We surveyed Network Computing readers on the major challenges of remote-office management. After reviewing the results, we decided to examine remote-control software and protocol analyzers, and how investigate how they can be used for branch offices. Why these technologies? Because 76 percent of respondents said availability of local technical support is one of the biggest challenges in managing technology at remote offices, and these remote-access and diagnostic tools offer relief for resource-strapped IT staffs.
We also looked across the software spectrum, contrasting the features and suitability of commercial offerings versus popular open-source applications. Although nearly half of those polled said they will spend more than $250,000 on branch-office hardware and software this year--28 percent will spend more than $500,000--there's always room to save a few bucks by using open-source software that's comparable to commercial offerings.
In general, the commercial products we examined provide the broadest spectrum of features, centralized management and conventional support. But all that comfort comes at a substantial price. The open-source applications, on the other hand, cost little or nothing, but no single offering in this group provides all the features of the top commercial products. You'll have to add other open-source applications to get the security and central management you need.
Despite those limitations, we are impressed with how the open-source offerings stack up. For details on the major similarities and differences, see the features chart below left. For contact information and a list of common commercial and open-source tools, see the chart below right.
Network Protocol Analyzers
Twenty-two percent of the respondents to our survey use open-source/freeware diagnostic and network tools. Three of the top eight downloads at Freshmeat.net are protocol analyzers, with Ethereal the third most popular download overall, behind Apache and MySQL. A survey of Nmap security-tool listserv users conducted in March 2003 placed Ethereal as the second most popular tool (for background on Ethereal, see "Ethereal vs. Sniffer"). We compared Ethereal with the market-share leader for commercial protocol analyzers, Network General's Sniffer, to evaluate how their features stack up for remote management. Our findings surprised us.
Ethereal, version 0.10.4 at press time, is available on 11 platforms, offering support for capture media ranging from Ethernet to Token Ring. Ethernet is supported on all platforms, and Linux supports all capture media available. Although Ethereal runs on Microsoft Windows 2000 and XP, there have been reports of limitations capturing Gigabit Ethernet speeds on Windows. Suitable hardware on the Linux platform doesn't exhibit the same troublesome behavior. In addition, you can't capture 802.11 management and beacon packets using the Windows drivers; only certain card/driver combinations with Linux and BSD allow full 802.11 captures. Therefore, we recommend Linux as the operating system platform for Ethereal.
Network General's Sniffer comes in three flavors with a lot of additional options and potential costs. The other side of the coin is that you pay for only the capabilities you need.
The entry-level Sniffer, called Netasyst ($1,995 basic; $4,995 with expert analysis), is a Windows-only platform run on Windows 2000 or XP. Geared primarily for small and midsize businesses, it focuses on 10/100 Ethernet with options for wireless, VoIP (voice over IP), expert technology and graphical reporting. It does not yet support Gigabit Ethernet, though the company says such support is in the works.
The midrange product, Sniffer Portable, includes expert technology, works on LANs and WANs, and supports high-speed ATM and Gigabit Ethernet capture media. Options include support for High Speed Serial Interface (HSSI/T3), ATM (OC-3/OC-12), wireless, VoIP and graphical reporting. The WAN, ATM and Gigabit Ethernet modules also require a separate hardware device. Windows 98, 2000 and NT are supported for all protocols, with Windows XP support for LAN and wireless LAN only.
The higher-end Sniffer Distributed lets you put RMON and/or Sniffer technologies on individual segments for permanent remote monitoring, reporting and troubleshooting. In this article, we'll focus on Sniffer Portable because it's most comparable to Ethereal.
Comparison Points
Commercial packages like Sniffer are sold as turnkey systems, with the required software and hardware included or available directly from the vendor. But with open-source systems like Ethereal, you need expertise and patience to ensure the tool is set up correctly for your scenario. Because its authors didn't try to reinvent the wheel, but rather used the best tools available, Ethereal depends on other software products, including libpcap and winpcap (packet-capture libraries). This is a double-edged sword, as Ethereal's authors don't directly address functionality deficiencies in the implementation of network cards and drivers in the dependent software libraries.
The products' real-time-capture display and statistics capabilities vary as well. In Ethereal, the processing power at your disposal will determine if this is useful. By default, this capability is turned off and in high-load environments probably would remain that way. This mode might be useful only with highly filtered output.
Expert analysis--recognizing common fault conditions and recommending solutions--could be a lifesaver for a networking novice, but it comes at a price and is available only with Sniffer. This is definitely a factor to consider in deciding which tool is right for you.
