Testing TNG
I tested TNG in a multiprotocol, multidomain network with several types of
network devices, such as routers, printers, NT servers and workstations, and
NetWare servers. To begin, I used TNG's Autodiscovery Wizard, which automates
the search for your managed devices (with support for TCP/IP, IPX/SPX, DECnet,
and SNA), builds the initial topology of your network, and enters it into your
repository. I used this tool to analyze the Windows NT Magazine Lab and
the surrounding corporate network.
The wizard offers several methods for discovery: an IP ping sweep, Address
Resolution Protocol (ARP) cache (TNG queries the ARP tables in the routers it
finds and continues searching from there), or fast ARP (TNG just uploads the ARP
tables). Each method has its uses, but the IP ping sweep provides the most
detail. This method pings every address you define in a range, asks the devices
it finds whether they are SNMP enabled, gathers a small amount of MIB data, and
enters this information into the repository to build the topology view.
TNG's Discovery Monitor tool tells you the status of a running
autodiscovery, how many objects it found, and how long it took. You can control
how many levels deep the scan goes (a subnet is the finest granularity
available) and how many attached networks it discovers. TNG places all devices
it discovers in an IP network group with one representative icon at the top
layer of the 2D and 3D views. After the autodiscovery fills the repository, CA's
Domain Manager software lets you set domain polling times, intervals, and types,
which govern the repository and fault notification frequency.
I found a few problems with TNG. For example, it has no undo function, and
object deletes are not recursive. If you delete a top-layer object, such as the
whole IP subnet or BPV, TNG doesn't remove the underlying objects. Also, the
release of TNG I evaluated did not support Dynamic Host Configuration Protocol
(DHCP) autodiscovery. As the DHCP server shuffles IP addresses, TNG doesn't
update the repository accordingly. This lack of synchronization causes conflicts
with addresses pointing to the wrong managed devices. CA reports that patches
are available from the company's Web site to fix the cascade delete and to add
DHCP support for autodiscovery.
While I was autodiscovering devices, I noticed that TNG does not use
LANManager communications layers, so on a first pass, it won't tell you about or
respect NT domains. To include domains in your TNG security model, you have to
start using TNG's security management features.
End-to-End
The final question is whether you can deploy TNG as a complete, standalone
enterprise management system for NT. Well, not yet. CA reports that it will be
adding more modules and tighter integration with NT in the next two releases
(the first release is due out by the end of this year). Right now, TNG lacks
some features, so you have to add other packages to your administration plan. At
a minimum, you need to consider adding TNG's optional modules, such as software
distribution and advanced Help desk for complete enterprise control.
Other features missing from TNG include built-in remote NT system
administration and hooks (except for those in NT's native tools) for new Desktop
Management Interface (DMI) standards (although you can access this data via a
Management Information Format--MIF--to MIB converter) or system/network
performance monitoring. As a result, TNG is not well suited to network design or
capacity planning. You need to carefully plan your security strategy with TNG.
If you don't, you can introduce new security holes. TNG also lacks file
administration capabilities that are directly integrated with its WorldView
interface-- you still have to use NT's standard tools, rather than having one
point of administration.
Despite its shortfalls, TNG is a powerful enterprise management
environment. It can be difficult to grasp at first, but once you learn your way
around the GUI, the system is very logical.
CA offers two options for TNG support. The first is a basic phone support
and bug fixes service contract that costs 15 percent of the current TNG price
(regardless of what you paid for TNG when you purchased it) per year. The other
service contract includes full phone support, fixes, and upgrades for the time
you have the contract and costs 19 percent of the current TNG price per year.
You must sign up for one of these two service contracts when you license your
copy of TNG. Any large enterprise considering a rollout of TNG will want to make
sure to put a program in place for 24*7 support, with a guaranteed resolution
time, such as four-hour response. These services are available, so build them
into your management solution. You will find numerous Help files and an
online-books utility on the distribution CD-ROM that you can easily distribute
to your administrators.
TNG is not for everybody, and its deployment requires planning and
customization. However, if you run a large-scale, complex, heterogeneous
network, TNG is well worth the effort and cost.