New monitoring technology helps university find mobile users

With students and professors so mobile on his campus, a university CIO adopted a new monitoring technology to identify users and better understand network behavior.

At Coppin State University, Dr. Ahmed El-Haggan, the school's vice president of IT and CIO, was challenged by the highly mobile nature of his end users.

Students at the Baltimore school could log on from a friend's dorm room or a library. Professors might log on from their office or from a lecture room. With users so mobile, El-Haggan's IT organization had a hard time responding to network events.

They need to know exactly who the user is and where he is.
Vanessa Alvarez
associate analystYankee Group Research Inc.
Understanding how a network is performing is one thing, but understanding where users are and how they're affecting network performance was something his staff just didn't have the time to do manually. Finding the location of users who were experiencing or causing problems on the network could take hours as network administrators tried to map each event.

"If we had any event we needed to track -- it could be someone hacking the system or a colleague saying he has no network access -- we wanted to find out if a switch port is alive or not. If I know that person is in this particular office and he called to tell us that, I can map that office to a switch port in a closet and resolve the problem. But if that person is calling from somewhere else on campus, it's a little bit more difficult to find their IP address."

Several months ago, El-Haggan purchased Locate, an appliance from Annapolis, Md.-based network monitoring vendor eTelemetry Inc. Locate is an agentless device that passively analyzes network packets and matches personal identifying information with IP addresses, MAC addresses and switch ports in real time. It also archives the information.

ETelemetry has patented the technology that enables Locate and has declined to actually describe how it works. But it essentially identifies who is using a specific device on a particular IP address by analyzing how they behave on the network. It doesn't rely on user authentication. It knows the user by how he or she behaves on the network and maps the person to a physical location on the network.

"Finding someone who is doing something from an IP address, trying to get this IP address mapped to a port on a switch in a closet and in which building -- it's not easily done," El-Haggan said. "It can be done, but it's labor-intensive. If you get the switch closet number, then you go there. You have to walk to the closet, use spreadsheets to find the right IP address. It's really a headache. It takes hours. With Locate, it takes just seconds."

"We can respond very quickly to events on our network, within minutes instead of hours," El-Haggan said. "If somebody tries to do something on the network, we can set it up so it sends an alert that tells us which port and which IP address they are coming from. It can give me a floor and a room number. I can really quickly respond and just shut down the port and stop the event. Whereas doing it manually would take hours."

El-Haggan said if someone is sharing music or other media files that are copyrighted, Locate allows him to identify the person, find his or her IP address and shut down the network switch port that person is using.

With Locate, El-Haggan's IT staff has not only responded more quickly to network events, but it has also improved capacity planning and scheduled downtime for maintenance. Not knowing where someone is on a network, it was difficult to know who would be affected if a certain switch was shut down for maintenance. Now El-Haggan's staff can see that information immediately and warn users or move them to another switch.

El-Haggan also now has a view into how end users utilize the university's open computer labs, which helps him plan for the management and expansion of those labs.

"We have several labs," El-Haggan said. "Each lab has 70 computers. We open the labs from 7 a.m. to 10 p.m. or midnight. Sometimes the labs have only one student user. Sometimes we have long lines of students waiting to use them."

Students signed into the labs on paper. El-Haggan's staff had no visibility into how the labs were utilized. Planning staffing and hours for the labs was difficult and making a business case for adding more labs was impossible.

With the archived data from Locate, El-Haggan knew exactly how much use the labs were getting.

"We can use the information, the login and logout and when they come in and come out, and get all the information into a database," El-Haggan said. "Then I can understand -- do I need to open a new lab? Do I need to have more lab assistants? Do I need to extend hours at certain times of the semester? This kind of analysis is very important for us. It means having a better understanding of how they are used, which means for me higher customer satisfaction, better student achievement and more efficient usage of resources."

Vanessa Alvarez, associate analyst at Boston-based Yankee Group Research Inc., said the ability to link identity to IP address will become more critical in the business world as the workforce becomes more mobile. According to her firm's most recent research, 40% of employees at large companies are either mobile or to some extent working with wireless technology.

"Now that we're moving more towards an anywhere enterprise, it's increasingly important that network managers know where their employees are if something goes wrong with a device," she said. "They need to know exactly who the user is and where he is."

More on monitoring tools
Monitoring technologies making headway with CIOs

Business activity monitoring tools now critical to financial firms
George Hamilton, a director at Yankee Group, said mobile users are logging on from home and from airports. "They can be anywhere and behavior patterns can be unpredictable. It's hard for IT to optimize the network infrastructure when behavior is so wild. It's important to build a baseline of behavior and watch for meaningful change in that behavior. But it's also important to know who these individuals are. Are they trying to access things they're not supposed to be accessing? It's important to know who these users are, who's using the most bandwidth, and what are they chewing up that bandwidth with."

Alvarez said an appliance like Locate helps network managers quickly identify who is conducting unauthorized activity on a desktop or mobile device. It also allows them to figure out where those people are accessing the network. Other vendors offer network behavioral analysis technology, but those tools look at only network behavior. They don't link that behavior to the identity of users. Network administrators have to go through reams of information to track down the users.

"It also helps for planning purposes and capacity planning," she said. "For C-level executives, they can know if this unauthorized use of bandwidth is costing the company a lot of money. And, if so, what are some of the policies that need to be put in place and who are the culprits."

Let us know what you think about the story; email: Shamus McGillicuddy, News Writer

Dig deeper on Other industries

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close