Configuring thousands of far-flung network devices is always a challenge for IT staff. AlterPoint Inc.s DeviceAuthority Suite 3.5 provides a well-integrated set of tools that leverages the companys knowledge of configuration syntax to let all levels of network operations staff create and distribute reliable configuration files quickly.
Click here to read the full review of DeviceAuthority Suite 3.5.
2
Configuring thousands of far-flung network devices is always a challenge for IT staff. AlterPoint Inc.s DeviceAuthority Suite 3.5 provides a well-integrated set of tools that leverages the companys knowledge of configuration syntax to let all levels of network operations staff create and distribute reliable configuration files quickly.
DeviceAuthority Suite 3.5, available now, automates backup tasks as well as configuration and deployment of multivendor switches, routers, firewalls, VPNs and wireless access points. The suite issues reports automatically via e-mail or via a Web interface.
eWEEK Labs used DeviceAuthority Suite 3.5 to manage configuration changes on a range of Cisco Systems Inc. and Extreme Networks Inc. equipment. In most cases, we used the suite to copy the existing configuration to our central console. As with previous versions of the product, we could back up configurations and make modifications for redeployment.
DeviceAuthority Suite 3.5s new script-recording tool, along with a syntax checker that pointed out when we tried to code configuration commands incorrectly, should significantly reduce the amount of time senior network engineers need to build new configurations.
Our tests showed that DeviceAuthority Suite 3.5 should enable network administrators to cut operations costs, increase network availability, streamline network change procedures and demonstrate regulatory compliance—especially when compared with using handcrafted scripts or a hodgepodge of single-purpose network management tools.
This isnt to say that DeviceAuthority Suite 3.5s extensive configuration management capability comes easily or on the cheap. During tests, we were constantly reminded of just how much network configuration design is an art as well as a science. Equipment groups must be created, and management decisions must be molded into technical expression for network devices.
However, it didnt take us long to see that DeviceAuthority Suite 3.5 could do a lot more to help network managers. For example, while the product ably pointed out syntax errors in tests, it offered no help on correcting the problem. Company officials said plans include enabling the suite to display the options for a syntactically correct command.
That would be a welcome addition, but we also think AlterPoint needs to include wizards that use best-practice guidelines from network equipment makers to walk network engineers through configuration creation. Competing products already offer these capabilities.
As with past versions of DeviceAuthority Suite, we believe that only the most senior network managers should initially be given access to the product. During the first few months, senior staff should use the tool to create equipment groups and policies. Only then should less-expert staff use the software .
As with competitors, including Voyence Inc.s VoyenceControl offering, network configuration management is affordable only for large, high-value networks.
DeviceAuthority Suite 3.5 includes DeviceAuthority Server, DeviceAuthority Audit and DeviceAuthority Update and is priced starting at $19,950 for 100 devices. Volume discounts are available. The three components can also be purchased separately, but we think using the entire suite is the best way to keep network configuration costs as low as possible.
Next page: Getting rid of guesswork.
Page Three
The most important of the many changes in DeviceAuthority Suite 3.5 is its focus on helping IT managers drive the guesswork out of configuration management. So, although DeviceAuthority Update now includes more than 700 hardware, software and configuration attributes, we were more interested in the added configuration syntax checking.
For the first time, DeviceAuthority Suite 3.5 can perform a validity check on Cisco IOS (Internetworking Operating System) syntax strings. Because Ciscos router IOS is quite structured—each configuration command has a strict set of acceptable choices—we wonder why DeviceAuthority didnt gain this capability sooner.
Aside from adding intelligence to the basic product, AlterPoint is clearly trying to move DeviceAuthority Suite into position for network managers at very large enterprises. This version of the suite runs on Solaris 9.0, while previous versions ran only on Windows and Linux.
DeviceAuthority Suite can now integrate with several widely implemented authentication systems that use TACACS+ (Terminal Access Controller Access Control System), RADIUS and Ciscos CiscoSecure Access Control System. Our tests showed that with an ordinary amount of effort, we could carefully control access to the product using already-issued user names and passwords.
These enterprise-class modifications to DeviceAuthority Suite should factor heavily into network managers evaluation decisions. The new support for Solaris and remote authentication support complement DeviceAuthority Suites ability to run on Oracle Corp.s databases, Microsoft Corp.s SQL Server and MySQL ABs databases.
This means Opsware Inc.s Network Automation System (formerly Rendition Networks TrueControl), as well as Voyences and Intelliden Corp.s namesake network configuration management offerings, is no longer the only game in town. This is especially true for midsize organizations that make many configuration changes, as when acquiring other companies.
DeviceAuthority server, the hub of the suite, is where we spent most of our testing time. While network managers will likely spend more time with the DeviceAuthority Audit module, we spent most of our time on DeviceAuthority Server because we integrated other support products, including Hewlett-Packard Co.s OpenView Network Node Manager and EMC Corp.s Smarts InCharge real-time network systems management software.
DeviceAuthority Suite 3.5 can integrate with a long list of complementary network management tools, including IBMs Tivoli NetView, BMC Corp.s Remedy ARS and a veritable whos who of network management products from Computer Associates International Inc., Mercury Interactive Corp., Concord Communications Inc. and Micromuse Inc.
Some competitive offerings have much greater integration with one or more of the products listed above, and IT managers should factor product alliances into any buying decision. We ultimately had a good experience using DeviceAuthority Suite 3.5 with the other network management tools, but it took (not unexpectedly) a large amount of time to iron out all the wrinkles.
This gave us a chance to work with the technical support staff at AlterPoint, and our experience was favorable. The technicians we cold-called were knowledgeable and invariably answered the telephone by the third ring.
The DeviceAuthority Audit module is where most day-to-day operations happen. The module comes with a slew of useful reports, and new in this version is a report tailored for the Sarbanes-Oxley Act. (It appears that threatening to incarcerate executives really did have an effect on reporting.)
We liked the script- generation tool that automatically captures command-line interactions. IT managers should consider using this feature to transfer expert knowledge from senior network managers to the operations team. We could create scripts, which were then stored in a central repository that was accessible by authorized users. These scripts could be used to redeploy changes or as a model that others could use to make new scripts.
The DeviceAuthority Update governs the actual configuration change process. This is where the aforementioned syntax checking happens. The actions of this component should be the focus of senior network managers because this is where automated policy remediation (approved configurations redeployed to devices that are found to be out of compliance) and software image and patch management functions are stored and processed.
All the components are neatly managed in a rather complex interface. Even after we were comfortable with the product, we returned to the product manual to find the best way to perform several deployment tasks.
Next page: Evaluation Shortlist: Related Products.
Page Four
Evaluation Shortlist
Voyences VoyenceControl Focuses on large organizations and managed service providers (www.voyence.com)
Intellidens Intelliden R-Series Specializes in security management in addition to auditing, configuring and provisioning network devices (www.intelliden.com)
Opswares Network Automation System The rebranded Rendition TrueControl product will soon have new features overseen by Opsware (www.opsware.com)
Labs Technical Director Cameron Sturdevant is at cameron_sturdevant@ziffdavis.com.
Check out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.