AlterPoint

Network Management Quandary: Decreased Budget, Increased Performance

There seems to be a trend in business and other aspects of life to continually ask people to do more with less. Companies expect a certain level of performance and output regardless of whether or not they have adjusted the budget to provide a department with everything they need to meet these goals. This is perhaps more evident in IT than anywhere else. As the IT landscape changes, departments are forced to make changes simply to just keep up, but of course they are expected to do more than that. Dion Hinchcliffe looked into this issue and Gartner’s take on it for ZDNet, suggesting that:

“Despite static budgets IT departments are under continued pressure to deliver new business value.”

The article suggests that perhaps IT’s central focus is the cause of some of the cost and performance problems that companies in every industry seem to be experiencing:

“So is the stance of IT just far too focused on central control, technology, and bureaucracy? Flat budgets despite an all time demand for IT tells us the answer.”

Some believe that IT departments simply can’t continue to create, develop, and manage the network on their own. However, they do see alternatives:

“There is a growing number of computer appliances that package all the tasks associated with a specific job. If well-designed and engineered, these can save companies the time and development resources that would otherwise be needed to build such functionality from the ground up.” (From vnunet.com)

Another area for improvement is efficiency and automation. Just moving tasks to the appropriate skill level and reducing errors can have a huge positive impact on the cost of IT. However, many current processes and some cultures need to mature so they can make the best use of technology. It’s not a simple task for an IT department to shift focus or even give up a modicum of control, but in order to meet diminishing budgets and increased demands, it’s becoming a necessity. Automation of industry best practices are critical in driving down costs and maximizing effeciencies.

At AlterPoint, we know that automation has a direct tie to reducing errors and improving availability:

“Our DeviceAuthority product allows enterprise IT organizations to proactively manage compliance, security, change and inventory, reducing network downtime, improving staff efficiency, lowering support costs and maximizing the performance and quality of the IT network infrastructure.”

It’s not likely that IT budgets will experience unparalleled increases any time soon. The environment simply isn’t what it used to be. Companies want to move their focus to business, and IT is expected to make that happen for as little as possible. Let us give you the tools and provide you with the services to adapt to the new marketplace.

Daily Network Management Links for 2006-05-31

[Daily Post from Alterpoint] Network Management Evolution: Network Management in Healthcare

“A healthcare facility that lacks proper network management makes it difficult for physicians to communicate with staff, and it makes it almost impossible to maintain all of the pertinent data that comes in regularly.”

TechRepublic: Choosing a remote access authentication scheme

“As your organization grows, the number of remote access users is likely to grow, as well. Managing authentication for a large number of users canleap2.jpg become problematic. It’s especially helpful to have a way to track users’ remote usage in a large organization. In addition, security becomes more important as the organization grows.”

Enterprise Computing Institute: Top 5 Reasons why ITIL Implementations do not Happen by the Book

ECI: “Top five real-world challenges to implementing ITIL and ways by which you can overcome these roadblocks.”

ZDNet.com/Enterprise Web 2.0: With IT budgets slack, delivering business value is paramount

Dion Hinchliffe: “…is the stance of IT just far too focused on central control, technology, and bureaucracy? Flat budgets despite an all time demand for IT tells us the answer.”

Chron.com: AlterPoint and Skybox Security Announce Partnership to Converge IT Security Risk Management with Network Configuration Management

From the Blowing our Own Horn Dept: “To reduce risk and meet service levels, enterprises are demanding a consolidated approach for security, configuration and change across applications, servers and networks,’ said Dave Barry, vice president for business development for AlterPoint. ‘By partnering with Skybox we can deliver to our customers deeper visibility into their security risk profile and close the loop with the capabilities to remediate problems.’”

Unstrung: Cisco: 3 Million’s a Charm

“So, where does Cisco go from here? “Business growth is not dependent on market share gains as much as it is growing the overall market for mobility,” says Cohen. Cisco will do that, he says, by evolving standalone product lines into “platforms” on which users can create business applications. This will involve bringing together technologies such as fixed/mobile convergence, presence, location, and WiFi.”

