Should you stick with one vendor for your networking needs, or should you go your
own way, choosing vendor-neutral products and open standards?
Today’s first article, by Kevin Dooley, outlines the advantages and drawbacks
of a vendor-neutral network, and offers guidance for the IT manager who must make
this difficult decision.
Our second article discusses some of the new mechanisms agreed upon by IBM, Verisign,
and Microsoft for the development of Web services. It's a must-read if you're
involved in the development of secure Web services.
I hope you enjoy today's issue.
The Case for a Vendor-Neutral Network
by Kevin Dooley, author of Designing
As a consultant,
I frequently see networks that are built exclusively using equipment
from one vendor. There are some obvious advantages to this approach, but I believe
that the advantages of a vendor-neutral network design philosophy are greater
still. In many ways the situation is similar to what happened in the mainframe
world before networks and client-server applications became common. Many
companies bought their computing equipment exclusively from one manufacturer and
wound up paying far more money for it as a result. They also found that the proprietary
technology prevented them from buying less expensive and more powerful equipment
from other vendors unless they abandoned their entire initial investment.
This article looks
at the benefits and trade-offs that result from applying a best-of-breed philosophy
to selecting network equipment. There is still room for an exclusive relationship
with one vendor, but I believe that it is important to fully understand the consequences
of running a single-vendor network. Looking at the bigger picture, a single-vendor
network becomes more difficult to justify, and the vendor-neutral network design
philosophy emerges as the better choice in most cases.
Web Services Security: Moving
up the stack
New specifications improve the WS-Security model Maryann Hondo (firstname.lastname@example.org),
Sr. Technical Staff Member, IBM
David Melgar (email@example.com),
Advisory software engineer, IBM
Anthony Nadalin (firstname.lastname@example.org),
Lead Architect, IBM
In April, IBM, MS, and Verisign jointly published a specification for Web Services
Security (WS-Security) that provides a set of mechanisms to help developers of
Web services secure SOAP message exchanges. This specification has been accepted
by OASIS and a new Web Services Technical Committee (The WSS TC) has been formed
to move WS-Security to an open standard. The WS-Security specification has been
explained in some detail in an earlier paper, Security in a Web Services World:
A Proposed Architecture and Roadmap.
Additionally in April, IBM and Microsoft provided a roadmap document that included
a conceptual stack identifying additional elements that are important to building
security into Web services.
The focus of this announcement is the delivery of three more parts of the roadmap;
two elements in the policy layer and one in the federation layer.