Enterprise products may not be plug-and-play, but one of the key benefits of an appliance is that it shouldn't require a lot of
IronPort was clearly the smoothest installation, followed by CipherTrust. Symantec and BorderWare were somewhat problematic. Once the appliances were installed, CipherTrust and IronPort presented the smoothest configuration experiences; the former because of its engineering support, the latter because of its documentation. On the other hand, they offer far wider sets of configuration options than either Symantec or BorderWare, meaning the experience may be more complex and time-consuming depending on how granular the appliance is tuned.
The IronPort installation starts with a command-line wizard and moves smoothly into a Web-based interface. A clear one-page installation check-off list and succinct Quick Start Guide helped us zip right through. The wizard was truly a fill-in-the-blanks installation. The only hiccup was at the end of the Web-based component, which failed due to cookies being disabled in Internet Explorer--an undocumented issue. We completed the install using Firefox (alternatively, we could have enabled cookies in IE). CipherTrust was the only vendor to insist on a telephone-supported installation, which went smoothly; our feeling was that we could have done well on our own. The manuals are nicely laid out, with plenty of screen shots and pictures of the appliance. Wizards--though not quite as polished as IronPort's--for both the command line and browser interfaces guide you through the installation. However, the software update process is somewhat kludgy (you must query the update service for each update). CipherTrust's installation team was highly knowledgeable and very professional.
CipherTrust provides the most robust set of predefined filters, including antispam and antivirus settings based on industry best practices. Very few changes or modifications would be needed to configure your appliance for state-of-the-art e-mail protection. The only real challenge for CipherTrust is adding new rules, which requires a command-line style of coding. Wizards would make this a more complete package.
The BorderWare installation was more problematic. The appliance was sent without manuals; when we did receive the documentation, it was for a different model, but was close enough to get us through.
There were no pictures of the device to identify the network cards, the network adapters don't follow standard right-to-left or left-to-right conventions--0, 1, 2 or 2, 1, 0-- and only through three hours of trial-and-error testing to see if the box was live or dead did we figure out that the internal firewall drops ping packets. When the device responded to HTTPS, we finally determined which network adapter we had actually configured.
Once the command-line wizard is complete, you are left with a DOS-like menu that lacks a top menu bar to show possible menu selections (we accidentally pressed an arrow key and another menu box showed up). Neither the documentation nor online installation help gives any guidance on whether to choose an automatic or manual installation.
But, the license, software update and security processes are well thought out and straightforward. Setting up the box for mail was completed via a slick wizard. BorderWare provides a basic set of default rules, but changing settings is simply a matter of selecting check boxes.
The Symantec installation began with a three-day ordeal troubleshooting what turned out to be a bad box. The good news was Symantec's response: The company brought in any and all resources needed to remedy the situation, and it listened to its customer. Technicians dialed remotely into the appliance, and together we spent nearly six hours total over the three days trying to correct the problem. In the end, they sent a new box, which installed flawlessly.
This experience revealed two issues: Symantec's registration process needs to be more flexible and allow direct IP addressing. We learned this because the installation problem stemmed from the appliance's inability to use DNS to find Symantec's registration site, thus, we could not move into the browser-based interface to control the box. We had to use their command line, but Symantec admittedly "hides" the command-line commands available in the dark recesses of its documentation. The technical support folks stated flatly that they don't want customers using the command line.
Two other problems plagued this installation: The physical connectors are so poorly placed that we resorted to using old Cat 3 Ethernet cables (without rubber "hoods") to plug in; the same was true of the video cable. We had to "work" the video connector into the physical boundaries of the appliance.
On the plus side, the beauty of the Symantec configuration process is that, once you complete the command-line wizard, the basic mail settings are complete. This was a clear advantage over the other appliances. The default policies are very basic, but the intuitive wizard makes creating new policies easy.
This was first published in October 2005