Slashdot Mirror
Ask Slashdot: Best Management Interface On an IT Appliance?
tippen writes "The management user interface on most networking and storage appliances are, shall we say, not up to the snuff compared to modern websites or consumer products. What are the best examples of good UX design on an IT appliance that you've managed? What was it that made you love it? What should companies (or designers) developing new products look to as best-in-class that they should be striving for?"
Not enough Javascript. Not enough external dependencies. Yeah, this totally needs to be more like modern websites.
a command line.
better than ios, easily parsed by scripts, regex support etc.
#include <sig.h>
For usability, you need to look at your target market. This means that you should be asking the people who will buy your product, rather than the people on Slashdot. (If we are your target market, at least let us know what you are developing so that we can provide meaningful input.)
The best full featured modern UI on an appliance I have ever seen. I like it because it is easy to use. http://www.synology.com/en-global/dsm/index/overview
UI's suck... pretty much all of them. In order to look pretty they do away with functionality. Give me telnet access, command line, don't make your commands stupid and we're good to go.
Specific examples are hard to come by, but I've noticed the general trend that differentiates the "good" from the "barely usable"..
* Scalability. For example, a good interface will pop up a "search" box for finding a security group in Active Directory. A bad one will let me chose security groups from a list or a drop-down. Both look equally good when the developer is working in a test environment. The latter will crash when used in a million-object directory. Similarly, check out the DNS management dialog box in Windows, or some Oracle tools. Both will show you "all" objects up to some limit (e.g.: 5000), but then provide a filter option to allow you to narrow down the "search" to prevent the GUI from melting if you look at a database with 500K tables. Yes. It happens. A lot. More than you think. Really.
* Annotations. It's 2014 for Christ's sake! There is absolutely no reason not to include a general "note" or at least a "description" field with every. Single. Thing. Seriously. All of them. I'm not kidding. Look at VMware's vSphere interface as an example of this done reasonably well but not perfectly. They at least allow custom columns so you can tag things systematically. Better yet, newer versions of Microsoft's Group Policy allow annotations on every single setting.
* Versioning. For example, Citrix NetScaler keeps the last 'n' versions of its configuration automatically (5 by default I think). Why the fuck Cisco can't do the same with their 1KB but omfg-they're-ultra-critical-to-the-whole-goddamned-enterprise config files I just don't understand. Maybe they're trying to save precious bytes...
* Policy. Good examples are Cisco UCS Blades and, of course, Active Directory Group Policy. Settings should trickle down through hierarchies. I should never have to set the exact same setting five hundred times. Settings should set-and-unset themselves automatically based on the scenario, e.g.: replacing a blade should not involve having to reconfigure its BIOS settings by hand. A typical bad example is 99% of Linux, where every setting has to be either manually set or set via a script. A script is still manual, just faster. No! Smack yourself in the face! A script is NOT a replacement for a policy engine. Don't breathe in, ready to go on a rant about how great Linux is, and how easy it is to manage, because it's really not. Scripts are a "write only" management tool that result in impossible-to-reverse-engineer solutions that can only be replaced wholesale years down the track.
* Help. I'm not really a storage engineer, I just... dabble. However, I've set up labs with IBM and EMC kit, no problem. The one time I got asked to create a simple logical volume on a Hitachi array, I walked away backwards and refused to touch the stupid thing. It seriously had 10 pages of settings along the lines of "L3 Mode: 5/7?" I mean... wat? So sure, I press F1 for help like a naive fool. It helpfully informed me that the setting configures L3 Mode to either mode 5 or mode 7. I can press "OK" to accept the mode setting, or "Cancel" otherwise. I was enlightened. Meanwhile, the same dialog box on the EMC array basically asks for where, what size, and what RAID level.
* Behind the Scenes. Some GUIs have 1:1 mappings with some sort of underlying command-line or protocol. Consoles based on PowerShell such as most Microsoft and Citrix products come to mind, most Linux/Unix GUIs, and Database admin tools. The better ones will have a "tab" or a pop-up somewhere which shows the "script equivalent" of whatever you're doing in the GUI. This is very useful, particularly for beginners, and we're all beginners with every product at least once.
