Students at the Baltimore school could log on from a friend's dorm room or a library. Professors might log on from their office or from a lecture room. With users so mobile, El-Haggan's IT organization had a hard time responding to network events.
"If we had any event we needed to track -- it could be someone hacking the system or a colleague saying he has no network access -- we wanted to find out if a switch port is alive or not. If I know that person is in this particular office and he called to tell us that, I can map that office to a switch port in a closet and resolve the problem. But if that person is calling from somewhere else on campus, it's a little bit more difficult to find their IP address."
Several months ago, El-Haggan purchased Locate, an appliance from Annapolis, Md.-based network monitoring vendor eTelemetry Inc. Locate is an agentless device that passively analyzes network packets and matches personal identifying information with IP addresses, MAC addresses and switch ports in real time. It also archives the information.
ETelemetry has patented the technology that enables Locate and has declined to actually describe how it works. But it essentially identifies who is using a specific device on a particular IP address by analyzing how they behave on the network. It doesn't rely on user authentication. It knows the user by how he or she behaves on the network and maps the person to a physical location on the network.
"Finding someone who is doing something from an IP address, trying to get this IP address mapped to a port on a switch in a closet and in which building -- it's not easily done," El-Haggan said. "It can be done, but it's labor-intensive. If you get the switch closet number, then you go there. You have to walk to the closet, use spreadsheets to find the right IP address. It's really a headache. It takes hours. With Locate, it takes just seconds."
"We can respond very quickly to events on our network, within minutes instead of hours," El-Haggan said. "If somebody tries to do something on the network, we can set it up so it sends an alert that tells us which port and which IP address they are coming from. It can give me a floor and a room number. I can really quickly respond and just shut down the port and stop the event. Whereas doing it manually would take hours."
El-Haggan said if someone is sharing music or other media files that are copyrighted, Locate allows him to identify the person, find his or her IP address and shut down the network switch port that person is using.
With Locate, El-Haggan's IT staff has not only responded more quickly to network events, but it has also improved capacity planning and scheduled downtime for maintenance. Not knowing where someone is on a network, it was difficult to know who would be affected if a certain switch was shut down for maintenance. Now El-Haggan's staff can see that information immediately and warn users or move them to another switch.
El-Haggan also now has a view into how end users utilize the university's open computer labs, which helps him plan for the management and expansion of those labs.
"We have several labs," El-Haggan said. "Each lab has 70 computers. We open the labs from 7 a.m. to 10 p.m. or midnight. Sometimes the labs have only one student user. Sometimes we have long lines of students waiting to use them."
Students signed into the labs on paper. El-Haggan's staff had no visibility into how the labs were utilized. Planning staffing and hours for the labs was difficult and making a business case for adding more labs was impossible.
With the archived data from Locate, El-Haggan knew exactly how much use the labs were getting.
"We can use the information, the login and logout and when they come in and come out, and get all the information into a database," El-Haggan said. "Then I can understand -- do I need to open a new lab? Do I need to have more lab assistants? Do I need to extend hours at certain times of the semester? This kind of analysis is very important for us. It means having a better understanding of how they are used, which means for me higher customer satisfaction, better student achievement and more efficient usage of resources."
Vanessa Alvarez, associate analyst at Boston-based Yankee Group Research Inc., said the ability to link identity to IP address will become more critical in the business world as the workforce becomes more mobile. According to her firm's most recent research, 40% of employees at large companies are either mobile or to some extent working with wireless technology.
"Now that we're moving more towards an anywhere enterprise, it's increasingly important that network managers know where their employees are if something goes wrong with a device," she said. "They need to know exactly who the user is and where he is."
Alvarez said an appliance like Locate helps network managers quickly identify who is conducting unauthorized activity on a desktop or mobile device. It also allows them to figure out where those people are accessing the network. Other vendors offer network behavioral analysis technology, but those tools look at only network behavior. They don't link that behavior to the identity of users. Network administrators have to go through reams of information to track down the users.
"It also helps for planning purposes and capacity planning," she said. "For C-level executives, they can know if this unauthorized use of bandwidth is costing the company a lot of money. And, if so, what are some of the policies that need to be put in place and who are the culprits."
Let us know what you think about the story; email: Shamus McGillicuddy, News Writer