Formulator holds the network's configuration steady. It collects, archives, compares and audits multivendor infrastructure configurations. Rules about how configurations are applied to an infrastructure and verified are used to create policy to manage configurations.
Policy management with Formulator is very rules-centric. The product provides a structured rule language and applies rules to network targets. Within the GUI, the rules are formatted, but knowledge of the syntax and verbiage of the scripting environment is required. The system does come with some basic rules, such as VLAN, password encryption and SNMP traps, that can be used as templates, but learning the scripting environment takes time. Fortunately, Gold Wire provides training and documentation with purchase.
The one thing that Formulator's approach does not do, as compared with Orchestream's Service Activator, is consider the current status of the network. Even though Formulator allows for the definition of dependencies in the scripting, the creator of the rules needs to understand how the network is put together (there's that need for a smart network engineer again). The policy rules are brittle in this sense as they carry an implied topology.
Policy rules are organized into a hierarchy and, by default, divided into sections, with main categories such as router, switch and QoS. These sections then have leaf objects, such as SNMP, RIP and VLAN, called targets in Formulator parlance. Targets refer to scripted rules that generate portions of configuration for multivendor devices. We used some of the default polices to generate configurations for specific devices or logical groups of devices, such as all access routers. Each configuration is then stored in Formulator's database with an index, time and date stamp to uniquely identify it. We could compare the configurations we had loaded from the devices against those we generated from our policy. It's a relatively easy process -- if you understand the policies. Again, that requires networking expertise and knowledge of Formulator's scripting language.
Other processes, such as creating and viewing VLANs, were much more straightforward, requiring only that we define the ports of a switch as available before creating the VLAN. Both ISL (InterSwitch Link) and 802.1Q are supported. Very simple.
Late-Breaking News
OSPF relationship management was added during our testing, and router ports, neighbors and virtual-link relationships can be stored. We had hoped the relationships would have been understood based on the configurations by relating addressing schemes and existing OSPF configurations, but no go. The process was a hand-over-hand creation of ports, logical ports, ports in areas and port relationships. Once they're in the database, the network can be configured.
Authentication supports an internal database and TACACS (Terminal Access Controller Access Control System) with users and groups. There is a high degree of access control because every application function is available for control. By defining permission profiles that include devices, actions and user groups, we created a systems admin group with the ability to list and verify images, but not put images to devices.
We created another operators group that could have the list and put functions. Devices are grouped so users may perform only granted actions on particular groups of devices. This is a very flexible system that allows for delegation of access, albeit not within separate customer containers as Service Activator does. It would have been nice to have a list of disallowed actions, because the list of allowed actions can be quite long and looking for a particular missing action would be easier with an exception list.
Auditing of how access is used is a big part of Formulator. Audit trails are tracked by user, action, session and configuration. Unique to Formulator is the logging of all native CLI access that occurs with a network infrastructure. We used this function by entering the Formulator environment and connecting to the target infrastructure. Of course, this doesn't prevent someone from using a direct telnet or SSH (Secure Shell), but a Formulator configuration file can modify telnet to use the Formulator telnet pass-through TCP/IP port on a Unix system so the Formulator environment doesn't have to be entered to capture direct CLI changes. Unfortunately, SSH is not supported in this way.
Formulator stores and manages network infrastructure telnet passwords, allows for the changing of passwords and tracks when passwords have been changed.
The GUI is definitely usable over a cable connection. Downloading the help files takes a while, but it ain't bad. The GUI and server were rock solid throughout our tests.
Ask Me Anything
Formulator maintains detailed logs, displaying the status of all configuration and system changes. The database offers very flexible query capabilities, and queries can be saved. Configuration state is also saved with the log record, and differences before and after, along with the version of the configurations specified, are available. Formulator lacks an event display and doesn't support automated rollback of changes, as Orchestream's Service Activator does.
We experienced a few problems diagnosing errors, and we initially had trouble retrieving configurations for some Cisco and Juniper devices. The Cisco problems were caused by an uppercase/lowercase mismatch that appeared in a few versions of IOS, and some group statements were the culprits in our Juniper router configurations. In both cases, Formulator barfed up a fairly generic error, and eventually we had to get tech support on the horn and edit large, not to mention squirrely log files. In the case of the Cisco snafu, we fixed it over the phone. Finding a workaround for the Juniper problem took less than a day, and it took only a couple of days for a fix.
We appreciate the speed and flexibility Gold Wire showed but would have preferred to avoid the problems entirely via a clearer indicator from the error routine and a better-formatted log file. This is also an example of the nitpicky problems that could be resolved with a standardized interface; that we have no such standard means policy vendors will continue to face this sort of issue.
Autodiscovery from version 1.1 to version 2.0 increased the number of devices Formulator could recognize by a factor of at least 10 -- from fewer than 100 to much greater than 1,000. The road map for Gold Wire is to get the network configuration stabilized, then begin adding applications, a goal the company is apparently well on the way to achieving.
Pricing is based on the number of managed instances, vendor modules and simultaneous logged-in users but starts at about $50,000. The complexity of the network being managed will determine the actual cost. Since our pricing scenario doesn't define these variables, call Gold Wire for more information.
Formulator 2.0. Available: Now. Gold Wire Technology, (888) 585-9473, (781) 398-8800; fax (781) 398-8811. www.goldwiretech.com or sales@goldwiretech.com
RSS
