Slashdot Mirror
Ask Slashdot: Best Management Interface On an IT Appliance?
tippen writes "The management user interface on most networking and storage appliances are, shall we say, not up to the snuff compared to modern websites or consumer products. What are the best examples of good UX design on an IT appliance that you've managed? What was it that made you love it? What should companies (or designers) developing new products look to as best-in-class that they should be striving for?"
Not enough Javascript. Not enough external dependencies. Yeah, this totally needs to be more like modern websites.
a command line.
better than ios, easily parsed by scripts, regex support etc.
#include <sig.h>
For usability, you need to look at your target market. This means that you should be asking the people who will buy your product, rather than the people on Slashdot. (If we are your target market, at least let us know what you are developing so that we can provide meaningful input.)
I work as storage consultant in system integrator, and I can't recall good UI design it either complicated or have heavy graphics that making it slow. However, you touch appliance once in 6 month or less, so it doesn't need to be pretty or fast, just get the work done. Modern interfaces are all generally ok, can't say that one is significantly better than another. I personally, like NetApp for good old Unix CLI.
The best full featured modern UI on an appliance I have ever seen. I like it because it is easy to use. http://www.synology.com/en-global/dsm/index/overview
UI's suck... pretty much all of them. In order to look pretty they do away with functionality. Give me telnet access, command line, don't make your commands stupid and we're good to go.
Specific examples are hard to come by, but I've noticed the general trend that differentiates the "good" from the "barely usable"..
* Scalability. For example, a good interface will pop up a "search" box for finding a security group in Active Directory. A bad one will let me chose security groups from a list or a drop-down. Both look equally good when the developer is working in a test environment. The latter will crash when used in a million-object directory. Similarly, check out the DNS management dialog box in Windows, or some Oracle tools. Both will show you "all" objects up to some limit (e.g.: 5000), but then provide a filter option to allow you to narrow down the "search" to prevent the GUI from melting if you look at a database with 500K tables. Yes. It happens. A lot. More than you think. Really.
* Annotations. It's 2014 for Christ's sake! There is absolutely no reason not to include a general "note" or at least a "description" field with every. Single. Thing. Seriously. All of them. I'm not kidding. Look at VMware's vSphere interface as an example of this done reasonably well but not perfectly. They at least allow custom columns so you can tag things systematically. Better yet, newer versions of Microsoft's Group Policy allow annotations on every single setting.
* Versioning. For example, Citrix NetScaler keeps the last 'n' versions of its configuration automatically (5 by default I think). Why the fuck Cisco can't do the same with their 1KB but omfg-they're-ultra-critical-to-the-whole-goddamned-enterprise config files I just don't understand. Maybe they're trying to save precious bytes...
* Policy. Good examples are Cisco UCS Blades and, of course, Active Directory Group Policy. Settings should trickle down through hierarchies. I should never have to set the exact same setting five hundred times. Settings should set-and-unset themselves automatically based on the scenario, e.g.: replacing a blade should not involve having to reconfigure its BIOS settings by hand. A typical bad example is 99% of Linux, where every setting has to be either manually set or set via a script. A script is still manual, just faster. No! Smack yourself in the face! A script is NOT a replacement for a policy engine. Don't breathe in, ready to go on a rant about how great Linux is, and how easy it is to manage, because it's really not. Scripts are a "write only" management tool that result in impossible-to-reverse-engineer solutions that can only be replaced wholesale years down the track.
* Help. I'm not really a storage engineer, I just... dabble. However, I've set up labs with IBM and EMC kit, no problem. The one time I got asked to create a simple logical volume on a Hitachi array, I walked away backwards and refused to touch the stupid thing. It seriously had 10 pages of settings along the lines of "L3 Mode: 5/7?" I mean... wat? So sure, I press F1 for help like a naive fool. It helpfully informed me that the setting configures L3 Mode to either mode 5 or mode 7. I can press "OK" to accept the mode setting, or "Cancel" otherwise. I was enlightened. Meanwhile, the same dialog box on the EMC array basically asks for where, what size, and what RAID level.
* Behind the Scenes. Some GUIs have 1:1 mappings with some sort of underlying command-line or protocol. Consoles based on PowerShell such as most Microsoft and Citrix products come to mind, most Linux/Unix GUIs, and Database admin tools. The better ones will have a "tab" or a pop-up somewhere which shows the "script equivalent" of whatever you're doing in the GUI. This is very useful, particularly for beginners, and we're all beginners with every product at least once.
