Review: TrueControl from Rendition leads strong pack of configuration tools

Dilbert comic strip creator Scott Adams once said, "Managing engineers is like herding cats." The same can be said for managing the configurations of your network equipment. The network's size, performance and security have made knowing and managing the configuration of individual components more important than ever.

Network configuration management  systems should:

•  Correctly establish the existing configuration of the network.

•  Support a multi-vendor network infrastructure.

•  Let administrators make one-time changes or automated changes based on established policies.

•  Cooperate with existing network management and security components.

•  Provide informative data through a reasonable management console.

We tested five products: AlterPoint's DeviceAuthority Suite, Dorado Software's RedCell, Rendition Networks' TrueControl 3.0, Tripwire's Tripwire for Network Devices (TND) and Voyence's VoyenceControl. Cisco , Gold Wire Technology and Intelliden declined our invitations.

Rendition's TrueControl wins our Clear Choice Award for the best network configuration management tool. While its user interface is not the most intuitive, it provides access to a wealth of detailed information. Its search capabilities and security model are certainly the most robust of any of the products. Its mix of compliance-detection and reporting are top-notch and overcome the lack of auto-discovery, which is easily provided using an external network management system. While TrueControl came out ahead of its competition, the other products fared well.

TrueControl

TrueControl consists of a secure management engine along with syslog and Trivial FTP (TFTP) servers. The TrueControl product stores its information in a SQL database, and does not force a network administrator to choose a specific database engine; TrueControl supports mySQL, Oracle and SQL Server 2000 installations.

The system does not provide device auto-discovery because Rendition says most customers will use an existing network management system (devices can be imported using comma-separated value [CSV], formatted files). Device password rules are used to associate credentials with a device (SNMP  passwords may be entered in addition to telnet and enabled passwords) and can be assigned to a specific device or multiple devices. TrueControl also can automatically configure a device to log messages to the system's syslog server.

TrueControl supports most vendor equipment, with Juniper being the one exception. (Rendition says Juniper is not on the list because its customers don't use Juniper devices in its networks. This shows that multi-vendor support in each of these products is heavily customer-driven.) The system integrates with a number of network management systems, including HP OpenView Network Node Manager, Nortel  Optivity and Remedy ARS.

Rendition's system provided excellent search, audit and report capabilities - devices, modules, configurations, tasks, sessions and events all can be checked against specified criteria. TrueControl can make changes to the start-up and running configurations of network devices. Groups of equipment can be created to monitor and change configurations on a more easily managed basis. Read/write command scripts (as opposed to diagnostic scripts, which are read-only) can be created and issued to perform different tasks on devices or groups - commands sent to a particular device also can be recorded and "played back" at a later time. TrueControl can be used to deploy user and SNMP passwords, which makes a once-arduous task easy to complete.

In our testing, devices had to be manually added because of the lack of auto-discovery. TrueControl correctly identified the more mainstream Cisco devices but did not correctly identify our MSFC3 or the Supervisor Engine 720 (see "How we did it" ). The Cisco 10720s also came up unidentified. We received a new driver that added support for the MSFC3 and the Supervisor Engine 720, but were told that the Cisco 10720 is an unsupported device.

Once devices had been added to the inventory, configuration snapshots were taken. Configurations on our network devices were then changed, and TrueControl let us view differences in three ways: contextually (showing us only the portions of the configuration that had changed), using a Unix-style diff view, or viewing the full text of the current and previous configurations side by side.

TrueControl detects real-time changes via its proxy interface (which lets telnet and Secure Shell [SSH] access each device in the inventory), SNMP traps and information directed at TrueControl's syslog server. Notifications and reports can be configured (Simple Mail Transfer Protocol [SMTP ] alerts are one example) and sent to administrators when changes occur.

TrueControl provides a Web and command-line interface (CLI) for users to access command functions. Although the Web-based user interface was fairly straightforward, it wasn't as intuitive as AlterPoint's DeviceAuthority. Like Voyence, Rendition always sends engineers on-site to install the product with the customer. The next release will incorporate advanced scripting support, best practices reporting, graphics capabilities and file system support.