Network Management in Healthcare

Last week, we discussed a healthcare facility that was struggling simply because they didn’t have the network visibility they needed to function at an optimum level. This, of course, is only one of the problems that healthcare IT is faced with on a regular basis. A healthcare facility that lacks proper network management makes it difficult for physicians to communicate with staff, and it makes it almost impossible to maintain all of the pertinent data that comes in regularly.

In Key lessons for network management in healthcare, Dr. Nick Goodwin highlights what the network can mean for healthcare locations throughout the world:

“It is argued that networks allow for a continuous working relationship between organisations and individuals to improve the treatment of patients who require care across a range of institutions by, for example:

  • Making more efficient use of staff;
  • Reducing professional and organizational boundaries;
  • Sharing good practice;
  • Putting the patient at the center of care;
  • Improving access to care”


For many, putting the patient first, is the most important benefit of having an effective network in place. The needs of hospitals and other care facilities are escalating as resources are diminishing, so it’s becoming more difficult to focus solely on the health of a patient as it’s becoming harder to manage patient information. eWEEK touched on a problem that most American healthcare organizations are trying to overcome:

“The human population multiplies exponentially. Rabbits certainly do. And with regulatory compliance and digital imaging continually pushing the boundaries of online information archival, Gateway Health System found its IT storage needs growing by leaps and bounds as well.”

And their reliance on a secure, properly functioning network infrastructure is surely increasing as well. At AlterPoint, we help healthcare and many other types of businesses perform at their most efficient level and meet compliance mandates such as HIPAA. Our offerings will:

  • Reduce network downtime.
  • Rapidly identify and respond to problems and risks associated with device configuration changes through comprehensive auditing forensics, reporting, one-click recovery and safer change implementation.
  • Increase staff efficiency.
  • Implement configuration and software changes in a reliable, safe, scalable, repeatable manner to increase user productivity, save money and reduce the risk associated with network change.
  • Comply with external and internal audits.
  • Enable complete accountability and compliance in adherence with HIPAA and other auditing requirements. Provide real-time, accurate inventory.
  • Automatically monitor and track all network devices and any changes for tens of thousands of devices.
  • Minimize risk, securing the network.
  • Establish and maintain a security configuration baseline; identify, prioritize and respond to device vulnerabilities (e.g., security advisories) and patch demand…

Daily Network Management Links for 2006-05-30

[Daily Post from AlterPoint] Network Management Evolution: Is There Any Real Competition in the Network?

“So, does this mean that there is no competition left in the marketplace? Hardly. Cisco has been successful for many reasons, not the least being that their products often outperform others on the market. However, companies such as Juniper do offer an alternative.”

ARNnet: D-Link switch marks shift in WLANs

“New silicon and software make it possible for Ethernet switches to process both 802.11 and 802.3 packets, and deliver services unique to wirelessMatrix2.jpg traffic, such as radio frequency management and roaming across access points. Wireless is poised to become a standard feature of the wired infrastructure, rather than a separate network, according to analysts and vendors.”

CRM Today: M&A Driving Global Enterprise Adoption of IT Infrastructure Library

“ITIL has focused the spotlight on an area long neglected by IT: service management and delivery. Traditionally, most organizations relegated ‘help desks’ as low priority budget line items because it has been perceived as an overhead cost that contributed little business benefit. Yet, ITIL became one of the first major IT initiatives that actually emerged in the aftermath of the dot com-Post Y2K-9/11 perfect storm.”

Network World: Future Shock

For it’s 20th anniversary, Network World talks to five futurists about what could lie ahead for network managment.

ZDNet Asia: Lock down FTP servers

Former Secret Service agent show how to secure an FTP server with a few simple steps.

SearchSecurity.com: More security consolidation is on the horizon

“Users are constantly looking to increase their networks’ protection, and with the perimeter now well guarded, attention is focused on protecting the internal network from emerging threats. Users are under pressure to secure the network – regulatory bodies are breathing down their necks with compliance requirements, and new threats continue to emerge in the form of botnets coming from China and so forth.”