Really, GUI design is -- or should be -- a science, and not a trivial one! It integrates serious engineering constraints, business restrictions, project management priorities along with the fuzzy complexities of both individual psychology and the complex dynamics of interacting groups of people. It's done woefully wrong even by the largest c
Anything that doesnt require java, flash, silverlight, or god knows what else.
Anything that works in all browsers.
bash ; GNU tools ; ssh
I found out rj-45 plugs have this mega management user interface. I can control the whole internet with one little tab thingie.
Snapgear had a really nice GUI front end to iptables on their firewall/routers. Considering how iptables could lend itself to end up like a mess of spaghetti if handled badly that's quite a feat.
> not up to the snuff
Like your English. Do you shake your head from side to side when you talk?
Windows XP
Debian + LXDE
Both on my IT appliance (the PC).
Both simple, fast and designed for functionality and not some new buzzword called "user experience".
Very intuitive, especially insightIQ, you can just drag performance graphs left and right drill down on things over and over with a click and easily export data to csv with one click.
* A simple web frontend for manual things, that simply works in modern browsers
* A complete and easy (no SOAP please, yes I'm looking at you BIG-IP/F5) API and/or cli that can be driven from automation tools, and that provides easily for idempotency.
Serge
Can't get any better than the Synology raid.
It's a delight to use and runs in the browser, has extensive help with everything, is written *right*, so background tasks like copy etc. can proceed without the client logged in. It supports lots of users and keeps their stuff separate.
Really it's how software should be.
http://www.synology.com/en-global/dsm/index
No joke!
The management tools for the HP blade enclosures are some that I use on a regular basis that don't leave me screaming in frustration. They use panes well and don't clobber your context on a drill-down. They are extremely dense but the top 20% of functions is never more than 2-3 clicks away. And the obscure settings you last touched 6 months ago can usually be found within 15 seconds. Help function is not totally useless. It's unfortunate that it's built with Flash forms, but it does seem to be Firefox/Linux tolerant.
Basically just nice color CLI.
I like lynx and aptitude.
Not really appliances, but i like 'em.
A power switch
If you need UI beyond that, then there is something wrong with the default settings for your device.
For a networking or storage appliance, it should get on the network using stateless autoconfiguration.
If a system on your network wants to use it, it should find the services the device offers via service discovery.
If you need access controls, the device itself should find your directory service on your network via service discovery.
The only thing you should possibly have to deal with explicitly is pairing with the directory service, and if that's necessary so that you can't be MITM'ed by someone making unauthorized use of your network, it should be a momentary contact button and an LED other than the power LED on the front of the device, combined with a serial number affixed to the device. Think "Bluetooth keyboard/headset pairing".
If you administer anything at all, it should be your directory server, mostly to establish accounts, and ACLs for the accounts, which are then used to authenticate the machines that consume services advertised by the appliances and servers on your network, and on the peer machines/clients which establish authentication sessions after you hit ctrl-alt-del, or login to the login window after boot.
We do not want to connect through some silly web browser interface. We just want an SSH terminal connection with a sane command set. It really is the most powerful and clean way to implement a management interface for network and storage appliances. Additionally there must be premium documentation with lots of good hands-on examples.
The current storage array management tool from EMC, Unisphere, is a prime example of how NOT to design a friendly interface. Every 'submit' you hit will pop up 2-3 modal confirmation or status boxes. Every informational sub-pane you hit will have to get the columns resized to read all the contents. Functionality is scattered across multiple tabs - 'storage' will let you control all the settings of pools and luns except for storage groups. That's under the host tab. Reading performance data requires you to find a specific data file on the array, download it to the desktop, then open it in the browser. And this is only from 1 of the storage processors. If you want aggregate numbers download 2 files, open them in the 'merge' function, the re-open the merged file in the browser. If you want to look at several days of data, repeat the above process for each 12 hour period.
EMC is very proud of Unisphere. Because it's an improvement over the previous tool, Navisphere. I recently taught a newbie to manage an ancient array in the lab with Navisphere - a Herculean task because it made no sense at all .....
