The wicked get no rest. Nor does the network. While infrastructure spending is usually among the first things to be sacrificed when belts are tightened, this time corporate network investment has continued, albeit in a smarter, more creative and more economical way.

Networks are being asked to handle more traffic than ever, thanks to the growing popularity of IP-enabled services such as telephony, printing, video conferencing and of course internet communication.

Despite this pressure, migration to the next stage of wired networking, Gigabit, is far from being a no-brainer.

While investment in networking technology continues, there have been some high-profile casualties, particularly among companies that had been working on grandiose infrastructure projects. "The big, sexy projects were all killed off," stated AMR Research's chief technology officer Scott Lundstrom.

Yet work remains to be done, and snapshots of budget sentiment, such as the May 2002 instalment of the monthly Morgan Stanley Chief Information Officer Survey, indicate that panic-induced cutbacks are on the wane.

"When you look at network spending as a percentage of the overall IT budget, it still continues upward. To cut costs, companies are automating more and more processes. The direct impact is that it generates more network traffic," explained Jerald Murphy, senior vice president and service director at Meta Group.

In essence, rather than capitalise on a single, 'can't-miss' technology initiative, the pressure for network managers is on keeping the masses connected to many things, quickly and reliably. "The vast majority of network groups are looking at three things: security, stability and storage," said Lundstrom.

The conventional wisdom is that, because networks were torn out and replaced with shiny new 10/100 gear during the spending frenzy that preceded the year 2000, they are still relatively unencumbered.

"Most networks today are nowhere near to being saturated," insisted Randy Smith, security portfolio manager at 3Com.

That's not to say that network upgrades, and gigabit upgrades in particular, are not climbing. According to In-Stat MDS, shipped Ethernet ports worldwide grew 10 per cent in 2001. Sixty per cent of companies participating in Morgan Stanley's panel have already installed Gigabit at some point within the network.

Smarter routing, packet queuing, quality of service grading and generally better control of port flow is the order of the day. Sophisticated switches with some management capability continue to come down in price, and vendors such as Packeteer and NetReality are trying to steal thunder from the network giants by perfecting traffic management platforms.

Consider the Venetian Resort Hotel and Casino in Las Vegas. With 1,100 computers and nearly 4,000 total devices on his network, IT director Steve Vollmer claimed that his network is still only at 20 per cent maximum load.

"From server to core, we're using Gigabit but, from then on, 100Mbits to the workstation is working fine for us," he said. "We have a large architectural staff and advertising team that use it heavily and we still have no problem."

For the unconvinced, there is always a better deal tomorrow. John McHugh, general manager of Hewlett Packard's ProCurve networking business, predicted that, as the price gap between Gigabit and 10/100 nears the 25 to 30 per cent mark, companies will feel compelled to make a move.

In the meantime, consider taking a close look at wide area network (Wan) links, rather than worrying about local area network (Lan) saturation that does not exist.

"It used to be that the bread and butter for enterprises was frame relay at fairly low speeds, 56Kb to 64Kb per location, but network bandwidths are being doubled and quadrupled," explained Gartner research director Jay Pultz,.

What the telcos are up to

While negotiating those upgraded links, keeping a wary eye on telecoms partners is a critical part of managing the network.

The search for multi-carrier backbones, or at least a reliable secondary connection to the outside world, is being driven by the concern that a high-profile failure such as that of Global Crossing or KPNQwest, could take down a network.

In a survey of more than 400 IT decision makers by In-Stat MDS, 40 per cent cited telecoms provider liquidity as a major consideration.

The curious crossover between the state of IP telephony and a realistic attitude towards capital investments has resulted in a technology that may not become mainstream until traditional PBXs reach the end of their life.

The market for overall phones is still quite small - In-Stat MDS sees just over 10 per cent growth - so do not expect to be forced to choose soon.

"The traditional phone system stays around for another 10 years or more, but you don't want to be investing in older technology," said Pultz. Fortunately, the long life span of telecoms equipment lends itself to a wait-and-see strategy.

"It's clear that it's going to be your only choice but, in terms of business benefits and features I didn't have before, it's hard to make a business case for VoIP," he added.

Fewer than 10 per cent of respondents on In-Stat's Lan research panel use IP telephony. Even among enterprise-class companies, which usually have the resources and size to make IP telephony worthwhile, fewer than one in six has made the move.

Sixty per cent say it is not on the table, while 27 per cent have the technology under the microscope.

Furthermore, among those unwilling to deploy IP telephony, most said they were simply underwhelmed by the products on offer. Just over a quarter of non-adopters also remarked that they lacked the budget for such a project, and one-third said that their telephone system did not need replacing.

Still, IP telephony has strong supporters. Lundstrom reported that AMR, whose business is inherently phone-intensive, has saved 35 per cent on telecoms by switching to IP telephony for its distributed offices. "The only thing we spend more on than telecoms is salaries, so it's a huge saving for us," he said.

But he warned that success is not easily duplicated, certainly not by installing just any network for a multi-site organisation. "You have to be able to guarantee quality, and that means dedicated frame or ATM between offices," he pointed out.

The PBX is not the only place where traditional copper is being moved aside. As companies look to improve both the reach and the security of remote user access, broadband and the virtual private network (VPN) are pushing traditional remote access dialup banks out of the picture.

