Getting on top of the network
The convergence of voice and data is adding to the difficulties of network management, writes Nick Booth.
An IT director once explained his method of evaluating a technology's usefulness: take the main selling point and disregard it as an unobtainable fantasy. Then see what you are left with.
Customer relationship management, for example, doesn't improve customer relationships. But it does give you an impressive system that enables you to stalk customers day and night until they eventually give in.
By the same token, network management vendors sell another kind of fantasy: proactive management.
The idea is that it helps IT managers to stop spending their time merely fighting fires, and to identify issues before they become a problem and nip them in the bud.
That has always been a fanciful notion perpetuated by the big vendors, according to Spencer Parker, product manager at Niksun, one of the new breed of network management companies.
"Wouldn't that be great? But it just doesn't happen. If you talk to network managers, they will tell you that they spend all their time reacting to problems," he explained.
It was hard enough to manage a network before companies started cutting jobs to the bone. These days many companies are operating with a skeleton staff, although they still expect what remains of the workforce to provide the same amount of coverage.
The concept of proactive network management has never seemed more unrealistic, and any reseller or vendor trying to sell the idea would be laughed off the premises. A more feasible approach is required, according to Parker.
"Once people understand that proactive management isn't possible, they will appreciate that what would be really useful would be a faster reactive system, so they can pinpoint faults quicker and fix them faster," he said. "That's the workable way of reducing downtime."
This happens to be what Niksun claims to bring to market. The discipline of network management is changing on many levels, creating new opportunities for companies like Niksun.
The trend towards convergence is bringing many new problems. Once voice calls are treated as IP packets, they will be as susceptible to hacking and denial-of-service attacks as any other data system.
If voice calls are to be treated like any other application too, then something must be done to ensure that the QoS demanded for voice calls is upheld.
Most networks are over-engineered to the point where bandwidth is not a problem. "Cisco has done such a good job of selling networking that everyone's network is chock-full of switches and routers and there's bandwidth for far more than what actually goes on," explained Parker.
"So managing devices is less of a problem than making sure that the applications are getting the service they need."
So network management these days is less about controlling devices and more about maximising the use of applications.
The two most time-sensitive applications that are going to need management are voice and video, both of which are gradually going to find a way onto corporate networks.
This presents resellers with a perfect way of putting themselves at the centre of any strategic plans for the deployment of IT in any big company, argued John Early, chief executive at network management newcomer Mutiny.
"QoS is all-important in delivering voice and video, because it can't tolerate delays that are acceptable in other applications, such as email," he said.
QoS concerns might cause end-users to ask: 'If the people who supply our phones have been delivering 100 per cent reliability, why should we trust IT suppliers with the job?'
After all, if any phone system crashed half as often as a server does, it would be chucked out immediately. The telecoms industry has earned a reputation for reliability, while the IT industry just talks about it.
Early countered that argument by saying that, with the best will in the world, there are very few telecoms suppliers with enough knowledge of datacoms to be able to capitalise on this store of goodwill.
Meanwhile, IT resellers should make the most of the opportunity that convergence presents.
"In the new converged network it will be QoS that people need and, if resellers want to differentiate themselves, they must emphasise their ability to offer it," said Early.
"If they can make sure that the performance of voice and video does not deteriorate they can position themselves as a powerful enabler of all applications.
"They would be a strategic part of any network plans and could identify where action needs to be taken as companies reveal what sort of applications they are thinking of putting in.
"The reseller would then be the first off the block in identifying new opportunities, such as the supply of new software or networking kit."
Buddie Ceronie, regional director at 3Com, agreed that there is an opportunity for those able to offer new ideas on network management.
"Network administrators want to maximise the network's value and effectiveness, but traditional management applications have failed to fit the bill," he stated.
"They are too complex and too expensive, and you have to be a rocket scientist to get the best out of features such as policy-based management."
But isn't it a contradiction to ask for simpler management systems just as the task of network administrators is growing more complicated? No, according to Parker.
The likes of Micromuse, Hewlett Packard and Tivoli have always produced platforms onto which other elements can be bolted, so there would be a wealth of features available. But Parker argued that they still fail to meet requirements.
"An end-user might end up working with seven products for troubleshooting and four for event correlation, but they still won't work," he said.
"That's because you get diminishing returns the more complex you make your network. What people need to do is consolidate.
"At the moment there are too many false positives. Too much information is being presented, so that the important data gets buried."
Network managers are being bombarded with alerts for events that are not truly life-threatening. As a result, they tend to become blasé and sometimes treat alerts for genuine crises with inappropriate disinterest.
Besides, in 90 per cent of cases the network is not to blame for its poor performance, according to Parker. It's usually the network's applications or, more specifically, the way they are configured, that cause the problems.
"Applications are often tested in conditions that are nothing like the network they end up running on," he explained.
"Many applications have problems with latency [the amount of delay that is tolerable], but the average systems manager has no idea how to test that sort of thing."
Throwing bandwidth at problems often makes no difference because the performance of applications has not been investigated.
This creates an opportunity for resellers that can not only manage application problems, but pre-empt them.
Managing applications, and the people that manage applications, seem to be the big challenge emerging from the convergence of voice and data.
