Discussions

Software-based network management tools or an appliance

Tags:
+
0 Votes
Locked

Software-based network management tools or an appliance

jimmy-sol
Hi, I?m in charge of upgrading our current network administration techniques. Which do you think is better ? software-based network management tools or an appliance?
  • +
    0 Votes
    stress junkie

    I'm very fond of the very inexpensive network appliances. The home/SOHO appliances that are available for about US$60 provide an amazing feature set and they only use a few milliwatts of electricity. The file server appliances appear to be overpriced or lacking in features such as SSH connections to clients. (Oh. Wait. Windows doesn't have SSH either. Guess we'll have to use Unix or Linux for file servers and put SSH on the Windows clients via add on software such as Putty.)

    On the other hand a server running a full featured operating system, can be much more flexible and more effective. If the operating system is NOT a Microsoft product then the server can also be more secure than an appliance. You can add software to do whatever you want to do on a server running a full featured operating system. For example a SOHO router will not include network intrusion detection. You can have a server running some IDS software that also does everything that the SOHO appliance does and much more, all in one box. The full featured operating system can provide DCHP, NAT, firewall, net packet filtering, and other goodies just like the SOHO router. On the other hand the SOHO router cannot keep an extensive log of intrusion detection attempts or even detect intrusion attempts. The SOHO appliance cannot provide a web proxy with web page caching. Nor can the SOHO appliance analyze email for viruses.

    If bugs are found in net appliance firmware it is probably not going to be fixed any time soon. Software applications running on a full featured operating system are very likely to be fixed in a short time after discovery of problems.

    I believe that an integrated environment built on machines using a full featured operating system at critical locations and several SOHO routers can be a very good value and provide a robust environment. For example you could have a machine running a full featured operating system between your LAN and the Internet. You could set this up as a bridge that implements firewall, web caching, intrusion detection, address blacklisting, corporate Nanny software, VPN, email spam and virus filtering, and other functions. Since it is configured as a bridge it does not need an IP address. This makes it more difficult to detect its presence. This bridge could then be attached on the LAN side to a SOHO router to provide DHCP. NAT, and other functions. If the corporate LAN is large enough to require VLANs or subnets then having inexpensive routers provide that function can be very economical. The full featured operating system machine acting as a bridge does the stuff that has to be done between the corporate LAN and the Internet while the SOHO routers provide basic router functions for each subnet at very low cost.

    That's basically how I look at these choices. Properly deploying a mix of expensive + full featured with the inexpensive + basic featured boxes can provide a good environment at a reasonable cost. IMO.

    The only weakness in this type of a system is that if a virus gets into the LAN then the SOHO routers won't stop it from propagating. Expensive CISCO enterprise class routers, which still qualify as being network appliances, claim to be able to do this sort of thing so you may want to use them on the LAN. You can still benefit from having a machine running a full featured operating system sitting between the corporate LAN and the Internet as described above.

    +
    0 Votes
    jimmy-sol

    I just saw this commercial on youtube (http://www.youtube.com/watch?v=odyG0F8UM1A ) and that's totally me! I?m tired of being the one that gets yelled at when the system is down!

    +
    0 Votes
    jimmy-sol

    I just saw this commercial on youtube (http://www.youtube.com/watch?v=odyG0F8UM1A ) and that's totally me! I?m tired of being the one that gets yelled at when the system is down!

    +
    0 Votes
    stress junkie

    Whoever put that together must have spent some time as a system/network administrator. It's really well done too. The symphony music really makes the video very professional. I generally have a low regard for the quality of ads but this is one of those that you see about once in two years that's really great.

    +
    0 Votes
    SGS_GTI_JAY

    I would have to agree with the other post a mixture of different devices for management is the way to go. In our infrastructure we rely havily on HP Openview for network node management, along with cisco works and a tonne of other tool set's that perform various functions within our environment. Thse tool set's all run from various servers for flexability and management.

    Appliances are great for reducing load on a server to perform it's given tasks (ie, what it is designed to do) but with a server approach you have greater flexability to scale your needs upwards without having to roll out a new piece of hardware (in most cases) to support the software. As is the case with an appliance approach if you want more you need to scale up the hardware to accomodate the features which usually means a drastic increase with Price. Either Case both approachs do provide real-time or near real-time metrics depending on what your configuring or wanting to manage

    +
    0 Votes
    Ashley mason

    Hi jimmy!! There are many network management tools are available on net. But first of all you need to ensure which tool is compatible with your operating system which your are using as well as your system requirement.

