Countdown to Year 2000: The Tentacles of Y2K

This spring, under the auspices of the Securities Industry Association (New York), 400 Wall Street firms, simultaneously, turned their clocks ahead to January 3, 2000, to see what happened as they conducted simulated trades. Things went relatively smoothly, with Y2K-related problems affecting only two one-hundredths of one percent of 260,000 transactions. The only pronounced glitch held up trading right at the beginning – a network router failed.

This points to a potential Achilles heel in organizations’ otherwise Herculean Y2K remediation efforts. Unfortunately, many networking equipment vendors have handed their customers another sack of Y2K troubles, even in equipment sold as recently as a year and a half ago. As a result, the tentacles of Y2K are deeply entangled in just about everyone’s networks, particularly in network routers, bridges, hubs and controllers. Related configurations that may feel the Y2K bite include network operating systems (such as earlier versions of Windows NT and Novell Netware), host access software and groupware/messaging systems. Experts warn that most network products manufactured before 1997 may need replacement.

In most cases, the problems aren’t serious enough to bring down an entire network come New Year’s Day. More likely, problems will arise with log data from time/date stamps running in the operating systems of network devices. After the century rollover, network managers could be blinded to what’s going on in their networks, unable to monitor network devices. Logs may be corrupted with data that appears to be 100 years old, if network management systems can even collect the data at all. Firewalls could expire all passwords and deny access to legitimate users.

The good news is that compliance is relatively cheaper for networks than for applications systems. Forrester Research (Cambridge, Mass.) estimates that such compliance can be achieved for about $575,000 at a major company. However, finding out exactly what needs the upgrading can be daunting. Forrester estimates a typical network in a Fortune 1000 company includes 1,000 switches, 400 routers, 250 hubs, 1,000 servers, 20 firewalls, 10 remote access servers, three management systems and 10 network service providers. "It’s not good enough to know you’ve got IBM routers. You need to know the model number and operating system level for those devices," explains Paul DeBeasi, Director of Marketing with NetSuite Development Corp. (Concord, Mass.)

Of the 107 routers and switches listed on the IBM Web site, 44 (or 41 percent of them) "require discovery of the operating system revision level in order to determine Y2K compliance," DeBeasi points out. For Cisco’s high-end routers, the ratio climbs even higher – 55 percent may have non-compliant operating systems. In addition, 75 percent of Cisco’s LAN switches require operating system knowledge. This percentage climbs to 88 percent of 3Com routers, and 100 percent of Nortel/Bay Networks routers.

Clouding the issue even further is the fact that many major network vendors simply don’t have the resources or staff to go back and analyze past product releases, and thus will not support discontinued products. A notable exception is IBM, which has announced it will support discontinued products for seven years after their last shipment. Most IBM network products are Year 2000-ready at this time, according to Richard Moukperian, a hardware development executive with IBM Networking Hardware Division.

Cisco Systems Inc. states that it will not test products that it won’t be selling or supporting after 1999. Nortel/Bay Networks will no longer test or certify products manufactured or sold before January 1, 1997. 3Com Corp. has discontinued entire product lines which, of course, will not be tested or upgraded.

Most networking vendors have established trade-in or incentives to help users upgrade however.

Awareness and sense of urgency are fairly low on the user side as well. "Very few plan to do anything," says Ellen Carney, Director and Principal Analyst at Dataquest (San Jose, Calif.). All too often, people don’t even know what’s on their networks, or even have accurate and up-to-date network documentation when they do.

Another extension of the network, host access, also requires some scrutiny, particularly file transfer and terminal emulation. In terminal emulation software the data transfers, custom scripts and APIs are often date-sensitive and, therefore, especially vulnerable, says Johanna Jensen, Director of Product Marketing for Attachmate, which offers Y2K tools and services. Some host connectivity vendors, such as WRQ Inc. and Ericom, have gone so far as to publicly issue limited guarantees for current lines of host access software.

Another area of the corporate network infrastructure that bears close watching is messaging systems. For example, some earlier versions of Lotus Notes/Domino and Microsoft Outlook are not Year 2000-compliant, while Novell has announced it will not even test early versions of GroupWise.

About the Author: Joseph McKendrick is a research consultant who can be reached at joemck@aol.com.