Managing Your Enterprise Piece by Piece
May 17, 1999
By Bruce Boardman
Enterprise systems-management solutions are getting better but the best is yet to come. The frameworks have improved and offer solutions that make centralized management possible, though still difficult. The focused point products often outdo the big frameworks and generally are easier to use, but they don't share data or cover a wide range of operating systems. This makes frameworks more well-suited to large enterprises that can manage huge implementation projects. These large sites also can afford to dedicate staff to operate the processes once installed. In general, the point-product approach is better for network administrators who need to get something fixed immediately.
If you choose to use a framework, the best approach is to put a management architecture in place and fill in with the specific tools needed. We compare it to building from the foundation up. The point products turn this approach on its head. They offer to patch the leaky roof and keep you dry until you figure out whether you need a new house or you can get by with just a new roof.
If this all seems familiar, it should: It's exactly the basic state of affairs that existed three years ago. Yes, the frameworks are easier to install and they all support NT, but they still are made up of separate processes that must interact in a complex environment. The old formula still applies: Complexity equals job security for administrators and operations personnel. In contrast, point products make things easier by focusing directly on the problem at hand. They fix Problem A with Tool A. But they work in their own limited way, ignoring many of the tangential issues connected to Problem A--Problems B, C and D are still there, lurking in the dark recesses of your network.
Even if the area's been relatively static, network and systems management remains a rich, varied topic encompassing the management of all computing hardware, software and people in an organization. Over the past year, Network Computing tested seven different management tasks, involving products from AXENT Technologies, Cabletron Systems, Computer Associates International, Hewlett-Packard Co., Intel, Loran Technologies, MainControl, Microsoft Corp., OnTechnology, PLATINUM technology, Seagate Software, Tally Systems and Tivoli Systems.
After the dust settled, we found lots of improvement and some real innovation--but overall there's still quite a bit of heavy lifting required.
Covering Your Assets
Enterprise asset management is a perfect microcosm of enterprise systems management. In this space we found several large vendors that provide good architectures across the three submanagement disciplines of inventory, software and metering (see "Asset Management Products Let You Gain Network Control," www.networkcomputing.com/906/906r1. html). We also found a group of products from smaller companies that excel in one of these three areas. Choosing a single best product isn't easy, and is further complicated by the fact that most of the point-product vendors partner with a platform vendor as well as with one another.
The general starting point for asset-management products is inventory control. Our top choice, MainControl's MC/EMPower, offers a complete solution by beginning with the financial details garnered during the procurement process. MC/EMPower's unique automatic reconciliation capability maintains order between a database with the financial information and a database created by the distributed agents. This cradle-to-grave tracking follows all of the pieces--RAM, hard drives, monitors--as well as the entire desktop or server system.
It's noteworthy that while MC/EMPower has a great asset framework, Tally Systems' NetCensus had the best scanning capabilities. Its inventory scanning agents not only offered the most detail, but were the most accurate. Interestingly, MC/EMPower can receive inventory data created by NetCensus Agents.
The second most important asset-related task is distributing software across distributed enterprises. Here, full-blown enterprise systems-management platforms have it all over point products. Generally, software distribution is a difficult chore batted back and forth between products that use one of two approaches: scripted and delta installs. This chore gets even gnarlier in a WAN-connected enterprise because the files must move over narrow bandwidths without disturbing more important daily production work. Keeping a steely eye fixed on this dilemma, we focused on architectures that addressed both bandwidth and job control. Our testing revealed that both PLATINUM's eponymous platform and Microsoft's SMS 2.0 excel in this area. Both offer methods for bandwidth control that take care not to grab all available resources.
Network Management: Not Enough Gain for the Pain
We've been testing network-management platforms for six years now, and for all the incremental improvements, as a group these products just don't net enough return to justify their purchase and implementation costs. There are a few exceptions, such as IBM's NetView and Loran's Kinnetics, both of which go beyond general-purpose platforms, offering useful management tools without third-party add-ons.
Cabletron's Spectrum Enterprise Manager and Tivoli's NetView distinguished themselves this year in network-management applications (see "Network Management Solutions Lack Clear Leader," www.networkcomputing.com/915/ 915r1.html). To its credit, Cabletron is offering its usual platform at a healthy discount, including several third-party modules. In the past you had to buy each module, separately priced, from Cabletron. That's one way to offer a single-vendor management solution. Other vendors, including Hewlett-Packard with its OpenView Network Node Manager, rely on infrastructure vendors to write management modules. Unfortunately, neither approach makes management easier. There's always a lag between the time that the module appears and when it's actually integrated into the single reporting repository supported by the framework.
Everything old is new again with Tivoli's NetView. This version, which shares a code base with the HP OpenView product, has its roots in the IBM 370 mainframe world. Now that IBM has moved development of the product to Tivoli, we're already seeing some positive results. Tivoli wisely discerns that network management platforms need to perform some management out of the box. To this end, NetView offers very useful canned tools that track availability and utilization, and groups devices by function, such as router, servers and DNS servers. Its obviously well-thought-out functions help manage the network.
There are also some intriguing newcomers in the network-management application space, most notably Loran and its Kinnetics product. This network-management appliance comes on a preconfigured Linux workstation and boasts a completely Java-enabled console. What's even more remarkable is its claim of support for port-level mapping. According to Loran, this capability is made possible by a combination of down-and-dirty SNMP work and some statistical magic. However, while it sounds cool and Kinnetics was able to upgrade our appliance over the Internet frequently with ease, our testing showed that the mappings were wrong so often as to be useless.
Testing Security and Performance
Our final two perspectives on enterprise systems management focused on drilling down to test the nitty-gritty disciplines of security and OS performance. This was our first chance to test Computer Associates Unicenter TNG in depth. Earlier this year, CA changed the packaging for TNG and unbundled various products from the core, a change that gave CA the confidence to participate in this in-depth testing.
In general, the big framework products from Tivoli, Computer Associates and PLATINUM demonstrated very strong security policy administration (see "Finally! A Light at the End of the Tunnel," www. networkcomputing. com/922/922f1.html). The frameworks are really the only products able to cope with the complexities of aligning security across diverse operating systems. Tivoli, Computer Associates and PLATINUM have all added and extended security mechanisms to the OS level. The task of installing and maintaining these systems requires a deep corporate commitment not just for security but for the entire management strategy. This commitment drives companies to build organizations around these platform solutions, and it's the organization as much as the technology that makes these platform solutions work. For example, Tivoli's User Administration and Security Management modules carefully construct and organize the steps needed to be successful in administering corporate security.
But for simple security-policy enforcement, it was a point product, AXENT's Enterprise Security Manager, that looked best. It offered flexible policies within a very straightforward implementation. It just plain worked!
After a year's worth of testing, it is the behemoths that left us most optimistic. Our testing uncovered some real stars in enterprise-systems management, which focuses on monitoring operating systems and applications resource consumption. The products we tested revealed uniformly strong out-of-the-box tools (see "HP's Turnkey Metrics Outdo Systems Management Rivals," www.networkcomputing.com/1002/1002r1.html). And by the time you read this, revisions of these tools will offer even more hope. In the course of our testing, it was obvious that out-of-the-box functionality is a core discipline on which the vendors have been focusing for a while. For instance, HP's well-integrated set of tools covered all the bases. It is clear that all the vendors in this space are carefully thinking through the issues of historical performance reporting and how to relate performance spikes to application and network loads. And yet, despite the bright spots, no platform offers a panacea. Instead you get a complex management architecture that promises to make life manageable. Not simpler, not easier...just more more manageable.
|
Here
Here
REPORTS
ANALYTICS
Follow 
