CCM Version 2 eases Nortel VPN management

By Joel Snyder, Network World Global Test Alliance
Network World, 11/03/03

Original Article on Network World Web Site

As one of the most popular enterprise-class VPN appliance lines, Nortel's Contivity VPN gear historically has been hampered by awkward and inconvenient configuration and management wares. With the release of Contivity Configuration Manager Version 2 this summer, Nortel has to a degree simplified configuration and control of multiple Contivity devices.

CCM comprises a simple, client/server architecture, with a small database and configuration server running on Windows or Solaris servers and a Java-based client configuration tool. We installed CCM on a Windows 2000 Server and used a second Windows system to run the client configuration tool. We pointed CCM at our Contivity 2600 and 1100 systems, imported their existing configurations and easily started managing them.

If you're familiar with Contivity's built-in Web-based user interface, CCM will be easy to learn and use. CCM exposes an almost-identical series of screens that display the Contivity configuration data and lets you change it. This is a strength and a weakness of CCM. VPN managers will be able to pick up and use CCM almost instantly. However, CCM doesn't extend the object-oriented configuration model of Contivity across multiple units. For example, you can't group Contivity devices and apply like settings, such as a logging server, to them. CCM does have a multi-device configuration tool, but the tool is really just a way of speeding the process of manually changing a setting across multiple devices. With Nortel's object-oriented GUI in the Contivity boxes so ahead of its time, seeing CCM ignore the potential was very disappointing.

We also were disappointed with the VPN-specific management features in CCM. Because the main purpose for having dozens or hundreds of Contivity appliances is to have them running in a multi-site VPN environment, we expected some powerful tools to build and maintain site-to-site VPNs. CCM lets you define a mesh VPN, but it's a one-time push of configuration information. You can't then modify the VPN as an object to change its configuration. If you want to do that, you have to go to each device in CCM and make the changes individually. Other types of VPNs (such as hubs and spokes) are not supported except through a manual definition process.

   Contivity Configuration Manager Version 2
Cost: Ranges from $9,060 for 250 nodes and $22,650 for 2500 nodes.
Pros: Simplifies configuration of multiple VPN gateways; multi-device license management, software upgrade and configuration archiving are useful.
Cons: Requiring element management for most operations misses the point of a centralized management tool.

Despite these flaws, CCM still is a huge step forward from traditional Contivity management.

Simply not having to individually log into each device to make changes saves time and reduces the potential for errors. Once you make changes to a device in CCM, it's a simple task to push those changes out to the device. Some multi-device capabilities, such as license management, software upgrades, configuration backups and archiving, also help make the case for buying CCM.