What Is Network Configuration Management? – How It Works
As an infrastructure or network manager, configuring your expansive IT network can be a headache. Not only do you have to keep your network devices running efficiently, but you have to ensure that your entire estate is compliant with your company’s controls and policies to safeguard your network. This is why a strong network configuration management process and supporting tool are essential to your success.
What Is Network Configuration Management?
Network configuration management is the process of regularly monitoring and implementing configuration changes to network device elements like IP addresses, programs, default settings, and versions. The primary goal of network configuration management is to ensure that your network operates securely and efficiently.
Network Configuration and Change Management (NCCM)
Network Configuration and Change Management (NCCM) is the process of methodically and systematically controlling and managing changes to network infrastructure. This involves changing, detecting change, and logging change so that businesses can easily identify the difference between their current network configuration and archived versions. NCCM can show which lines have changed, what they were, and what they are now.
In many NCCM systems, an automated report can be generated to show any time a change happens. This type of reporting is essential to guarantee that modifications don’t interfere with the network’s regular operations and that any dangers are minimized.
Change Authorization (Human In-the-Loop)
Configuration management in network management allows for relatively arbitrary scripting of logic and running of code. Usually, it is geared towards automating a conversation with network devices over the secure shell (SSH) linked to the console. This allows network configuration tools to perform anything that an administrator would be able to perform by logging into the device over SSH, asking for information, and instructing it to make config changes. This replaces the need for human identification and updating of network configurations.
Conversations with devices can be automated to improve speed, consistency, and scalability of changes you want to apply to device configurations. It can be done to more than one device or more than one port on multiple devices through network configuration management software.
The risk in this process is that automating network config changes could lead to unexpected results. A change authorization process is sometime present with NCCM tools to keep humans in the loop. Having a network admin weigh in on recommended changes can help minimize unexpected outcomes, maximize your policy compliance, and decrease network downtime!
Configuration Management in Virtual Networks
There are physical network appliances or virtual network appliances (software) available, but there is typically no difference between managing virtual and physical appliances. An example of a virtual product is a Palo Alto virtual firewall that can be bought as a physical device or as software.
Configuration Management in Network Security
One of the most important components of keeping a safe and functional network environment is configuration management in network security. To ensure that network device, system, and security mechanism settings comply with security policies, best practices, and compliance standards, you must methodically manage and regulate those configurations.
Network configuration management and firmware management go hand in hand since network device firmware is essential to the overall efficiency, security, and function of a network. Firmware updates are systematically applied, tested, and documented in a controlled manner, minimizing risks associated with outdated or vulnerable firmware configurations.
Network Configuration Management vs. Network Configuration Monitoring
Depending on your tool of choice, network configuration monitoring can be thought of as a subcategory of network configuration management.
For example, within Entuity, Park Place’s Network monitoring software, network config monitoring uses the same communication automation engine to perform conversations to devices with the intent of instructing them to retrieve their configuration file(s). These files can be pulled back to the network configuration management software for analysis and potential archiving. This allows for the automated archiving of configuration files with a history of changes.
Entuity keeps a back copy of older network configurations when the changes were detected since recent versions of configurations can change regularly. This allows files to be available for viewing within the console and allows archived copies to be retrieved. For example, reinstalling an older copy so that the configuration version can be effectively rolled back is available.
This is also important in case of hardware failures which require a device replacement. A copy of the most recent configuration on the failed device is needed for installation on the replacement. The automated archive of configurations is essential in case it’s needed at a moment’s notice.
How to Evaluate Network Configuration Management Tools
Selecting the network configuration management suite that best suits the requirements of your company requires careful evaluation. An informed decision is based on functionality, features, ease of use, scalability, security and more.
1. Reporting capability
Reporting is tied into configuration management and monitoring; a list can be gathered of all the devices for which your company is monitoring configurations and tell which ones are currently failing. There are policy checks on which devices are failing to upload configuration files, and which are successful.
2. Vendor-Specific Vs. Multi-Vendor
A differentiator in the marketplace is that some network device configuration management tools are available from hardware vendors, and they are only applicable to that vendor’s equipment. Then there are tools available from third parties not affiliated with the vendor (like Entuity) which are multi-vendor in scope.
Today, if a company already has a certain vendor’s equipment, then there’s a temptation to go with their software. If there is any possibility that new equipment might be introduced, either because of a personal decision or because of a merger or acquisition, this will make it difficult to address the wider set of device requirements.
3. Policy Compliance Monitoring
Network configuration compliance implies checking against a centralized company policy. Every company has policy-checking capabilities which allows checking for patterns in the existing configuration files. If a required pattern can’t be found, an alert is raised. Alerts may also be raised if a pattern exists that should not, as this could lead to a security problem.
An example of this is a public community string in SNMP. If a public community string is being used, that is breaking the first rule of network device security. The same goes for management protocols; the default access password should never be put on a production device because it is a security hazard.
The policies can be adjusted and defined by the customers and can be done individually on different devices if required. This is a way of picking up problems that are introduced by configuration changes that have gone unnoticed. Every time configuration files are uploaded from a device, a policy check is performed and any deviations from the design policy rules will be reported.
4. Automated Remediation/Rollback of Policy Failures
Network Configuration Change Management (NCCM) covers detecting change but also remediating policy failures using techniques such as rolling back to the most recent “good” configuration. So, if someone would make a change that failed the policy check, it would automatically roll back to the previous version.
Historically many organizations do not want administrators automating changes being made to their configurations, but different organizations have different opinions about automation.
Network Configuration Management Services at Park Place Technologies
Park Place Technologies can effectively manage network configurations for your company while prioritizing compliance, security, and network operations. By implementing a network configuration management service, network administrators have more time on their hands for digital transformation projects which lead to a stronger data center.
If you have in-house talent and are looking for an award-winning enterprise network management software, Entuity SoftwareTM is the solution for you.
Alternatively, if your team is already stretched too thin, our IT infrastructure management services can help eliminate your IT chores. With the help of our powerful monitoring technologies and our 24×7 Enterprise Operations Center (EOC) engineers, we will keep an eye on your network assets and apply updates and critical maintenance on a regular basis.