For all the folks writing up the HTML code that goes into these things: use relative URLS!
Do not put the hostname (or IP address) of the device in any of the HTML. Us IT folks sometimes need to go through proxies (and SSH tunnels) to get to these devices (which are often on isolated "management" VLANs/networks). Simply put "/network/settings" instead of "http://mydevice/network/settings" in any [a href] links (or [img] or CSS references).
If the link in the HTML has "10.10.20.45" or "netdev01.mgt.example.com" in it, but my browser is actually connecting to "localhost" (because I have to do a SSH double-hop with forwarding), I'm going to think really evil thoughts about whomever wrote the HTML generator. I do not have to want to start editing my /etc/hosts or adding aliases to lo0 loopback interface.
As for general example of what to do, using storage appliances as examples: EMC Isilon is how to do things, which is mostly straight HTML. They have some Flash in there that I find annoying, and which they should probably replace with HTML5/AJAX/SVG/etc., but that's mostly for charts and not too big of a deal. NetApp's ONTAP is how not to do things: you double-click on an icon, it launches a Java app on your workstation, then launches your web browsers at localhost to talk to the Java app. WTF?
Another comparison about Isilon versus NetApp: on OneFS you SSH in and get a full, proper Unix prompt on a FreeBSD system (with rsync, zsh, bash, screen, etc.). With ONTAP (which is also using a FreeBSD system for the underlying OS) you get a limited Fischer Price set of commands.
F5's BigIPs are also pretty good: a nice Flash-free web interface (though some of the menu layouts are convoluted), but you can SSH in as well. The admin can create new accounts, and each account can be given either a full bash shell or a 'Fischer' Price shell on SSH login (which is a nice compromise between Unix-nerd-level users and moderately-advanced users).
As a network administrator who configures routers, switches, and firewalls on a regular basis, I don't give a flying flip about what's commonly thought of as "good UX design" on IT appliances. The best UX for me is the one that's the fastest. Which means SSH, CLI, and text editors over anything graphical. As examples:
A router's web interface requires clicking through multiple pages to find the right box to check or fill in to add a new subnet to a BGP session (if it's even possible at all). Via CLI, I can do this with one config stanza.
I'd rather edit a config file (preferably one that's well-commented) in a text editor than wade through the web interface on any appliance.
I'll ALWAYS open up PuTTY instead of ASDM when I need to modify a firewall rule on a Cisco ASA.
I personally hate the trend of browser GUIs. They are always sluggish and frustrating. If I can't have an installed application I'd rather have a CLI. An added bonus to the CLI is that it keeps out the TechTards and we all make more money!
The best WebUI I ever saw on a networking appliance is the one that comes with ZeroShell. High information density with very clear and concise controls http://www.zeroshell.org/ss/pr...
They have a good functional, easy to use web interface that is just as powerful, if not more so, than the CLI. Both the web interface and CLI are easy to use and just make sense.
"My immediate reaction is "WTF? What kind of moron doesn't make things 64-bit safe to begin with?" Linus
If you don't mind home appliances, then the Synology one is the best I have experienced. Easy to use, stable, one click installs for everything, intuitive. It does the desktop metaphor but unlike all the JS libraries I've come across this one doesn't appear to lag. Well suited to its application.
In terms of server management, er probably none of them. Including the web based ones like cPanel, webmin and Plesk. OpenPanel has pretty screen shots, though you don't want to read phrases like "Please note that OpenApp always expects a clean install! Installing OpenApp packages on a non-clean system is likely to lead to data-loss or a non-functional system" so I wouldn't actually install it. All the ISPs present bottom-up approach to management, making it piecemeal. I'd rather have a top-down approach.
Phillip.
Property for sale in Nice, France
I love the Meraki web interface.
For me, I really prefer a command line interface, or at least a way to script a configuration. Seems there are so many times I cannot bring up a gui for one reason or another. Scripting makes it easily repeatable, generally more scalable and easy to go back and see how something was done before. Keep your scripted configs in version control.
I agree with you about Junos. It is a very good CLI. However, for GUI interfaces, not much can beat ScreenOS....
All these references to CLI, but all of you forget to mention VI. The lovely minimalist, but highly usable and to the point interface.
