InformationWeek.com

Welcome Guest. | Log In| Register | Membership Benefits

December 6, 1999

A Pair Of Premium Policy Makers
Cisco Systems QoS Policy Manager 1.1 and User Registration Tool 1.2 (Beta)

Executive Summary

Policy-Based Network Management
Policy-based network management will redefine the way you manage your network; it's just a question of when. Policy management is necessary to administer network quality of service, security, and resources throughout the enterprise. More than 15 vendors are preparing policy-based network-management solutions that promise to enhance quality of service and enterprise security end to end. We tested nine shipping and beta products to gauge how much is hype and how much is reality. In the end, we found that Orchestream's Enterprise 2.0 got the job done right. And Cisco Systems' long-term strategy convinced us that its tools would be the first to paint a complete policy-management solution for managing all your enterprise resources. They both were our top choices in this review.
isco Systems shoulders the burden of developing an integrated solution that surpasses everything the competition offers. We believe Cisco ably rises to the occasion.

No one knows Cisco better than Cisco, and the company dominates the WAN router market, which is where this technology will do best. Cisco's combination of management, reporting, and dynamic feedback seems closer to reality than many rival offerings.

Cisco arrived at the labs with two products: its QoS Policy Manager 1.1 and User Registration Tool (URT) 1.2. These tools are equal to almost everything the competition does, and they offer a spiffy interface that leaves few questions unanswered. We began by testing the QPM software on a network with a Cisco Catalyst 6000 switch, a Cisco 7200 VXR router, and a Cisco 1600 router. QPM automatically detected device interfaces and capabilities as we configured the hardware. Although most other vendors could manage some Cisco routers, only Cisco supported the Catalyst 6000 switch.

QPM 1.1, a first-generation tool, is entrenched in command-level interface and Simple Network Management Protocol (SNMP) management, and doesn't actively tie into any of Cisco's device-management tools, such as Cisco Works for Switched Internetworks. However, QPM can import the topology database from these applications. Integration of device discovery would be better-suited to the product and is planned for a future release. Cisco's policies are stored in a flat-file database.

QPM 1.1 has an excellent mechanism for defining multiple conditions. Cisco also supports some advanced application tracking through its new Network-Based Application Recognition software, which is only available in the 12.05XE Internetwork Operating System build. Network-Based Application Recognition lets Cisco router platforms track deep-packet application information, including stateful inspection of protocols that use dynamic port numbers, as well as deep-packet analysis of HTTP URLs.

Cisco handles roles on a per-interface basis. Before defining a policy, you select an interface or group of interfaces from the management console and define the type of queuing mechanism to employ. Once the appropriate role has been defined, a policy can be applied to that interface. The available policy action choices reflect the state of the interface. The user interface provides an intelligent means of discerning which Cisco products support which forwarding characteristics. QPM's actions include coloring a flow with IP Precedence information, limiting a flow to a particular bandwidth, and custom queuing.

Cisco's URT software ties into the policy-management picture as well. URT is a separate package that serves as Cisco's user-tracking mechanism in Windows NT and NetWare NDS-enabled IP environments. URT serves as the virtual LAN policy-administration agent for a Cisco network. URT uses a combination of client-side and server-side technologies to dynamically track a user at login, assign that user to a virtual LAN, and track that user's location.

One of the best things about the Cisco QPM interface is its ability to show you exact CLI commands that will change the way your router operates. Cisco supports CLI for its switches and routers, but a built-in Common Open Policy Server (Cops) protocol agent will address future multivendor interoperability.

Cisco's vision incorporates a huge number of tools from the Cisco Management Software umbrella. Already present is the capacity to import topology information from the CiscoWorks for Switches Internetworks management platform. Future integration will bring together Cisco's Service Level Agreement Management software and IP-management software. Long-term, Cisco aims to build a feedback system so powerful that the network will be able to reprovision itself based on changing network conditions.

Cisco QoS Policy Manager 1.1 is priced at $9,995; the Cisco User Registration Tool 1.2 is $9,995.

Orchestream Enterprise Edition 2.0 (Beta)
Unlike most vendors, Orchestream came without a switch or router of its own. But its policy-management solution, Orchestream Enterprise Edition 2.0, is second to none, thanks to its superb feature set. We tested it on a network of Cisco 2500 and 3600 routers, a Xedia Corp. Access Point, and a Lucent Technologies Cajun P550 switch. A Nortel Bay Access Node router was also included, though only minimal support was available.

Orchestream Enterprise Edition 2.0's set of conditions, actions, and roles is unrivaled. The product supports multiple vendors, with a strong focus on Cisco routers. It also features integrated network topology discovery. Once Enterprise Edition 2.0 discovered the devices on our network, we could define a topology by dragging those devices into a policy domain.

Perhaps more than any other product, Enterprise Edition 2.0 is entrenched in the Differentiated Services model. You can assign each device and each interface a DiffServ role once they are placed on the network domain.

Devices can be configured by SNMP, HTTP, and Terminal Access Controller Access Control System Plus; Orchestream says it plans to add Cops support next year. Orchestream Enterprise Edition 2.0 handles conditions based on DiffServ code points, source, or destination IP address or subnet, source or destination TCP or UDP port numbers, and IP protocol type, as well as a special extension that lets the network administrator trigger policy based on external events (implemented through a software API). The product doesn't dig deeply into Layer 2 protocol information such as Media Access Control address or 802.1Q virtual LAN tags for conditions.

The product has nearly as many roles on Cisco router platforms as Cisco itself. Orchestream's product is especially good at aggregating many flows at the network's edge into a smaller number of classes of service at the core. We tested several rate-limiting and marking features and verified them using Ganymede Software Chariot and a Shomiti Systems Surveyor packet-capture card.

The Orchestream interface uses a powerful inheritance-tree model to apply policy to a group of network devices. However, it can be a stumbling block for first-time users because the model's many dependencies make it difficult to understand which parts of the network are being affected.

In the long term, Orchestream plans to enhance support for existing equipment and aggressively add support for other third-party network equipment manufacturers, starting with Nortel routers and followed by 3Com WAN devices, Cisco switches, and Extreme Networks and Packeteer Networks platforms. The vendor also intends to enable Orchestream Enterprise to be user-aware through integration with Active Directory and other network operating system-specific directory structures; Orchestream currently uses an Oracle database to store policy information.

Pricing for Orchestream Enterprise Edition 2.0 starts at $25,000.

Return to main story, "Network-Management Transformation."

Back to This Week's Issue
Send Us Your Feedback
Top of the Page