Network Switches: Managed vs. Unmanaged
The typical small business probably has one or more unmanaged network switches to connect their PCs, servers and storage. While those unmanaged switches may still have value in parts of the network, businesses focusing on growth, flexibility, customer service and security are considering moving up the food chain to switches they can control to suit their needs and requirements.
One option for a growing company is a smart switch, or web-managed switch. It provides a greater level of manageability and more functionality than an unmanaged switch. And it can be a good choice in situations where the IT staff isn’t fully trained in networking, or where cost is a major concern.
But many small and midsize companies are moving to fully managed switches, with their full configuration capabilities, advanced security controls and sophisticated features. This type of switch gives entrée to today’s high-profile technologies, providing expanded control over how data travels over the network and who has access to it.
Managed switches provide all the features of an unmanaged switch, and more. They offer the ability to configure, manage and monitor the LAN. In short, managed switch capabilities allow IT chiefs to create a fully optimized network.
“The more a business relies on the network infrastructure being available all the time, the more it’s important not only to provision the switches but to have very granular monitoring in the switches to detect issues early and proactively manage the problems,” says Markus Nispel, vice president of solutions architecture for Enterasys. “That’s only possible with fully managed switches.”
Of course, not all fully managed switches are interchangeable. Still, all provide a baseline of functionality and compatibility with popular technologies such as virtual LANs (VLANs), unified communications, Power over Ethernet and fast Ethernet.
There are many fully managed switches available today, and some are specifically geared toward small and medium-size businesses. Among them: Cisco’s Small Business 300 Series Managed Switches and ESW 500 Series Switches; NETGEAR’S ProSafe switches; D-Link’s EasySmart and DWS lines; HP’s ProCurve line of switches; all Enterasys switches; Brocade’s FastIron, BigIron and NetIron family of managed switches; and ZyXEL’s 2000, 3000 and 4000 families of managed switches.
Bang for the Buck
One of the biggest differences among different types of switches is the level of manageability and control. While unmanaged switches have none and web-managed switches have some, fully managed switches provide the greatest level of management and control. For example, fully managed switches have a command-line interface, which networking engineers can use, along with scripting tools, to send out configurations or status updates to many devices simultaneously.
Fully managed switches also support the Simple Network Management Protocol, which allows third-party or vendor-specific network applications to communicate and provide status information on all connected devices. It enables these applications to provide a single view of the entire infrastructure, which lets a network manager proactively identify and solve problems more effectively and quickly, explains Steve Brar, global product manager for HP Networking.
The ability to prioritize traffic is a major benefit of fully managed switches. It’s one that can sway an undecided IT manager to go with a managed switch. This is especially useful when dealing with delay-sensitive or time-sensitive traffic, such as a voice conversation.
With traffic prioritization, users can be assured that Voice over IP calls are delivered without being choppy, and that video streaming is smooth. With traffic prioritization, for example, a managed switch will automatically detect that a VoIP phone is plugged into the switch, create a VLAN for it and prioritize that traffic over other traffic.
“If your switch is processing a large e-mail attachment and it can’t differentiate VoIP phone data packets, the quality of that phone call will suffer,” explains Peter Newton, director of product management at NETGEAR. “The switch has to be able to put the voice packets in front of the data packets.”
Out-of-the-Box Security and Antimalware
The full spectrum of security features embedded in fully managed switches is a major reason for many companies to consider a change. Today’s managed switches are designed to protect the network from the outside and make sure that everything is in line with the company’s security policies.
“There is security built into today’s managed switches themselves, rather than having agents or host computers trying to enforce security policies,” explains Will Brown, associate vice president for product development at D-Link. “By moving security all the way to the port, you can enforce your security policy earlier in the process. That means less damage can be done, because you can react much more quickly — at the entry point.”
Most fully managed switches have a host of security features, including Access Control Lists, which control the operations or access a given user has; and IEEE 802.1X port-based authentication, a security protocol that authenticates devices that attempt to connect to the network.
Managed switches can also authenticate a user’s antivirus status and automatically provision policies for it. Network segmentation ensures that users can access areas of the network they need to access while protecting areas that need to be protected.
Today’s fully managed switches can identify traffic down to the IP address and filter traffic based on type of application, IP address or media access control (MAC) address. They can even be set up to redirect traffic to a more desirable part of the network.
“You can configure the switch to copy incoming traffic of a specified type to a monitoring port,” Brar explains. “By using a packet analysis tool, you can identify certain traffic patterns and make better decisions on how to secure your network.”
Compatibility with VLANs and more
Finally, managed switches support VLANs, which allow a network manager to configure a switch so that it acts like two separate switches. In addition to benefits for traffic management, it’s vital to security. For example, such a switch can be set up so that the sales team can’t see the servers in the finance department.
There are many other benefits of managed switches, including:
- Link aggregation: Basically, link aggregation allows several ports to be brought together to create a fatter pipe. This helps prevent the failure of any single link, which can disrupt communication between connected devices. It also increases link capacity, which can be helpful in situations where a lot of data, video or audio must pass through the network.
- Bandwidth rate limiting: With managed switches, it’s possible to partition the amount of bandwidth that specific applications can use. This protects business-critical bandwidth from less important tasks.
- Network redundancy: With protocols such as Spanning Tree, network managers can introduce redundancy to the network so that if a switch or set of switches fails, traffic is automatically rerouted.
- Scalability with virtual IP stacking: Some managed switches can be stacked, or aggregated, to create a system that acts like a single product but has dedicated ports on the back so the switches can talk to each other. This allows a single IP address to manage the entire stack, simplifying management. It can also create higher availability and resiliency.
In addition to providing many management, flexibility and security benefits, fully managed switches are also compatible with today’s cutting-edge technologies, and many consider them a fast path to future-proofing the network.
Managed networks support VLANs, which allow users to segment infrastructure depending on their needs. Today, companies tend to have many different applications, device groups and device types attached to the infrastructure.
VLANs enable the infrastructure to be virtualized in a way that supports these different device types and user groups without having an infrastructure component for each. For example, if a switch can sense traffic for an IP phone, it can direct that traffic to the VoIP VLAN. VLANs can be segmented by IP address, physical port or MAC address.
Managed switches also provide unified communications support by managing and prioritizing VoIP traffic. This requires robust quality of service (QoS) capability, which identifies certain types of traffic and prioritizes it in the network to make sure that it’s delivered properly.
“VoIP is common today, and you have to be able to apply policies like bandwidth control and priorities to both dedicated VoIP endpoints and integrated VoIP applications on desktops, tablets and smartphones,” Nispel says. “If you have an end system that supports different applications like VoIP and data, you need to be able to assign different priorities for the different types of traffic within the managed switch.”
A switch is a switch is a switch, right? Not exactly. There are three basic kinds of network switches, each with a different set of capabilities and a different price point. Here’s how to sort them out:
- Unmanaged switches: This is the most basic type of switch. It provides basic connectivity between networked devices, such as PCs, servers and storage, at a low cost. However, these are set-it-and-forget-it switches that aren’t capable of changing settings or functions. They tend to be easy to use and best for simple connectivity.
- Web-managed switches: These switches, also called smart switches, are for networks with up to 200 computers. They have a graphical user interface with easy-to-understand controls and are managed via a web browser. They provide a lot of guidance to users and are designed for those who have no advanced network training. They can support a limited number of VLANs.
- Fully managed switches: These switches also have a GUI and use a web browser, but they also have a command line interface, which allows network engineers to create scripts to program and manage multiple switches. Fully managed switches have a full suite of capabilities including link aggregation, traffic prioritization and security features that can be used to shape the behavior of traffic on the network.