Lucent enters into the policy debate

Equipment vendor reveals its three-phase strategy for policy-management applications.

Most major network kit vendors have already announced their plans fornt applications. directory-enabled networking (DEN) - and Lucent Technologies is the latest to join the party. Beneath the marketing hype lies the promise of managing entire networks by setting policies rather than by configuring and reconfiguring individual pieces of equipment (see box, right).

"Policy-based networking is going to change the way managers view their network resource, by the network becoming more business-driven," said John Collins, EMEA enterprise-networking marketing manager for Lucent's Data Networking Systems division. "From a data-networking perspective, it means administrators can tailor the network to the business and tailor bandwidth to give higher priority to certain applications, thus differentiating traffic. We call this traffic-smart networking, which makes the network more responsive."

Discovering new concepts

DEN is a relatively new concept. It describes mechanisms that enable equipment such as switches and routers to access and use directory information to implement another new concept - policy-based networking. The basic idea behind policy-based networking is to associate information about individual users, groups, organisational units and entire organisations with various network services or classes of service (CoS).

The purpose of DEN and policy-based networking is to meet user- and application-specific networking needs, while also streamlining software and administration.

According to switch, router and software vendors, directories and directory services are the means to this end.

"With the rapid adoption of ERP applications, e-commerce, VPNs and other compelling business technologies, companies need to make priority information flow, and ensure the right people are accessing the right resources at all times," said Collins.

But the underlying motive is greed. Implementing DEN will require more expensive equipment from vendors like Cisco and Lucent, which are using policy features to differentiate their switches and routers from the other vendors lower-priced commodity products. Any vendor lock-in raises equipment costs.

Lucent's DEN is a broad initiative encompassing data switching, voice switching, video-conferencing, network management tools and IP services.

It also includes the company's range of multimedia call centre, internet telephony and universal messaging applications, as well as business software from other companies (see box, below).

Tim Beard, enterprise-sector marketing manager at Newbridge Networks, said: "The industry has been waiting for some time for Lucent to figure out how it will combine some of its higher profile acquisitions - Livingston, Ascend and Prominet - into a coherent offering. Judging by this announcement, customers will have to wait a little longer. Lucent has adopted the time-honoured approach of an engineering-led company: take a kitbag full of disparate boxes and technology, and use a complex 'marketecture' to try to glue them together."

The aim of Lucent's enterprise policy-management initiative - its so-called traffic-smart networking - is to enable managers to deploy united policy capabilities that provide end-to-end network traffic predictability and control.

From the user's point of view, policy management is about receiving appropriate treatment from the network, which is especially important for business-critical applications. From the network operator's point of view, policy management is about minimising the complexity of end-to-end management and security. More generally, policy-enabled networking is about the allocation of network resources to best support business needs.

Rules equal policies

Lucent's RealNet Rules is a Java-based client/server software application running on Windows NT and Sun Solaris which allows specific rules - or policies - to be defined regarding how network resources will be used, by whom and at what times.

Collins said to make life easier for administrators, Lucent "will supply RealNet Rules policy templates with predefined values, which network managers can edit".

However, in its initial release, which is scheduled to appear later this year, Lucent's RealNet Rules (formerly Rules Manager) will only support a limited range of devices: the Cajun P550 and P220 Gigabit Switches, the Cajun M770 Multifunction Switch and legacy Cisco routers running IOS 11.2 and higher via CLI.

"I would hate to describe Lucent's strategy as a dog's dinner, but it does raise the question: Where's the meat?" said Beard. "Where is the support of internal service-level agreements (SLAs) and billing in Lucent's new management strategy? This is particularly surprising given Lucent's voice background, where regular billing has long been an established way of working."

Collins responded: "With RealNet Rules, we are able to take the first step towards providing network managers with SLAs for their customers, as well as the infrastructure to support converged networks. Traffic-smart networking is a business approach to networking, automating management tasks and removing the need for network managers to 'touch' every device on the network."

Importantly, DEN is highly dependent on the proper functioning of "bleeding edge" policy-management technology. Mission-critical applications will gain access to the limited network bandwidth only if QoS and policy parameters are set properly. The greater the potential for misconfiguring the network, the greater the risk.

POLICY ISSUES EXPLAINED

Policy management basics

Policy management has three basic functions:

- Provisioning or configuring the network switches and routers.

- Enforcement of the provisioned policies.

- Verification (or auditing) of network operation.

In more general terms, policy management is the implementation of a set of rules or policies, which dictate the access and use of resources on a per user, per flow, per application, or company/group basis to meet established business objectives. It is essentially focused on providing end-to-end QoS (bandwidth, latency and priority) and security (authentication, authorisation and auditing).

TIMELINES: RELEASE DATES FOR LUCENT'S POLICY-MANAGEMENT SOFTWARE

Lucent's directory-enabled traffic-smart networking initiative comprises three phases: Phase 1:

Policy manager version: Lucent RealNet Rules 1.0 (provides static/passive policy management) When available: Q3 1999

Type of policies enforced:

QoS/Class of Service (CoS), Access control

Policy enablers:

QIP 5.0, DHCP, DDNS (IP address registration and authentication), Novell NDS, directory services, LDAP directory

Network resources managed:

Cisco routers with IOS 11.2 and higher

Cajun Campus Lan packet switches (P550, P220 and M770 only)

Phase 2:

Policy manager version:

Lucent RealNet Rules 2.0 (provides enhanced static/passive policy management) When available: Q1 2000

Type of policies enforced: As version 1.0 plus: Security monitoring/Single sign-on/Voice-over-IP

Policy enablers: As version 1.0 plus:

Extranet/VPN, H.323 multimedia support, Radius security server, PKI (public key infrastructure), IETF DiffServ (Differential Services, basic IP CoS, CajunView network management applications, Netscape Directory Services, Microsoft Advanced Directory Services

Network resources managed: As version 1.0 plus: Ascend Wan switches and Lucent Managed Firewall security

Phase 3:

Policy manager version: Lucent RealNet Rules 3.0 and all subsequently released versions (providing dynamic/active policy management) When available: After Q2 2000

Type of policies enforced: As version 2.0 plus: Application integration (application identification), SLAs, Active policies

Policy enablers: As version 2.0 plus: IETF IntServ (Integrated Services, enhanced-IP CoS), ATM services (ATM QoS), Microsoft TAPI (telephony API)

Network resources managed: As version 2.0 plus: Cajun Campus M770A Lan switch (voice-enabled Lan switch), Lucent's PacketStar voice gateway, MMCX multimedia gateway, INTUITY AUDIX multimedia messaging system, CentreVu, ITS IP Exchange telephony server, and DEFINITY PBX. Source: Lucent, May 1999.