Network Configuration Management Overview
- Date: 2010-04-09 - Word Count: 919
Share This!
This guide gives a brief overview of Network Configuration Management, otherwise known as Network Change and Configuration Management, or NCCM.
Why does it matter?
In a large corporate network it is not uncommon to have hundreds or thousands of network devices. If you add up all your switches, routers, firewalls and other network appliances, and then you consider how many lines of configuration settings apply to each one, you can see there is a significant investment in your networks' configuration which needs to be protected.
Contemporary network devices will not only switch and route data, but will vlan, prioritize and shape multi-media traffic in converged networks. The settings and parameters that determine how traffic is handled all forms part of the configuration of the device, and of course, it is vital that all interoperating devices are configured consistently in order to deliver a healthy and reliable network infrastructure.
Of course, the security of your network is dependent on the way your devices are configured. Corporate Governance policies all include Data Security considerations, such as Sarbanes Oxley (SOX), GLBA, NERC, PCI DSS, HIPAA, MiFID, SAS 70, ISO 27000, CoCo/GCSx Code of Connection and Basel II. These security standards have all been introduced to ensure certain minimum levels of security and integrity are maintained for company financial information and any stored personal details of customers. Your network is inherently vulnerable while default settings are used and it is vital that all known vulnerabilities are eliminated through
Therefore configuration settings for your network need to be backed up, verified for compliance with any corporate governance policy or security standard, and consistency of configs maintained across the estate.
Unapproved changes are the biggest threat to IT Service Delivery and the single most likely cause of failures in IT infrastructures. Any changes that occur outside of established tracking and approval processes are classed as Unapproved Changes and, by definition, are undocumented. No audit trail of a change being made means there is no foothold to start from when troubleshooting a problem. In fact EMA primary research has indicated that greater than 60% of all environment failures would be eliminated if unapproved changes were identified before affecting IT performance.
Unapproved changes are introduced from a variety of sources including security violations, inappropriate user activity, and administrator errors. Even a seemingly benign alteration can have far-reaching unintended consequences to IT security, performance and reliability. Over time, system configurations deviate further and further away from established standards. This is referred to as "configuration drift", and the greater the drift, the greater the risk posed to the reliability of an IT support stack.
The Network Change and Configuration Management Solution
A practical solution to address these requirements is to automate config backups and change tracking, which has given rise to the Network Change and Configuration Management, or NCCM, market.
Change and Configuration Management (CCM) is the process for minimizing configuration drift by ensuring all environment settings are approved and consistent with established standards. CCM is composed of three distinct practices: configuration management which is the creation, documentation and updating of standard settings for all supported IT components; change management which is the process for identifying and approving new configuration settings and updates; and change detection which is an ongoing process of monitoring for inappropriate changes. Achieving compliance objectives for ensuring IT infrastructure reliability requires automated solutions that address all three CCM disciplines.
How does it work?
To date, the development of network device hardware has taken place at a much faster rate than the equivalent development of network management or network configuration management software. In some respects it is understandable - Network Devices didn't need managing or configuring originally as they were black boxes that either passed data or not. It was only with the advent of shared network infrastructures such as Ethernet that the configuration of addresses and protocols became necessary and some consideration made of the network topology to cater for traffic flows and volumes.
Simple Network Management Protocol (SNMP) came to the fore as a technology to address the need for performance, security and accounting statistics from the network, and at the same time, provide a means of changing the configuration of a network too.
As a standard however, anyone who has used SNMP will know that it is anything but consistent in all but the most basic statistics. It is common to find that the manufacturers' 'Management Information Database' or MIB will purport to support certain performance metrics, only to find that different devices from the same manufacturer do not consistently report information via the MIB.
It is a similar story when using SNMP to gather or update configuration data - your version of Cisco Works may work well at backing up your 2950 switch configs but when you next upgrade to 3750 switches, you may quickly find out that Cisco Works suddenly needs an upgrade (at your expense, of course - 'What do you mean, you pay annual maintenance? That is only to maintain your software, not to actually make it keep pace with product range developments!')
