AlterPoints network device configuration management tool efficiently handles an essential IT chore—configuration management. Small and midsize enterprises that use a variety of network gear will likely benefit most from DeviceAuthority because of its centralization capabilities. AlterPoint should add subsidiary management consoles to accommodate large organizations in multiple geographic locations.
EVALUATION SHORT LIST
AlterPoint Inc.s latest version of DeviceAuthority, a network device configuration management tool, should help IT managers keep the lid on changes and network operation costs.
Version 1.1, which started shipping last month, includes support for 15 makes of network equipment, including routers, firewalls, wireless access points and VPN (virtual private network) concentrators.
During eWEEK Labs tests, we found DeviceAuthority far more effective at managing our multivendor network than using the patchwork of single-vendor management tools—even though these tools were always more capable.
For example, Cisco Systems Inc.s CiscoWorks used graphic representations of the chassis of our Catalyst 3500 switch to show which ports were in use. Although we couldnt get this kind of information from DeviceAuthority, most IT managers will likely gain far more from its ability to back up, restore and report on numerous device configurations from multiple vendors.
In tests, it seemed almost too easy to centrally manage the configuration files of our Extreme Networks Inc. Summit48 switches, Cisco Secure PIX 506 firewall and F5 Networks Inc. Big-IP 2400 traffic management appliance.
AlterPoint has added role-based administration, a requirement for enterprise-class management products, to DeviceAuthority. We used role-based administration to divvy up configuration management tasks among groups of devices. For example, we gave full administrative rights to machines on one test network to one user while enabling the account to view configurations on other networks.
This finer layer of control means that IT administrators can delegate control over machines without giving away the keys of the kingdom, as happened in the previous version of the product. However, we would like to see AlterPoint add more information about who made changes to configurations. We were able to e-mail configuration and change reports on a scheduled basis—an improvement over the 1.0 version of DeviceAuthority.
DeviceAuthoritys most direct competitors are the management tools provided by equipment vendors such as Cisco and products including Dorado Software Inc.s Redcell ConfigX. DeviceAuthoritys chief advantage over other products is its uniform management interface across product lines.
Redcell ConfigX differs in that it is part of a network management suite, a potential boon for IT managers who want to provision services such as VPNs or firewalls from a central console.
Implementing VPNs is not a simple process, and it is arguable that vendor-specific tools are the most cost-effective way to provide these services.
DeviceAuthority is competitively priced at $3,995 for the console and 40 devices and $7,995 for the console and 100 devices. License packs to support additional products are available.
Small and midsize enterprises will likely get the most utility out of DeviceAuthority because it expertly snaps up device configuration files and neatly stores them at the central console.
The lack of subsidiary consoles will likely hamper large enterprises. For example, managing devices in a network separated by a simulated WAN proved to be very bandwidth-intensive. We installed another DeviceAuthority tool elsewhere on the network, which solved the problem.
However, this raised other concerns about sharing information on the state of our network. We had to run separate reports from both management consoles and were unable to manage common users from the same installation. Although these concerns arent deal breakers, we hope AlterPoint will make it easier to integrate multisite management into a single console.
DeviceAuthority can now show the differences between configuration files. We configured a Cisco 1750 router to provide services to one of our networks. Then we made several routing changes that hampered the efficiency of the router.
We used DeviceAuthority to highlight the differences between the two configuration files. Besides using the “diff” report to quickly correct configurations, IT managers could also use the reports as teaching tools to help network administrators better understand various configuration parameters.
Improved productivity is the name of the game for DeviceAuthority, but the tool can also improve network security. We spend hours configuring firewalls, routers and other infrastructure devices so that they can provide the best performance with the greatest amount of security.
We therefore appreciated how easy it was to use DeviceAuthority to store different, specially tuned configurations for various network devices. We used DeviceAuthority to quickly store incremental changes to configurations in progress.
New in this version is the ability to use Secure Shell, Secure Copy and Secure HTTP to communicate between the DeviceAuthority console and managed devices.
Although this required considerably more setup time, IT managers who want to ensure greater network security can use these methods to keep configurations from crossing the network in the clear.
However, although network administrators can employ DeviceAuthority to improve network security, the product is not a security monitoring tool. IT managers who use DeviceAuthority to keep tabs on configuration changes for security reasons should plan on scheduling diff reports and then manually reviewing the reports to spot changes.
Senior Analyst Cameron Sturdevant can be contacted at [email protected]