Opnet’s NetDoctor sees configuration in context

Configuration management – the “C” in “FCAPS” (fault, configuration, accounting, performance and security) – has been much neglected, largely left to in-house improvisation and element-centric products, most of which are far from robust. On the other hand, configuration management is, like security, a pervasive service that directly affects many other management disciplines.

Configuration management directly supports change management, service provisioning, performance, availability, security, and capacity planning and infrastructure optimization. EMA estimates that more than 60% of performance and availability problems are due to configuration issues, the majority of which are induced through human error.

So wouldn’t it be a good thing to have products that can begin to automate configuration control – documenting changes, providing effective access control, enabling more efficient and complete disaster recovery, and helping IT and service providers to optimize infrastructure and troubleshoot problems? In my view, the answer is a resounding “yes.”

There is a new crop of vendors targeting this area, including Alterpoint, Goldwire, Intelliden, Rendition, TripWire and Voyence, among others. Vendors with broader management software, such as Aprisma and Opnet, should also be included.

Opnet’s NetDoctor, the focus of this column, is distinctive in its rich capabilities for policy, design and optimization. While most competitors are focused on a combination of change management, auditing, security and access control, NetDoctor capitalizes on Opnet’s broader portfolio for modeling, design, simulation and real-time assurance in context with detailed insight into infrastructure requirements.

NetDoctor does not yet automate a large number of configuration changes across a network – something that is pretty standard for most other products. But it is a superior analytic tool, more suited to network engineers than to most network operators, and comes at a price point somewhat higher than other, control-oriented systems that generally don’t “understand” configuration changes in infrastructure context.

With Opnet’s IT Guru or SP Guru – which manage networked infrastructure (including application behavior, with Opnet’s Application Characterization Environment) – NetDoctor can provide insights into a broad range of issues. It can anticipate potential trouble spots, prevent problems before they occur, and help optimize networked resources. When it identifies problems, it recommends actions. Opnet and its users have had fairly dramatic success in identifying problems that would have remained undetected before NetDoctor was on the scene.

For instance, NetDoctor can help solve problems based simply on knowing what you’ve got. It can tell you how many different versions of IOS you have – so you can evaluate how many should you have based on best practices. Are the route maps referenced for use on a router actually defined on that router? Can you dispense, with, say extra copies of EIGRP that you didn’t even know you had? With Flow Analysis from Opnet, it’s easy to ascertain where there are duplicate routes, or isolate potential link failures with “reachability analysis.”

Policies can also be scripted into existing templates and built-in intelligence to automate best-practice configuration control, or to step up to environment-specific requirements – for instance, preventing one IP address range from communicating with another because of business policies. (In some respects, NetDoctor’s functionality is somewhat reminiscent of Cisco’s Netsys, but with multivendor capabilities and more systemic design.)

NetDoctor’s benefits can make your network engineers and your operations team look very good – and save you money in planning and service assurance. Is it industrial-strength and ready for prime time? Well, yes – it is currently in use by Central Command in Iraq. And as the product gets better scalability, better support for authentication servers such as RADIUS and SecurID, and more automated capabilities for enabling massive configuration changes across a network, it will become an even better value.

NetDoctor prices at $60,000 in a typical configuration with IT Guru and a MultiVendor Import module to build network models. With the addition of VNE Server for more automated, real-time insights into operational performance, the price becomes $98,000 plus maintenance.