The daily life of IT maintenance of the City of Espoo has become considerably easier.

What makes a good modern LAN? – In Espoo, an upgrade made the daily life of IT maintenance easier

Today, connectivity is a commodity such as water or electricity – it is expected to work as reliably and simply as a tap or a plug.

The local area network, or LAN, is the point where devices connect to the Internet. It can be at home, at school or in the office – even at traffic lights or in a data center. There is no connectivity if the LAN does not work. Therefore, it is important to be able to connect to the network easily, regardless of location or time.

“A modern LAN is fast and robust. It guarantees reliable and smooth connections in all situations,” says Matti-Pekka Liimatainen, Systems Engineer at Aruba.

The City of Espoo has for a long time used the DNA LAN service implemented with Aruba technology. Now, the city has also brought into use the DNA Access Management powered by the Aruba ClearPass solution. The difference is significant compared to the previous model, where all network connections were still port specific.

“In the old LAN, connections had to be configured manually. ClearPass recognizes all the devices, so that they connect to the right network. This simplifies maintenance, as it is now known what devices are on which network, and it is not possible for hackers to use unknown devices as an attack surface,” says Vili Hamarila, Technical Architect, DNA.

With ClearPass, connections can be configured in the switch port dynamically and on a per-user basis. Network access is role-based and it relies on the identity of the device or user. The organization can decide and configure how the network functions for different users.

“For example, configurations can be made so that a workstation always has access only to a specified workstation network, and an unknown device cannot access the internal network or services. In principle, the Zero Trust model does not trust the devices connected to the network, but each of them must be identified. The network has so to speak a concierge that goes through a checklist and directs each device to the correct network,” Liimatainen illustrates.

In Espoo, this is reflected, for example, in schools so that the equipment for teaching and administrative work is separated in different networks, which ensures that students cannot access information that only applies for teachers and principals.

If a particular device unexpectedly behaves in an atypical manner, it can even be moved to an isolated area in the network. In addition, content can be filtered in various ways, and, for example, traffic to malicious sites can be restricted.

Versatile security and updates without service interruptions

In a modern local area network, automation can be used to ensure that the network configurations are both correct and optimal for each end-device. For example, business-critical services can be given priority in network traffic.

“If the network’s capacity is temporarily congested, the configured services can be let to pass, a bit like a fire truck in traffic,” Liimatainen says.

Another novelty are tunneled networks that adapt to the local area network. The configurations for the connected devices will always be correct and the user can access the network both wirelessly and via wires.

The daily life of IT maintenance of the City of Espoo has become considerably easier also thanks to software upgrades and fixes taking place successfully without interruptions.

When more and more accurate data on equipment traffic can be collected, it’s easier to anticipate problems and prepare for challenges and growth needs.

“Thanks to a dynamic and role-based access control policy, new devices can now be deployed in an agile manner, without a need to configure each one individually. In the future, as the number of devices connected to the network and especially of IoT devices under the municipality’s responsibility increases, such a solution will bring important flexibility,” says Hamarila.

As the performance of equipment increases and end-devices generate more traffic, the more traffic data can be collected and the more accurate the data becomes. At the same time, it is easier to anticipate latent problems ahead, but also to prepare for tomorrow's challenges and growth needs.

“It’s important to get the most out of expensive investments in network equipment. This way the network works efficiently and offers the best possible user experience. Devices equipped with the latest technology are even able to use all their features online,” says Hamarila.

According to Matti-Pekka Liimatainen, the access control service and the new management tools complement the local area network very well and provide a necessary addition for all types of companies, regardless of the industry.

“Similar problems apply to municipalities and corporate networks. In many places, the LAN is still implemented with a traditional model, with previous generation’s management tools and without access control. However, the old, wired LAN is an open, free network that any device can access, and it is not possible to know what exactly is connected. With the help of access control the users can be identified and it’s possible to determine which devices can access what. It also enables automated network maintenance and provides visibility to the network. The new generation LAN also has a very long lifecycle, which means that it is a very cost-effective solution,” Liimatainen reminds.

In this video, Matti-Pekka Liimatainen from Aruba and Vili Hamarila from DNA talk more about modern local area networks and efficient access control, which guarantee reliable and smooth connections:

Want to find out more about LAN services and access control? Contact us!