Gradually a large part of the communication on the internet has changed from http to https and it’s fine that traffic between your pc and websites you are communicating with is encrypted. It is good for security and your privacy. But what about those who have invested in large and expensive Layer 7 filtration devices/units, that are DPI based (Deep Packet Inspection)…what do they do, when they now no longer can look into the packets?
It took 20 years before 40% of the internet traffic was encrypted. It took one year to get from 40% to 50% encrypted internet traffic.
Certificates for all users and all units…
Https is used to protect you when you send and receive data over the internet. This protection of your communication can nevertheless cause grey hair in the it-department. When communication is by https, it is no longer possible to prioritize different types of data traffic, because it is no longer possible for the application-based bandwidth management devices to look into the data being transferred. Nobody knows if it is hilarious cat videos or professional instruction videos you are watching on YouTube. But of course there is a solution to this: Trusted certificates.
Trusted certificates are installed on your devices and allow the local network to look into your communication again. The consequence is that as a network responsible, you have yet another task: To maintain these certificates so they are functional on all kinds of operating systems, browsers and hardware platforms. Combinations are infinite, and the maintenance and handling of certificates is often expensive and time consuming.
Bandwidth management with DPI has traditionally been used to prioritize which applications should have first priority, and that used to be smart when we only used very few things in the Cloud. Today everything is in the Cloud. This means that you as an it administrator, must know all applications that every employee uses, and then decide which applications are most important to the company. BYOD (Bring Your Own Device) also makes this puzzle more complex because hardware platforms and operating systems not necessarily follow “company standards” any more. And then we must remember that there needs to be certificates for all platforms, before DPI gives any meaning at all.
But let’s just rewind… What is it then that we really wish to achieve when we prioritize miscellaneous
applications’ use of bandwidth? Is it not to give the individual user the best experience possible when they use the internet connection, e.g. for working?
What if it is possible to ensure that there is a guaranteed part of the bandwidth available for all users that need it, and that no users can obstruct others by seizing all the bandwidth? Isn’t that what we want? Make sure that there is bandwidth for all the users so they can solve their tasks, and do it automatically across platforms without any certificates at all?