Try our new research platform with insights from 80,000+ expert users

Axis Security vs Cisco Duo comparison

Hewlett Packard Enterprise and Cisco are both solutions in the ZTNA as a Service category. Hewlett Packard Enterprise is ranked #12 with an average rating of 9.7, while Cisco is ranked #6 with an average rating of 8.5. Hewlett Packard Enterprise holds a 2.7% mindshare in ZaaS, compared to Cisco’s 2.2% mindshare. Additionally, 100% of Hewlett Packard Enterprise users are willing to recommend the solution, compared to 95% of Cisco users who would recommend it.
Sponsored
iboss
Read 19 iboss reviews
  • 2,768 Views
  • 886 Comparison Views
94% willing to recommend
Axis Security
Read 6 Axis Security reviews
  • 2,041 Views
  • 1,286 Comparison Views
100% willing to recommend
Cisco Duo
Read 74 Cisco Duo reviews
  • 6,878 Views
  • 894 Comparison Views
95% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jun 15, 2025

Cisco Duo and Axis Security are competing in the enterprise security solutions category. Based on the results, it appears Cisco Duo may have the upper hand in terms of ease of deployment and customer support, while Axis Security might be more advantageous for cloud-native environments due to its specialized features.

What features are offered by Cisco Duo in comparison to Axis Security?

Cisco Duo is known for its multi-factor authentication, ease of integration with existing systems, and comprehensive security features. Axis Security offers advanced access control, security measures for cloud-native environments, and cutting-edge technology tailored to companies transitioning to cloud-based solutions.

What areas of improvement can be found in Cisco Duo in comparison to Axis Security?

Users of Cisco Duo suggest enhancements in reporting and analytics, and some report occasional performance issues. Axis Security users highlight the need for clearer documentation, improved user management functionalities, and smoother usability enhancements for cloud use.

How is the ease of deployment and customer service of Cisco Duo in comparison to Axis Security?

Cisco Duo is appreciated for its straightforward deployment process and responsive customer support team. Axis Security is recognized for flexible deployment options suitable for diverse infrastructures, though some users find the initial configuration complex. Both products receive high customer support ratings, with Duo noted for quicker setups and Axis for its flexibility in complex environments.

What setup costs and ROI can be seen with Cisco Duo in comparison to Axis Security?

Cisco Duo is valued for its competitive pricing and clear ROI, especially suitable for smaller to mid-sized deployments. Axis Security, while perceived as pricier, is seen as a worthwhile investment due to its specialized security features for cloud applications. Both products are seen as good investments relative to their costs, providing satisfactory ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Axis Security vs. Cisco Duo Report (Updated: July 2025).
Buyer's Guide
Axis Security vs. Cisco Duo
July 2025
Download the complete report
Helped 865,384 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

iboss
Sponsored
Ranking in ZTNA as a Service
8th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
19
Ranking in other categories
Secure Web Gateways (SWG) (7th), Internet Security (3rd), Web Content Filtering (1st), Cloud Access Security Brokers (CASB) (7th), Secure Access Service Edge (SASE) (8th)
Axis Security
Ranking in ZTNA as a Service
12th
Average Rating
9.6
Reviews Sentiment
7.7
Number of Reviews
6
Ranking in other categories
Secure Web Gateways (SWG) (21st), Cloud Access Security Brokers (CASB) (12th), Secure Access Service Edge (SASE) (12th)
Cisco Duo
Ranking in ZTNA as a Service
6th
Average Rating
8.8
Reviews Sentiment
7.9
Number of Reviews
74
Ranking in other categories
Single Sign-On (SSO) (4th), Authentication Systems (2nd), Cisco Security Portfolio (4th), Multi-Factor Authentication (MFA) (2nd)
 

Mindshare comparison

As of August 2025, in the ZTNA as a Service category, the mindshare of iboss is 2.0%, up from 1.1% compared to the previous year. The mindshare of Axis Security is 2.7%, down from 4.0% compared to the previous year. The mindshare of Cisco Duo is 2.2%, down from 2.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
ZTNA as a Service
 