Is There Any Real Competition in the Network?

Most Americans are brought up to believe that “healthy” competition is a good thing. It is, after all, what helps many of us learn to handle ourselves with class in both victory and defeat, and it is supposed to be a major tenet of capitalism. While competition in business is not always healthy, it’s still crucial for consumers who are generally interested in having at least two options. Upon first look at the world of network equipment one might think that competition has all but disappeared. Cisco does dominate between 70% and 80% of the market, and they are constantly throwing more irons in the fire. In the last week, several stories have emerged about steps Cisco is taking to even further their stance in the industry beyond the equipment market:

“Cisco has invested in a small developer of software for virtualizing file storage, but that developer is discounting — for now — the possibility of an outright acquisition even though two of its competitors have been acquired recently.” (From InformationWeek)

Cisco is also moving beyond large enterprises to work with companies of all sizes.

“Cisco is quickly becoming a major force for SME customers, who like the company’s focus on new product development and knack for acquisition.” (From Processor)

So, does this mean that there is no competition left in the marketplace? Hardly. Cisco has been successful for many reasons, not the least being that their products often outperform others on the market. However, companies such as Juniper do offer an alternative. Computer Business covered Juniper’s latest shot to cut into some of Cisco’s dominance:

“Juniper Networks Inc plans to offer the option in a single client to carry out network access control, NAC, at Layer 2 or Layer 3 in the second half of this year, enabling NAC on Cisco switches without upgrading Cisco’s IOS operating system.”

However, the article does go on to point out that:

“…some customers will want their NAC at L2, and since it doesn’t sell switches, it behooves it to offer a heterogeneous capability, working with Cisco or any other vendor’s switches.”

Jon Oltsik also recently broke down the impact that Juniper could have on the market. While he does not shy away from discussing the struggles Juniper has had, he does see the potential for real growth in the future:

“Juniper has a real opportunity it has yet to capitalize on. Who is the number 2 enterprise networking vendor? Probably HP or Foundry but Juniper certainly should be a player as users look to push back on Cisco with a viable alternative. Who is number 2 in network security? Check Point is an also-ran and ISS is still too hokey to play with the big boys. Juniper/NetScreen can and should be nipping at Cisco’s heels.”

As Juniper and others introduce new products in order to compete, Cisco will do the same. The hope is that with a little bit of competition in the industry, products and services will only get better.

Enjoy the long weekend. We’ll be back on Tuesday.

Daily Network Management Links for 2006-05-26

[Daily Post From AlterPoint] Network Management Evolution: You Can’t Manage What You Can’t Measure

“As the IT landscape continues to change, companies are forced to reevaluate how they are spending their money and how they are managing their networks. This will undoubtedly lead to more questions regarding the value of IT departments and the role they have to play.”

erp4it: Re-thinking some things: Microsoft and Semantic Web alternatives

“I have been hard on Semantic Web based approaches to CMDB standards. I still have profound concerns about the learning curve and cultural issues weerror2.jpg are going to run into on this path, but the more I think about the problem the more I am inclined to say that the Semantic Web may be the way to go, with its support for semantic interoperability across complex, decoupled ontologies.”

vnunet.com: Making the intelligent choice

“If VARs are going to become motivated by any segment of IT, LAN security appears to be the next big thing. Analysts worldwide predict that the $15bn-a-year switching market will undergo a significant transition, as enterprises move from buying connectivity to securing users.”

CXOtoday.com: Network Access Control: Yet To Take Off

“Amidst all the hype around the wonders of Network Access Control (NAC) and security vendors touting NAC compliant devices, one can’t help but do a serious rethink of their existing network security strategy. With new threats emerging by the day and enterprise networks becoming increasingly ubiquitous no one can tell for sure which device attempting to connect to the network is not a potential security threat to the company’s network infrastructure.”

