Network vendor management is never easy, especially in light of Cisco's supply chain problems in recent months....
Facing long lead times on several Cisco products, many networking pros are now more willing to look at other networking vendors as Cisco alternatives.
"I will say that while Cisco is still our primary vendor, we have acquired and deployed substitute gear from other vendors, solely because of unacceptable delivery times," said Willis Marti, CISO of Texas A&M University.
Networking pros who go shopping for Cisco alternatives will find that choosing the competition offers some pros and some cons. For longtime Cisco customers, introducing a new vendor means learning a new operating system and facing new challenges in network vendor management, such as differing levels of product support. But those enterprises that take the plunge may also find that the headaches associated with learning a new product can be eased by high-quality equipment and low prices.
Jordan Martin introduced equipment from Juniper Networks into his environment for the first time this year after facing long and fuzzy lead times on Cisco ASA firewalls.
"We are transitioning from a third-party VPN provider that we were paying to manage a VPN to 40 sites," said Martin, director of technical services at a healthcare organization headquartered in Pennsylvania. "It was proposed last year that we cut [the provider] and do the VPN ourselves. That was all originally based on ASA gear."
Martin placed the order for 40 ASAs in late February, but Cisco was unable to deliver the gear until May, and even that was uncertain.
"We were going to build the whole infrastructure on ASA, and a lot of the project was dependent on timing," he said. "It was all budgeted. We were going to drop our provider by this point and add a staff person at this other point, and the rest of the budget was set aside for new connections and hardware. Hardware [was] the first piece we were purchasing. We weren't going to see [the ASAs] until May, but they couldn't even commit to that. At $20,000 a month for what we were paying our VPN provider, that's at least $40,000 just sitting around waiting for the devices to show up. That's when I decided to look for an alternative."
Martin immediately started looking at Juniper and Check Point products, settling on a variety of mid-tier SRX Series Services Gateways from Juniper. "The functionality was what we needed, but the price point was much better than anybody else. We were willing to pay Cisco a little bit more because we were familiar with the equipment, and just like every other shop, we had expertise in house. But if I'm going to move to a new product, the price point matters."
Introducing Cisco alternatives: The pros and cons
Introducing Juniper into his network for the first time has presented some challenges, Martin said. First, he and his staff needed to get up to speed on Junos, Juniper's operating system.
"Because we were buying 40 devices -- some of them fairly large -- we got the Juniper partner to throw in a free two-week training course," he said. "I was able to attend that and bring [the knowledge] back and do some training here for the rest of my folks. We have three other admins, and I spent several days just going over it with them. And because it's a distributed deployment all over the East Coast and out West even, I spent a few hours training some people who would be doing the rack and stack, just in case I needed them to go into the interface."
On the other hand, building his VPN was simpler than it would have been with Cisco's ASA platform, he said.
"In a traditional Cisco network, everything is built by hand," Martin said. "There is no core central management [with ASAs]. It's a fairly manual process. If you get Cisco routers, they have Dynamic Multipoint VPN, but we had decided on ASA, so we wouldn't have been able to do that. Juniper has Network and Security Manager. It's basically a GUI/wizard-based, VPN creation tool. You build all the specs you want for the VPN, then you choose the devices you want in it, and it builds the VPN for you. It made our lives easier."
Martin said his experience with Juniper so far has opened the door for him to consider the company as a Cisco alternative on other projects -- but not all.
"Now that we've invested a little bit in this, I know their gear is significantly cheaper," he said. "So I've started to do the research to see where their switching and routing products compare to Cisco. It's definitely opened the door, but I'm not sure if we'll go down that path. It has become an option because we've invested time in learning the interface."
But network vendor management can be a challenge with Cisco alternatives, particularly when it comes to dealing with product support.
"With Juniper, the attractive point is the price point, especially when you consider those edge devices. You just need them to run," Martin said. "Where it seems that Juniper falls down a bit is in their support. It doesn't seem as robust as Cisco." "Right now I have a four-hour support contract with Cisco. I order [a new Cisco switch], and based on the geographic location, I can have that switch in two or two-and-a-half hours. You talk to Juniper about four-hour support and they say they can give you priority support. That's all well and fine, but they're pretty much next-business day. So I don't know how quickly we'll be rushing to replace core components. If it's an edge device that doesn't need that level of support, [Juniper's] going to be a contender."
Enterprises that decide to try an alternative vendor rather than wait for Cisco to deliver have a lot of factors to consider.
"The buyer needs to weigh the different options," said Matthias Machowinski, directing analyst at Infonetics Research. "Do I want to stick with my existing network design? Can I afford to wait? Maybe I want to keep it a single-vendor deployment for management purposes. If you simply don't have a choice of waiting, then you need to make a move. If you're opening up new locations, you need to provide them with communications now."
In some cases, stronger project management may help network planners deal with long Cisco lead times.
"What I've found to be most effective when deploying the latest and greatest hardware is to provide for ample lead time regardless of the product," said Randy Scadden, an information technology engineer with Idaho Technology Group, a biotech equipment manufacturer in Salt Lake City. "Personally and professionally, anyone that is complaining about Cisco lead times really isn't putting in ample enough lead times to begin with when putting together their project and implementation schedules."
That said, Idaho Technology has avoided long lead times on Cisco gear largely because Scadden has purchased mostly low-end branch routers and Gigabit workgroup switches, which seem to be in ready supply.
The state of Cisco supply chain trouble remains unclear
For now, the phenomenon of network engineers turning their eyes elsewhere may become increasingly common as Cisco's product delivery delays don't appear to be ending and networking pros have complained of delays on everything from Integrated Services Routers to Nexus 7000 data center switches.
Cisco CEO John Chambers acknowledged the problem during the last earnings call with investors on May 12: "As the technology industry moves through a recovering supply/demand environment, shifts in lead times and inventory levels will occur," he said. "We have improved our lead times throughout the quarter on most products and expect these lead times to continue to improve throughout the next quarter."
A Cisco spokesperson said there is no official update on this statement, although Cisco will certainly update the public on the issue during its next earnings call on August 11.
Nor is Cisco alone in its supply chain problems, according to Machowinski. "On the Ethernet switching side, almost all the vendors talked about it two quarters ago," he said.
But Cisco seems to have suffered more than other vendors in certain categories, particularly in routers. "I think it's a case of what Cisco is putting on their routers," Machowinski said. "They tend to have more advanced feature sets, and they tend to have more services capabilities on their router platforms. That may require more specialized hardware for it to function properly."
Let us know what you think about the story; email: Shamus McGillicuddy, News Editor