Disingenuous heterogeneity

Multivendor networks exist everywhere -- especially when we consider the network consists of more than switches, routers and firewalls.

Servers, backup systems and a seemingly endless list of elements all have their role in, and view of, the network. More than ever, prudent network designers should care about the extent of multivendor or heterogeneous support and that it actually exists in solutions they are considering.

A few synonyms for disingenuous are dishonest and false -- so maybe it is a bit strong. But experience shows there is much more to heterogeneous support than can be indicated by a vendor's check box indicating "yes" in a product profile.The absence of an industrywide definition of multivendor support lets vendor marketers stake claim to the multivendor checkbox even when that support is, as lawyers like to say, de minimis -- trifling.

Thus the burden falls on users to define and validate heterogeneous support to the level they require. And, while network managers are probably not looking for new things to fill their days, nothing short of detailed definitions of features and functions supported will be of value.

In the past, network managers were often most concerned about heterogeneous support when it came to deploying a switched infrastructure with, say, one vendor's switches at the core and another at the edge. It was important that QoS bits were recognized consistently and that performance enhancers such as link aggregation could work between switches from different vendors.

A Darwinian marketplace saw to it that functions were up to required levels. Switch vendors that couldn't work as required were out of the picture.

Today, though, we are seeing a lot more subtle and complex aspects of heterogeneous networks - and one where failure doesn't result in switch crashes and is more difficult to uncover.

I'm referring to solutions such as Cisco's Security Monitoring, Analysis and Reporting system that ingest log and event data and, applying advanced analysis techniques, inform network managers of problems or weaknesses that might otherwise go undetected.

Such systems have to read and understand the arcane event descriptions that are generated in the logs of firewalls, intrusion-prevention systems, servers and so forth.

This is a nontrivial task because there are so many devices to deal with, and they are always evolving and adding new events.

Heterogeneous support applies not only to being able to input this event data without crashing but also to how frequently analysis systems are updated so as to understand the myriad events that a given firewall might generate.

It does little good for an analysis system to spit out "event unrecognized" or "event undefined' messages for months until it is finally updated to understand the new data. If it can't understand the data, it can't analyze it - that much is certain.

So while you might not be able to validate support at this level, be sure to get vendors to commit in writing their policy for staying current with the event information of all the heterogeneous devices they claim to support.

If you don't or they won't, you might find out that your self-defending network cannot protect itself very well.

Tolly is president of The Tolly Group, a strategic consulting and independent testing company in Boca Raton, Fla. He can be reached at ktolly@tolly.com.

Join the newsletter!

Error: Please check your email address.

More about CiscoTolly Group

Show Comments