Solsoft offers glimpse of policy-based security management
 
|
|||
 | |||
|
Sign up to receive this and other networking newsletters in your inbox.
While there is little question that this functionality constitutes a useful step forward, there is also little doubt that far more is needed before policy management services become a key underpinning of enterprise management systems. One management segment that is screaming for some form of policy-based support is security management. This need is growing daily given the fundamental requirement for strong authentication and authorization services that are required for both production quality electronic business as well as Voice over IP services.
At least one vendor is stepping forward to address this shortcoming. Solsoft, a French based company with U.S. operations based in Mountain View Calif., is addressing first generation policy management support through its Net Partitioner product. More specifically, the support provided in Net Partitioner enables the user to graphically manage an access policy across the network.
Net Partitioner makes use of its own logical network schemas which maps switches, routers, end stations, end users and IP service flows. The fundamental entities that are managed include logical IP subnets and defined service flows (for protocols such as http, ftp and smtp, among others) between subnets. These entities are managed as the base classes within the product's object-oriented hierarchy. Metaclasses are used to represent entities such as Web Servers or network managers and may be associated with individual subnets, flows or a combination of the two.
The user network configuration is auto-detected by Net Partitioner and rendered as a graphical map on any Java-compliant browser. Access relationships between individual network entities are represented as graphical arcs that represent one or more access rules that are defined by the schema. Creation or copying of access rules is little more than a set of drag and drop operations on the arcs themselves. Once these operations are completed, Net Partitioner translates the access rule change into the native ACL definition appropriate to the particular vendor product. Existing product ACL configuration data can also be uploaded and translated for usage by Net Partitioner, a feature that reduces the need for the costly re-entry of existing configuration data. At present, the vendor claims that Cisco, Nortel and 3Com products are supported but, as always, prospective users are advised to press for specific product details.
