/   Insight   /   How the IoT affects network administration

How the IoT affects network administration

/ 14 May, 2015



Cricket Liu, Chief DNS Architect, Infoblox
Cricket Liu, Chief DNS Architect, Infoblox

There’s a tremendous amount of buzz around the Internet of Things (IoT). How it will revolutionise manufacturing, agriculture, medicine, and our daily lives; the novel capabilities it will support; the new era it will herald. 

But the Internet of Things relies on networks, and networking technologies are deployed and managed by people – network administrators, in particular.  Yet in recent years network administrators have been asked to ‘do more with less’ – smaller budgets, less staff.

I’ve developed some theories about the effect the Internet of Things will have on networks and network administration. Infoblox recently commissioned a survey of networking professionals and hosted two panel discussions with customers on the Internet of Things to test some of those theories.

For the most part, the survey and these panels confirmed my suspicions.  For example, I had spoken with many customers who initially said they had no IoT devices whatsoever.  When pressed, though, and given concrete examples – networked badge readers, surveillance systems, HVAC systems, cash registers, vending machines, and so on – most realised they already had at least a nascent IoT infrastructure.  Accordingly, 75% of survey respondents reported that they already had office equipment “things” on their network, and 70% reported security “things” on their network.

I had also encountered very few IT organizations that had deployed any infrastructure specifically for IoT, from dedicated networks to management systems.  Again, our survey supported the anecdotal evidence – only 35% of respondents said they have deployed solutions specifically to support IoT.

Since, in most cases, no dedicated network infrastructure exists for IoT devices, most IT organisations relegate IoT devices to existing networks.  Only 30% of the organisations surveyed planned to create a separate logical or physical network for “things,” while 46% will attach them to the corporate network.  In our panel discussions, we found that most organisations simply dump IoT devices on existing guest wireless networks, which usually provide Internet access, which many “things” require.  However, guest wireless networks usually don’t allow access to internal resources such as domain controllers, database and file servers, which other IoT devices need. They provide little or no authentication, unpredictable performance, and no prioritisation of traffic, all of which are required by some categories of these devices.

Despite the varied requirements of these IoT devices, many IT organisations I’ve met with described having “things” that are ‘thrown over the wall’ for deployment, well after another business unit had made the purchasing decision.  Our survey bears this out:  60% of the organisations surveyed reported being brought in to support IoT devices after another organisation acquired them, and 63% reported that the subsequent deployment was more challenging than the acquirer believed it would be.

This difficulty in implementation isn’t surprising.  From our customers, we’ve learned that IoT devices aren’t that smart.  Many lack a user interface, making configuration a challenge – and often the responsibility of a network administrator, setting up DHCP options.  Many are not easily upgradeable.  Many are designed for consumer rather than enterprise deployment, and lack tools and features required for enterprise use.  A university network administrator told me about dorm networks with hundreds of Apple TVs – making Apple’s Remote iOS app nearly useless, because it presents you with a list of those hundreds of Apple TVs to choose from.  Some “things” are just designed poorly.  A network administrator for a hospital chain described an MRI system that used the same set of hardcoded IP addresses for every machine, meaning that the network administrator had to set up NAT for each MRI machine to ensure it was accessible across the network.

This same lack of capability extends to security features. Most “things” don’t support strong authentication mechanisms such as 802.1X, leaving network administrators to use their MAC addresses – or nothing – as a weak form of authentication.  Consequently, securing IoT devices’ access to the network is difficult.  Some organizations I spoke with used VLANs to isolate certain categories of “things,” but dedicating one VLAN to each type of device certainly doesn’t scale.

Our survey reiterated the concerns of our panel participants:  63% of those surveyed are concerned about the security challenges posed by the Internet of Things.

Based on our discussions and the survey results, I’ve come up with a short list of recommendations for network administrators facing an Internet of Things deployment:

  1. 1. Work to get yourself a seat at the table early in IoT deployment planning.  You should have input into the minimum network requirements of devices that you’ll have to deploy and support.
  2. 2. Those requirements should include support for 802.1X, DHCP, SNMP management, remote upgradeability, and IPv6.
  3. 3. Consider deployment of IPv6.  As you probably know, IPv4 addresses have become much more difficult to get.  Some of your “Things” may require access from the Internet or from third parties’ networks.  Don’t let your lack of routable IP address space hamper your IoT implementation.