Commercial or Open-Source Software? Lowering the Cost of SNMP Applications Development

In a world of commercial and open source software toolkits, how can we best identify and select the option lowering the cost of developing SNMP Agent and SNMP Manager applications?

The goal in selecting an SNMP developers’ toolkit is to find the most cost effective means to accelerate development and realize successful project completion.

During the process of SNMP toolkit evaluation, we need to consider factors from both the technical perspective and business perspective.

Some examples of business factors:

  • What are the terms and obligations of the distribution license?
  • What level of engineering expertise do we need on staff to effectively use the toolkit?
  • What is the initial cost for the toolkit?
  • Are there annual maintenance and support costs?
  • Do we need to track and pay royalties on derivative works?

Some examples of technical factors:

  • Does the toolkit include fully compliant implementations of SNMPv1, SNMPv2c and SNMPv3?
  • How well does the toolkit scale when handling a heavy volume of encrypted SNMPv3 messages?
  • Is the toolkit easily portable to a variety of hardware platforms and operating systems?
  • What useful MIB implementations and utilities are included with the toolkit?
  • How helpful is the developers documentation?
  • Is the SNMP toolkit API concise or bloated?
  • Is the SNMP and MIB terminology used in the toolkit consistent with IETF published RFCs?
  • What level of technical support exists? Is there an active developer and user community?
  • Does the SNMP toolkit integrate well with other technologies (e.g. Corba, WBEM, Syslog, XML, JMX, TL1)?

Based upon the relative significance of each factor we can identify and select the SNMP developers’ toolkit offering the best value and most cost effective means to accelerate development and realize successful project completion. The right SNMP developers’ toolkit is not necessarily the least expensive. Rather, the right SNMP developers’ toolkit is the one that is capable of providing substantial engineering efficiencies during development and facilitates the delivery of a less encumbered, more profitable product.

Open-source SNMP software was initially created as a reference implementation for interoperability testing with proprietary implementations of the SNMP protocol. Over time, the quality of open-source SNMP developers’ toolkits has improved to a point where there is a suitable match for a variety of OEM development efforts.

Commercial SNMP software often provide a much richer feature set than open-source developers’ toolkits. Also, commercial SNMP software offerings have adjusted to low-end market realities of quality open-source software to a point where there is a low cost or no cost binary commercial version that is often competitive with open-source alternatives.

In either case, open-source or commercial, it is important to have sufficient development expertise with SNMP and MIB technologies to make effective use of the selected SNMP developers’ toolkit. This is the core value provided to your project by the right choice of SNMP consultant.

The next step to gaining a better understanding of the alternatives and trade-offs when identifying and selecting the best choice of commercial or open-source SNMP developers’ toolkit is to contact me with your project requirements and questions.

Comments (1)

Using SNMPv3 for Secure Transmission of SNMP Messages

Versions of the SNMP prior to third version (SNMPv3) did not include adequate security. Any sufficiently motivated individual with physical access to a shared network link and a protocol sniffer had the ability to capture clear text messages exchanged between a manager application and its agents. Once captured, it was simply a matter of extracting community strings and agent addresses of interest in order to usurp the role of the manager application, possibly hijacking and re-configuring network devices along the way.

The design of SNMPv3 included authentication and privacy (encryption) mechanisms for the protocol. By incorporating these mechanisms, SNMPv3 became self sufficient with no need of any other network services for the secure transmission of SNMP messages. After all, network operators need their network management protocol to be functional even when major portions of the network and its services are impaired.

Three security levels are defined for SNMPv3, in increasing degree of security as follow:

  • noAuthNoPriv – essentially clear text messages providing backwards compatibility with earlier versions of the SNMP
  • authNoPrivauthenticated messages (SHA1 or MD5 hash), but messages are still transmitted in clear text
  • authPriv – authenticated messages with the scoped PDU portion of message encrypted (DES or AES)

For manager applications that only require their agents to verify the authenticity of SNMP message exchanges, the authNoPriv security level is sufficient. This security level offers adequate protection for SNMP message exchanges that do not include sensitive data.

For manager applications that require their agents to both verify the authenticity of SNMP message exchanges and to provide privacy (encryption) of sensitive data contained within the scoped PDU portion of the SNMP message, the authPriv security level must be used. Since the DES encryption cipher is considered cracked, an AES encryption cipher of sufficient length should be used.

However, it is important to avoid using weak authentication or privacy pass phrases. Even when an SNMP manager application uses the authPriv security level with the AES cipher, you can jeopardize secure SNMPv3 message transmissions. In better deployments, the SNMP configuration and applications work together with the proper ciphers and strong pass phrases to ensure secure SNMPv3 message transmission and I am happy to show you just how easy it is to get this right.

In highly secure environments snmpEngineID values should also be protected by using a discovery mechanism together with a security model that avoids exchanging cleartext SNMP messages on network links.

The next step towards using SNMPv3 for secure transmission of SNMP messages is to contact me with your project requirements and questions.

Leave a Comment

Reduced Cost, Reduced Risk: Information Modeling Before Enterprise MIB Design

In our current business economy development schedules are short and project budgets constrained.

When a software project involves the design of Enterprise MIB modules, there is a tried and true approach to reducing associated cost and risk factors. This valuable design approach leverages the practical wisdom and lessons-learned from the development of more than 250 IETF standards-track MIB modules.

The IETF Operations And Management (OAM) Area directorate collected and posted helpful information related to MIB design on the following topics:

These topics and others are published as a “Best Current Practice” in RFC 4181, “Guidelines for MIB Documents”. RFC 4181 describe a better approach towards the design of MIB modules, but does not address the single largest cause of rework and redesign. This critical step, is the creation of an Information Model, as cited by the Network Management Research Group (NMRG).

Within each IETF standards-track MIB module there exists a tacit, de-facto Information Model. This NMRG view describes how Information Models can represent different abstraction levels and provides a set of reverse-engineered Information models for IETF published MIB modules. This NMRG point of view is described in RFC 3444, “On the Difference between Information Models and Data Models”. Since publication of RFC 3444, IETF working groups now define an Information Model before designing their MIB modules.

My consulting clients who choose to first define an Information Model regard this initial step as a great value for reasons that include the following:

  • Efficient knowledge transfer from domain subject experts
  • Easy to understand graphic format
  • Identifies major system components, their relationships and multiplicity
  • Effectively specifies the SNMP INDEX for each system component
  • Provides a means to express and analysis use cases

And the best value yielded by the small amount of time and effort spent on first defining an Information Model is the significant reduction in latter development stage risk involving re-design of portions of their Enterprise MIB modules.

It is simply easier to identify and correct logic on a single page or screen image than it is to modify definitions and descriptive text across the hundreds of pages comprising a set of enterprise MIB modules. The simple fact that the need for re-design is often first detected during the latter phases of implementing MIB modules in an SNMP Agent or SNMP Manager application serves to compound the value provided by the initial definition of an Information Model.

Certainly the design approach of information modeling before Enterprise MIB design reduces cost and reduces risk that can adversely impact project budget and schedule.

The next step in taking advantage of this valuable design approach is to contact me with your project requirements and questions.

Leave a Comment