For graphical network reporting, Ethereal focuses on protocol analysis, with other open-source tools, like Ntop, recommended for reporting and monitoring. Sniffer reporting is available as an option, or you can export data to another graphics program.
On the 802.11a/b front, Ethereal can decode 802.11 packets, but capturing them properly is another story. Only the Linux and BSD versions support this capability, and then only with certain hardware and driver combinations. Under Windows, the best you can hope for is nonpromiscuous-mode data without wireless management and control packets. The Sniffer Wireless product does support 802.11a/b, with a number of network cards; 802.11g support is coming out shortly.
Commercial offerings commonly lead their open-source rivals in support and training. Sniffer comes with a year of 24/7 toll-free technical support. Plano, Texas, serves as the primary first-level technical support center, with secondary support sites in California. This is a big plus: In-country support centers eliminate the frustration of dealing with offshore ESL (English as a second language) support personnel. Ethereal is supported through five listserv mailing lists and a historical database.
For those who need to learn these packages, third parties, such as the Protocol Analysis Institute, have formal, on-disk and Internet training programs specifically for Ethereal. Sniffer training is available directly through Sniffer University. Certification as a Sniffer Certified Professional is also offered through the university.
Open source may not be for everyone, but the capabilities of the Ethereal product stack up well. If you're willing to invest some time in getting up to speed and are familiar with protocol analysis, the Ethereal software may just be the ticket. However, if time to repair is critical, or if bundled wireless analysis is a must, Sniffer is better suited to the task. Sniffer's expert technology will help you recognize troublesome network patterns, saving time even for those adept at network analysis. And Sniffer's distributed-management capabilities are a major plus for branch offices. Sniffer's wireless-capture capabilities are also superior to Ethereal's, given Ethereal's underlying driver-support issues with libpcap and winpcap. Ethereal can decode the packets just fine, but capturing a full spectrum of packets in the wireless environment is a problem.
Both products can be used remotely with open-source or commercial remote-access products. However, if the link to your remote sites is saturated, you'll need out-of-band support.
In their infancy, remote-control and access applications weren't much more than utilities put together by administrators tired of running across the building or up and down stairs. Today, these products are a vital part of a remote-site administrator's toolkit.
Again, we examined representative products from the commercial and free categories, and compared them in terms of cost, features, support options and platform support. To represent the commercial model, we chose a popular product with a comprehensive features set and support for a wide range of operating environments--NetOp from Danware Data A/S (distributed by CrossTec Corp. in the United States). For the free product, we selected Virtual Network Computing, or VNC, together with VNC-based programs such as TightVNC and UltraVNC. Both NetOp and VNC have been around for a number of years and have a wide distribution base.
Comparison Points
First, some similarities. The products both support a strong field of operating systems, from the standard desktop Windows environment, through the regular cast of server platforms, all the way to PDA systems.
Both also work toward maximizing bandwidth utilization. To maximize data-stream flow, both product groups support multiple compression techniques, greatly reducing the "wait for the screen to update" frustration. Early products, without encryption and local cursor support, sent the entire screen buffer from every screen modification over the line--usually a slow dial-up connection. As a result, users were left staring at slowly updating screens. Both products now allow local cursor updating so that cursor movements are processed by the local machine and don't cause screen refreshes, further reducing screen update latency. Finally, both products support variable screen resolutions and techniques, such as reduced color palettes and turning off backgrounds to handle graphics-intensive screens on the host system. This makes a big difference when you're working over a slow dial-up connection. Web browser support is important as well; it lets an Internet-connected PC access the host via a Java applet with the browser.
Another key feature is host-service mode. Running the host product as a service lets you log in or out of the host system at the operating system level without shutting the host down. If you must restart by sending a ctrl-alt-del sequence from the client, having the host restart and being able to log back in makes remote administration much easier.
A remote-host session request lets remote users obtain support-staff assistance straight from the desktop over a listening-viewer capability. It's helpful to be able to transfer files between the client and host for problem resolution or to provide updated files.
Finally, support for chat mode makes a big difference. It sure beats the old way of keeping a Notepad window on the screen while each party alternately typed responses. And, for NetOp, the voice chat option makes communication even smoother.
But there are also some differences, most notably in security, centralized management functionality, type of product support and cost.
