A computer network becomes disproportionately more difficult to manage as it increases in size, complexity and geographic dispersion. Management of the network involves configuration of software available on the machines or for a user in the network, coordination of access to shared resources and implementation of security measures. In addition, communication traffic on the computer network is monitored to ensure that the system is configured appropriately to reduce security risks and to improve efficiency.
The problem of managing a computer network for an enterprise becomes more complex as the network becomes geographically dispersed. For example, the enterprise may have local-area computer networks in two separate locations that need to be interconnected in order for those two locations to communicate effectively. One common way to implement this connectivity is by encrypting and authenticating communications between the networks over a public wide-area computer network, such as the Internet. Such a system, called a virtual private network, is difficult to manage centrally.
Another problem with managing a computer network system is that users on one network are likely to need to communicate with users on another network. For example, a person in a finance department in one location,likely will need to share resources with other people in the finance department at another location. A common method for managing such communication is to use Ethernet layer switching, in combination with bridge groups, to limit the communication between machines on the connected networks. This technology is commonly called a virtual local area network (VLAN). The primary goal of a VLAN is to reduce the bandwidth used by limiting the extent to which packets of data are broadcast on the network. VLANs generally are not implemented over wide-area networks. Additionally, a machine generally is associated with only one VLAN and cannot be considered to be part of several groups at the same time.
Computer network security typically is implemented from the point of view that computer networks external to an enterprise are inherently untrusted and that computer networks internal to an enterprise are inherently trusted. As a result, security tends to be implemented using perimeter, or point of access, security mechanisms where communications from the external network enter into the internal network. Such a system, however, does not protect against internal security breaches.