Really, GUI design is -- or should be -- a science, and not a trivial one! It integrates serious engineering constraints, business restrictions, project management priorities along with the fuzzy complexities of both individual psychology and the complex dynamics of interacting groups of people. It's done woefully wrong even by the largest c
Anything that doesnt require java, flash, silverlight, or god knows what else.
Anything that works in all browsers.
bash ; GNU tools ; ssh
Snapgear had a really nice GUI front end to iptables on their firewall/routers. Considering how iptables could lend itself to end up like a mess of spaghetti if handled badly that's quite a feat.
Windows XP
Debian + LXDE
Both on my IT appliance (the PC).
Both simple, fast and designed for functionality and not some new buzzword called "user experience".
* A simple web frontend for manual things, that simply works in modern browsers
* A complete and easy (no SOAP please, yes I'm looking at you BIG-IP/F5) API and/or cli that can be driven from automation tools, and that provides easily for idempotency.
Serge
A power switch
If you need UI beyond that, then there is something wrong with the default settings for your device.
For a networking or storage appliance, it should get on the network using stateless autoconfiguration.
If a system on your network wants to use it, it should find the services the device offers via service discovery.
If you need access controls, the device itself should find your directory service on your network via service discovery.
The only thing you should possibly have to deal with explicitly is pairing with the directory service, and if that's necessary so that you can't be MITM'ed by someone making unauthorized use of your network, it should be a momentary contact button and an LED other than the power LED on the front of the device, combined with a serial number affixed to the device. Think "Bluetooth keyboard/headset pairing".
If you administer anything at all, it should be your directory server, mostly to establish accounts, and ACLs for the accounts, which are then used to authenticate the machines that consume services advertised by the appliances and servers on your network, and on the peer machines/clients which establish authentication sessions after you hit ctrl-alt-del, or login to the login window after boot.
For all the folks writing up the HTML code that goes into these things: use relative URLS!
Do not put the hostname (or IP address) of the device in any of the HTML. Us IT folks sometimes need to go through proxies (and SSH tunnels) to get to these devices (which are often on isolated "management" VLANs/networks). Simply put "/network/settings" instead of "http://mydevice/network/settings" in any [a href] links (or [img] or CSS references).
If the link in the HTML has "10.10.20.45" or "netdev01.mgt.example.com" in it, but my browser is actually connecting to "localhost" (because I have to do a SSH double-hop with forwarding), I'm going to think really evil thoughts about whomever wrote the HTML generator. I do not have to want to start editing my /etc/hosts or adding aliases to lo0 loopback interface.
As for general example of what to do, using storage appliances as examples: EMC Isilon is how to do things, which is mostly straight HTML. They have some Flash in there that I find annoying, and which they should probably replace with HTML5/AJAX/SVG/etc., but that's mostly for charts and not too big of a deal. NetApp's ONTAP is how not to do things: you double-click on an icon, it launches a Java app on your workstation, then launches your web browsers at localhost to talk to the Java app. WTF?
Another comparison about Isilon versus NetApp: on OneFS you SSH in and get a full, proper Unix prompt on a FreeBSD system (with rsync, zsh, bash, screen, etc.). With ONTAP (which is also using a FreeBSD system for the underlying OS) you get a limited Fischer Price set of commands.
F5's BigIPs are also pretty good: a nice Flash-free web interface (though some of the menu layouts are convoluted), but you can SSH in as well. The admin can create new accounts, and each account can be given either a full bash shell or a 'Fischer' Price shell on SSH login (which is a nice compromise between Unix-nerd-level users and moderately-advanced users).
As a network administrator who configures routers, switches, and firewalls on a regular basis, I don't give a flying flip about what's commonly thought of as "good UX design" on IT appliances. The best UX for me is the one that's the fastest. Which means SSH, CLI, and text editors over anything graphical. As examples:
A router's web interface requires clicking through multiple pages to find the right box to check or fill in to add a new subnet to a BGP session (if it's even possible at all). Via CLI, I can do this with one config stanza.
I'd rather edit a config file (preferably one that's well-commented) in a text editor than wade through the web interface on any appliance.
I'll ALWAYS open up PuTTY instead of ASDM when I need to modify a firewall rule on a Cisco ASA.
I personally hate the trend of browser GUIs. They are always sluggish and frustrating. If I can't have an installed application I'd rather have a CLI. An added bonus to the CLI is that it keeps out the TechTards and we all make more money!