First, security is stronger with NetOp. Although both products provide challenge/password authentication, VNC sends the subsequent data stream unencrypted, whereas NetOp provides a number of heavy-duty encryption methods. To get encryption with VNC, you must tunnel the data steam through an additional security product. In the open-source world, products like OpenSSH and ZeBeDee provide a straightforward encryption process.
Another difference is that commercial products typically offer integration of centralized management functions, which make remote-office rollouts, updates and software management much easier. For example, NetOp provides integrated deployment, event handling and reporting capabilities. Those capabilities do exist in the open-source world, but typically require an additional open-source product or a low-cost alternative. Indeed, some commercial products are starting to include desktop-management functionality, such as inventory and software management. However, those functions aren't integrated into the remote-access and control open-source products we analyzed.
For NetOp and other commercial products, support comes from comprehensive help files, telephone support, online knowledge bases, and dedicated pay-as-you-go or contract-support programs. The nature of open source, however, dictates a different approach. Although some products may provide integrated help files, and many others offer some documentation, the bulk of support usually comes from list servers, user groups and mail lists on the product Web sites. Although you probably can't get someone on the line in an emergency, the product's programming and user community typically monitors the list server or user group and can provide experienced help. You might even get help from a developer--a rare occurrence in the commercial realm.
Then there's the money factor. Commercial remote-access and control products are purchased on a per-seat or concurrent licensing basis, and range from $50 to $175 per copy. Most of the products in the open-source VNC group are free and are provided via GNU General Public License, which makes the source code readily available.
Although many people in our survey indicated they tried open-source software because of the cost (or lack thereof), it's a mistake to consider open source on a monetary basis only. You must consider implementation and support costs, primarily staff, to achieve the same results an integrated commercial product can deliver. If you don't, the effort to integrate and manage multiple open-source products could negate the benefits.
Richard J. Brown is an independent systems consultant and owner of Business Applications Ltd., a technology consultancy and provider of Web hosting and e-mail services. He has worked with and managed corporate systems groups for more than 25 years in the high-tech, finance and manufacturing fields.
Gerard R. Sheehan, Jr. is an independent systems consultant with more than 20 years' experience in information technology. He has implemented, supported and managed a wide variety of corporate systems in the manufacturing and mortgage industries.
Original Ethereal author Gerald Combs started work on the program in 1997, and by July 1998 the first beta, version 0.2.0, was released. Since that time, there have been an incredible 401 contributors to the code base, according to the Ethereal site. Published under the GNU general public license, this is a measure of success for the open-source concept.
On the commercial side, on April 22, 2004, Network Associates announced the sale of all Sniffer Technologies assets to a group of investors at Silver Lake Partners and Texas Pacific Group. The old will become new again because the group intends to use the old moniker, Network General Corp., for the new entity. First marketed in 1986, Sniffer became an indispensable part of the professional networker's toolkit. Along the way, Cinco Networks' Net-X-Ray product was acquired and used as the basis for a graphical interface to the solid protocol decoder and packet-capture product. Although newcomers like Wild Packets' Etherpeek NX and Network Instruments' Observer have enjoyed commercial success, the installed Sniffer base is formidable. The spinoff deal is expected to close sometime in the third quarter of this year, with the new company initially employing more than 600 worldwide.
If imitation is the sincerest form of flattery, VNC should be blushing. Because it's free and its source code is readily available, a number of "new and improved" open-source VNC-based products have become available. The original tried-and-true VNC is a work of functional simplicity and cross-platform availability, focusing on the basics of accessing and controlling a remote computer. Based on the Remote FrameBuffer (RFB) protocol, which was designed to allow changes on a remote screen to be transmitted back to a local clients screen, VNC lacks encryption, compression, file transfer and sophisticated security capabilities.
The newer products have addressed the shortcomings of the original. UltraVNC, which supports only Windows, offers file-transfer capabilities, a chat mode, high performance video drivers for Windows 2000 and XP, and a plug-in system to allow third party functionality to be added to the product. TightVNC also offers a number of improvements, including compression to optimize transfer over slower connections, graphical support for advanced configuration options, and automatic SSH tunneling for Unix systems. There are even VNC-based offerings for Macintosh (ChromiVNC) and Palm (PalmVNC). In addition, as they're all based on the RFB protocol, the various products can interact with one another--a VNC-based PC running Windows 2000 can act as a remote client to a server running TightVNC on Unix.
As you can see, although there are differences in features among products, the shared RFB protocol, similar functionality, and zero price tag put these products in a fairly close-knit family. If your selection requirements lead you down the path of open source, you have a solid group of products to consider.