Network Management: You Can’t Manage What You Can’t Measure

As the IT landscape continues to change, companies are forced to reevaluate how they are spending their money and how they are managing their networks. This will undoubtedly lead to more questions regarding the value of IT departments and the role they have to play. The plight of IT organizations was brought to the fore in a Network World newsletter in which Amy Schurr quotes Kenneth McGee, vice president and a Gartner fellow as saying:

“The next three years will place an extraordinary amount of pressure on IT organizations challenged to continually show members of the entire enterprise that they deliver value sufficient to warrant remaining an intact organization…”

How does McGee suggest they demonstrate their worth? Among other things, he points out that they must:

“Automate IT operational processes. Configuration management vendors are creating tools that provide rigorous change management and audit capabilities.”

Automation is certainly a key step in creating efficiency. However, you can’t automate what you can’t see. Enterprises in all industries face problems with visibility, and until those issues are taken care of, you can’t move forward with the automation process. Communications News reported on the visibility problem and how it affected Catholic Health System (CHS), one of Buffalo’s largest healthcare providers:

“One critical network-management issue was lack of up-to-date visibility into its networks. As a result, CHS did not know how compliant it was at any point in time, nor what it needed to do to bring out-of-compliance systems back in line…”

CHS’s network manager Doug Torre witnessed the problems first hand:

‘Without proper monitoring, there was no easy way to verify a machine’s configuration, the patch levels, what it accessed, what machines communicated with it, even its security policies…Not knowing what’s out there or what’s happening with our systems did not allow us to manage our networks or compliance.’”

Network inventory can be the first step towards visibility, automation, and governance. At AlterPoint, our inventory tools allow you to:

  • Automatically generate historical or current documentation and reports about network inventory and assets
  • Rapidly obtain virtually any information about a network asset that is required to make a decision (e.g., identify security risks by locating all Cisco edge routers that don’t have a specific ACL configured)

Once we help you discover what you have, we can provide the products and services you need to automate your operations and fully manage your network.

Daily Network Management Links for 2006-05-25

[Daily Post from AlterPoint] Network Management Evolution: Securing Your Cisco Devices

“It’s because of the success of these equipment vendors that the network has grown in intelligence and business criticality. However, it’s important that you adopt security measures and services to protect the devices that are fueling your IT and business operations.”

TalkBMC/Change Connections: Connecting People, Process, and Technology to change impact

hub2.jpg“What is the most likely factor when a change (of any kind) has a detrimental effect on the enterprise? For those of you who liked, Cool Hand Luke, “What we have here is a failure to communicate.” The enigmatic nature of change is that the very communication of change tends to bring up forces that oppose it.

TalkBMC/Service in the Raw: Service is Not Just for Christmas (Problem Management)

“For some weird reason lost in the sands of IT time, it has been the policy to reward poor quality rather than strive to eliminate it. Almost every IT department has encouraged and rewarded bad working practices. Before you get indignant and stop reading, let me explain further….”

InformationWeek: Cisco Invests In File Virtualization Vendor

“NeoPath’s products decouple the file system from physical storage devices to allow data to be migrated to lower-cost or higher-performance devices without shutting down the storage devices.”

Secunia: Cisco VPN Client Privilege Escalation Vulnerability

“A vulnerability has been reported in Cisco VPN Client, which can be exploited by malicious, local users to gain escalated privileges on a vulnerable system. The vulnerability is caused due to an unspecified error in the GUI (also known as the “VPN client dialer”) and can be exploited to execute arbitrary commands with SYSTEM privileges.”

Unstrung: From Closed to Open Mobile Networks

As wireless operators move to embrace alternative access networks, unfamiliar security, IP mobility, and plain old usability challenges are forcing them to examine how best to mediate service delivery across multiple access networks to subscribers who will potentially use several different types of terminal device from many different locations.

