Network World review of configuration tools

| | Comments (1)

Network World Fusion did a review of network configuration tools back in April 2004.

Their choice for the best product evaluated was Rendition's TrueControl.

Elsewhere on their web site, they also have a more up-to-date list (but not review) of configuration management products.

They tested 5 products:

  • AlterPoint's DeviceAuthority Suite
  • Dorado Software's RedCell
  • Rendition Networks' TrueControl 3.0
  • Tripwire's Tripwire for Network Devices (TND)
  • Voyence's VoyenceControl
They also mentioned that Cisco, Gold Wire Technology and Intelliden declined their invitations to participate.

The criteria that they set included:

  • Correctly establish the existing configuration of the network.
  • Support a multi-vendor network infrastructure.
  • Let administrators make one-time changes or automated changes based on established policies.
  • Cooperate with existing network management and security components.
  • Provide informative data through a reasonable management console.

So, their focus was more on discovering and fitting into an existing network that's presumably managed by hand, and providing tools to make that manual management somewhat more effective.


As I've posted elsewhere, I think there is definately a place for these iterative management tools, c.f., in existing networks.

The problem becomes as you have a network like the one I'm involved with, which is a metro ethernet provider. Each service is configured as a VLAN across a variety of switches, with a spanning-tree (MST) core; a simple "configure this port" solution doesn't quite fit.

Applying individual port templates to a large number of ports is possible... but wouldn't it be nice to be able to say "If this internet access router goes down, reprovision all the subinterfaces (and the VLANs that provide access to the customer tails) to some other access router"? Although this may not even be that useful (wouldn't you just make the box more reliable?), it certainly would be useful in terms of moving services around the network.

The real problem for simple (declarative) tools that I see is answering the questions: "what did the tool configure?" versus "what did I configure?". Without resorting to assuming everything that the tool didn't do is wrong (to make that assumption would invalidate their usefulness in an iterative fashion), these type of point solutions limit their own usefulness.

The problem with these iterative/declarative approaches is very well summed up Mark Burgess, author of cfengine:


So, are holistic (proscriptive model-based network configuration tools) a panacea?


About this Entry Archives

This page contains a single entry by Brent Chapman published on March 7, 2005 12:44 PM.

IETF Network Configuration Working Group (NETCONF) was the previous entry in this blog.

Reluctance to trust automated network management tools is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Mailing List

Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by Movable Type 4.12