Three network device management tools strut their stuff

See correction at end of review

Managing 50 network devices can be a challenge; managing 5,000 is nigh impossible, and many networks today exceed even that figure. If all the devices are from a single vendor, the job becomes somewhat simpler, but how many network managers have that luxury? In most large network environments, heterogeneous hardware is the rule, and simple tasks such as changing SNMP strings, implementing and verifying best-practice guidelines, and managing configuration changes across the enterprise become enormous headaches.

Many network administrators rely on custom tools -- perhaps a collection of Perl scripts -- to manage devices en masse. Although this may be appropriate for some enterprises, others are clamoring for a better mousetrap. Three companies are looking to provide that very thing.

Rendition Networks' TrueControl 3.0, AlterPoint's DeviceAuthority Suite 2.0, and Tripwire’s TND (Tripwire for Network Devices) 3.0 all aim to be the network device management tool of choice. All three offer centralized management of heterogeneous network devices, supporting network devices from multiple vendors.

This is no easy feat. The management tools for different vendors vary wildly. From Cisco-style command-line interfaces to Web-based configuration tools, every vendor has its own view of how a device should be managed. Making a tool that brings all these disparate configuration paradigms together is a challenge.

Tripwire for Network Devices

TND follows similar rules to Tripwire’s system-configuration control offerings. The overriding concept is configuration baselining. When a device is added to the inventory, its current configuration is downloaded and marked as a baseline configuration. Administrators add devices manually or by building and importing a CSV (Comma Separated Value) or XML file.

By polling devices and receiving SNMP traps, TND detects configuration changes and takes the appropriate action. You can configure TND to send notifications of changes to administrators by e-mail, pager, or console, and you can have it restore the baseline configuration to the device when a change is noted, all but preventing unauthorized changes to a device. TND's device compatibility is limited compared to the other offerings, but it accurately inventoried all the devices in the lab with the exception of a Dell PowerConnect 3300 switch.

After you have determined a baseline configuration, TND lays out subsequent deviations from that baseline for further inspection by administrators. TND focuses on making it easy to restore a device to its baseline status rather than having to step back through configuration changes, although this is also possible. Furthermore, TND doesn’t offer many features found in DeviceAuthority and TrueControl, such as the ability to script configuration changes and to generate detailed reports. You must resort to database queries to display data on changes to network devices.