SNMPv3 certainly brims with promise. It incorporates most of the advancements that working groups put forth for the elided SNMPv2, while also addressing various shortcomings of the original SNMP. Salient new features include the "GetBulk" operator, 64-bit counters, an improved "Set" operator and the addition of a unique ID for each SNMP engine. Best of all, SNMPv3 brings a powerful, complex security model to the table.

While some of these changes reflect advances in networking technology that stretch the arbitrary boundaries imposed by the original protocol (such as 64-bit counters, which are needed to support attributes like octet counters on Gigabit Ethernet equipment), other advancements improve the way the protocol operates. For instance, when querying large amounts of data from an SNMP agent, the GetBulk operator can concatenate multiple "Get" and "GetNext" operators into a single packet--thus diminishing performance-robbing ping-pong effects. Likewise, SNMPv3 clarifies the use of Set operations by testing each query to guarantee that it will complete successfully.

The latest version also proposes several changes to the SNMP management framework itself, such as adding the ability to update configuration parameters in the SNMP agent via SNMP, thus enabling complete remote management of SNMP devices. Finally, SNMPv3 adds an "snmpEngineID," as well as the ability to address multiple contexts within a managed device. These features help track relationships within a network topology, aid in authentication and address more complex network infrastructure components that have multiple logical contexts within a single managed device. For example, with SNMPv3, each port on a switch can be addressed as a logical bridge inside the switch object.

As the long-awaited next-generation SNMP embarks on the road to standardization, we peer closely at the protocol's early implementations and continue to examine possible implications of the newcomer on secure network management in the enterprise.