Technology convergence is, in theory at least, a great idea. One product doing more things means less complexity, more integration and lower cost, but too often it has been for the worse.
In many cases, the good features of a stand-alone device, built up through years of product evolution, are lost. Technology hashing is rife in consumer products such as mobile phones, digital cameras, PDAs and, of course, business technology too, which includes firewalls, anti-malware devices, content filters, intrusion detection and prevention devices.
Several years ago, Cisco's hardware design engineers released their own take on convergence, the Integrated Service Router (ISR) family. Blending Cisco's know-how in security, wireless networking, VoIP telephony, network switches and routers, the company's range of products have now enjoyed a few years of revision and evolution.
For this review, Cisco shipped Enex TestLab the 891 ISR product, designed for small offices and remote branches from eight users up to 50 users. As our testing and evaluation reveals below, we feel that it gets the balance of features right, and fits its target market perfectly.
Cisco 891 ISR
The Cisco 891 is a small form factor device in the ubiquitous Cisco dark grey. While its physical size is diminutive, the number of features that Cisco's engineers have packed into it ensures it will live up to its "Integrated Services" moniker. This ISR focuses primarily on the networking side of the convergence coin, integrating an eight-port switch that supports up to 14 VLANs. Four of the network ports can be used for power over Ethernet (PoE) injection for VoIP handsets or Wireless LAN access points.
Being a Cisco product, it also includes a feature-rich router that boasts two WAN ports, with v90 dial-up in the 891 version, and ISDN (BRI) in the 892 for backup connectivity. One disappointment is that the 890 family does not offer a 3G option like its 880 sibling. We have been informed that 3G may be on the cards for the 890s in the near future. There is also a plethora of VPN support including dynamic VPN and GETVPN.
Security systems are inherent, as they should be if transporting corporate data between branches and to head office. Cisco's usual consistency and simplicity is evident in this device. For example, the Internetwork Operating System (IOS) is still there, along with the traditional serial interface (for the hardcore Cisco stalwarts that love the text-based interface).
On the flip side, Cisco also supplies a really user-friendly and intuitive graphical user interface that includes a number of neat wizards. One of the standouts is the security audit function, which runs through a list of best practice security checks and creates a simple list for the administrator to review and jump directly to the potential vulnerability to make amendments to the configuration. For larger deployments, management can also be undertaken remotely from a centralised management, monitoring and policy system.
The Cisco Configuration Professional (CCP) graphical user interface
(Credit: CBS Interactive)
Cisco also offers an optional integrated 802.1n wireless access point, designated by the 891-W and 892-W codes. This may be adequate for many smaller offices, providing the network termination patch panels and WAN connectivity is in a favourable location (preferably centralised in the office layout), otherwise separate wireless access points may need to be considered. Cisco also offers great granular control over the wireless configuration. The 891 supports its unified wireless management, enabling wireless policies to be set and pushed out on a global basis to the corporate WLAN.
How we tested
We created a fairly standard scenario replicating the environment that would typically see one of these devices deployed — a regional branch office or small office with 10 to 15 employees. We connected the unit and ran through the entire process of setting it up; connecting to the WAN, configuring basic security and wireless policies, setting up a VPN, and connecting users. The whole process was completed in less than an hour, and that was by someone who was not overly familiar with Cisco's graphical user interface. As mentioned, the security audit feature is excellent and highlighted quite a number of very common oversights that non-security focused admins make which were easily rectified.
The CCP network interface status monitoring
(Credit: CBS Interactive)
Using the Enex eMetric network performance test suite, we ran the dual-radio wireless components of the product through a number of performance tests. The eMetric target test server was connected directly to one of the RJ45 network ports on the router's switch and two notebooks were used for the client test (one that was 802.11n equipped and one that was 802.11g equipped). There was no load on the network interfaces at the time apart from the eMetric traffic because we were seeking to test raw throughput. Results were recorded in Kbps.
We then simulated a real-world environment and passed the 891 through various hoops including contending with varying distances and obstacles such as walls, corridors, corners, floors, lift and stair wells, between the client and access point (AP) to a maximum of 55 metres.
Cisco's 891 wireless performance capabilities are good with a maximum on the 802.11n network of just a touch over 70Mbps and the 802.11g of just under 20Mbps. We witnessed roughly double the speed, or more, all the way up to 40 metres using the 802.11n versus using the 802.11g across a WLAN/LAN at 40Mbps vs. 20Mbps respectively at that distance. After 40 metres, the 802.11n performance drops sharply to bring it almost in line with the 802.11g all the way through to 55 metres. The performance bottleneck in most networks, however, is the WAN/internet connection — particularly if the branch office is connected via DSL as that ranges between 1Mbps and 4Mbps.