What to know before you buy

Consider these testers' tips before making your next network purchase.

Network World Lab Alliance members are in the testing trenches all year. Here they turn lessons learned into tips for ensuring you make ultrasmart buying decisions.

Illustration: James Turner

VoIP infrastructure

1. Weigh the Session Initiation Protocol (SIP) factor. VoIP gear either supports the standard SIP or uses a proprietary format. "SIP-standard gear gives you lower costs and good prospects for multivendor interoperability," says Ed Mier, president of testing lab Miercom. "But it's still 'some assembly required' in many cases and offers fewer features because the standards are still being finalized. Proprietary alternatives give you single-vendor ownership and more features, but higher costs and limited multivendor interoperability."

2. The more trunking support, the better. Ask VoIP equipment vendors what carrier services they work with over SIP trunking, then "seriously consider the vendor that supports the most," Mier says. "You will save big time over the next year in replacing expensive channelized T-1 trunks."

3. Check bandwidth controls. "A key component of VoIP quality comes from your ability to control VoIP bandwidth consumption," Mier says. Look for gear that supports automatic G.729 vocoding over WAN links and provides good QoS and detailed call-admission control.


Who's who in the Network World Lab Alliance  

VoIP management

1. Test for "moves, adds and changes." Have prospective vendors walk you through the steps to add a new hard phone and a new soft phone user, including setting up voice mail. "If it takes more than 5 minutes and/or five screens of data entry, consider another vendor," Mier says.

2. Check QoS monitoring. "Find out if the vendor's management pack includes any options or supports third-party packages for tracking [QoS]," Mier says. "That way, you can investigate complaints of poor call quality."

3. Beware SIP-based management. "There are many advantages to a SIP-based IP PBX," Mier says. "But management likely isn't one of them." With SIP's ability to mix and match multiple vendors' equipment comes multiple management interfaces - one for call control, another for phone sets, another for gateways and so on. "Know what you're getting into," he cautions.

Wireless gear

1. Don't minimize power decisions when planning for wireless LANs, especially if wireless VoIP is involved, says Tom Henderson, managing director of ExtremeLabs. "Keep wireless VoIP alive by choosing access points that support Power over Ethernet, and connect the hubs and switches to [a UPS]," he says. "A UPS/PoE infrastructure can usually withstand brownouts and other conditions that might otherwise cause VoIP outages. It's also more convenient to use PoE when hanging access points in false ceilings where power outlets are at a premium or might not exist. A few access points have integral batteries, but we don't recommend them."

2. Don't skip the survey. "A Wi-Fi plan requires examining the air space with a Wi-Fi analyzer before buying and deploying access points - no matter how clever the access point or how powerful its signal or antennas are purported to be," Henderson says, noting that strange things can block signals, and co-channel interference can rob you of your investment.

3. All rogues are not alike. Check whether your vendor's rogue containment feature can distinguish between different types of rogues, says David Newman, president of consultancy Network Test. "If you're Starbucks, you want to kick unauthorized users off your network - but not off the McDonald's network next door."

Security infrastructure

1. Don't under buy performance. Testing performance in security products is becoming increasingly tough, because user configurations differ so widely, says Joel Snyder, a senior partner with Opus One. "The vendor may not really know how fast its product will go when configured the way you want it," he says. If you can't test the product in your network before you buy it, then carefully evaluate performance claims so you don't end up with the wrong fit, he says. "Salesmen tend to size products to fit your budget, not your requirements. It's easy to underbuy nowadays."

2. Security products have more bells and whistles than most organizations use. "Don't be dazzled by those at demo time," Snyder says. "Each feature has a cost, probably in performance and certainly in configuration and ongoing management. Understand what your time and cost commitments are, and focus on the features you're going to use, not the ones that sound cool."

3. Focus negotiations on support, not price. "Pay list price for the hardware, and negotiate the long-term support costs," Snyder says. "For most security products, direct costs for support and vendor subscriptions will exceed capital costs within three years, if not sooner. That's where you should focus your time."

Security management

1. Process trumps features in identity management. When buying identity management and provisioning tools, don't focus solely on the technology aspects, says Mandy Andress, president of ArcSec Technologies. "More important is making sure your processes will fit with the product and that you have an organization that will readily accept process changes."

2. Audit tools need to be team players. "Auditing always brings out the primordial fear in IT professionals," Andress says. "Make sure your auditing tools can integrate with the security infrastructure, complementing policy development, vulnerability management, compliance and risk management."

