[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: snmpconf RE: COPS vs. SNMP



>>>>> On Mon, 25 Feb 2002 15:19:43 -0500, "Harrington, David" <dbh@enterasys.com> said:

[the majority of an *excellent* summary deleted]
David> SNMPCONF:

David> Disadvantages: Depends on an administrator developing policies
David> using a scripting language that is the amalgum of multiple
David> existing languages.  This new programming language is not
David> supported on existing devices, and has no hard data about how
David> robust or useful it is for expressing policies. Since it builds
David> upon SNMP data modeling and depends on SNMP for provisioning
David> and monitoring, it suffers all the disadvantages of SNMP when
David> doing data modeling and provisioning or monitoring.

one more: It pushes an awful lot of complexity out to the deployed
devices.  Specifically, if it is intended that the scripts written are
to be run directly on the device then every device must have a script
interpreter within it.

David> There are differences in security: 
...
David> COPS/PR security depends on IPSec, which uses host-based
David> authentication.

I think COPS/PR relies on an external method of protection, but is not
limited to just IPSec (if my understanding is correct) and thus you
could use something like TLS as well.


-- 
Wes Hardaker
NAI Labs
Network Associates