  • +
    0 Votes
    stress junkie

    I'm very fond of the very inexpensive network appliances. The home/SOHO appliances that are available for about US$60 provide an amazing feature set and they only use a few milliwatts of electricity. The file server appliances appear to be overpriced or lacking in features such as SSH connections to clients. (Oh. Wait. Windows doesn't have SSH either. Guess we'll have to use Unix or Linux for file servers and put SSH on the Windows clients via add on software such as Putty.)

    On the other hand a server running a full featured operating system, can be much more flexible and more effective. If the operating system is NOT a Microsoft product then the server can also be more secure than an appliance. You can add software to do whatever you want to do on a server running a full featured operating system. For example a SOHO router will not include network intrusion detection. You can have a server running some IDS software that also does everything that the SOHO appliance does and much more, all in one box. The full featured operating system can provide DCHP, NAT, firewall, net packet filtering, and other goodies just like the SOHO router. On the other hand the SOHO router cannot keep an extensive log of intrusion detection attempts or even detect intrusion attempts. The SOHO appliance cannot provide a web proxy with web page caching. Nor can the SOHO appliance analyze email for viruses.

    If bugs are found in net appliance firmware it is probably not going to be fixed any time soon. Software applications running on a full featured operating system are very likely to be fixed in a short time after discovery of problems.

    I believe that an integrated environment built on machines using a full featured operating system at critical locations and several SOHO routers can be a very good value and provide a robust environment. For example you could have a machine running a full featured operating system between your LAN and the Internet. You could set this up as a bridge that implements firewall, web caching, intrusion detection, address blacklisting, corporate Nanny software, VPN, email spam and virus filtering, and other functions. Since it is configured as a bridge it does not need an IP address. This makes it more difficult to detect its presence. This bridge could then be attached on the LAN side to a SOHO router to provide DHCP. NAT, and other functions. If the corporate LAN is large enough to require VLANs or subnets then having inexpensive routers provide that function can be very economical. The full featured operating system machine acting as a bridge does the stuff that has to be done between the corporate LAN and the Internet while the SOHO routers provide basic router functions for each subnet at very low cost.

    That's basically how I look at these choices. Properly deploying a mix of expensive + full featured with the inexpensive + basic featured boxes can provide a good environment at a reasonable cost. IMO.

    The only weakness in this type of a system is that if a virus gets into the LAN then the SOHO routers won't stop it from propagating. Expensive CISCO enterprise class routers, which still qualify as being network appliances, claim to be able to do this sort of thing so you may want to use them on the LAN. You can still benefit from having a machine running a full featured operating system sitting between the corporate LAN and the Internet as described above.

    +
    0 Votes
    jimmy-sol

    I just saw this commercial on youtube (http://www.youtube.com/watch?v=odyG0F8UM1A ) and that's totally me! I?m tired of being the one that gets yelled at when the system is down!

    +
    0 Votes
    jimmy-sol

    I just saw this commercial on youtube (http://www.youtube.com/watch?v=odyG0F8UM1A ) and that's totally me! I?m tired of being the one that gets yelled at when the system is down!

    +
    0 Votes
    stress junkie

    Whoever put that together must have spent some time as a system/network administrator. It's really well done too. The symphony music really makes the video very professional. I generally have a low regard for the quality of ads but this is one of those that you see about once in two years that's really great.

    +
    0 Votes
    SGS_GTI_JAY

    I would have to agree with the other post a mixture of different devices for management is the way to go. In our infrastructure we rely havily on HP Openview for network node management, along with cisco works and a tonne of other tool set's that perform various functions within our environment. Thse tool set's all run from various servers for flexability and management.

    Appliances are great for reducing load on a server to perform it's given tasks (ie, what it is designed to do) but with a server approach you have greater flexability to scale your needs upwards without having to roll out a new piece of hardware (in most cases) to support the software. As is the case with an appliance approach if you want more you need to scale up the hardware to accomodate the features which usually means a drastic increase with Price. Either Case both approachs do provide real-time or near real-time metrics depending on what your configuring or wanting to manage

    +
    0 Votes
    Ashley mason

    Hi jimmy!! There are many network management tools are available on net. But first of all you need to ensure which tool is compatible with your operating system which your are using as well as your system requirement.