Once our nodes were connected to the AppFire management server, we could place them into groups, which also could contain subgroups. We then attached a policy to one of our groups, and every node and subgroup contained therein took on that policy--a fact we could verify by viewing a collapsible tree format. A policy also can be assigned to a single node.
AppFire does not support inherited changes. If a subgroup is assigned its own policy, for example, the parent's policy doesn't affect it. This means you can't create a limited master set of dictated policies that can be modified at any time. None of the products we tested offer inherited policies, but Cisco's CSA came closest by letting us create multiple small policies, which were then merged and sent to the client.
We were disappointed in AppFire's reporting engine. We were presented with a long list of violations, but very little information on what, exactly, had gone wrong. We could e-mail alerts to one or more e-mail addresses per group or node, but there is no support for SNMP.
The best thing AppFire has going for it is price. It was the least expensive product, at about a third less than CSA's list price. That almost makes up for the time spent trying to figure out what our policies did.
*****************************
Discover the benefits of scalable backbone and network services for application and cloud providers.
Network automation is gaining momentum. Here's how you can drive this powerful technology to its full potential.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
