Enterasys Proves Simplified Management Nets ROI

When it comes to selecting wired and wireless networking products there are many elements to consider, some are obvious and tangible, such as speed, cost and compatibility. However, many buyers forget critical factors when selecting networking products, such as ease of integration, management overhead and usability.

Networking vendor Enterasys is looking to highlight the importance of those elements with their integrated management suite, which brings wired and wireless network management together into a single unified console.

Effective network device management, which entails everything from monitoring, to securing to integration, proves to be one of the best measures of value – lowering the total cost of ownership (TCO), while increasing the return on investment (ROI) - two acronyms that are on the minds of budget conscious network managers and their bosses.

 Choosing the best networking equipment for a given situation is often a challenge, one where adopters either go with what’s familiar or take a gamble on something new. Funny thing though, very few network engineers are gamblers, so in many cases, brand recognition wins out the day, solidifying the preconceived notions surrounding networking equipment. Enterasys Networks shatters those preconceived notions by shifting the focus from limited tangible elements to the elements and technologies that offer reduced TCO and increased ROI.

So what exactly is Enterasys doing differently from the multitude of networking hardware vendors? A fair question indeed - one that can only be answered by taking a much closer look at the company’s integrated wired and wireless product lines along with its unified management solutions.

A Closer Look at Enterasys’ Management Suite and Products:

Enterasys offers a wide variety of wired and wireless networking products. In most cases, when a company offers a broad portfolio of products – deployment of various product lines, management and unification become somewhat of a nightmare, requiring different management applications, dashboards and other elements to make them work in concert. Add to that the overhead of integrating third party elements and you have a solution that is time consuming and expensive to manage, and more importantly, difficult to secure and use.

Enterasys faces those problems head-on with hardware that can be unified and managed using a suite of integrated management tools that incorporate security, while offering a single pane of glass style of network dashboard. That magic is provided by Enterasys’ NetSight network management application.

I recently visited Enterasys’ Andover MA facilities to have a hands-on-look at the company’s products, attend demos, interview engineers and finally, get some hands on experience with the company’s wired routers and wireless access points, along with the capabilities offered by their NetSight management suite. I acquired a 12 port Managed Switch (D2G124-12P) and a pair of Wireless Access Points (WS-AP3610) for additional testing in my lab. Those devices were attached to a heterogeneous network, which incorporated products from competing vendors and tested using a variety of test appliances and software applications.

The D2G124-12P is a good example of the managed switches offered by Enterasys and uses the same management software as the majority of the company’s switches. The same can be said about the company’s wireless access points. The D2G124-12P managed desktop switch has a street price of about $1500, that may seem a little pricey, but it is actually a good value considering the boatload of features included, including simplified management, integrated security and easy expansion. What’s more, it is a quality device that eschews plastic and cheap materials in favor of industrial strength.

That said, the D2G124-12P really has no issues from a hardware design and performance perspective, each port was able to deliver gigabit Ethernet speeds with low latency. The WS-AP3610 Wireless Access Points have a street price of around $775. The units, which are designed to be wall mounted, incorporate 802.11a, b, g and n and utilize integrated antennas. The units can be powered via PoE (Power over Ethernet), eliminating the need for a separate powerline, yet still offer full 3x3 MIMO performance. Coverage proved to be excellent, surpassing low end, consumer orientated devices and matching, if not exceeding the performance offered by competing high end enterprise access points.

However, the real star of this review is not so much the hardware, but the Enterasys NMS Console (also known as NetSight Console), the management software that is integrated into the product line. After all, ease of management delivers value to both solution providers and end customers.

Enterasys NMS is the foundation for centrally monitoring and managing all the security-enabled components in the infrastructure and allows the network infrastructure to be viewed as a unified whole rather than as a collection of disparate individual components.

What makes Netsight unique is its ability to transform complex network data into graphical, business-centric information, which makes the network far less complicated to manage. Simply put, NetSight turns an IT manager into a networking expert. What’s more, IT Managers that can accomplish their tasks quicker and more efficiently, which reduces the total cost of ownership for networking equipment.

