ensure that it has the capability to do so. Our previous systems were effective for a limited period of time, but once we furnished parts of our campus with wireless access, our user base exploded and the systems could no longer handle the traffic flow.

I would also encourage organizations to look for systems that can take some of the work out of network and security monitoring. Receiving tremendous amounts of network data is only helpful if you have the manpower to sift through all of it to pinpoint issues. With our current system, we benefit from automatic threat mitigation, saving us tremendous amounts of time and effort in our fight against cyber crime.

Lastly, I would be sure that any new network or security technologies integrate with and leverage existing network technologies to protect previous investments. Our current solution leverages NetFlow data from our existing Cisco routers and switches, and also integrates with our NAC solution, cutting our hardware, software, and maintenance costs considerably.

Given what you know now, what would you do differently if you could do everything over again?

Before implementing separate systems to monitor internal and external traffic, or for handling network performance and security, I would definitely look into a solution that handles all of these aspects together in one unified system. As the worlds of consumer and corporate technologies continue to collide, the need for integrated network and security management will become even more critical across industries, but especially in education where lines are already blurred by students’ passion for cutting-edge technologies. To continue viewing these functions separately would be a disservice to both IT departments and end users.

Must Read Articles