Both Tintri and Pure Storage have UI's that add to the value of the product rather than try to throw up all possible CLI commands into a jumbled mess. Awesome reporting, dashboards, graphs, etc that help you understand what's using your I/O performance and capacity, and a quick to configure interface for n00bs buying a new product from a new company.
I really do like the LuCi interface on the openwrt project. Though it's even more fun to turn it off, leaving only ssh access, and get calls from the clueless IT guy that is trying to twiddle something he shouldn't be.
I press F1 for help like a naive fool. It helpfully informed me that the setting configures L3 Mode to either mode 5 or mode 7.
This reminds me of the "help" feature in every system BIOS I've ever worked with.
Yes, a command line would be nice. A real one, not a stateful TUI without refresh posing as "command line" just because it's run over a serial--yes, I've had to work with that, it's not pretty. But I still rather have my scripts be able to fetch monitoring data using the de-facto industry standard than having to reinvent the wheel. Turns out this is a solved problem, even if it's full of yesteryear's XML. Give me SNMPv3 along with that command line.
Synology has done a remarkable job of creating a single UX design that scales from a single hard drive NAS (DS112) to a 106 drive NAS (RS10613xs+). In addition this management interface crosses several different vendors's CPUs as you move up through the product line. Their most recent release (DSM 5.0) gives you are real desktop feel in a web based interface.
You've got to set an IP address somehow. Typing a MAC address into your DHCP server isn't a cool way to do it, and you need an address that you know from the outside, not just an address the device can use to talk to servers it already knows about.
The equipment I've been using recently added a front-panel LCD/pushbutton mechanism that lets you set the IP address; previous versions of the hardware required you to either log in with an RS232 console that got a shell prompt or else use a VGA monitor and keyboard (and stupidly, the default on some versions of it required you to use the VGA/keyboard to tell the device to use the serial console.)
And while almost all the rest of the administration gets done using a web GUI, the system (which ran a custom Linux) didn't have an X server, so you typically needed to bring a VGA monitor and keyboard AND a laptop; the current versions let you do a bit more from CLI, so that's slightly less annoying.
But if you want to reimage the box (which you have to do for major version upgrades), ALMOST all of the steps can be done via the serial console. Except for the one step in the middle, where the box remembers its IP address settings but forgets that you were using a serial console instead of VGA, so you still need to have a technician onsite with a VGA, instead of being able to use a modem.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
NOT Sonicwall!!! Gawd it SUX.
The less your UI has in common with that clusterfuck the better.
I don't want any more GUI's, just RESTful API's that have complete functionality, not just a few commands for common tasks. Fancy UI's are fine for demo's so salespeople have something for customers to ooh and ahh over, or for small customers with limited IT staff. Most work these days is going into automation involving multiple tasks.
A10 Load Balancers UI is well made reasonably bug free. Includes all needed options for whatever part you are working on and is not dumbed down to keep you form hurting yourself.
NetApp
- Command Line in cDOT is pretty useful, I script a ton of things due to this.
- OnCommand System Manager has problems, it even lost functionality in the move from the non clustered OnTap to clustered OnTap. (easy to fix on their end, just a lack of attention to detail) But when you have 30+ filers across a dozen sites, it's all well organized. I'd like to see better performance, but it does 90% of what I need.
- The old FilerView worked for a small shop, but having all filers in the same interface is mandatory when you have as many as we do.
Isilon
- The web interface is pretty in OneFS7, but working with fileshares is kind of icky. When you have something that scales to 20-40PB, you'll have a few fileshares. And every time I have to work with one, it's not a great experience.
Violin
- My old 3000 series had an excellent interface, but it's limited since it's straight SAN, no CIFS/NFS. But fully HTML5, fully rearrangeable.
- The 6000 series interface is supposed to be a tremendous upgrade. I have one in a box waiting for me to get to our DR site to light it up, so hopefully soon I'll know more. But this has been my favorite interface so far.
Nimble
- I don't use this one weekly, a different admin works on it, but it seems pretty straight forward.
DataDomain
- Same as above. It works. Nothing to write home about.
FusionIO
- Big whoop. We're actually going to put Pernix in front of our FusionIO cards and stop using their interface as Pernix has so much better functionality and integration with vCenter.
PureStorage
- I don't own this, we are about to do a POC. But it seems pretty nice from the sales pitch/demos.