Fortunately there are other, more 'open' ways to gather configuration settings from network devices - using TFTP in conjunction with scripted Telnet or SSH Telnet interactions is a consistent and more easily maintained approach that can be applied to all manufacturers and all devices.
All the above change and configuration management tasks can be automated using network change and configuration management (NCCM) software solutions, the best of which will cover desktop PCs together with change and configuration management of your servers and all network devices such as firewalls, switches and routers.
Why does it matter?
In a large corporate network it is not uncommon to have hundreds or thousands of network devices. If you add up all your switches, routers, firewalls and other network appliances, and then you consider how many lines of configuration settings apply to each one, you can see there is a significant investment in your networks' configuration which needs to be protected.
Contemporary network devices will not only switch and route data, but will vlan, prioritize and shape multi-media traffic in converged networks. The settings and parameters that determine how traffic is handled all forms part of the configuration of the device, and of course, it is vital that all interoperating devices are configured consistently in order to deliver a healthy and reliable network infrastructure.
Of course, the security of your network is dependent on the way your devices are configured. Corporate Governance policies all include Data Security considerations, such as Sarbanes Oxley (SOX), GLBA, NERC, PCI DSS, HIPAA, MiFID, SAS 70, ISO 27000, CoCo/GCSx Code of Connection and Basel II. These security standards have all been introduced to ensure certain minimum levels of security and integrity are maintained for company financial information and any stored personal details of customers. Your network is inherently vulnerable while default settings are used and it is vital that all known vulnerabilities are eliminated through
Therefore configuration settings for your network need to be backed up, verified for compliance with any corporate governance policy or security standard, and consistency of configs maintained across the estate.
Unapproved changes are the biggest threat to IT Service Delivery and the single most likely cause of failures in IT infrastructures. Any changes that occur outside of established tracking and approval processes are classed as Unapproved Changes and, by definition, are undocumented. No audit trail of a change being made means there is no foothold to start from when troubleshooting a problem. In fact EMA primary research has indicated that greater than 60% of all environment failures would be eliminated if unapproved changes were identified before affecting IT performance.
Unapproved changes are introduced from a variety of sources including security violations, inappropriate user activity, and administrator errors. Even a seemingly benign alteration can have far-reaching unintended consequences to IT security, performance and reliability. Over time, system configurations deviate further and further away from established standards. This is referred to as "configuration drift", and the greater the drift, the greater the risk posed to the reliability of an IT support stack.
The Network Change and Configuration Management Solution
A practical solution to address these requirements is to automate config backups and change tracking, which has given rise to the Network Change and Configuration Management, or NCCM, market.
Change and Configuration Management (CCM) is the process for minimizing configuration drift by ensuring all environment settings are approved and consistent with established standards. CCM is composed of three distinct practices: configuration management which is the creation, documentation and updating of standard settings for all supported IT components; change management which is the process for identifying and approving new configuration settings and updates; and change detection which is an ongoing process of monitoring for inappropriate changes. Achieving compliance objectives for ensuring IT infrastructure reliability requires automated solutions that address all three CCM disciplines.
How does it work?
To date, the development of network device hardware has taken place at a much faster rate than the equivalent development of network management or network configuration management software. In some respects it is understandable - Network Devices didn't need managing or configuring originally as they were black boxes that either passed data or not. It was only with the advent of shared network infrastructures such as Ethernet that the configuration of addresses and protocols became necessary and some consideration made of the network topology to cater for traffic flows and volumes.
Simple Network Management Protocol (SNMP) came to the fore as a technology to address the need for performance, security and accounting statistics from the network, and at the same time, provide a means of changing the configuration of a network too.
As a standard however, anyone who has used SNMP will know that it is anything but consistent in all but the most basic statistics. It is common to find that the manufacturers' 'Management Information Database' or MIB will purport to support certain performance metrics, only to find that different devices from the same manufacturer do not consistently report information via the MIB.
