If Alterpoint Inc.s DeviceAuthority Suite, Rendition Networks Inc.s TrueControl 3.0 and Tripwire Inc.s Tripwire for Network Devices 3.0 are any indication, the latest wave of tools for managing network device configuration will help IT managers cut operational costs and smooth audits to meet security requirements.
Click here to read the full review of TrueControl 3.0.
2
If Alterpoint Inc.s DeviceAuthority Suite, Rendition Networks Inc.s TrueControl 3.0 and Tripwire Inc.s Tripwire for Network Devices 3.0 are any indication, the latest wave of tools for managing network device configuration will help IT managers cut operational costs and smooth audits to meet security requirements.
eWEEK Labs tests showed that each of these products will more effectively manage a multivendor network than would a collection of single-vendor management tools. As recently as last year, vendor tools such as Cisco Systems Inc.s Cisco Works provided greater configuration control than any of the products in this review. But this is no longer the case.
The three software-based tools we tested use ordinary network protocols, including Trivial File Transport Protocol, to retrieve a copy of the current configuration of network devices, including routers, switches, firewalls, VPN concentrators and load balancers. The major appeal of these products is that they can corral many brands and types of products into one administrative console. In our tests, we found some platforms that werent supported by any of the tools, such as a WatchGuard Technologies Inc. Firebox V80 firewall. Nevertheless, all three packages made it easy to request support for an unlisted product.
All three products support a wide range of Cisco network equipment, but support for non-Cisco gear isnt as comprehensive.
Configuration management tools should be judged on three features: real-time configuration tracking, logging when changes were made and by whom, and integration with authentication systems.
Its also worth noting that any of these network management tools could assist IT managers who must provide records to security auditors checking for compliance with the rules of the Sarbanes-Oxley Act of 2002 regarding verifiable change process and control. This is because all three tools we tested can integrate with authentication, authorization and accounting services running on Remote Authentication Dial-In User service or TACACS+ servers.
Each product has different feature strengths. We liked Tripwire TND 3.0s (see review) ability to create a base-line configuration that allowed us to revert to an approved setting, regardless of the number of changes we made. The other products made us step back to the last good configuration.
Hierarchical device assignment capabilities made TrueControl the most flexible of the products in terms of setting up administrative groups, but we think the company made fundamentally clumsy choices about user interface development that will make this product more difficult to use than other network configuration tools.
TrueControls tedious rules, actions and node definitions made it the hardest to learn and the hardest to use of all the products we tested.
In addition, as much as we admire TrueControls policy assurance manager and patch features, we cant see why the product costs double the other products: $19,995 to manage 50 nodes. AlterPoints DeviceAuthority Suite (see review) starts at $19,950 for 100 devices, and Tripwires TND 3.0 costs $19,900 for 100 devices. DeviceAuthority Suite and TrueControl 3.0 shipped last month; Tripwire shipped this month.
TrueControl 3.0
TrueControl 3.0 let us set policies that defined standard configurations, provided a software center for patches and offered a customizable template so that we could rapidly deploy approved configurations to devices.
However, it was also the hardest of the three products to learn, and it stymied us at nearly every turn with counterintuitive procedures and requirements. By comparison, Tripwires TND provided grouping and device management capabilities that were just as flexible, with half the hassle. We believe IT managers should take these complex configuration requirements into account when considering TrueControl 3.0.
After we finally got used to working with TrueControl, we found the software center was a compelling feature because it let us create and store Nortel Networks Inc. device images, as well as images of Ciscos Catalyst OS and Internet Operating System, in a central repository.
In and of itself, TrueControl 3.0 isnt that different from the other products in the test, but the confirmed deployment features in TrueControl set it apart from the pack. For example, we were able to run reports that showed which configuration deployments failed so that we could target those devices for redeployment or repair.
TrueControl was also the only product that provided specific tools to help with patch management on our network devices. We were easily able to make sure that all of our Cisco devices were up to the latest version of the appropriate operating system using tools in TrueControl.
Rendition has a special relationship with Nortel, so IT managers with Nortel gear should put TrueControl at the top of their list. Although the other products we tested also support at least one Nortel device, none came close to the range provided by TrueControl. This will likely be of special interest for organizations that are considering VOIP (voice-over-IP) implementations based on Nortel equipment.
TrueControl had the most extensive policy-based management of the products tested. For example, we used the policy assurance manager to enforce configuration compliance across our test routers, firewalls and switches. We monitored all configuration changes in real time and used the policy assurance manager to compare current configurations against approved configurations.
Reports can show devices that were out of compliance—which should be useful to IT managers who work in fast-changing network environments.
Senior Analyst Cameron Sturdevant can be reached at cameron_sturdevant@ziffdavis.com.