If you want to see a decent layout, NetApp's onCommand System Manager does a good job.
If you want to see excellent non-Adobe flash functionality, Violin.
Hope that's useful.
My mom says I'm cool.
Changes in browser tech make well-intentioned appliances un-usable, sometimes prior to the end of their service life (SonicWall). This problem arises because they attempt to accommodate the lowest common denominator, rather than ask the individual to use their brain and navigate through a non-glossed experience.
Hopefully more manufacturers will focus on solid SSH interfaces, and resist the incessant tug of the Apple-it-up crowd. I prefer saving money and the environment to a control interface that feels like iTunes. Sadly, this makes me the oddball consumer.
1 have a Quick Setup page with the most common settings all in one shot
2 Don't have "mystery magic" type settings (hint have a WIFI ON button not spread the ON function across 3 different settings that seem unrelated)
3 have a CLI "rail" so that CLI monkeys can bash the keys when they want to (but have something in the manual where it says
" to enable the SpeedConfig (TM) rail input %^73gH and the products serial number as your first command [this will be a permanent setting]")
4 put how to get to the admin console on a sticker on the item
5 do not assume that the person is using a laptop with 1024X768 res (hint there are things called netbooks running about and you also have smartphones)
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Everything where it should be.
Excellent help.
Graphical authentication trees.
Cisco are the worst people for making UI that is useful. Their ACS server is the worst.
Just a proper and full-fledged bash. Seriously, the magic and automation you can do with it...
PRTG (paessler.com). This network management tool is not, strictly speaking, an IT appliance. But it might as well be, since it's trivial to install on a dedicated physical or virtual host, at which point it walks and quacks like any other IT widget. PRTG's interface makes extensive use of Ajax, real time charting, and sports an extremely logical organization that is both intuitive and powerful. It works equally well on desktop and mobile browsers, a rare treat for IT gear.
Setting aside for the moment the CLI snobs (and I'm one of them) and trying to answer your question in the spirit it was intended the Infoblox IPAM/DNS/DHCP appliances have very, very good UX/UI design up to modern "Web 2.0" (or 3.0) HTML5 standards. You can download their free IPAM virtual appliance to get a taste for this appliance UI look-and-feel.
They take full advantage of the capabilities of modern web design and I'm fairly certain they're using ExtJS for the front-end UI toolkit - and they've taken it to its maximum capabilities and perhaps beyond. It wasn't a quick, let's just make this work bit of coding using the simplest features of ExtJS. They've used its capabilities completely.
It's someone funny, too, as their pre-5.0 NIOS UI was perhaps the worst, clunkiest, and least intuitive Java applet I had ever seen. I simply couldn't use or understand it. Thankfully someone with some sense in their organization realized what they had for a UI was truly awful - no matter how capable the appliances themselves were.
AWS is a shit ton better than most things out there, seems they are trying to look nicer instead of function better as of late. Vmware has become ridiculous, but it never was well laid out at the enterprise level. CLI Tools and doing it your own way to suit your tasks still remain the only way. I must say Synology and Kerio are pretty slick, but AWS web interface is still king.
and can't telnet or ssh in,
NetBSD (or Linux if that is your faith) on a soerkis box. UI is a Unix Shell. What else?
Dell Compellent's storage array has a very intuitive web management console. It is by far the easiest storage platform I have ever used.
"A plan fiendishly clever in its intricacies"- Homer Simpson
I would prefer a good fully capable API over a good appliance user interface any day.
A configuration API allows businesses to manage the appliance using their own UI specifically designed for how their business runs. In many of the projects I've worked on we ultimately end up created a user self service portal specific to how the equipment is being used. This allows more general IT staff to make configuration changes without knowing the complexities on the back end. This can also be used to enforce configuration standards.
I find the little things often neglected such as:
Ctrl-A to select all
Triple Click
The ability to select text from e.g. labels to copy at all..
Proper ordering of widgets for tab
Click radio button/check box label
Etc.
If applications could just get the basics right it'd go a long way.
Barracuda's interface isn't too bad on most of their products considering how complex they are. Ubiquiti's AirOS on their wireless bridges and devices is wonderfully put together.
Also, m0n0wall and Tomato are favorites of mine.
[RIAA] says its concern is artists. That's true, in just the sense that a cattle rancher is concerned about its cattle.