Welcome Guest. | Log In| Register | Membership Benefits

News

December 6, 1999

Printer ready
Printer ready
Network-Management Transformation
Policy-based software helps manage quality of service and security on distributed networks

By Joel Conover, Network Computing

Related links:
  • sidebar: A Pair Of Premium Policy Makers

  • PDF file: Policy-Based Network-Management Solution Features
    (To view a PDF file, you must first have the Adobe Acrobat Reader.)
    • And from our sister publications:
  • Computer Reseller News VARs See New Horizons With Windows 2000, But For A Fee

  • Computer Reseller News Palm Spin-Off, Policy Management, Convergence To Play Major Roles

  • Network Computing Policy-Based Network Management
    • Vendors are reinventing network management, transforming its role from passive network monitoring to active quality-of-service and network service-level-agreement provisioning. New network-management tools promise to help you squeeze every last ounce of bandwidth from your overworked network, so key applications perform at peak levels.

    During the past year, a number of new features should have made their way onto your routed network. For example, Cisco's Internetwork Operating System version 11 introduced new ways to manage the traffic on local and wide area network links. Likewise, Nortel Networks' BayRS 13.2 offers many new quality-of-service-specific commands. But it's a nightmare to implement and track the configuration modifications required to affect specific traffic flows on your network, and in many cases it's simply impossible. Policy-based network-management software is vendors' answer for managing quality of service and security on distributed networks.

    Nine vendors brought products to Network Computing's Real-World Labs at the University of Wisconsin-Madison. The device vendors were Allot Communications, Cisco Systems, Extreme Networks, Lucent Technologies, Nortel, and Spectrum Management (a wholly owned subsidiary of Cabletron Systems). Hewlett-Packard has separate network-management and network-equipment divisions, with a product tailored to both halves. IPHighway and Orchestream tout device-independent solutions.

    The nine contenders implemented the features we thought necessary for a 1.0 policy-management product (see chart, pp. 148-150). We tested each vendor's work in progress--generally unreleased beta software--and made an assessment of overall product strategies: Our top choices were Orchestream, for having the most mature policy-based network-management solution to date, and Cisco, for having the most-comprehensive long-term strategy.

    Orchestream has been a trailblazer in policy-based management, and its 2.0 software, which was being prepared for shipment during our tests, reflects this. The software supports the widest range of devices and the most options among the products we tested. Cisco's solution, based on the Common Open Policy Server (Cops) protocol, builds a foundation that will let the vendor integrate not only its own products, but also most other products on the network. Active network monitoring, network service-level-agreement management, and integration with multiple network operating systems for user-based policies are all part of its picture. Bringing all these components together isn't easy, but we think Cisco has the best chance to do it first.

    We installed each product, pointed it at the three or four routers in the vendor's test bed, and saw it all work. But that was in the lab. While this technology is powerful, it's also generally unproven. This is the kind of technology you expect to roll out in the lab today for eventual production use six months to a year from now.

    This area still suffers from a lack of standards. There are two key issues that remain to be addressed: first, how the vendor will access and control the hardware; and second, how these systems glean information about a company's users and resources. Device configuration can be accomplished only by employing a combination of command-level interface (CLI), Simple Network Management Protocol, Cops and Lightweight Directory Access Protocol (LDAP). We'd feel better if there was a single standardized access transport and nomenclature.

    The odds favor Cops to become the protocol of choice for device configuration. Current solutions use CLI commands to provision policy, which is insufficient. An unexpected change in syntax can render a policy-based network-management tool useless.

    Also, within a year, most users will be rolling out Active Directory-enabled networks based on Microsoft Windows 2000--and the last thing you'll need is to be jumping through hoops to reconcile user and resource information in Active Directory with the same information, more or less, in your policy-based network management. This is one area in which the vendors are way behind. The policy working group is bogged down and being pulled in different directions by different factions. The Desktop Management Task Force, the Directory-Enabled Networking group, Microsoft, and other vendors all have their own ideas about how the directory schema should look. There is nothing even close to a directory standard yet, and no one really knows how Microsoft Active Directory and Novell Directory Services are going to couple with policy. There won't be an answer to this question for a while.

    continued...page 2


    Back to This Week's Issue
    Send Us Your Feedback
    Top of the Page