You may never need to set up a virtual LAN, but understanding why they’re critical to hospital network security can help span the chasm between A/V and IT.
You already know that being an expert in the implementation, operation, and management of A/V installations requires specific expertise that’s sorely lacking in many an IT department. Similarly, many A/V departments don’t have a deep understanding of the complexities of today’s corporate or institutional networks. We’re here to help, and that means it’s time for a little network education. Today’s topic: Virtual Local Area Networks, better known as VLANs.
The challenge of writing about VLANs is that it’s really easy to get bogged down in a primordial soup of minutiae and technical details really quickly. We’ll do our best to keep this as painless and non-technical as possible.
Tom Henderson, owner of Extreme Labs in Bloomington, Ind., has been doing networking for nearly 30 years. We asked him to briefly explain VLANs, and to do it in simple language that anyone can understand.
“VLANs allow machines that aren’t connected to the same local network equipment to be logically treated as though they were,” Henderson says. It’s really that simple — and vastly more complicated.
Put another way, computers that are located across town or halfway around the world can look like they’re physically plugged into your corporation’s or institution’s network even though they’re actually communicating over the Internet. It’s like having an Ethernet extension cord that’s 5,000 miles long. Or, the computers in one department can be separated from the remainder of the network to enhance security.
Cisco’s LAN Switching website describes a VLAN as “a group of devices on one or more LANs that are configured, using management software, so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments.” Since these VLANs are based on logical instead of physical connections, they are extremely flexible. Think of a VLAN as a means of geographical segmentation.
When a VLAN is created in software, it provides network administrators with a means to manage individual connected machines as an aggregate entity regardless of their actual location. With a physical switched network, reconfiguration when employees or departments move would require chasing down specific Ethernet cables. A VLAN, since it exists only in software, can be easily and quickly reconfigured. As a Dell’s technical documentation for its PowerConnect switches puts it, “VLANs allow you to make network changes without having to update IP addresses or IP subnets.”
A corporate headquarters could set up VLANs for branch offices or put the payroll department on a VLAN to keep it separate. Similarly, a hospital could segregate its administrative and billing departments from clinical networking or pharmacy operations, even though they are all in the same building. A house of worship could communicate with its outreach locations worldwide via a VLAN and have them appear to be all physically linked. A hotel chain could manage the