Switches and Routers at the Heart of Security Networks (Part 1)
Submitted by Johnson Controls | Date:
Most often, corporate officials prefer to converge their security, building and other operational systems onto one large enterprise computer network. That creates a challenge for the IT department, to marry disparate systems with varying degrees and requirements of access, bandwidth and security. That challenge is typically met through the creation of sub-networks known as LANs and WANs.
A LAN is a computer network encompassing a relatively small area — usually a single building or group of adjacent facilities. Typically, IT professionals create separate LANs for systems that are bandwidth hogs, such as video surveillance and hospital medical records. Most IT professionals want some segregation of these large data packets from other building functions. However, less data-intense systems such as lighting controls and access may coexist very well on the same LAN.
In most cases, a WAN will consist of two or more LANs that span a larger geographical area.
Imagine all of the data that is required to be moved, shared and stored to operate, maintain and secure a project, such as two adjacent high-rise towers that serve as a luxury hotel and prime office building, joined by a five-level retail complex.
Behind all of the workstations, surveillance cameras, access control panels, intercoms, building management systems and their networks are two relatively inexpensive pieces of equipment — the switch and the router — that create and link all of the LANs and WANs into the enterprise network. The enterprise network as we know it would not be possible without these devices. Oftentimes, the terms switch and router are used interchangeably, but they have different uses even if they may at times be integrated into the same, single device. The feature looks at how each is used and when.
But first, let's take a quick look at a close relative — the hub, once a critical part of basic networks. Hubs are used to connect and share information between network devices. However, hubs have several major limitations. They cannot simultaneously send and receive information. Data sent from one connected device is shared with all other connected devices, including the one that sent it. Also, hubs split total network speed by the number of connected devices. As a result, hubs are rarely used in modern enterprise network-based security systems. A hub operates on Layer 1 of the open-system interconnection (OSI) model.
Established by the International Organization for Standardization, the OSI model consists of seven layers, with Layer 1 at the bottom. Layer 1, known as the physical layer, defines the relationship between a device and a transmission medium, such as copper or optical fiber.
Switches work in the same manner as hubs, but offer many more capabilities for sorting and distributing network data packets sent between devices on a LAN or WAN. A packet not only includes data, but also its destination address. For instance, switches identify the intended destination(s) of received data, such as video, sending that information only to those devices that require it.
Switches can receive and transmit data more quickly (at the same time), guaranteeing the rated network speed for each connected device. A single switch can handle hundreds, even thousands, of devices on a large enterprise network. More expensive than hubs, switches operate on Layer 2 of the OSI model; Layer-2 devices can send communications between different network devices, but cannot direct traffic to another network.
A router, simply put, has two major jobs. The first is to ensure that information is successfully delivered from one network to another. The second is to see that other connected networks do not receive unnecessary information. Otherwise, overloaded LANs and WANs could crash. Routers are located at gateways where two or more networks are connected; they use built-in tables to determine the best path for packet distribution. Like switches, routers can be operated in either a wired or wireless mode. More expensive than switches, routers operate on OSI's Layer 3, which provides the means of transferring data sequences from a source host on one network to a destination host on a different network.
So, how do these devices all fit into a modern, enterprise security/building automation system?
For one thing, switches can play a major role in helping organizations still employing analog equipment, such as surveillance cameras, make the transition to a totally IP system. A switch-based LAN moves the video through converters that digitize the data for recording and viewing across the enterprise network. As analog cameras fail, they can be replaced with IP-based models until the system is fully digital. This helps protect legacy investments and allows for a planned upgrade that fits corporate budgets. The larger and more complex a network becomes, many IT professionals look to virtual LANs (VLANs) to provide added structure. A VLAN may provide extra security for sensitive data, such as surveillance footage. It may link project work or other special jobs. VLANs can be easily created on most switches by entering parameters (name, domain and port assignments). A VLAN may contain multiple switches, and a single switch may be part of more than one VLAN. However, communications between VLANs requires a router.
Routers are not only necessary within an organization's networks — they also connect to the tens of thousands of other networks worldwide to create the Internet. That makes routers absolutely critical for logging in and remotely viewing security video or reviewing access logs from across a city or from another continent.
In some cases, IT may also employ switches and routers to create stand-alone, dedicated networks for bandwidth hogs, such as video surveillance or medical records, to limit their impact on other corporate or organizational functions.
For more, stay tuned for a couple of real-life examples!
Product Adopted:Digital Transmission
, Digital Transmission