Netsight offers several key features for wireless and wired networking devices. Perhaps the best place to start is with the utilities that ease deployment and troubleshooting. For example, the Wireless Manager incorporates the ability to locate access points – by using triangulation. Using Wireless Manager, I was able to quickly find a couple of rogue access points on the test network – the triangulation algorithms proved to be quite accurate, making it quick and easy to locate access points on the network – managed, unmanaged and external.

What’s more, the wireless manager offers excellent, comprehensive troubleshooting logs, which track events and associations. That could prove to be a valuable security tool for those checking on wireless access. Those comprehensive logs give an inkling to some of the management suites’ other capabilities – NMS incorporates several reports and drill down forensics capabilities that make it an ideal assistant for those charged with compliance enforcement.

Of course, security for wireless networks is of the utmost concern for corporate users – here, NMS offers a comprehensive suite of policy management controls that extend beyond wireless authentication. In other words, NMS provides policy-based Network Access Control, which authenticates users across wireless, wired and remote connections.

In practice, when a user connects to the network (regardless of the connection type), the user is presented with an authentication challenge (where the user is required to authenticate with the network), once authenticated - the user is granted access to the resources allowed by the predefined policiesthat are based upon the user’s role on the network (e.g., staff vs management vs executive, etc.). While the concept of authentication is not unique, Enterasys does bring a unique ideology to authentication by combining roles, rules and a simple logon process – effectively simplifying security for the end user, without compromising the system.

NMS further differs from legacy security access products by ensuring that the the experience for the end user and the management of the policies is unified across the network, which in turn makes it transparent to the end user and simpler for the network administrator. Simply put, security and network access becomes a set-it and forget-it process, ensuring that a user receives a consistent user experience regardless of whether the network attachment point is a wired or wireless connection.

Policies can be defined upon a multitude of criteria, ranging from type of device used to access the network to the user's location to the type of connection. For example, if a user is on a wireless device, you may want to have a policy that restricts access to financial data for security purposes. On the other hand, if the user is on a guest system at an internet café, you may want to restrict access to just email and scheduling. The user roles and their associated policies can be predefined to implement and enforce an enterprise's unique acceptable use policies.

Once defined, the policies are automatically applied to each user each time he/she connects to the network, providing automated networking for a mobile environment. It is that role-based policy definition that brings true security to users, devices and locations.

NetSight Policy Manager offers wizards that ease the definition of policies and roles, making the process very simple, even for neophyte network managers. Security can be setup to use a "deny then allow" process, which makes it simpler to apply granular control to security. In other words, access by default is shut off, and then only allowed once defined.
Of course, NetSight Policy Manager and its associated modules offer much more than policy-based security, network management and diagnostics. However, there is a critical difference – NetSight offers cross-platform support and unifies network management across wired and wireless connectivity products. NetSight also incorporates policy automation, as well as advanced forensics capabilities that make it easy to validate policy, remove rogue access from the network and exemplify that compliance requirements are being adhered to.

While Enterasys does an excellent job with the design and performance of its hardware, it is the management capabilities that really solidify the solution as a worthwhile investment. NetSight's cross-platform management capabilities eliminates the need to stick with a single hardware vendor, while the inherent intelligence of the product allows normally unmanaged devices to act like managed devices – thanks to syslog and SNMP support, as well as the product's automated security manager, which offers what some may call a distributed IPS (intrusion prevention system).

NetSight also offers some other advanced features, such as support for an AJAX-based client, which allows management to take place in a rich GUI on a web browser. Other advanced features worth noting include the ability to isolate rogue access points by preventing association between those access points and potential clients.

All things considered, Enterasys shows that value is more than just the price out the door, value is the sum of many aspects, ranging from initial product costs to management overhead to ongoing support costs. What's more, productivity gains for both end users and network administrators must be included when calculating and comparing the total cost of a solution.