Featured Reviews

Matt Crockford - PeerSpot reviewer
It's easy to roll out, and their understanding of our business made it seamless
One aspect we value about iboss is its simplicity. Their customer service is brilliant, and they are super responsive and knowledgeable. It's easy to roll out, and their understanding of our business made it seamless. We were impressed by the solution's mental health function, which can detect if someone needs help. It scans what users are browsing and flags warning signs so we can check to see if they are okay. We've had to use it a couple of times. The user interface is highly intuitive. Our IT team picked it up with minimal training. It's arranged so that it's easy to find where things are. Another advantage is the single pane of glass console, which gives you visibility into what's happening. We're not fully there yet because we haven't implemented zero trust, but we're excited about the possibilities from the demos we've seen. We launched a POC of iboss' ChatGPT Risk Protection feature two weeks ago. AI is a great tool, but you need to be careful what you put into it. My biggest fear is employees inputting sensitive corporate information or customer PII data into one of these chatbots. I was impressed by our trial of the feature. It's exactly what we wanted. Now, when a user goes to ChatGPT, there's a banner warning them not to share information, and we can block conversations containing customer data like bank details and email addresses. I don't want to stop people from using it, but we need visibility. We've only tried it on a test group of 15 people. You can configure it to look for specific keywords or integrate it with your DLP policy if you have that configured
Read full review
Robert Oglesbee - PeerSpot reviewer
Easy to deploy, improved reliability and performance of our connectivity, and greatly reduced costs
Atmos is good for securing infrastructure from end to end, detection and remediation of threats, but there may be a few features that could be added to make it a little easier for networking and security folks to analyze the traffic. There are bad actors out there and they may or may not show up through the tool. That's something they can add. They need to improve the networking and security tools a little in the troubleshooting and "bad-actor" areas to help us analyze security threats a little better. They have some things built in, but I would like to see more advanced tools. There are major vendors out there, and if you use their VPN connection that's not going to help you without buying one of their other products. So that's a similar type of situation. However, they do give you a little more bang for the buck when it comes to monitoring. So I can see an improvement there, in Atmos, in the future.
Read full review
Thomas Botts - PeerSpot reviewer
Managing security policies effectively with seamless authentication
The feature of Cisco Duo that I prefer the most is the policies, being able to control what we need to within the policies. You can get pretty granular. There isn't a lot of training that goes on in school districts. Email is an easy way where many people give out their credentials, so the level of protection is something that we definitely need in a school district. Cisco Duo's strong security authentication system has been easy when logging in, although the teachers don't appreciate it as much. We have it configured so users essentially just hit accept. If it sees any sort of built-in risk, then it steps up authentication. It's pretty easy. I appreciate it. I've encountered advantages with Cisco Duo in that it has stopped significant pushback from teachers. It has prevented credential sharing and unauthorized access. We've seen a huge decrease since we've rolled it out across the entire district.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"First of all, the security policies are essential. I do not have to rely solely on Active Directory for our users."
"I would definitely recommend iboss for web filtering purposes to other organizations or individuals."
"From a use-case scenario, what I like the most is the plug-in. I like the fact that we can do the filtering of these devices offsite independent of the network they are connected to, and we do not have to have traffic coming back inside our network."
"Content filtering is the most useful feature of iboss."
"The iboss system is highly reliable. The false positive rates are small compared to some other systems we've experienced through other partner agencies who use competing solutions."
"iboss is easy to use despite its complexity. Multiple engineers manage it, but it's significantly more straightforward to administer than traditional VPNs and web proxies."
"iboss has significantly lowered the number of security incidents. It is crazy how much it blocks and how much it is aware of the outside danger."
"I would rate the technical support of iboss a solid 10 without a shadow of a doubt."
More iboss pros
"I rate Axis Security ten out of ten."
"The way the access connectors work is valuable."
"I would give it an A-plus for securing access to our applications, devices, and network. It does an extremely good job. Our security folks have analyzed it and tried to find loopholes, but they found none."
"The entire suite and the entire ZTNA process are very valuable."
"The most valuable aspect is its ability to restrict unauthorized access, ensuring that only approved devices can connect to the network. T"
"The most valuable part so far has been Axis Security's ability to create identity connections to various servers, allowing users to access them. By doing so, we've managed to replace any old or existing VPN access with Axis Security. We are slowly but surely getting rid of our traditional VPN."
"The app has greater stability than rival solutions such as Google Authenticator, and Duo Push authentication is a valuable feature."
"The ability for users to authenticate via phone, from any random phone number, has been very helpful for managing a distributed workforce. Using it across a distributed network for securing access to our applications is big for us."
"Duo has allowed us to add an additional layer of security to our organization and to establish trust for every access request and secures our environment."
"Documentation is the most valuable feature, and if you ever have to reach out to them with a question, their support is also fantastic."
"Multifactor authentication is the most valuable feature."
"I appreciate the simple login feature of Cisco Duo; being able to log into your actual page and then having all your apps there is convenient."
"The feature of Cisco Duo that I prefer the most is the policies, being able to control what we need to within the policies. You can get pretty granular."
"We were considering purchasing other products, like AMP for Endpoints, and it was not properly integrated with the firewall function. It might be better now with SecureX."
More Cisco Duo pros
 

Cons

"If they could implement an extra security layer preventing access to iboss from the open internet, it would be great."
"One thing I would like to see differently with their Zero Trust platform is that some of the AI aspects related to high-risk activities have more false positives."
"The reporting feature needs improvement."
"Our biggest problem with their service was it did not recognize the device and filtering did not always work correctly."
"The solution could be stronger on the integration side and offer more cloud applications like G Suite or Oracle."
"Fold that in with the risk intelligence they're getting from all of the different subscriptions they are a part of. Now, these security companies subscribe to things like emerging threats, databases, etc. You can fold all this intelligence to decide what's happening on an endpoint. I would love to see them start moving into that space. That would compete directly with Microsoft. Maybe that's why they haven't. Having that ability native within the solution would be great. The other area in which I would love to see improvement is more detailed descriptions of why they block websites."
"Our iboss subscription access should be more secure with an OTP or VPN etc. It is easy to gain access if, for example, hackers obtain my username and password."
"Regarding pricing, setup costs, and licensing, iboss is not cheap, and that's my only concern."
More iboss cons
"They need to improve the networking and security tools a little in the troubleshooting and 'bad-actor' areas to help us analyze security threats a little better. They have some things built-in, but I would like to see more advanced tools."
"There should be a notification alarm with geofencing."
"I would like more statistics about what's going on in terms of usage. There is little-to-no usage reporting. That's one thing we've requested, and I think they're working on it."
"The support team should be more skilled in offering assistance."
"I would appreciate more automated learning capabilities or increased integration with other security tools, allowing us to establish automation."
"I would like more detailed logging in the Axis Security interface."
"I wish that the support would be a little bit more prompt and a little bit more flexible because there are certain things that they will do and certain things they won't do."
"Cisco Duo can be improved by exploring a way to make it a more seamless integration and by deploying an in-house server."
"Cisco can further enhance the integrations, as they possess exceptional integrations with various providers' products and feature sets."
"An enhancement they might make is if they can log it to Splunk since they're big into Splunk. Instead of me having to go into that portal to look at things when someone is trying to log in and they forgot their password, I can look in and tell them they forgot their password or didn't respond to the prompt. That would be an improvement."
"I would appreciate seeing Cisco Duo improved with a tighter integration with Active Directory to secure not just Remote Desktop to a server, but all the remote levels of connection that you can make to a server."
"General announcements when new features come out with Cisco Duo should be broadcasted to customers who are using it, which might bring more accessibility to their documents so users can be more in tune with updates."
"Most of my colleagues from other companies use the Microsoft MFA solution because it's included in Office 365. Few people are considering Cisco Duo. That's the primary problem in our area. It's a solution mostly adopted by Cisco users."
"My experience with Cisco Duo's strong security authentication system is that sometimes there are difficulties, and sometimes users just won't be able to log in. We have to reset their password so they can use Duo."
More Cisco Duo cons
 

Pricing and Cost Advice

"We have not priced the solution recently, but they were competitive with other vendors in the past."
"It is expensive compared to one of its competitors."
"The overall pricing for iboss is very competitive and transparent."
"It is not expensive, and it is also not cheap. iboss is priced right in the sweet spot for the number of features it offers."
"We had the cost of purchasing a new appliance along with the implementation and licensing costs. However, the following year, the cost of just licensing was similar to what was paid the previous year for a new appliance along with the implementation and licensing costs."
"It is probably in line with other solutions, but I do not deal with the financial side."
"The pricing is very competitive from what I've seen."
"The pricing is quite fair. It's better than what we gave up, which was Cisco AnyConnect."
"Cisco's licensing is always a bit complicated to understand, but the price is fair. It could be more expensive than others, but the way they integrate everything, it has a fair price."
"It was very reasonable."
"It's a bit confusing because we're on a three-year plan with a certain number of licenses, and we've gone over that number. They told us that when we renew, they will add all these licenses. We've expanded quickly, so everyone's kind of scared because no one knows what the bill is with the long pricing cycle."
"I only need the solution for IT staff, which makes it relatively cheap. If I deployed it for the whole company, it would be costly, so it depends on the number of users. Duo Security is affordable compared to other products in the segment."
"I am not aware of the pricing. There are two departments, and I don't have any information about them."
"With regard to pricing, for a small business buying a one off, it's pretty expensive. If it's an enterprise that has thousands of employees, however, it's really nothing to protect your data because if your network goes down or it's breached, you're losing millions of dollars every minute. When it comes to a large enterprise, it's priced where it should be because you're talking business to business. You're not talking business to consumer."
"I rate the product pricing a seven out of ten."
"Duo Security's pricing is good, fair, and very comparable to today's market."
More Cisco Duo pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which ZTNA as a Service solutions are best for your needs.
See recommendations
865,384 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
12%
Financial Services Firm
11%
Manufacturing Company
9%
Healthcare Company
6%
Computer Software Company
14%
Educational Organization
12%
Retailer
8%
University
7%
Computer Software Company
19%
Manufacturing Company
9%
Government
6%
Financial Services Firm
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What needs improvement with iboss?
For zero trust implementation, we encountered complexity issues, especially with a large infrastructure company Exxon...
See all answers
What is your primary use case for iboss?
Previously when I used iboss, we did the POC for iboss for ExxonMobil. Four or five people wanted to move from our ol...
See all answers
What is your experience regarding pricing and costs for iboss?
Regarding pricing, setup costs, and licensing, iboss is not cheap, and that's my only concern. There are cheaper alte...
See all answers
What do you like most about Axis Security?
The most valuable aspect is its ability to restrict unauthorized access, ensuring that only approved devices can conn...
See all answers
What is your experience regarding pricing and costs for Axis Security?
Axis Security is affordable. While I cannot provide financial specifics, we have never had complaints about pricing.
See all answers
What needs improvement with Axis Security?
There should be a notification alarm with geofencing. When a person is at the gate, a notification alarm should alert...
See all answers
How does Duo Security compare with Microsoft Authenticator?
We switched to Duo Security for identity verification. We’d been using a competitor but got the chance to evaluate Du...
See all answers
What do you like most about Duo Security?
They are users who, as mentioned before, utilize RDPAP and MDPAP. It includes functionalities related to finance, spe...
See all answers
What is your experience regarding pricing and costs for Duo Security?
My experience with the pricing, setup cost, and licensing of Cisco Duo is honestly above my pay grade. I don't know a...
See all answers
 