The best WebUI I ever saw on a networking appliance is the one that comes with ZeroShell. High information density with very clear and concise controls http://www.zeroshell.org/ss/pr...
They have a good functional, easy to use web interface that is just as powerful, if not more so, than the CLI. Both the web interface and CLI are easy to use and just make sense.
"My immediate reaction is "WTF? What kind of moron doesn't make things 64-bit safe to begin with?" Linus
If you don't mind home appliances, then the Synology one is the best I have experienced. Easy to use, stable, one click installs for everything, intuitive. It does the desktop metaphor but unlike all the JS libraries I've come across this one doesn't appear to lag. Well suited to its application.
In terms of server management, er probably none of them. Including the web based ones like cPanel, webmin and Plesk. OpenPanel has pretty screen shots, though you don't want to read phrases like "Please note that OpenApp always expects a clean install! Installing OpenApp packages on a non-clean system is likely to lead to data-loss or a non-functional system" so I wouldn't actually install it. All the ISPs present bottom-up approach to management, making it piecemeal. I'd rather have a top-down approach.
Phillip.
Property for sale in Nice, France
I agree with you about Junos. It is a very good CLI. However, for GUI interfaces, not much can beat ScreenOS....
I really do like the LuCi interface on the openwrt project. Though it's even more fun to turn it off, leaving only ssh access, and get calls from the clueless IT guy that is trying to twiddle something he shouldn't be.
I press F1 for help like a naive fool. It helpfully informed me that the setting configures L3 Mode to either mode 5 or mode 7.
This reminds me of the "help" feature in every system BIOS I've ever worked with.
You've got to set an IP address somehow. Typing a MAC address into your DHCP server isn't a cool way to do it, and you need an address that you know from the outside, not just an address the device can use to talk to servers it already knows about.
The equipment I've been using recently added a front-panel LCD/pushbutton mechanism that lets you set the IP address; previous versions of the hardware required you to either log in with an RS232 console that got a shell prompt or else use a VGA monitor and keyboard (and stupidly, the default on some versions of it required you to use the VGA/keyboard to tell the device to use the serial console.)
And while almost all the rest of the administration gets done using a web GUI, the system (which ran a custom Linux) didn't have an X server, so you typically needed to bring a VGA monitor and keyboard AND a laptop; the current versions let you do a bit more from CLI, so that's slightly less annoying.
But if you want to reimage the box (which you have to do for major version upgrades), ALMOST all of the steps can be done via the serial console. Except for the one step in the middle, where the box remembers its IP address settings but forgets that you were using a serial console instead of VGA, so you still need to have a technician onsite with a VGA, instead of being able to use a modem.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
NOT Sonicwall!!! Gawd it SUX.
The less your UI has in common with that clusterfuck the better.
I don't want any more GUI's, just RESTful API's that have complete functionality, not just a few commands for common tasks. Fancy UI's are fine for demo's so salespeople have something for customers to ooh and ahh over, or for small customers with limited IT staff. Most work these days is going into automation involving multiple tasks.
NetApp
- Command Line in cDOT is pretty useful, I script a ton of things due to this.
- OnCommand System Manager has problems, it even lost functionality in the move from the non clustered OnTap to clustered OnTap. (easy to fix on their end, just a lack of attention to detail) But when you have 30+ filers across a dozen sites, it's all well organized. I'd like to see better performance, but it does 90% of what I need.
- The old FilerView worked for a small shop, but having all filers in the same interface is mandatory when you have as many as we do.
Isilon
- The web interface is pretty in OneFS7, but working with fileshares is kind of icky. When you have something that scales to 20-40PB, you'll have a few fileshares. And every time I have to work with one, it's not a great experience.
Violin
- My old 3000 series had an excellent interface, but it's limited since it's straight SAN, no CIFS/NFS. But fully HTML5, fully rearrangeable.
- The 6000 series interface is supposed to be a tremendous upgrade. I have one in a box waiting for me to get to our DR site to light it up, so hopefully soon I'll know more. But this has been my favorite interface so far.
Nimble
- I don't use this one weekly, a different admin works on it, but it seems pretty straight forward.