It is a similar story when using SNMP to gather or update configuration data - your version of Cisco Works may work well at backing up your 2950 switch configs but when you next upgrade to 3750 switches, you may quickly find out that Cisco Works suddenly needs an upgrade (at your expense, of course - 'What do you mean, you pay annual maintenance? That is only to maintain your software, not to actually make it keep pace with product range developments!')
Fortunately there are other, more 'open' ways to gather configuration settings from network devices - using TFTP in conjunction with scripted Telnet or SSH Telnet interactions is a consistent and more easily maintained approach that can be applied to all manufacturers and all devices.
All the above change and configuration management tasks can be automated using network change and configuration management (NCCM) software solutions, the best of which will cover desktop PCs together with change and configuration management of your servers and all network devices such as firewalls, switches and routers.
Related Tags: network configuration management
Your Article Search Directory : Find in Articles
Recent articles in this category:
- Understanding Cisco Sfp Optical Transceivers
The word SFP is an IT industry term which stands for Small Form Factor Pluggable. An SFP is a variet - Sharing The Internet Connection
If you are connecting two or more of your computers with each other over the network, then it is eas - Connecting The New Computer To My Server
The server is the computer that will handle the requests for applications, data and also other netwo - Networks
What is a network and its types ?The generic term " network "defines a set of entities (objects, peo - Ssl Certificates Are In Use Today Not All Valid
Qualys, a security research firm tries to paint a detailed portrait of SSL deployments and gaps with - A Mail Forwarding Usa - A Gift To Global Trade Links
Technologies have evolved very much over the past few decades. Globalization has enabled the world t - Benefits Of Wan Optimization Appliances/devices
In today's globally competitive market, corporate organizations both big and small adopt strategic m - Proper Network Cable Management And How It Can Save Your Business Time And Money
In many businesses now there are plenty of computers which will likely be attached to some sort of s - Dedicated Hosting In India For Web Servers
Dedicated web server hosting in India for complete control over your dedicated server is provided by - Outsourcing: The Future Of Network Management India
Computer Networking is a dynamic area and few strategies that were not thinkable yesterday can becom
Most viewed articles in this category:
- Image Sticking In Lcd Tv Sets
Image Retention - Isn't it just an issue with Plasma TVs?What is Image Sticking?Many are aware that - Used Foundry Networks: Used IT Gear Goes Mainstream
San Francisco, CA April 10, 2006Ask any IT manager what they think about used data networking gear a - CCNP Certification / BCMSN Exam Tutorial: Server Load Balancing (SLB)
When you're working on your BCMSN exam on your way to CCNP certification, you'll read at length abou - CCNP Certification / BSCI Exam Tutorial: The BGP Neighbor Process
Like TCP, BGP is connection-oriented. An underlying connection between two BGP speakers is est - CCNA / MCSE / CCNP Certification: Making Failure Work For You
Whether you're on the road to the CCNA, CCNP, MCSE, or you're on any other computer certification tr - Cisco CCNP / BSCI Exam Tutorial: OSPF Route Redistribution Review
OSPF route redistribution is an important topic on the BSCI exam, and it's a topic full of details a - Cisco CCNA / CCNP / BCMSN Exam Review: Trunking And Trunking Protocols
To earn your CCNA or CCNP certification, you've got to understand the basics of trunking. This - Cisco CCNP / BSCI Exam Tutorial: 10 ISIS Details You Must Know!
Earning your CCNP certification and passing the BSCI exam depends on knowing the details of many Cis - Cisco CCNA / CCNP Certification Exam Tutorial: ISDN And Multilink PPP
ISDN is a huge topic on both your Cisco CCNA and BCRAN CCNP exams. While many ISDN topics seem - Used foundry networks hardware remains in high demand
San Francisco, CA May 22, 2006: In recent years, the trend towards used networking hardware has cont