What is Application Visibility and Control?
What Is AVC?
Application Visibility and Control, or AVC, is one feature out of the multiple elements that should be considered when you are looking at a Wi-Fi solution. This feature delivers complete Layer 7 awareness, where applications, user authentication, and privacy are handled, among other critical services. AVC enables the ability to see what applications are being used on your network—including peer- to-peer applications—, who is using them, how much bandwidth they are consuming, and the ability to take action to ensure that your bandwidth is being used in the way that you intended.
The ability to visualize the applications that are running on your network is an extremely powerful tool, and one that has been enthusiastically embraced. This type of visibility, previously only available inside the network via devices such as Intrusion Prevention Systems, can be amazingly helpful in adopting a BYOD model. This is particularly true when considering the fact that many students are more knowledgeable and experienced computer and networking users than most staff.
The problem is circular, and, like the Ouroboros, seemingly endless: Common Core, online testing, or simply the desire to offer more advanced curricula demand the adoption of mobile devices; BYOD is enabled to ensure that the greatest possible number of students have access to the best gear available; unacceptable use eats schools bandwidth, costs money, and is ultimately discovered; students go back to using pen and paper, which degrades the value of moving to a computer-enabled curricula to begin with and could even open the door to possible court challenges.
What Can You See?
There are several considerations for enabling AVC, and any WLAN architecture that offers it should give you a few different ways to proceed. One area to review is the method being used to visualize and identify the application. If the architecture is looking only at the DNS or at the URL of the traffic, for instance, it cannot really tell you if the end user is utilizing an application for a legitimate purpose related to schoolwork or just seeking entertainment. Another issue here is how the solution handles new or custom applications, such as YikYak. If a solution uses only pre-set application signatures to recognize traffic, it may not see an app that you care about. Because it is hard to stay totally current with developing applications, the system should give you the ability to create and input your own custom signatures. Still another question is whether the solution can see atypical uses, such as peer-to-peer traffic.
How Do You Provide Control?
The legacy method of providing application control was to simply whitelist or blacklist traffic. Today’s users will not stand for such absolute policies. If they cannot get to a desired site, or use a particular application, their assumption is that the network is down. And you, the teachers, parents, administrators, Facebook, Yelp, and everyone else they can reach will hear about it. Rather than prohibit certain sites or apps wholesale, you may choose to simply throttle the amount of bandwidth that can be consumed by them. Another way to get to the same end is to use QoS rules to prioritize preferred traffic, such as that which is related to school activities. You may want to prioritize testing above all other traffic, for example, to ensure that it cannot be “edged out” of the bandwidth required.
All posts in this series: