Remotely possible
Bay's Versalar tops the remote-access field.
By Dean Conant, Victor Renteria, Webb Deneys, and Troy
Sukert
Network World, 3/23/98
If the main thing you expect an enterprise-class remote access server
(RAS) to do is handle lots of sessions with solid throughput, look no further
than Bay Networks, Inc.'s Versalar 5000 Access Switch.
The Versalar 5000, outfitted with the Versalar 5399 Remote Access
Concentrator (RAC) Module, topped the field of five entries in our testing,
although it wasn't exactly easy sledding. In the early going, the unit dropped
calls, and we had to work with the vendor to find a fix. However, once a
firmware patch was applied, the unit aced our performance tests, turning in
the best throughput numbers. Bay plans to make that patch publicly
available by the end of this month, so you shouldn't have any of the
problems we experienced.
Compaq Computer Corp.'s Compaq Microcom 6200 Remote Access
Concentrator and 3Com Corp.'s Total Control HiPer Access
System/EdgeServer Pro Module came in a reasonably close second and
third in the performance race, respectively. They were the only two
products that didn't drop calls during testing, but their throughput numbers
couldn't match Bay's.
The remaining two products - a beta version of Ascend Communications,
Inc.'s MAX 6000 and Shiva Corp.'s LanRover Access Switch - dropped
calls. Ascend's unit couldn't get past 59 simultaneous calls, while Shiva's
product turned in the poorest showing of all, handling no more than 22
connections. In working with the vendors, we were unable to fully isolate
the problems, although Ascend did pinpoint a likely cause for its failures as
we were going to press (a href="/reviews/0323review2.html">See article).
However, throughput numbers for both units were comparable to those for
Compaq and 3Com, albeit for fewer clients.
Each vendor was invited to have a technician on hand during testing to
answer our questions and help troubleshoot any problems we encountered.
That proved to be a problem for Cisco Systems, Inc., a key player in the
market. The company said it couldn't free up a technician during the time
we were testing and consequently declined to participate. Shiva likewise did
not send a technician, but agreed to have its product tested nonetheless and
provided support by phone.
Tests were conducted using 60 Windows 95-based PCs, each of which
tapped its own 33.6K bit/sec modem to transfer files to and from a
Windows NT 4.0-based server via the RAS unit being tested. We could
have increased the number of clients in the test by enabling each PC to
emulate multiple clients but we thought the use of emulated clients would not
give us real-world results.
We had up to 60 PCs all transferring files at once. We did this by starting
with a single node transferring files, increasing to two nodes transferring files
at once and so on. If no calls were dropped, we ran the test three times and
calculated an average throughput figure for uploads and downloads as
measured at each client. If calls were dropped, we gave each vendor a
chance to diagnose the problem and apply fixes. If the fixes didn't work, we
averaged the three best tests from those we had run. Upload rates were
higher than download rates, which is a common phenomenon in this type of
test.
During testing we had no problem authenticating users with the Challenge
Handshake Authentication Protocol (CHAP) and giving each an
automatically assigned IP address.
Bay's comeback
It's not often that you see a product make the type of comeback that Bay's
did in testing. Initially, we couldn't get the unit past 20 simultaneous calls. In
working with the vendor we discovered the unit was holding requests for
files in a queue rather than passing them along.
The vendor was aware of this anomaly, but it had difficulty reproducing the
problem in the field or in its own facility. Our experience helped Bay
technicians pinpoint the cause of the problem and come up with the patch.
Following the upgrade, the product showed near-steady performance from
one to 60 clients. Upload throughput averaged 99.1K bit/sec and varied
1.3% at most from one to 60 clients. Download throughput averaged
67.8K bit/sec but did dip a bit, starting at 71.2K for one client and ending
at 62.8K bit/sec for 60.
Like the servers from Compaq and 3Com, Bay's unit is built with Internet
service providers, telephone companies and high-end enterprise users in
mind. There is a 13-slot chassis that takes 5399 RAC boards as well as
other cards, including ones for management and configuration. All the cards
in the system are hot-swappable, meaning you don't have to bring the
server down to replace a failed part. The chassis also supports three
hot-swappable power supplies with an integrated ventilation system.
The front of each 5399 RAC card has LEDs that indicate line and
hardware status as well as the number of dial-in ports in use. Currently, the
modems on each 5399 RAC support 33.6K bit/sec transmission and both
flavors of 56K bit/sec technology, X2 and Kflex. Bay promises to provide
a flash upgrade to support the new 56K bit/sec V.90 protocol when that
standard is finalized.
The setup for Bay's unit was relatively straightforward via a PC emulating a
VT100 terminal. There also is a Windows-based management tool and a
Hewlett-Packard Co. OpenView module available but neither was supplied
for this review.
The Bay product was the only one we looked at that didn't support a
built-in multiple user authentication scheme. Instead, it requires you to use
an external server that supports a variety of authentication methods,
including ones that tap the NetWare Bindery, Remote Authentication
Dial-In User Service, Unix password list or Microsoft NT authentication
databases.
However, Bay provides a high level of versatility once you consider that the
same chassis used to support remote access can also be used to support
other network functions. For instance, the chassis will accept a variety of
LAN switching and routing modules, including modules that support virtual
LANs. Every-thing in the chassis, including VLAN configuration, can be
managed from a single Bay Optivity network management console.
Compaq holds all calls
Finishing just behind Bay in our performance tests was the Compaq
Microcom 6200 Remote Access Concentrator, which completed its work
with no glitches and showed steady throughput. The server averaged 73.2K
bit/sec for uploads and 51.3K bit/sec for downloads. Upload throughput
remained steady in going from one to 60 clients, while download throughput
varied by 6%.
Compaq's server is similar in design to Bay's but slightly larger, with 17
slots and four redundant power supplies. There's also room for a power
control module that monitors the environmental status of the chassis and
alerts you remotely when there's a problem with any power supply, fan or
the chassis' temperature.
The front panel of each of the six Managed Modem Modules in the unit we
tested contained more status LEDs than any of the other RAS units, a total
of 72, or three per modem.
A nice touch was that each of the two dual-channel Primary Rate Interface
boards in the unit we tested had a Cisco 2511 router on the same card.
Like Bay's unit, Compaq's server supports hot-swappable cards.
However, installation and configuration was quite difficult in comparison
with the other products tested. A Java-based Wizard applet running in a
Web browser steps you through the configuration, but you're forced to
resort to a manual command-line configuration tool if you encounter any
problems in the process. We required a lot of assistance from the on-site
technician in configuring this product. Even with company expertise on site,
it took five hours to configure the Compaq server, the longest of any that
we tested.
Compaq does support its own multiple user Password Authentication
Protocol (PAP) and CHAP authentication server, however, giving it an
edge over Bay. You can also use external authentication servers, including
ones that support RADIUS, TACACS+ and security tokens from Security
Dynamics Technologies, Inc.
Compaq matches Bay's versatility by supporting a number of other features
in addition to the RAS server. You can throw a mix of modules in the
chassis to get a RAS server, router, LAN switch and hub in one box and
manage it all from a single console.
3Com on the performance edge
Performance of the 3Com RAS unit started out on par with Compaq's but
took an unexplained dip in download throughput as the number of clients
increased. Down-load throughput started at 51.6K bit/sec and steadily
decreased to 35.8K bit/sec by the time it hit 60 clients, 27% behind
Compaq's download rate for 60 clients. However, the unit's upload
throughput was just 1% behind Compaq's.
3Com's 17-slot chassis sports a design that puts its backplane in the middle
of the box. 3Com deploys its hot-swappable cards in pairs, with one sliding
into the front of a slot and its companion sliding into the rear. The cards in
the chassis front have multiple LEDs that provide status information, while
those in the rear have ports that accept cable connections. There are also
two redundant power supplies and a monster cooling fan tray.
3Com's modem boards support 33.6K bit/sec operation or the company's
flavor of 56K bit/sec technology. The 56K bit/sec modems will be
flash-upgraded to the new V.90 modem code.
The chassis supports many management options, including the ability to
monitor the real-time status of each modem as well as to configure the
T-1/PRI lines, modem and network management interface cards. You can
also tap into a command line-driven configuration program via a PC
emulating an ASCII terminal.
You can use a graphical user interface-based (GUI) tool to configure the
product, but it can be a bit of a hassle when you have to set up the unit's IP
address. However, if you can hang tough through the GUI-based setup,
management and monitoring is a breeze thereafter.
A major differentiator for 3Com is its optional EdgeServer Pro Module, a
board that comes preconfigured as a fully functional Windows NT 4.0
Server (Service Pack 3), complete with Microsoft's Remote Access Server
software. The NT server can be used to control operations of the chassis
while the RAS software can be tapped to handle remote access duties.
Taking up three chassis slots, the EdgeServer Pro Module has a 200-MHz
Pentium Pro processor, up to 1G byte of RAM, dual 2G byte EIDE hard
drives, a 3 1/2-inch floppy drive, an Ultra-wide SCSI-3 interface and two
10M/100M bit/sec Ethernet ports. It also has a handy LED display that
shows the number of current RAS connections and the EdgeServer's CPU
utilization.
Creating user accounts on the EdgeServer Pro Module is as easy as adding
a new user to an NT server and assigning dial-up access rights.The
EdgeServer Pro Module has a separate network management card with its
own Ethernet port, which enables you to feed data to a Windows-based
console used to manage the entire chassis. You can also connect a
keyboard, monitor and mouse to the EdgeServer Pro Module so you can
manage and configure Windows NT Server using that program's utilities.
Not surprisingly, Windows NT RAS handles user authentication if you have
the built-in EdgeServer Pro Module. Otherwise, you can use external
authentication servers, as with all the RAS servers we reviewed.
Using a built-in Windows NT Server gives you other benefits as well. For
instance, you can run any of a number of off-the-shelf firewall, Web proxy
server, fax server and thin-client application programs on the same box as
your RAS server. This obviates the need to shuttle traffic from your RAS
server to a Windows NT Server performing such functions.
Ascend maxes out at 59 calls
In many ways, our experience with a late beta release of Ascend's new
MAX 6000, an enterprise-class product expected to be available next
month, was similar to what we went through with Bay's product. Early in
testing, the server started drop-ping calls.
To resolve the problem, Ascend upgraded the unit with the latest version of
firmware and had us move a PRI connection from one WAN port to
another, suspecting that the first WAN port was at fault. Once the fixes
were applied, things went more smoothly, but the unit still could not
complete our test suite.
The tests we did complete show that the MAX 6000's performance left
something to be desired, coming in with an average upload speed of 73.4K
bit/sec. Its average download speed of 35.1K bit/sec was the slowest of
all. The slow download average came when the unit suffered a severe drop
in throughput as the number of clients increased, going from 52.5K bit/sec
for one client down to 25.3K bit/sec for 59.
On the plus side, the MAX 6000 was one of the slimmest chassis we
reviewed, measuring a scant 4 inches thick. The chassis has four integrated
T-1/PRI interface boards plus a nine-pin RS-232 port for management, one
10M/100M bit/sec Ethernet port and an attachment user interface port. Six
slots are left open for modem boards that support 33.6K bit/sec and 56K
bit/sec operation and can be upgraded to V.90. None of the boards are
hot-swappable.
However, the unit has only four LEDs on the chassis front, giving you scant
information on power, T-1/PRI line, data connection and hardware status.
The lone power supply in the product we had represented a single point of
failure that left the MAX 6000 chassis vulnerable.
Ascend deserves an honorable mention for being the second easiest
product to install and configure, right behind Shiva. The documentation is
easy to follow and ports are accurately labeled.
