Network Computingwww.networkcomputing.com

Notable for its Java interface alone, CyberSentry comes closest to offering a standard Windows GUI. We were impressed by the fact that the interface feels very m ature--unlike almost every other Java implementation we've seen. It's easy to mistake it for a native Windows application. NetBrowser achieves this by playing some tricks with Java. For instance, many Java applications download Java classes only when needed. CyberSentry takes the time to download all classes up front, making interactive performance better, more like a dedicated GUI application.

NetBrowser also comes closest to addressing the enterprise nature of network management. Designed in a hierarchical architecture, CyberSentry servers gather local information from SNMP devices, manageable uninterruptible power supplies (UPSes) and environmental gauges like temperature probes and even digital cameras. Upon exceeding a threshold, CyberSentry contacts a central server either in-band on the network or out-of-band using a standard dial-up connection.

Spinning A Better Web
So what does the future hold? Enhanced interfaces and interoperability. Every Web-based network management solution we tested is completely proprietary. Although every vendor was quick to point out that these solutions are all open (presumably because they use HTML, Java and HTTP), no two vendors create a similar interface. While Win32 developers use Microsoft's Foundation Classes to preserve that "Microsoft" look and feel between applications, there are few such libraries in Java. However, newer releases of Java development kits include improved graphics and interface classes. As Java matures, we hope to see many of the rough edges we've come to expect from Java applications sanded away.

Interoperability is a powerful notion for getting network management vendors t o agree on common methods of presenting management data, so they can share configuration and performance information among products. Although simple interoperability standards like Management Information Base (MIB) and MIB-II in the SNMP world provide a baseline of interoperation, many SNMP applications are worthless without proprietary extensions by vendors. Led by the Desktop Management Task Force (www.dmtf.org), major network management vendors are collaborating to define common information models (CIMs) to share higher-level information among dissimilar applications and agents throughout the network. Industry standards bodies are busy negotiating standards like CIM and Hyper Media Management Protocol (HMMP). However, the true value of these interoperability standards won't be seen until the standards are accepted and vendors begin to ship applications. And with luck, these promises of interoperability will prove more "interoperable" than SNMP's MIB concept.

Dan Backman can be reached at dbackman @nwc.com.

This means that every time you access a network device, your user name and password for accessing that device or service are broadcast across the network for all to see.

Microsoft Corp.'s Web Administration for Windows NT Server administration toolkit supports a proprietary NT challenge/response authentication algorithm that permits authentication without passing the password in clear text across the wire. However, the only Web browser that currently supports this technology is Microsoft's own Internet Explorer (3.0+).

Naturally, this means Web-based network management is fundamentally insecure. But it come s up smelling like roses when you compare it with security on existing network management systems--particularly Simple Network Management Protocol (SNMP). Although later versions of the SNMP protocol are in the process of standardization and acceptance, all current SNMP products rely on SNMP version 1, whose only security measure consists of a community string buried in every request packet--in clear text.

Contrary to popular belief, the Web might present a more secure network management paradigm. Web services already offer the ability to establish encrypted sessions, through SHTTP. Otherwise, new technologies like IPsec promise to deliver secure IP communications at any level. At the same time, increased use of digital certificates and networkwide directory services will aid authentication and access control. The future of network management security may follow the path of secure commerce applications.