A sure foundation for policy management

Like FTP Software Inc. and other TCP/IP stack vendors before it, independent vendors of IP management products have essentially disappeared from the market.

In October, Lucent Technologies Inc. snapped up the last major player, Quadritek Systems Inc. Lucent’s move came a mere day after Cisco Systems Inc. consummated its deal to acquire American Internet Corp. (AIC). Not one for long courtships, Cisco announced an OEM relationship with AIC during the second quarter and by August declared its intentions to buy the company.

Both Quadritek and AIC have products that allow users to control IP address and name assignments using the Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS).

DHCP lets workstations get their IP addresses, nearest-router address and other key IP information automatically from a central server instead of through local manual entry. DNS specifies a hierarchical naming scheme for TCP/IP networks as well as a scheme for mapping names to IP addresses.

Just as it was inevitable that TCP/IP would become integral to operating systems, it was inevitable that IP management would be wed to the network’s physical infrastructure. Without that marriage, policy management can’t work.

IP management services are truly a foundation technology for policy-based management. They enable the policy system to find individual devices on the network and tell the devices what to do — for example, the policy system can tell an Ethernet switch to take accounting’s SAP R/3 packets and flip them into the high-priority queue.

In order to provide services such as bandwidth allocation, traffic prioritization and security, network vendors need the ability to bind IP addresses to users.

Quadritek, AIC and the former Isotro Network Management (now part of Bay Networks, which itself was recently acquired by Nortel Networks) developed the distributed IP management services that support that binding. All three offer products that can tie into directory services via the Lightweight Directory Access Protocol (LDAP). (Only Bay Networks has yet to ship this feature.)

And for users who haven’t yet deployed LDAP-based directory services, policies can be based on DNS names or logical groupings of IP addresses. In light of the relatively small base of directory customers, the ability to base policies on DNS names and IP address groups is critical. It’s no wonder network vendors have been buying up IP management companies.

To its credit, Bay Networks was one of the first vendors to identify the need for IP management services to support its policy management plans. Bay Networks bought Ottawa-based Isotro Network Management Inc. in April 1997. This June, Bay Networks announced Version 4.0 of Isotro’s NetID product, a key component of Bay Networks’s recently announced Optivity Policy Services.

The AIC purchase is Cisco’s second run at acquiring IP management services. Cisco wasted no time in branding AIC’s products as its own and in June delivered Cisco Network Registrar 2.0. Customers with the older Cisco DNS/DHCP Manager are simply being upgraded to Network Registrar, which is a good deal for them. Network Registrar is the basis for user registration services for CiscoAssure, Cisco’s implementation of policy management. You can see why Cisco felt compelled to own AIC.

Lucent was smart to jump on the remaining major player. Companies that hesitated, such as 3Com Corp., lost the opportunity to buy IP management expertise and must now grow it internally or partner with another vendor, such as Microsoft Corp. or Novell Inc.

In the meantime, the scalability and robustness of the IP management services from Bay Networks, Cisco and Lucent will be tested as these vendors next year begin rolling out their policy-based management products.

Early in 1999, Cisco expects to release CiscoAssure policy tools for quality of service and security, while Bay Networks’s first release of its Optivity Policy Services, which focuses on application prioritization, is due in the second quarter.

Lucent will be telling its policy story in coming weeks and expects to have products by mid-1999. Off the bat, Quadritek’s QIP IP name and address management software will integrate with the Remote Authentication Dial-In User Services that Lucent got when it acquired remote access vendor Livingston Enterprises.

These policy applications will undoubtedly stress the underlying IP management services in new ways. Even as they evolve their IP management services, vendors will be busy fine-tuning the elaborate set of interactions between network gear, the IP management services and policy management applications.

By late next year, it will become clear who’s got an implementation that can meet the demands of the largest enterprise customers, ISPs and other network providers.

In the meantime, investigate the IP management services from your primary network vendor.

Specific aspects to evaluate include: the flexibility the service gives you to distribute control of management functions, such as address assignment, around the organization; its redundancy and robustness to minimize downtime; and its scalability to accommodate the number of users you need to support.

Also, be sure you’re happy with the level of support and pace of development your vendor provides for its IP management services. With so much riding on this foundation, you want it to be as solid as possible.