Networks are growing in size and complexity. For many, this growth is being driven by the Internet of Things (IoT), mobile, Cloud, and even Software Defined Networking (SDN). As these trends, and the many changes they bring, impact your network, the big question you need to answer is this: Do I have the network configuration management tools I need to manage these changes?
Managing configuration changes on hundreds of switches, routers, firewalls, controllers, and other network devices, at many locations across your network, is an obvious challenge. For example, deploying a new service, which involves wide-scale configuration changes, could take days or weeks to reliably complete. Not to mention that routine tasks, such as finding and fixing an out-of-process change or mistake, recovering a failed device, auditing configs for compliance, or even knowing when to upgrade a device, can all consume valuable time and resources. That’s why you need capable configuration and change management tools. So what do you look for when evaluating your options? Here are our recommendations of what’s important to look for accompanied by a comparison of some of the free configuration management software available.
Config Backups. Let’s face it, you’ll sleep easier knowing you have a reliable backup of your network configurations. When (not if) a device fails or someone destroys a config, you can simply roll back to the last working config and calmly avert disaster. Look for a solution which lets you schedule your backups, reports unsuccessful backup attempts, provides a way to organize and search backups, manages the size and retention rules for your archives, and offers a one-click restore.
Configuration Change Detection. You must have a reliable way for knowing when, who, what, and how your device configurations have changed. This will help you detect out-of-process and rogue changes, reconcile changes to valid change requests, and ensure that actual changes were properly made. Look for solutions which can detect config changes (in real-time if needed), permit configurable alerting options, as well as show what changed in a config and who made the change. Also look for the ability to create automated actions that self-correct and maintain a history of all changes and details.
Bulk Configuration Changes. When you rollout or manage VoIP, TACACS, or any other service which touches many different network devices, you will appreciate the power that comes with being able to design and test your change, and then use automation to push it out to all target devices. This not only saves time, but also ensures consistency and helps you to standardize your configurations network wide. Look for a solution which lets you update firmware and build and re-use simple scripting snippets. In addition, you’ll want more powerful configuration templates (providing system variables and logic control) plus device targeting across dissimilar systems with scheduling and status logging.
Auditing. Compliance auditing is not just for security auditors. Smart network engineers and administrators also use auditing to not only save time auditing configs for regulatory compliance, but also to ensure that devices are operating consistently with operational standards. Look for a solution which allows you to create and customize audit policies plus the ability to continuously audit, report, and auto-remediate violations.
Device discovery, inventory and lifecycle management. Always know what devices are on your network, what devices are under management, and what devices are under maintenance. Look for solutions that auto-discover devices, offer customizable device profiles and track lifecycle metrics, including support and maintenance eligibility, security alerts, warranty updates, and end-of service and life dates.
Multi-user access. Multi-user access means more than a pretty web UI. It also means that roles and permissions can be securely delegated to individuals. Look for a solution which offers user management (or integration with a directory service), the ability to assign users to roles, the ability to associate roles with devices, and granular permissions to perform actions on associated devices. Also look for workflows to manage communication and coordination between users.
IT Ops Integration. Avoid silo’d management applications. Look for a solution which is integrated with other IT management applications like network, server, storage, and VM monitoring. Keep an eye on which offers two-way API access to management objects.