Network configuration management (NCM) is a process that every device on the network is subjected to throughout its life cycle. It spans device discovery, inventory maintenance, configuration backup, monitoring configuration changes, and compliance, tracking user activity, and troubleshooting, by executing appropriate network operations, whenever necessary. If your network environment is handled manually, network configuration management (NCM) becomes a tedious task for admins. But, if network configuration management can be automated according to one’s needs and specifications, it will enhance the efficiency of your network infrastructure many-fold and also reduces the management overhead of admins.
Configuration management is one of those network management topics people often neglect. It’s not very exciting but it’s incredibly important. Administrators rely on network configuration management in a variety of circumstances. Let’s discuss what network configuration is, delve further into the importance of network configuration, and explore the benefits of configuration management.
In this context, the “configuration” of a network device consists of all the commands and settings necessary to set up the functions on that device. If you had to replace the device with a new one, the configuration file contains every piece of information you need to replicate the original device’s functionality.
And that should explain exactly why network configuration management is so important.
The main purpose of configuration management is to allow you to quickly replace the functionality of a piece of network equipment after a failure. If you don’t have a recent backup of that device, you’ll be starting over from scratch to configure a new device based on whatever scraps of functional documentation you can find.
It’s best if configuration files are backed up in a human-readable format to get all the benefits I’m going to talk about in this article, but some equipment only offers binary configuration files.
Most common network devices like switches, routers, firewalls, and load balancers allow you to download some sort of flat text file that looks like the set of commands you’d type at the command line interface.
Text files are the most useful format because you can easily copy them around, store them on file servers, read them, and write scripts that either read them for reporting or create them for mass rollouts.
A primary feature of network configuration management is its ability to replace the functions of a network device in the event of failure. Different network devices save configurations in different formats and finding configuration information can be difficult when a particular device has to be replaced. With a network configuration management system in place, configuration information will be stored in a centrally located server, where device configurations can be easily downloaded.
Devices that rely on a command line interface need a reliable administrator using a standard protocol such as the Secure File Transfer Protocol to obtain the necessary information, but backups can also be automated, often through a third party.
Network configuration can reduce downtime by allowing system administrators to rapidly identify changes being made in the network. It also helps ensure that software versions and hardware components are up to date and comply with licensing agreements. Visibility and accountability are also improved, as system personnel has an easy way to determine the identity of components and software operating on the network.
Network configuration Management tools can be vendor-neutral or vendor-specific. Vendor-neutral tools are more common and are designed for networks containing hardware and programs from multiple vendors. Vendor-specific tools usually work only with the products of a single vendor and can offer enhanced performance in networks where that vendor dominates the market.
Configuration tools can be used for more than just relaunching a device after it fails. Some configuration management tools track configuration data on a daily basis to spot any changes in configuration files, which could reveal cyber threats and potential failures. Network configuration Management tools can be used to create bulk changes. For instance, a company could quickly roll out a blanket password change if password data is leaked. In addition to making changes in bulk, configuration management tools can be used for auditing and reporting. Although they do not display information such as memory or CPU performance, they can be used to display exact firewall rules or VPN parameters.
Network configuration management tools also have reporting capabilities, enabling system personnel to easily track information about network components.
The first use case is reporting. If the configuration management tool does a comparison between yesterday’s backup and today’s, it can immediately show you all the devices that changed and exactly what the changes were.
Is somebody making unauthorized changes to your devices? This is the easiest way to see it. And, if you’re using unique per-user login credentials, you can often see who made the change.
You can also see whether a scheduled change didn’t happen.
One of the things that I use a configuration management tool to do is to create bulk changes. This is a highly useful benefit of configuration management tools. Suppose I need to change the administrator passwords on all my devices because somebody has left the organization (or because I think the password might have leaked). The tool is already logging into every device on a scheduled basis, so pushing out changes is an easy capability to add.
Bulk management capability can also be useful for rollouts. For example, I might need to implement a batch of new switches or turn up several new remote sites. I like to use the configuration management server as a central location for this type of thing.
I should note that I’m often uncomfortable with making changes automatically. I worry that something will go wrong during the update, like a syntax error in the configuration file, or maybe an SSH session will hang halfway through loading the changes.
But I can still partially automate configuration updates by automatically generating the change scripts, and then manually cutting and pasting the commands into the remote devices. This way I can immediately see if there’s a problem.
And sometimes, if I have a lot of devices to update, I’ll manually input the changes like this for a few devices until I’m confident that everything is right, then have the tools do the rest automatically.
When I’m asked to look at a network that’s having stability problems or might just be in need of updates, one of the first things I ask for is a set of all the configurations.
If they don’t have a recent set of configurations, the first thing I do is log in to all the devices and download them.
The configuration files don’t tell you everything. They won’t show you dynamic information like ARP tables or interface error counts or whether the CPU is running high or the memory is running low. But they do give you an incredibly useful snapshot to start with.
The information is also useful for things like security audits. They show the exact firewall rules, VPN parameters, and how the IDS/IPS inspects traffic.
Another benefit of configuration management tools is that they allow you to streamline processes. As your network grows, you need tools that make it easy for you to schedule backups and get alerted when backups fail. You want a tool that provides functionalities so you can search past backups and restore backups quickly.
Automated network configuration management tools can substantially reduce the number of outages caused by configuration errors. This is because these problems often stem from human error in implementation or documentation. Configuration management tools identify changes, audit configurations, and simplify tasks all while automatically documenting any changes made with the tool.
In the case where an administrator applies a change only to realize later that it resulted in a misconfiguration, configuration management tools can roll back changes to previous configurations saving time and resolving issues.
Are you ready to make the most out of your network configuration management?
LogicVedin provides cloud-based network monitoring that offers you all the tools you need to manage today’s IT challenges. We understand the importance of network configuration and make it possible to scale your network management easily and efficiently. Start your free trial today and enjoy automated network discovery, documentation, monitoring, and config backups.