Customers that I have worked with over the past 4 years seem to find meeting the requirement difficult not because they don’t want to meet it, but because the ownership of network administration typically doesn’t belong to the same staff that operates IEM. Most of my customers, though not all, have been at a large scale - 50K endpoints or much larger on a single IEM server.
When the solution is architected and the requirements are drafted, the customer will typically nod and say they understand this network requirement.
Then when installation day arrives, we find the port hasn’t been opened or maybe it is open for one of the protocols but not both. Or it is open for both but it isn’t synchronous. And we spend hours, sometimes days going back and forth. The firewall owners will say “everything is open,” the IEM staff will try to find other potential interpretations of client log and tcp dump errors and presume there is something wrong with the product. Net result is time is wasted. A lot of time that could be spent doing something much more productive.
I just went through this again with a customer that has had their implementation up and running for about a year. One of their segments was moved to a new external service provider. Unsurprisingly there was an outage on that segment for 3 business days. The customer and the network service provider kept hitting the ball back to me, asking why the product wasn’t working.
It took that many days to convince the right person that the port they said was open really wasn’t, despite the wireshark trace results and log file interpretations. And once the port was open, TCP and UDP weren’t configured for bidirectional communication.
I don’t think it is often, if ever, that there is a reluctance to open a port. I think the administrator(s) in charge of meeting the requirement simply don’t understand it, but maybe I’m wrong.
Based on the responses this could also be a problem isolated to large scale customers whose IT staff have very compartmentalized responsibilities. Communication breakdown?
Regardless of the cause, I’d really like to find a way to prevent this loss of time for all parties involved. If there is a way that IBM can do a better job of articulating the requirement, I’m all for starting the movement.