Caption by: Matt Tett
Technology convergence is, in theory at least, a great idea. One product doing more things means less complexity, more integration and lower cost. But all too often there are drawbacks. In many cases, the good features of a standalone device, built up through years of product evolution, are lost. Technology hashing is rife in consumer products such as mobile phones, digital cameras and PDAs, and the same is true in business technology including firewalls, anti-malware devices, content filters, intrusion detection and prevention devices.
Several years ago, Cisco's hardware design engineers released their own take on convergence, the Integrated Services Router (ISR) family. Blending Cisco's know-how in security, wireless networking, VoIP telephony, network switches and routers, the company's range of products have now enjoyed a few years of revision and evolution.
For this review, Cisco shipped us the 891 ISR product, which is designed for small offices and remote branches from 8 up to 50 users. As our testing and evaluation reveals, we feel that it gets the balance of features right, and fits its target market perfectly.
Design & features
The Cisco 891 is a small-form-factor device in the ubiquitous Cisco dark grey. Although its physical size is diminutive, the number of features that Cisco's engineers have packed into it ensures it will live up to its 'Integrated Services' moniker. This ISR focuses primarily on the networking side of the convergence coin, integrating an eight-port switch that supports up to 14 VLANs. Four of the network ports can be used for power-over-Ethernet (PoE) injection for VoIP handsets or wireless LAN access points.
Being a Cisco product, it also includes a feature-rich router that boasts two WAN ports, with v90 dial-up in the 891 version, and ISDN (BRI) in the 892 model for backup connectivity. One disappointment is that the 890 family does not offer a 3G option like its 880 sibling. We have been informed that 3G may be on the cards for the 890s in the near future. There is also a plethora of VPN support, including dynamic VPN and GETVPN.
Security systems are inherent, as they should be for a device transporting corporate data between branches and to head office. Cisco's usual consistency and simplicity is evident in this device. For example, the Internetwork Operating System (IOS) is still there, along with the traditional serial interface (for the hardcore Cisco stalwarts that love the text-based interface).
Cisco also supplies a user-friendly and intuitive graphical user interface that includes a number of neat wizards. One of the standouts is the security audit function, which runs through a list of best-practice security checks and creates a simple list. The administrator can then review this list and jump directly to the potential vulnerability to make amendments to the configuration. For larger deployments, administration can also be undertaken remotely from a centralised management, monitoring and policy system.
The Cisco Configuration Professional (CCP) graphical user interface.
The 891/2 ISR series includes an optional integrated 802.1n wireless access point, designated by the 891-W and 892-W codes. This may be adequate for many smaller offices, providing the network termination patch panels and WAN connectivity is in a favourable location (preferably centralised in the office layout), otherwise separate wireless access points may need to be considered. Cisco also offers great granular control over the wireless configuration. The 891 supports its unified wireless management, enabling wireless policies to be set and pushed out on a global basis to the corporate WLAN.
How we tested
We created a replica of the environment in which one of these devices would typically be deployed — a regional branch office or small office with 10 to 15 employees. We connected the unit and ran through the entire process of setting it up; connecting to the WAN, configuring basic security and wireless policies, setting up a VPN and connecting up users. The whole process was completed in less than an hour, and that was by someone who was not overly familiar with Cisco's graphical user interface. As mentioned, the security audit feature is excellent and highlighted a number of common oversights that non-security focused administrators make that were easily rectified.
The CCP network interface status monitoring.
Using the Enex eMetric network performance test suite, we ran the dual-radio wireless components of the product through a number of performance tests. The eMetric target test server was connected directly to one of the RJ-45 network ports on the router's switch and two notebooks were used for the client test (one was 802.11n-equipped while the other had 802.11g). There was no load on the network interfaces at the time apart from the eMetric traffic because we were seeking to test raw throughput. Results were recorded in Kbps.
We then simulated a real-world environment and passed the 891 through various hoops including contending with varying distances and obstacles such as walls, corridors, corners, floors, lift and stair wells, between the client and access point (AP) to a maximum of 55 metres.
Wireless performance (Kbps) versus distance (metres) over 802.11n (red line) and 802.11g (green line).
The Cisco 891 ISR's wireless performance is good, with a maximum on the 802.11n network of just over 70Mbps and on 802.11g of just under 20Mbps. Up to 40 metres, 802.11n maintains a very healthy performance advantage over 802.11g, reaching 40Mbps and 20Mbps respectively at that distance. Beyond 40 metres, 802.11n performance drops sharply to bring it almost in line with 802.11g through to 55m. The performance bottleneck in most networks, however, is the WAN/internet connection — particularly if the branch office is connected via DSL, as that ranges between 1Mbps and 4Mbps.
As reviewed by ZDNet Australia, the 891 ISR with optional Wi-Fi costs AUS$3,175. We are currently awaiting a UK list price from Cisco, and will add this as soon as possible.
Matt Tett works for Enex TestLab, one of Australia's most experienced independent technology test facilities. After more than 16 years with RMIT IT TestLab, Enex's founders acquired the business from RMIT in 2005.
Caption by: Matt Tett
Caption by: Matt Tett