Network Configuration Management Overview
In a large corporate network it isn’t unusual to have masses or hundreds of community gadgets. If you upload up all of your switches, routers, firewalls and other community appliances, and then you definitely don’t forget what number of traces of configuration settings practice to everyone, you may see there’s large funding on your networks’ configuration which desires to be covered.
Contemporary community gadgets will not handiest transfer and course information, but will vlan, prioritize and form multi-media visitors in converged networks. The settings and parameters that decide how visitors is dealt with all bureaucracy part of the configuration of the tool, and of direction, it’s far critical that all interoperating gadgets are configured consistently in an effort to supply a wholesome and dependable network infrastructure.
Of course, the security of your community is depending on the way your devices are configured. Corporate Governance policies all encompass Data Security considerations, inclusive of Sarbanes Oxley (SOX), GLBA, NERC, PCI DSS, HIPAA, MiFID, SAS 70, ISO 27000, CoCo/GCSx Code of Connection and Basel II. These protection standards have all been added to make sure certain minimal tiers of protection and integrity are maintained for company monetary facts and any saved personal info of customers. Your network is inherently prone whilst default settings are used and it is important that all acknowledged vulnerabilities are removed via
Therefore configuration settings in your community need to be backed up, proven for compliance with any corporate governance coverage or protection standard, and consistency of configs maintained throughout the estate.
Unapproved modifications are the biggest threat to IT Service Delivery and the single most in all likelihood cause of disasters in IT infrastructures. Any adjustments that occur outdoor of mounted tracking and approval approaches are classed as Unapproved Changes and, by means of definition, are undocumented. No audit trail of exchange being made method there’s no foothold to start from whilst troubleshooting a problem. In reality, EMA primary studies have indicated that extra than 60% of all environment failures would be removed if unapproved adjustments have been identified before affecting IT overall performance.
Unapproved adjustments are delivered from a selection of assets consisting of security violations, irrelevant person hobby, and administrator errors. Even an apparently benign alteration can have long way-achieving accidental results to IT safety, overall performance, and reliability. Over time, machine configurations deviate further and further away from set up standards. This is referred to as “configuration drift”, and the greater the flow, the greater the chance posed to the reliability of an IT help stack.
Change and Configuration Management (CCM) is the procedure for minimizing configuration float by making sure all environment settings are authorized and regular with setting up requirements. CCM is composed of three awesome practices: configuration control that’s the creation, documentation, and updating of well-known settings for all supported IT additives; change control that’s the technique for figuring out and approving new configuration settings and updates, and alternate detection that is an ongoing system of monitoring for beside the point changes. Achieving compliance goals for making sure IT infrastructure reliability calls for automated answers that address all three CCM disciplines.
How does it work?
To date, the improvement of network tool hardware has taken location at a miles faster fee than the equal development of community management or community configuration control software program. In a few respects, it’s miles comprehensible – Network Devices failed to want to deal with or configuring at the beginning as they were black boxes that both exceeded records or no longer. It turned into handiest with the advent of shared network infrastructures along with Ethernet that the configuration of addresses and protocols have become essential and some attention made of the network topology to cater for traffic flows and volumes.
Simple Network Management Protocol (SNMP) got here to the fore as an era to deal with the want for overall performance, security, and accounting records from the community, and on the equal time, provide a way of converting the configuration of a network too.
As a preferred, however, anybody who has used SNMP will realize that it’s far something however consistent in all however the maximum simple records. It is not unusual to locate that the producers’ ‘Management Information Database’ or MIB will purport to support certain overall performance metrics, only to locate that special gadgets from the equal producer do no longer continuously report records via the MIB.
It is a similar story whilst using SNMP to accumulate or replace configuration information – your version of Cisco Works may work well at backing up your 2950 transfer configs but when you subsequent upgrade to 3750 switches, you may quick discover that Cisco Works all at once wishes an improve (at your rate, of route – ‘What do you imply, you pay annual renovation? That is simplest to keep your software, no longer to honestly make it keep pace with product variety tendencies!’)
Fortunately, there are different, more ‘open’ ways to acquire configuration settings from community gadgets – using TFTP alongside scripted Telnet or SSH Telnet interactions is a consistent and more effortlessly maintained approach that can be applied to all producers and all gadgets.
All the above exchange and configuration control duties may be automated the use of community change and configuration control (NCCM) software answers, the quality of if you want to cover computer PCs together with change and configuration control of your servers and all community devices along with firewalls, switches, and routers.