By Joel Snyder
Network World, August 7, 2006
Original Article on Network World Web Site
Cymphonix's Network Composer DC30X is a security appliance designed to sit quietly between users and the Internet, blocking viruses and spyware, reporting on user and application bandwidth, and shaping traffic. It's intended to let you manage bandwidth to keep downloads from interfering with voice or other critical traffic, as well as give you a sense of what your users are doing on the network.
We tested Network Composer on our production network (see "How we tested Cymphonix") and found Cymphonix still has a number of rough edges to smooth.
We unpacked Network Composer and dropped it in front of local and branch users. Installation was simple and quick - the box has a user-side Ethernet port, an Internet-side port, and Ethernet and serial connections for management.
Cymphonix touts Network Composer as a transparent Ethernet bridge (it also acts as a simple router/firewall), but transparent isn't the right adjective. We ran into problems every time we tried to install it in our network, because it doesn't act like a bridge. As Cymphonix was quick to point out, Network Composer is designed for very constrained environments: no dynamic routing, very simple network topologies, mostly Windows and Active Directory users, and a wide-open outgoing firewall policy. We discovered that using Network Composer in other environments will cause network interruption.
Explaining what Network Composer does could take the rest of this review - basically, the product has three broad functions. First, it monitors Internet traffic and reports on network use by application category (for example, HTTP or chat) and by user (users are defined by IP address, media access control address (in very small networks) or Active Directory). Second, it lets you define bandwidth limits and enforce those limits. Third, it has antispyware, URL filtering and antivirus security features.
The strongest part of Network Composer was its monitoring and traffic reporting. Traffic flows are divided into 13 broad application categories, with a 14th category for everything else. The Web interface let us see traffic load among these categories using a top 10 list; we could drill down into individual applications, and from there to individual users. Network Composer kept track of users and maintained logs of their bandwidth use, application mix, Web sites visited, Web categories and instant messages. The box even runs Nmap against users, keeping track of open and closed ports.
The interface for monitoring was elegant and easy to understand and use. When you get to the page you want, you can broaden the time covered (last 24 hours is the default), e-mail the page, or extract it in a PDF, Excel or XML file. This makes it easy to answer the common questions, "What is my Internet connection being used for?" and "What are the users actually doing?"
The system also generated and e-mailed reports (on-demand or scheduled) covering the same information available in the Web GUI. The system's alerting feature sent us e-mail whenever certain criteria were met. The system worked well, and we were pleased to see that Network Composer designed into the product hysteresis (the process of delaying the sending of alerts for a period of time to allow repeated ones to accumulate), so alerts don't overwhelm administrators.
Because Network Composer sits between users and the Internet, everything is focused on users' use of bandwidth and resources. This means if you have Web servers on the inside, you won't want to put them inside Network Composer, because it doesn't differentiate between Web servers and Web users (Cymphonix says it is working on a fix for this).
We discovered some bugs in the reporting and monitoring interface, such as wildly incorrect numbers for active users, packet-per-second rates, IP connection counts and even internal temperature readings (for example, "average temperature: 0 degrees F"). We also found some uneven coverage: Although the box is supposed to log IM traffic, it missed traffic and generated spurious messages while we tested AOL Instant Messenger traffic, and missed Jabber and Bonjour traffic entirely. Cymphonix says the AOL problems are a known bug.
Bandwidth management, the second major function, was simple and offered broad knobs, which can be used at the application level (across all users) or at the user level (across all applications). We had to select in a system setting whether application or user limits take precedence; we couldn't combine them. A different limit can be set for upstream vs. downstream maximums, and each limit has one of seven priorities associated with it, to further sort users or applications when available bandwidth runs out.
In testing, we dropped bandwidth limits into some applications and then sent traffic through the box, with very good results. We could control total bandwidth used in both directions on well-behaved applications. In one test case using BitTorrent, however, traffic wasn't properly recognized and the bandwidth wasn't limited. In tests of user-based bandwidth limits, Network Composer excelled at keeping usage under control.
The weakest link of Network Composer is its security services. We found that antivirus scanning worked on only one protocol: HTTP Port 80. We also got very inconsistent results - loading the same Web page with a virus on it 10 times, the box blocked the virus only six times. Network Composer was able to identify viruses in e-mail we read using a browser, but didn't block viruses on any other HTTP port or using any other protocol.
Network Composer has a sweet spot - it provides small networks with visibility into application and user traffic. The combination of a Web GUI, speedy reporting, drill-down capabilities and an intuitive interface make network visibility an ideal use for this inexpensive device. When you add application bandwidth management, it becomes an attractive option for school or university networks, where application-throttling is important.
In an enterprise environment, Network Composer isn't quite as good a fit. Visibility is interesting to any network manager, but this isn't a high-speed, high-end network appliance. Its weak security features and lack of critical control functions mean Network Composer would be a better tool for small branch offices than for a corporate data center.