The simple-to-use configuration software is accessed via a PC using a
terminal emulator with graphics character support, which means Windows'
Hyperterminal is not appropriate. The MAX 6000 stores profiles for
configuring user names and passwords, as well as data routing options, call
answering configurations, encapsulation and many other options.
Overall, the setup software was effective, presenting a nifty and
configurable six-window summary of status information to the right of the
main menu. However, as is common with this type of configuration system,
many of the commands are buried several layers deep in a tree-like
structure. If you can recall five-digit menu codes, you can type them in to
directly access sub-menu items, but otherwise you have to go fishing. A
Windows GUI interface was not provided with this beta product but one
will be available when the product ships.
Internal authentication is handled in part by the call answer profile you
create using the configuration software. You can specify CHAP, PAP or an
automatic authentication mode that will cycle through options until it
matches what the caller is using. The product also supports various options
for external server user authentication.
Ascend has big plans for the MAX 6000 when it comes to its feature set.
For starters, the company plans to have routing support plus hooks to
teleconferencing equipment and VPN capability. The company also has
plans to support voice over IP on the MAX 6000, enabling the unit to act
as a digital cross-connect system and to provide guaranteed
quality-of-service options.
Shiva catches 22
Even though it dropped calls, Ascend's product fared much better overall
than Shiva's LanRover Access Switch. Despite several rounds of calls with
off-site technical support, we were unable to get to the root of the problem
that caused Shiva's product to drop calls once it hit 22 simultaneous clients.
We made a number of configuration changes recommended by Shiva and
upgraded to the latest version of firmware, all to no avail.
As they attempted to diagnose the problem, Shiva technicians created a
telnet session into the unit but could not find any obvious errors or other
problems after we applied the recommended patches. Essentially, the
company says that without an onsite technician, it was unable to come up
with conclusive evidence of what caused the product to drop calls.
Up to the point where it started dropping calls, Shiva's server performed
quite admirably, with a near steady throughput between one and 22 clients.
In fact, it placed ahead of 3Com and Ascend at the 22-client level with an
average upload rate of 74.2K bit/sec, 3.4% ahead of 3Com and 1.3%
above Ascend. Its average download rate of 52.5K bit/sec blew past
3Com by 18% and squeaked past Ascend by 1.3%.
A big plus for Shiva is that its product was the easiest and quickest to get
up and running thanks to a straightforward Windows-based configuration
tool and an easy-to-use LCD-based interface on the front panel.
The configuration software enables you to manually enter information or use
a wizard that prompts you to fill in blanks or select appropriate choices
from a list. Things get easier once you realize that you can enter an IP
address via the front panel LCD, something that isn't mentioned prominently
in the product's quick configuration guide.
The industrial-strength chassis, which looks like a PC with 11 ISA-like
slots, comes with only one power supply, a drawback when you consider
that 3Com, Compaq and Bay provide redundant power supplies. The unit
we got had only one open slot, which was labeled "for future hardware.''
The product turned out to be the least modular of the ones we reviewed,
accepting its cards vertically as opposed to horizontally as the others did.
That could make maintenance more difficult, because the cards are all
connected to a ribbon cable that handles timing among them.
User authentication can be accomplished using integral support for
PAP/CHAP or via various external servers supporting RADIUS,
TACACS+ and a variety of other methods.
Shiva also doesn't have much to offer in the way of special features when
you stack it up against the other products in this review. You won't find
support for routers or LAN servers with this unit. In fact, you even need
separate boards for 33.6K bit/sec and 56K bit/sec modems. You can't
flash-upgrade the 33.6K bit/sec modem cards to support higher speed, but
you will be able flash-upgrade the 56K bit/sec modem cards to the V.90
standard. None of the cards are hot-swappable.
The bottom line is this: If you can't afford to be dropping calls in the middle
of a crucial file transfer and want the best throughput, take a good look at
Bay's product. On top of its first-rate throughput, the unit is versatile and
has enough capacity to handle 576 calls when fully configured. That
capacity jumps to thousands of calls when you consider you can bolt four
chassis together.
|
