The Challenge
Our client was in need of an expanding network and this is how we helped them. Our customer has experienced a high level of growth over the years since their network was first designed. As a result, they had a much larger user base and higher device usage on the network which led to some issues with IP utilisation. This can be a common challenge when a business goes from a relatively small setup to a more medium/large business size. The impact of this caused a lack of free IP allocation for network devices. This meant that after many devices had connected, the network was unable to accommodate any further. The network quickly filled up with a mixture of business devices and non-business devices (such as personal phones and guest user devices).
The Solution
The original network was a basic single subnet network (one IP address range). Whilst this is generally a good fit for small business, but not suitable for the growing company with an expanding network. Therefore, with increased growth and strict security requirements we now face; a change was required. We decided the best fit would be to migrate from a single network setup to multiple split networks.
Working with the client, we created new networks to act as both a Guest Wireless network and a Bring your own device or BYOD Wireless network (for personal phones/devices). We achieved this by implementing VLAN’s on the network to separate these networks from the corporate network. We applied rate limits to restrict the overall internet usage seen by devices on these networks. Then finally, we added firewall controls to limit the access in and out of these networks adding a layer of additional security.
We completed the preparation for this work without impact and deployed this outside of business hours with minimal impact in mind.
The Outcome
As a result of the work, we saw a definitive drop in the corporate network IP allocation, freeing up IP address space for additional corporate devices. This removed the likelihood of running into issues caused by running out of usable IP addresses.
In addition, we improved the security of the network. This was accomplished by providing a network for devices that are out of business control and limiting what access they have. The challenges with these devices are that you have no way to identify that they are clean from malware. Nor if they are up to date and protected against modern security threats. Therefore, by isolating these into a separate network, a layer of protection is put in place to prevent unmanaged devices from moving sideways in the environment.
Finally, by rate limiting the connections for these expanding networks we can reduce the impact on the internet line caused by non-business device usage. Also, by reducing overall usage on the internet circuit and ensuring the internet is being prioritized for business use cases. Whilst still enabling the userbase to have reliable internet access on personal devices, and reliable connectivity for guest users in the network.