Arthur Cole spoke with Larry Lunetta, vice president of strategy, ArcSight.
Cole: Many IT executives look at data center consolidation as an effective means to cut costs without considering the impact on things like wide area networks and remote application delivery. How important is network configuration management when it comes to maintaining robust network services with fewer data centers?
Lunetta: Optimized network connectivity has been an important element in delivering business automation. Up until recently, the emphasis has been on "local" network resources that connect users to equally local computing resources. Now, as servers consolidate in fewer geographic locations and more users are employing automated business processes, the focus is on "wide area" communication with even more stress on the elements that facilitate and optimize access to servers and their associated applications and data across long distances via Web-based services.
As a consequence, networks are becoming more diverse with new types of network equipment, such as WAN optimizers that join traditional routers and switches. The only way organizations can be assured that their network infrastructure is configured to deliver the required volume and quality of traffic in and out of their data centers is by fitting all of these elements in a consolidated and automated management system.
In addition, the growing requirements stemming from compliance standards increase the amount of pressure to consolidate complex and diverse infrastructure information into a common tool environment in order to guarantee the consistent enforcement of such standards.
Cole: What are some of the key elements of an effective configuration management system?
Lunetta: Because of idiosyncratic interfaces and command structures, it's never been easy to define, implement and maintain consistent configuration standards for the myriad of devices and vendors that populate enterprise networks. Effective network configuration management requires first and foremost an easy-to-use common interface for managing device types from different vendors. If an organization deploys both Cisco and Juniper routers, very little is gained unless the configuration management system "hides" the specific command-line interface from the network engineer. Other important elements include secure access to the devices under management, comprehensive audit and reporting for compliance purposes, and low TCO.
Cole: What about enterprises with single-vendor network elements, such as Cisco switches and routers? Shouldn't they be able to manage their networks by simply launching tools like CiscoWorks?
Lunetta: For Cisco-dominant networks, CiscoWorks is a ubiquitous and rudimentary tool. This is why most network engineers will tell you that it is a product focused on command-line interaction, keeps very little record of the changes that are made, and comes in a variety of flavors based on which Cisco products need to be managed. In addition, CiscoWorks is not a tool which allows handing over tasks to a multi-tier support organization; it requires the constant involvement by senior-level engineers.
While corporate networks might be using single-vendor Cisco solutions for switches and routers, it is more commonly used as a base for other vendor products, such as firewalls. A homogenous and fully compliant infrastructure requires management of a common platform. Cisco itself recognizes that the basic CiscoWorks product does not cover all the management use cases for today's networking infrastructure and has introduced other products to handle tasks such as auditing and reporting; however, these are hardly the integrated, "single pane of glass" configuration management system that enterprises are looking for. And, in the inevitable case where other vendors are represented in the network, CiscoWorks leaves the organization no choice but to introduce other management tools.