|
|
|
 |
|
September 15, 2002
|
|
"Telecoms will likely offer MPLS VPNs over the exact same infrastructure on which they offer Internet services." --Chris Calabrese, Internet security analyst
|
|
Sizing Up MoMs
Is it risky for customers to go with Aprisma given the Enterasys problems? Is the company losing salespeople and cutting staff too much, or do you think Aprisma -- and in turn, Enterasys -- will weather the storm? From all I've read in various press accounts, the revenue-accounting issue centered on a small number in Asia, not big numbers in the United States.
Also, regarding Micromuse's Netcool, I was surprised how indirectly negative you seemed. From all the feedback I've gotten, ease of implementation/use and functionality for this product always rate high for users.
Finally, do you think the market is still open, or are clear leaders already established?
Alex Fuchs
Managing Director
Oracle Management Systems
alex.fuchs@oraclecap.com
Bruce Boardman responds: I'm not in the business of addressing any company's future; I included the financial analysis simply to provide some context. As for Netcool, I like it quite a bit, and if it had root-cause functionality, it would have done better. Micromuse's recent purchase of RiverSoft provides it with a root-cause engine, and I expect this will quickly improve Netcool in terms of enterprise operations -- and put Micromuse right at the throats of the leaders. The market is still open, and I'm constantly amazed at how many new management products are emerging.
My two cents on Bruce Boardman's MoM feature:
Aprisma's Spectrum xsight should have gotten 3.0 or less on event management. Why? Because Spectrum does not handle events at all. Second, just last year, xsight cost $19,000. Aprisma raised the price with the introduction of 6.5 for no reason whatsoever. What value in xsight justified raising the price so high?
I know I said two cents, but here's one more: Aprisma hasn't changed the Spectrum architecture since the early 1990s. It's an old architecture with very inefficient design.
All in all, though, I think Boardman did a good job. I would have given Barely Monitoring Computers (a.k.a. BMC) a much lower grade. Thanks a bunch. Timely article for my needs!
Name withheld by request
Consultant
 |
The Problem with MPLS
I have a bone to pick with Bruce Boardman's workshop, "MPLS VPNs: The Real Deal."
Boardman states that he expects telecom carriers will be using MPLS (as opposed to ATM or frame relay) to provision WAN links as they start moving toward IP-based networks. And he states that doing this on their internal provisioning networks is reasonably secure.
While I agree with these statements in principle, I have some trouble with the reality because people with an IP link to the Internet via their telecom provider won't want to pay for a second link to carry MPLS traffic to the provider's back-end network. Similarly, telecom providers won't want to maintain separate "private" (MPLS/WAN) and "public" IP (ISP) networks.
Taken together, this implies that telecoms likely will offer MPLS VPNs over the exact same infrastructure on which they offer Internet services. The telecom providers may argue that this offers the same security as their "real" back-end network, but history shows that ISP networks are not secure and would almost certainly be viewed as open networks under HIPAA and Graham-Leach-Bliley.
Therefore, MPLS cannot be secured without IP security, which means that secure MPLS implementations must run on routers capable of doing IPsec, and someone must be managing the IPsec associations; remember that MPLS virtual private networks cannot be secured over open networks unless the route updates are authenticated with a cryptographically strong mechanism (i.e. IP security) --something pointed out by several people in the security community and a topic I've discussed with some of the authors of the MPLS RFCs.
But if the routers are capable of doing IPsec and someone is managing their IPsec associations, why would you pay anyone to also manage the MPLS associations instead of just running IPsec on your existing ISP links for much less money? So, why would anyone use MPLS at all -- at least if they care a whit about security?
Perhaps the answer is that MPLS offers Quality of Service advantages, but many ISPs offer QoS-related services already, so that seems a nonargument.
Chris Calabrese
Internet Security Analyst
Data Security, Italy
chris_calabrese@yahoo.com
|
Kernel of Info
If Lori MacVittie intends to write a follow-up to the BuzzCut "Slow Down, Linus!" she should explain that odd-numbered kernels are never meant for distribution -- they are used only by kernel hackers. The 2.5 kernel became available (not released) as soon as 2.4 became stable and was released. When the 2.5 development tree is considered stable, it will be released as 2.6, or as 3.0 if it's considered a major evolution. Work will then begin on version 2.7 or 3.1, but these odd-numbered kernels will never be released, only made available to programmers and testers. Users shouldn't be made to feel they are missing out on features because they aren't using the latest experimental kernel.
Gary Shea
Band instrument repair technician
Third Wave
Les Instruments de Musique Twigg
gshea@dsuper.net
Tell Us How You Really Feel
Send e-mail to editor@nwc.com, fax to (516) 562-7293 or mail letters to Network Computing, 600 Community Drive, Manhasset, NY 11030. Include your name, title, company name, e-mail address and phone number. All correspondence becomes the property of Network Computing.
|
|
|
|
|
|
|
|
