Strengths: Good device support for network equipment vendors. Nice automation tools, can save a lot of time
Weaknesses: Compliance reporting is only to enterprise policy
Verdict: Great tool for auditing and managing network equipment
ManageEngine's DeviceExpert is a web-based, multi-vendor network configuration, change and compliance management (NCCCM) solution for network devices. It helps to manage configurations, monitor and control changes, prevent unauthorised changes, define standard practices and policies and automatically validate configurations for compliance.
The product loads on a Microsoft server and uses MySQL as its backend database. Once loaded, it can discover devices on your network, using either an IP discovery or SNMP discovery scan. There is a pull-down menu containing vendors for labelling devices. Once the devices are discovered, they can be managed over both unsecured and secure protocols, such as Telnet, TFTP and SSH.
The first action we performed was to back up the configuration. Configurations are stored in the database in encrypted form. The user interface can be used to audit, compare, upload, back up and validate configurations. The product automates repetitive configuration tasks and makes a full record of the 'who', 'what' and 'when' of configuration changes.
The UI is set up in a tabbed format and fairly easy to use. A lot of built-in pull-down menuing is available, but you still have very good drill-down capabilities to get to the details.
Good high-level graphical reports are available to provide a high-level enterprise view.
It was pretty easy to create rules and then to apply those rules to audit the configurations of the devices under management. Templates exist that allow you to customise. You can associate a single rule/policy with a single device or a group of devices. You can create policies to scan your devices for a newly released exploit and get a picture of your risk. The risk level is presented using a severity colour-coded scale, making it easy to navigate or filter to the high-risk items.
The admin function allowed for some custom scripting capabilities. The one we were demoed changed thousands of passwords via a password-change policy automatically when scheduled - without intervention required from IT staff. The product was simple to use and it did what it advertised very well.