Comparisons

Zscaler Internet Access vs iboss Logo
Zscaler Internet Access vs iboss
Compared 15% of the time
Cisco Umbrella vs iboss Logo
Cisco Umbrella vs iboss
Compared 15% of the time
Netskope vs iboss Logo
Netskope vs iboss
Compared 13% of the time
Prisma Access by Palo Alto Networks vs iboss Logo
Prisma Access by Palo Alto Networks vs iboss
Compared 11% of the time
Check Point Harmony SASE (formerly Perimeter 81) vs iboss Logo
Check Point Harmony SASE (formerly Perimeter 81) vs iboss
Compared 9% of the time
More iboss Competitors
Zscaler Zero Trust Exchange Platform vs Axis Security Logo
Zscaler Zero Trust Exchange Platform vs Axis Security
Compared 35% of the time
Netskope vs Axis Security Logo
Netskope vs Axis Security
Compared 11% of the time
Prisma Access by Palo Alto Networks vs Axis Security Logo
Prisma Access by Palo Alto Networks vs Axis Security
Compared 11% of the time
Check Point Harmony SASE (formerly Perimeter 81) vs Axis Security Logo
Check Point Harmony SASE (formerly Perimeter 81) vs Axis Security
Compared 10% of the time
Cato SASE Cloud Platform vs Axis Security Logo
Cato SASE Cloud Platform vs Axis Security
Compared 6% of the time
More Axis Security Competitors
Fortinet FortiAuthenticator vs Cisco Duo Logo
Fortinet FortiAuthenticator vs Cisco Duo
Compared 14% of the time
Microsoft Entra ID vs Cisco Duo Logo
Microsoft Entra ID vs Cisco Duo
Compared 13% of the time
Fortinet FortiToken vs Cisco Duo Logo
Fortinet FortiToken vs Cisco Duo
Compared 11% of the time
Yubico YubiKey vs Cisco Duo Logo
Yubico YubiKey vs Cisco Duo
Compared 8% of the time
RSA SecurID vs Cisco Duo Logo
RSA SecurID vs Cisco Duo
Compared 4% of the time
More Cisco Duo Competitors
 

Product Reports

Buyer's Guide
iboss
August 2025
iboss reportDownload iboss product report
Buyer's Guide
Axis Security
August 2025
Axis Security reportDownload Axis Security product report
Buyer's Guide
Cisco Duo
August 2025
Cisco Duo reportDownload Cisco Duo product report
 

Also Known As

iBoss Cloud Platform
No data available
Duo Security
 

Overview

iboss offers a comprehensive security platform designed for diverse use cases such as web filtering, data loss protection, corporate proxy services, and URL filtering.

iboss integrates advanced features to address dynamic security needs, leveraging its strength in SASE, ZTNA, AI initiatives, and cloud integration, while ensuring seamless operations for remote work. It excels in historical forensics, malware protection, and flexible cloud deployments. Users benefit from comprehensive traffic scanning, robust malware detection, and PaaS capabilities that reduce hardware management. An intuitive admin console ensures efficient management with content filtering and low false positives. SSL decryption enhances security, while DLP protects data in AI conversations. Deployment is rapid and scalable, allowing effortless integration with emerging technologies.

What features does iboss offer?

  • Granular Web Filtering: Provides precise control over web content access.
  • Traffic Scanning: Monitors data through multiple ports for security breaches.
  • Malware Detection: Ensures superior protection against malware threats.
  • PaaS Capabilities: Eliminates need for hardware management.
  • SSL Decryption: Enhances data protection by decrypting secure connections.
  • DLP Capabilities: Safeguards data during AI interactions.

What benefits and ROI should users consider?

  • Scalability: Adapts quickly to growing demands and emerging tech integration.
  • Rapid Deployment: Reduces time to implement security measures.
  • User-Friendly Admin Console: Facilitates efficient operations management.
  • Low False Positives: Increases accuracy of threat detection systems.

iboss finds significant application in sectors such as education, where web filtering for K-12 is crucial, and in corporate environments requiring robust proxy services and URL filtering for network security. Its adaptability is essential in scenarios demanding flexible, decentralized security frameworks, particularly for remote work setups.

iboss

Axis Security is a prominent enterprise security solution, specializing in Zero Trust Network Access (ZTNA). The Axis Security Application Access Cloud platform is designed to secure remote access to applications and services hosted in the cloud or on-premises. It aims to simplify and enhance access controls while maintaining strong security measures.

Axis Security's platform stands out by offering a comprehensive, cloud-native solution designed to enable secure access to private applications. Their Application Access Cloud simplifies network security, eliminating the need for traditional VPNs, and provides a more secure and efficient way to connect users to private applications, regardless of where the users or the applications are located.