Securing Your Cisco Devices

As effective as Cisco Systems has been in changing the face of the enterprise network, their devices (like most others) are still vulnerable to a variety of security breaches. Last month’s security advisories from Cisco were covered on a number of sites including Panda Software:

“Cisco has published two security advisories to warn of problems in several of its devices. Products affected are Cisco ONS 15000 Series Common Control Cards, Cisco Transport Controller (CTC) and Cisco 11500 Content Services Switch…Cisco 11500 Content Services Switch are affected by a remote denial of service problem when they are configured to carry out HTTP compression…Another vulnerability affects Cisco Transport Controller (CTC), allowing a remote user to run arbitrary code on the CTC workstation…Finally, Cisco has confirmed multiple vulnerabilities in Cisco Optical Networking System (ONS) series 15000 devices, allowing a remote user to cause denial of service conditions in Common Control Cards.”

SANS research also highlighted security problems that can arise with Cisco devices in the updated version of their Twenty Most Critical Internet Security Vulnerabilities:

“It has long been believed that, as embedded devices, Cisco routers and switches were immune to severe security vulnerabilities. However, serious security research over the past year has revealed several vulnerabilities that can result in denial-of-service conditions or remote code execution vulnerabilities.”

Of course, Cisco is not alone. Juniper and other industry leaders also face a myriad of device security issues. The SANS report goes on to say:

“Juniper’s Operating System (JunOS) is Juniper’s standard router OS. JunOS is the second most common backbone Internet router. CheckPoint and Symantec solutions like VPN and Firewalls also enjoy a wide deployment…Vulnerabilities were announced during the last year in these products that could be exploited to reboot Juniper routers and compromise the Symantec and CheckPoint Firewall/VPN devices.”

This is not a knock on these vendors; it’s just a fact of the state of the network. In fact, it’s because of the success of these equipment vendors that the network has grown in intelligence and business criticality. However, it’s important that you adopt security measures and services to protect the devices that are fueling your IT and business operations. At AlterPoint, our DeviceAuthority offers extended security and protection across multi-vendor networks in a cost-effective manner:

“Although version 4.0 gives users an even more integrated, secure network management environment, it maintains all the functionality and ease of use of the earlier versions;

–Hardened application security. Customizable user permissions and roles-based access to increase control and decrease error

–Expanded external security system integration (including integration with TACACS+, RADIUS, and CiscoSecure ACS)…”

Daily Network Management Links for 2006-05-24

[Daily Post from AlterPoint] Network Management Evolution: Inventory Management: What Do I Have and Where is It?

Unfortunately, a breakdown in inventory on a network level is usually not as easy to fix, and it can end up costing a company substantial amounts of money, limiting efficiency and creating a communication gap across different areas of the business. As networks continue to grow and become more diverse, developing effective inventory practices is becoming even more crucial.

Computer Business Review: Juniper Will Up Cisco Challenge with Integrated L2/L3 NAC

“Juniper Networks Inc plans to offer the option in a single client to carry out network access control, NAC, at Layer 2 or Layer 3 in the second half of thisnetworkservers2.jpg year, enabling NAC on Cisco switches without upgrading Cisco’s IOS operating system.”

ZDNet Asia: Cisco admin 101: Know RIPv2 basics

“When it comes to internal routing protocols, Routing Information Protocol version 2 (RIPv2) is one of the most common routing protocols in use today. In addition, RIPv2 is one of the easiest protocols to configure.”

VoIP Magazine: ADTRAN and the Future of the SMB Network Infrastructure

If you walk around the floor of Interop you can find similar solutions to the SMB problem of network infrastructure but they require 4-5 pieces of equipment. Why shouldn’t all of the equipment in a small business’ network closet be a single box? For a small business without an IT staff a single machine is certainly easier to troubleshoot than, say, figuring out that no one can get voicemail because the router is unplugged.

IT Week: Kit unifies wired and wireless LAN

“HP’s ProCurve network division has announced new hardware to give firms a unified wired and wireless LAN (WLAN) network. ProCurve’s global mobility product manager, Kail Krall, said, “We’re providing a single pane of glass’ to manage both user policy and devices [wired and wireless] across the network.”

Techworld.com: Beware the networking counterfeiters

“Counterfeiting isn’t just a software problem. The networking hardware aftermarket - selling and buying used Cisco equipment, for example - has been under siege by counterfeiters for about the last two years.”