Now that VPN gateways have become a set-and-forget proposition, and client access a standard part of Windows, the move makes sense. "Most will be carrying legacy intranet access for some time," said McHugh.

Yet the familiarity of copper lines, often protected only by a text password, is giving way to the promise of improved access and 128-bit encrypted security via a VPN.

"You're starting to see a shift from seeing VPNs as a big security risk to recognising that having a centralised structure and global security is potentially more powerful than having this little dial-up in the data centre," said McHugh.

Low-cost workgroup VPN gateways also make it practical to omit dedicated national and international frame connections in some cases. A subsidiary of US hospitality giant Hyatt recently dumped its paper and dial-up synchronisation infrastructure for broadband links and a single Nokia VPN appliance at each location.

The new network consists of a secure, constant connection between more than a dozen remote offices and the Chicago data centre. Even counting hardware cost and consulting time, the project cost barely more than £7,000 per site.

Secure knowledge

VPN is an easy technology to love because, when done properly, it improves both security and remote access. Not all network security matters are as tidy.

"Security has more to do with disgruntled employees than with terrorism," explained Lundstrom. "Most organisations have reduced headcount and have determined how exposed they are as a result of that."

Taking a long, hard look at network security policies and procedures, right down to surplus user accounts vacated by former employees, is an important step.

Intrusion detection software (IDS) is among the security buzzwords, but IT must prepare carefully for making the investment pay-off.

The debate between network and host-based IDS continues to rage. A host-based system is seen as the more tell-tale intrusion sniffer, but it is also the one more likely to create administrative hassle and political debates over server access rights, and to create a potential drain on application servers.

Furthermore, it is one thing to have IDS create a log, and another matter entirely to devise a plan of action to respond to discovered vulnerabilities. The expertise may not exist in all IT organisations.

Some worry that the rush to IDS is leaving too much obvious weakness elsewhere in the network. "There are still wide-open holes that can't be detected by a VPN or by perimeter firewalls," warned Smith.

Desktop firewalls, particularly for mobile PCs, are gaining attention because a VPN-enabled laptop on a public network is still vulnerable to attack from outside the VPN connection. "It's a small investment per network user," said Pultz.

Automation schemes for the care and feeding of the desktop firewall and virus protection are a big requirement, which bundled approaches such as mcafee.com have not fully satisfied so far.

"While most companies subscribe to a virus protection automation service, very few put in anything to make sure that it is current on every PC. That's an especially significant threat, since people take these laptops home and may plug them in with no firewall," said Lundstrom.

Storage networking

Network managers should also continue to evaluate whether or not Linux has a role to play. As unbridled open source fever fades, and pure Linux vendors become shadows of their formerly strutting selves, the arguments for Linux in its traditional file, database, web and print server roles remain strong.

"For under $5,000 you can build a terabyte data server with Linux. You don't get the assurances you get with an EMC box, but not everybody needs that," said Lundstrom.

Similarly, network attached storage has made it easy to tactically deploy new file and data stores, virtually on demand. However, storage area networks (Sans) seem to be the choice of those who not only want to consolidate disk space, but fear for the future.

In an April survey, In-Stat found that San investment seems to be driven by caution, with disaster recovery cited as a reason for adoption by 60 per cent of San users.

Yet most companies do not use San technology, and most of those simply do not see the overall benefit in introducing a new network layer to consolidate storage.

More than 70 per cent of non-users, especially smaller companies, said they simply did not need a San. High costs were the second most common concern. Even among major companies with larger scale data storage needs, more than one in three is put off by the price.

When you reach a certain plateau of inefficiency, however, you have to decide that enough is enough. "We have a farm of 20 servers with more than a terabyte, and other hard drive space here and there," said Vollmer, who plans to invest in a San in the next year.

"It will be more efficient and will improve our backup, which is horribly hard on 20 servers. It's just too slow."

A better connection

The lesson is that for business to flourish, the network must go on. With bad memories of dotcom collapses and the disappointment of customer relationship management and other unsuccessful technology sales pitches still lingering, improving the infrastructure is a top priority.

"The emphasis is definitely on increasing productivity," maintained Kneko Burney, director of business infrastructure and services for In-Stat MDS.

"Companies have been right-sizing for the past 12 to 18 months. There are fewer workers spread across multiple locations, and each needs to do more. That means a secure, reliable connection and access to all of the information and applications needed to do the job, or more than one person's job."

To bring the right technical resources to bear, it may well be necessary to press the mothballed business-to-business trading system back into service, or to reallocate bandwidth away from a real-time personalisation engine that has nothing to offer.

A final word of warning: as you set about bolstering the network through VPNs, or by optimising bandwidth and solving the network storage problem, chances are there will be more knocks on the door.

"More vendors are trying to offer managed network services, but there's increased scepticism about whether or not to use these services," said Murphy.

Lundstrom's advice is to let them keep knocking, and instead focus on fixing anything that firms may have rushed over the past few years by sticking to an insourcing policy.

"We see a lot of companies coming back, and doing security implementations again," he said. "If there are no new initiatives for these people to work on, you have to find something for them to do, or they become candidates for elimination."

Of course, finding something that needs doing is rarely a problem in IT. Evaluating the right location for a gigabit switch to make room for IP telephony and an iSCSI-based San, while using state-of-the-art network management tools to make changes to personal firewalls, should suffice.