DataDomain
- Same as above. It works. Nothing to write home about.
FusionIO
- Big whoop. We're actually going to put Pernix in front of our FusionIO cards and stop using their interface as Pernix has so much better functionality and integration with vCenter.
PureStorage
- I don't own this, we are about to do a POC. But it seems pretty nice from the sales pitch/demos.
If you want to see a decent layout, NetApp's onCommand System Manager does a good job.
If you want to see excellent non-Adobe flash functionality, Violin.
Hope that's useful.
My mom says I'm cool.
1 have a Quick Setup page with the most common settings all in one shot
2 Don't have "mystery magic" type settings (hint have a WIFI ON button not spread the ON function across 3 different settings that seem unrelated)
3 have a CLI "rail" so that CLI monkeys can bash the keys when they want to (but have something in the manual where it says
" to enable the SpeedConfig (TM) rail input %^73gH and the products serial number as your first command [this will be a permanent setting]")
4 put how to get to the admin console on a sticker on the item
5 do not assume that the person is using a laptop with 1024X768 res (hint there are things called netbooks running about and you also have smartphones)
Any person using FTFY or editing my postings agrees to a US$50.00 charge
PRTG (paessler.com). This network management tool is not, strictly speaking, an IT appliance. But it might as well be, since it's trivial to install on a dedicated physical or virtual host, at which point it walks and quacks like any other IT widget. PRTG's interface makes extensive use of Ajax, real time charting, and sports an extremely logical organization that is both intuitive and powerful. It works equally well on desktop and mobile browsers, a rare treat for IT gear.
NetBSD (or Linux if that is your faith) on a soerkis box. UI is a Unix Shell. What else?
Dell Compellent's storage array has a very intuitive web management console. It is by far the easiest storage platform I have ever used.
"A plan fiendishly clever in its intricacies"- Homer Simpson
For the most part, yes, but there's something to be said for gui in the fwbuilder/ASDM space and for visibility operations. A minority of tasks are actually easier in a GUI, though it has to be a pretty good GUI or its a wash.
Someone had to do it.
This reminded me to mention -- developers, please check that your terminal interface works from linux, not with some bastardized windows ssh client. Linux users are your most likely CLI users, and if you do anything with escape sequences, there is a tangible chance you'll step on an incompatibility. Oh, and don't activate the secondary VT100 screen please, we want to be able to scroll up and cut from our previous output. Also check that the CLI still works after exiting from your device by typing some multi-line commands and checking that the scrolling and line editing haven't been screwed up.
Someone had to do it.
Cisco are the worst people for making UI that is useful.
Hit or miss, really. WCS was at least above par, for example.
Their ACS server is the worst.
Well, that's not a fair basis for judgement, since all attempts at GUIfying core AAA glue functionality is doomed to failure, because what is really needed is a policy language, not a bunch of windows and sequenced tables of rules, and nobody has managed to perfect GUIfying language yet.
Use FreeRADIUS. Unlang may be a bit primitive but at least its language shaped.
Someone had to do it.
A proper console serial port with CLI is mandatory for any proper piece of networking gear. How else are you going to manage it if the network's down?
"National Security is the chief cause of national insecurity." - Celine's First Law
For the most part, yes, but there's something to be said for gui in the fwbuilder/ASDM space and for visibility operations. A minority of tasks are actually easier in a GUI, though it has to be a pretty good GUI or its a wash.
That'd be a great argument, if all devices of a particular class used the same GUI; of course, then they'd be commodities, and the lowest price wins.
GUIs are a means of doing two things:
(1) Differentiating your product from someone else's to add margin to what is actually a commodity
(2) Causing knowledge to be vendor-specific in order to facilitate vendor lock-in through learning curve.
I find the little things often neglected such as:
Ctrl-A to select all
Triple Click
The ability to select text from e.g. labels to copy at all..
Proper ordering of widgets for tab
Click radio button/check box label
Etc.
If applications could just get the basics right it'd go a long way.
Barracuda's interface isn't too bad on most of their products considering how complex they are. Ubiquiti's AirOS on their wireless bridges and devices is wonderfully put together.
Also, m0n0wall and Tomato are favorites of mine.
[RIAA] says its concern is artists. That's true, in just the sense that a cattle rancher is concerned about its cattle.