Axis Security users on PeerSpot have highlighted the ease of deployment and the non-intrusive nature of Axis Security's solution as major advantages. One IT Director noted, "The implementation was straightforward and didn’t disrupt our existing operations, which was a major plus." Another user, a Security Manager, praised the platform's robust security features, saying, "Axis Security has significantly enhanced our ability to control and monitor application access, giving us peace of mind in our security operations."

Axis Security follows the principles of zero-trust architecture, which means it treats every access request as potentially untrusted, regardless of the user's location or network. It applies rigorous authentication and authorization controls to ensure only authorized users can access specific applications and resources. Axis Security enables secure remote access to applications and services without requiring a VPN (Virtual Private Network). It establishes a secure connection between users and applications, protecting against potential threats and reducing the attack surface.

With Axis Security, organizations can granularly control user access to specific applications or services. This ensures that users only have access to the resources they need, reducing the risk of unauthorized access or data breaches. The platform simplifies access management by providing a centralized control point for managing user access policies. IT administrators can define access rules based on user roles, groups, or other criteria, making it easier to enforce security policies and maintain compliance.

Axis Security continuously monitors user activity and application access, detecting potential threats and anomalies in real-time. It provides insights into user behavior, allowing organizations to identify and mitigate security risks promptly.

Axis Security is built on a cloud-native architecture, allowing it to scale and adapt to dynamic cloud environments. It can seamlessly integrate with various cloud services and supports hybrid deployments, making it suitable for organizations with diverse infrastructure setups.

    Axis Security aims to provide secure and simplified remote access to applications while adhering to the principles of zero trust. By implementing granular access controls and continuous monitoring, it helps organizations protect their critical resources and reduce the risk of unauthorized access or data breaches.

    Hewlett Packard Enterprise

    Cisco Duo is a cloud-based identity security tool offering easy and wide-ranging access protection for users and devices worldwide. It assures identity-first security with clear visibility across multi-cloud, hybrid, and on-premises environments.

    Cisco Duo provides robust multi-factor authentication and seamless integration capabilities with existing infrastructures. Appreciated for its stability and speed, it supports distributed workforces by securing VPN access, corporate networks, and cloud services. Duo’s comprehensive identity ecosystem supports easy deployment and management through a single-pane-of-glass management interface. It seamlessly merges with popular platforms like Active Directory and Office 365 across diverse hardware.

    What are Cisco Duo’s Essential Features?
    • Multi-Factor Authentication: Offers secure access with options like push notifications and hardware tokens.
    • Seamless Integration: Easily fits with existing systems and third-party applications.
    • User-Friendly Management: Provides centralized control with a single-pane-of-glass interface.
    • Wide Compatibility: Supports broad applications and devices, enhancing security management.
    • Stable and Fast: Reliable speed and intuitive interaction for users across platforms.
    What Benefits and ROI Can Cisco Duo Users Expect?
    • Enhanced Security: Increases protection with versatile MFA options for critical resources.
    • Ease of Use: Simplifies deployment and management with intuitive interfaces.
    • Scalability: Adapts to growing needs with broad compatibility and integration support.
    • Support for Distributed Workforces: Ensures secure remote access for teams anywhere.

    Cisco Duo finds extensive applications across education, finance, retail, and government sectors by fortifying network and application access security. Organizations leverage it for its MFA capabilities, integrating with ERP systems, ensuring protected connectivity with VPN and cloud-based services, crucial in maintaining secure and efficient operations.

    Cisco
     

    Sample Customers

    More than 4,000 global enterprises trust the iboss Cloud Platform to support their modern workforces, including a large number of Fortune 50 companies.
    Cardenas Markets, Armis, Alnylam Pharmaceuticals, Visionworks
    Information Not Available
    Buyer's Guide
    Axis Security vs. Cisco Duo
    July 2025
    Free Report: Axis Security vs. Cisco Duo
    Find out what your peers are saying about Axis Security vs. Cisco Duo and other solutions. Updated: July 2025.
    DOWNLOAD NOW
    865,384 professionals have used our research since 2012.
    See our Axis Security vs. Cisco Duo report.
    See our list of best ZTNA as a Service vendors.

    We monitor all ZTNA as a Service reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.