Configuration tools to ease management

A slew of vendors in the coming weeks will make their network configuration management tools available to corporate customers looking to automate the tedious and error-prone job of configuring switches, routers and other devices – and then tracking those changes.

AlterPoint, Gold Wire Technology, Opnet and Voyence each deliver products that help document, store and monitor changes to network device configurations. Network configuration management products from these vendors and competitors such as Intelliden, Rendition Networks and Tripwire promise to reduce manual errors, ensure compliance with regulatory standards and secure network devices.

“Configuration management is useful in 1,000 different ways in IT: availability, security, regulatory compliance, patch management and so on,” says Glenn O’Donnell, research director with Meta Group.

For the most part, the network configuration management products today discover network devices, capture the accurate configuration, maintain an updated database of the most recent changes made to devices and store historical data on all actions taken with the devices. The information can help users more quickly provision devices, spot security holes, ensure configuration consistency across multiple devices and apply patches where needed.

The products – some software-only, some packaged on an appliance – work to automate the tasks performed by using command-line interfaces or tools from hardware vendors such as Cisco’s CiscoWorks and Nortel’s Optivity. Historically, the problem with using hardware vendor configuration management tools is that most enterprise networks are heterogeneous, O’Donnell says.

“Enterprise IT managers need to be able to have all that configuration information in one location and normalized to really make sense of it,” he says.

AlterPoint, in its latest release of DeviceAuthority software that runs on a dedicated server (or it can be packaged as an appliance), includes two software applications developed to audit and update devices.

DeviceAuthority Audit Module keeps an up-to-date inventory of enterprise network devices, including the software and patches installed on the device. DeviceAuthority Update Module lets network engineers input a change for, say, a Cisco router, and apply that change to all Cisco routers in the network. The one-to-many feature would cut down on configuration time, prevent errors that could occur when network engineers configure multiple devices and ensure configuration consistency across the network.

The DeviceAuthority Suite costs $19,950 for 100 devices. The DeviceAuthority Update Module costs $7,500 for 50 devices and the DeviceAuthority Audit Module costs $5,000 for 50 devices.

Gold Wire also updated its Formulator 3.5 appliance to allow it to verify firewalls along with switches, routers and other network devices. The appliance now also can track configurations on Nokia devices. The Formulator can be plugged into a network port and identify all nodes on a network, such as routers, switches, VPN gateways and firewalls.

The Formulator 200 system costs $22,000 and is priced starting at $275 per user. The Formulator 200HA (high availability) system costs $63,000 and is priced starting at $275 per user. The cost of the Formulator software modules start at $75 per device for Access Manager, $150 per device for Compliance Manager and $150 per device for Change Manager.

Gold Wire CEO T.C. Browne says security and compliance issues drive customers to look for an automated way to track configurations.

“Configuration management is also a means to control access to the infrastructure,” he says.

Opnet agrees. Its NetDoctor software is a rules-based engine that can identify incorrect device configurations, including policy violations and inefficiencies, such as bandwidth issues. The software, which is installed on a server and works with other network and systems management tools, performs non-intrusive security audits (meaning it does not add traffic to the network to test it) and can understand how configuration data pertains to security, traffic flows and routing policies. New to NetDoctor 10.5 are auditing and documentation requirements for compliance with the Sarbanes-Oxley Act.

Scheduled to be available at the end of the first quarter, NetDoctor 10.5 can be purchased as stand-alone software or bundled with Opnet’s IT Guru application and VNE Server software. Stand-alone, the software costs $25,000, but when used with Opnet’s IT Guru application and VNE Server software it can cost between $70,000 and $150,000.

Voyence also has updated its VoyenceControl 2.3 software. The latest release includes features to let customers manage tens of thousands of devices. The company also added capabilities that let users segment device management based on physical locations or logical grouping. VoyenceControl 2.3 also validates changes before deployment and verifies that the new changes are working.

VoyenceControl 2.3 costs about $100,000 for 1,000 devices.

Despite the slew of products available, industry watchers say the software and appliances need to better correlate relationships among devices in an enterprise network.

“These tools need to also be able to capture the relationships between devices and make sense of how the state of one device will affect those it has relationships with,” O’Donnell says. He says companies such as Configuresoft, Relicore and Troux deliver products that map network dependencies and track configuration data.