But convergence is creating problems in other areas too, such as security. While the benefits of convergence are endlessly touted, it is almost a taboo to discuss downsides such as the security aspect.
Chris Gabriel, director of the security business group at reseller Prime, suggested that the issue has been too easily overlooked by the industry.
"So many people stick voice on their data network and never look at the management or security implications of doing so," he said.
"They should ask themselves: 'How vulnerable is my new voice system to an attack on the data network?'
"If I was a smart hacker, I would mount a denial-of-service attack on the voice server, never mind the website. If you're managing a voice network you don't want to know if icon 'A' is red or green.
"You just want to know the latency of each call, the availability of the service - data service, that is - and you need advanced control of QoS parameters."
One analyst dismisses the idea of voice hacking as scaremongering to create a market.
Ian Stevenson, research director at market analyst Ovum - which is currently interviewing IT managers for a report on network management in the converged environment - claimed: "Security breaches in Voice over IP [VoIP] are currently as rare as weapons of mass destruction in Iraq.
"In any case, if hackers have got into your network, then there are many worse things they can do than hack the phone system for free calls or to cause temporary disruption."
Mark Blowers, senior research analyst at Butler Group, is more certain that there could be trouble ahead. "There are a number of well-known potential exploits in VoIP systems," he said.
"Soft phones are more insecure than fixed phones because security credentials can be left lying around on a PC. Fixed IP phones can be authenticated by hardware addresses, user IDs and passwords."
The real issue is making any new network infrastructure work with your existing security systems. As an application, voice does not sit as easily within a firewall as most text-based systems.
The major challenge of network management on converged systems until now has been getting VoIP across firewalls. Voice is blocked by many firewalls because variable port numbers are used for the audio streams.
Some of the firewall vendors, such as Netscreen, are already making products that are aware of Session Initiation Protocol (SIP).
Stevenson explained that there is a great deal of interest among vendors in strengthening the security for data alone.
"Adoption of security capabilities within SIP will add some network management overhead, so you can expect the major vendors to beef up their network management tools," he said.
Network management of converged networks can only evolve when companies begin to experiment with IP telephony.
The adoption of IP telephony, or even just running a VoIP trial, is not exactly a top priority for companies at the moment.
"It has been hard to find a single network manager with VoIP at the top of his list of things to do," said Stevenson.
However, there will be a gradual adoption of IP for telephony as PBXs come to the end of their useful lives.
Blowers believes that convergence will creep up on us without anyone noticing. We will find ourselves facing management problems that we knew were gradually being created, but which have suddenly reached critical mass.
At that point it will dawn on managers that they are overwhelmed and spending all their time fire-fighting problems on the network.
"Although convergence of voice and data networks will not happen overnight, it will evolve over a two- to five-year time span," said Blowers.
Simon Boyle, senior consultant at Dimension Data, a global managed service provider, predicts that one day we will come to realise that the tools of network management are not as great as we thought at handling a converged environment.
The vendors of these tools will not be able to adapt quickly enough to the idea that applications are the most precious commodity, and that we should concentrate on maximising them.
"Network management tools are inherently limited in their ability to take a total environment view of the application network and draw conclusions about that environment," explained Boyle.
On top of that, the present generation of network tools appear to be weak at providing intelligence about specific network components such as IP telephony and VoIP.
Increasingly, the organisation is finding itself moving towards a partnered environment, where another company supplies the intelligence that the organisation may include in its decision making criteria.
Another priority will be to lift the day-to-day responsibility for features within the application network that deviate from normal, planned conditions.
Unsurprisingly, Boyle suggests that the only real solution would be to trust network management to a managed service provider.
CASE STUDY: NETTEC
It is four days before St Valentine's Day and the managers at Interflora are gearing up for the biggest day in its calendar.
The company's website is generating more business than ever, and if 14 February turns out to be a bad day at the back office, the company could spend the rest of the year reeling from the blow.
Nettec is the managed service provider entrusted with the task of fortifying the e-commerce system for the annual onslaught. More network capacity is being laid on and the load-balancing operation is being fine-tuned.
But that's the easy part, according to Nettec's senior technical consultant, John Lazenby. The really hard work goes into managing the application.
"For St Valentine's Day we always add 50 per cent more capacity, but that's a hardware provision and fairly easy," he explained.
"Even load balancing is relatively simple. The application is the most complex piece of any e-commerce site. Identifying bottlenecks and fine-tuning them is our specialisation."
A bottleneck can be eliminated in real time by analysing the performance statistics, then addressing the problem that has been identified.
The page for credit card transactions may be holding things up, for example, in which case Nettec can tinker with the Java code to eliminate the bottleneck.
There are countless companies that can manage a network's hardware, but one that can fine-tune the top tier, the applications layer, is a rarer commodity.
CONTACTS:
3Com (0870) 010 3211
www.3com.com
Butler Group (01482) 608 339
www.butlergroup.com
Dimension Data (01932) 814 800
www.uk.didata.com
Mutiny (020) 7287 6096
www.mutiny.com
Nettec (020) 8255 4004
www.nettec.net
Niksun (07900) 605 338
www.niksun.com
Ovum (020) 7551 9000
www.ovum.com
Prime Business Group (01635) 568 000
www.prime-uk.com