3. Beware of feature creep in endpoint security. Like many security wares, today's endpoint-security products have a glut of features, Andress says. "Stay focused on the problem you are addressing and don't get carried away making a decision based on features you will never use."

E-mail security

1. Make the certificate-management decision upfront. "Before you shop, figure out how and where you want to manage your certificates," says Travis Berkley, associate director for networking and telecommunications services at the University of Kansas. "Managing at the gateway vs. managing at the desktop can really change the look of an encryption system. There is no right or wrong answer, as long as you plan your implementation upfront. Trying to shoehorn a package to handle certificates differently from how it was designed usually doesn't work out very well."

2. Know the desktop pitfalls. If you manage certificates at the desktop, one consideration is key escrow, Berkley says. "Will your system administrator be able to recover the certificates if the employee managing the certificates quits or gets hit by a bus?" he asks. "And, are you subject to a bevy of other regulations? If you allow encryption at the desktop, you have to be prepared for ensuring capture of those messages."

3. Know the gateway trade-offs. Management at the gateway has its own pitfalls, Berkley says. "If you allow only encryption at the gateway, are you going to use one single certificate for the entire company, or will you create - and therefore manage - unique certificates for each employee?" These decisions need to be made before buying e-mail encryption, he says.

Net management systems

1. Do a crash test. The best network management systems are easy to recover, says Barry Nance, president of Network Testing Labs. "Before you buy, make sure you can reinstall the [network management system] tool when its server crashes on a Friday at 11 p.m. - especially if the vendor's licensing ties the tool to a network adapter's [media access control] address and the vendor doesn't offer 24/7 quick-response support," he says.

2. Buy with everyday use in mind. "Don't think you'll use the [network management system] tool just when problems occur," Nance says. "Plan to use the tool consistently and continuously, and leverage it for capacity planning as well as problem diagnosis."

3. Make applications a priority. "Buy a tool that offers some recognition of - and perhaps integration with - the applications on the network," Nance says. "High-level, app-level views of the network increase your business intelligence considerably."

Storage gear

1. "Never buy storage without a plan to back the media up on a regular basis," ExtremeLabs' Henderson says. "Part of the hidden costs of storage is the licenses and devices needed to provide backups. Plus, conformance legislation may require you to keep data alive or available for far longer than has been required in the past. Before you buy, make sure you can migrate these items into subsequent systems or onto media whose life meets the requirements."

2. Consider buying high revolutions-per-minute drives. Drives that spin at a high number of rpm, such as 10K- or 15K-rpm drives, really do perform faster when used in RAID 1 or 5 arrays," Henderson says. "Although 7,500-rpm drives (especially those with lots of onboard cache) can be good performers, high rpm drives can mean the difference between fast and really fast; the speed is definitely discernible."

3. Stick with standards. "Anything inside a storage enclosure should be easily replaceable," says James Gaskin, an independent researcher. "Odd-shaped power supplies or funky disk carriers that can't be replaced can cause you grief you don't need."

Infrastructure

1. Do a support test. Before renewing the 24/7 service contract on a server or network switch, do the Sunday 9 a.m. test, Network Test's Newman says. "Have a green-sounding employee call the vendor's support line during off-hours with a tough question that you already know the answer to. The speed and quality of the response will tell you something about the level of service you can expect."

2. "When negotiating prices, especially on large-volume purchases, remember that the capital cost is often just a small portion of the total cost of ownership," Newman says. "Other pricing factors include staff retraining, people costs to run the equipment, spares, service and support, and power and space requirements."

3. Make security a key criterion. "When evaluating any new piece of network equipment, find out whether it supports strong authentication and encryption by default for management traffic - and for user traffic, if applicable," Newman says. "Security needs to be part of the review process for every component in the network today."

Cummings (jocummings@comcast.net) is freelance writer in North Andover, Mass.

< Previous story: The dream OS | Next story: Symantec's Backup Exec 10d for Windows Servers >

Learn more about this topic

Review: Test shows VoIP call quality can improve with SSL VPN links

02/20/06

Cisco CIO takes wireless industry to task

02/20/06

Making security a shared responsibility

02/20/06

Sophos unveils e-mail security appliance

02/14/06

IBM acquisitions stake out net mgmt. territories

01/23/06

1 2 Page 1
Page 1 of 2