In Network Configuration Manager 7.6, we introduced the ability to use NCM to upgrade the firmware for Cisco IOS devices.  With NCM 7.7,  we added support for upgrading the firmware for Cisco ASAs, and if you've seen the NCM WWWO, we're looking to extend this capability even further.

 

That said, do you have questions about how NCM's Firmware Upgrade feature really works?  What do the "Collect Info" commands do? What about the "Upgrade" commands? Which commands are optional? And have you ever wondered how NCM uses the results from each command?

 

Wonder no more - introducing the new, hot off the virtual press NCM Firmware Upgrade Guide. Enjoy!

The SolarWinds NCM team wants to learn how you manage your Access Control Lists (ACLs).  Please take our survey - for completing it, you will receive 500 Thwack points after the survey closes on Friday, 4 August 2017.

 

Please click here to start the survey:

Access Control List management survey

SolarWinds Network Configuration Manager (NCM) 7.4.1 Hotfix 3

 

Hotfix 3 addresses the following issue:

  • NCM Cannot connect to Fortigate devices running FortiOS v5.2.5 and newer.

 

Notes:

  • This fix is applicable to NCM 7.4.1 only.

 

To install SolarWinds NCM 7.4.1 Hotfix 3:

  1. Stop all Orion services.
  2. Back up the existing files (wodKeys.dll and wodSSH.dll) from the C:\Program Files (x86)\Common Files\SolarWinds folder
  3. Replace C:\Program Files (x86)\Common Files\SolarWinds\wodKeys.dll and C:\Program Files (x86)\Common Files\SolarWinds\wodSSH.dll with the binary from the Hotfix zip package.
  4. Start the Orion services.
  5. Repeat these steps to install the Hotfix on all polling engines.

 

To uninstall SolarWinds NCM 7.4.1 Hotfix 3:

  1. Stop all Orion services.
  2. Replace C:\Program Files (x86)\Common Files\SolarWinds\wodKeys.dll and C:\Program Files (x86)\Common Files\SolarWinds\wodSSH.dll with the original wodKeys.dll and wodSSH.dll files from backup.
  3. Start the Orion services.
  4. Repeat these steps to uninstall the Hotfix on all polling engines.

SolarWinds Network Configuration Manager (NCM) 7.4.1 Hotfix 2

 

Hotfix 2 addresses the following issue:

  • Download config job may crash if config does not contain standard characters.

 

Notes:

  • This fix is applicable to NCM 7.4.1 only.

 

To install SolarWinds NCM 7.4.1 Hotfix 2:

  1. Stop all Orion services.
  2. Back up the original file: c:\Program Files (x86)\SolarWinds\Orion\NCM\SWConfigTransfer8.dll.
  3. Replace c:\Program Files (x86)\SolarWinds\Orion\NCM\SWConfigTransfer8.dll with the binary in the HotFix 2 zip package.
  4. Start Orion services.
  5. Repeat these steps on all polling engines.

 

To uninstall SolarWinds NCM 7.4.1 Hotfix 2:

  1. Stop all Orion services.
  2. Replace c:\Program Files (x86)\SolarWinds\Orion\NCM\SWConfigTransfer8.dll with the original SWConfigTransfer8.dll.
  3. Start Orion services.
  4. Repeat these steps on all polling engines.

We have been working hard to bring another bulk of enhancements to the Network Configuration Manager (NCM) and NCM 7.5 Beta is available. We have been working on:

  • Additional F5 LTM & GTM Support (Including Binary Config Support)
  • Compliance Reports (security best practices) for various vendors
  • Usability Improvements

 

To get access to the Beta, you need to be a customer on active maintenance for NCM and sign up here.

 

You can discuss your experience in the NCM Beta Forum.

 

As an added incentive, Beta users who submit feedback will receive 2,000 Thwack points to buy swag at the Thwack Store.

SolarWinds Network Configuration Manager (NCM) 7.4 Hotfix 2

 

Hotfix 2 addresses the following:

  • New device template for Allied Telesis devices.

 

Notes:

  • Hotfix 2 requires SolarWinds NCM 7.4.

 

To install SolarWinds NCM 7.4 Hotfix 2:

  1. Extract the file "Allied-Telesis-1.3.6.1.4.1.207.1.14.109.ConfigMgmt-Commands" from the Hotfix archive.
  2. Log in to Orion Web Console as a user with admin rights.
  3. Click Settings.
  4. Under Product Specific Settings, click NCM Settings.
  5. Under Advanced, click Device Templates.
  6. Click Import.
  7. Click Choose File, and select the extracted file "Allied-Telesis-1.3.6.1.4.1.207.1.14.109.ConfigMgmt-Commands."
  8. Click Submit.

 

To assign the new template:

  1. Select the Allied Telesis template in the grid.
  2. Click Assign to Nodes.
  3. Select the correct nodes, and click Submit.

SolarWinds Network Configuration Manager (NCM) 7.4 Hotfix 3

 

Hotfix 3 addresses the following:

  • New device template for Huawei Quidway S2700 devices.

 

Notes:

  • Hotfix 3 requires SolarWinds NCM 7.4.

 

To install SolarWinds NCM 7.4 Hotfix 3:

  1. Extract the file "Huawei Quidway S2700-1.3.6.1.4.1.2011.2.23.123.ConfigMgmt-Commands" from the Hotfix archive.
  2. Log in to Orion Web Console as a user with admin rights.
  3. Click Settings.
  4. Under Product Specific Settings, click NCM Settings.
  5. Under Advanced, click Device Templates.
  6. Click Import.
  7. Click Choose File, and select the extracted file "Huawei Quidway S2700-1.3.6.1.4.1.2011.2.23.123.ConfigMgmt-Commands".
  8. Click Submit.

 

To assign the new template:

  1. Select the Huawei Quidway S2700 template in the grid.
  2. Click Assign to Nodes.
  3. Select the correct nodes, and click Submit.

SolarWinds Network Configuration Manager (NCM)

Compliance Simplified

 

                Security is at an all-time high for many network engineers.  Either being asked “are we good?”, “How’s our security policies?”, or “Hey do we have any security policies in place??”  We wanted to be able to resolve these questions and back them with reports to prove your network is compliant!

 

I’ve been working on an ebook to help unlock the mystery within NCM. Something that would help users and prospects to reach their full NCM potential. The attached documents are simply a chapter from this book that will help simplify compliance once and for all. 


In the Compliance Head Geek episode we went over basic to advanced ways of using this feature.  However, if you really want to dive in then please download the provided compliance documentation and follow the step by step with screenshots.


I've even provided a RegEx help document to bridge a gap from beginner to advanced users.  This will help you to fine tune your searches and get the matches you need.  You could say I have been in a cave for a long time writing and screenshotting…  Seriously, it’s been intense!


The ultimate goal behind these documents is to provide users information that can be used at any level of product knowledge.  Standardization and security needs is a perfect place to start with NCM in general.  These guides will help you to leverage the power of NCM through compliance remediation reporting.


  • Compliance Reports Simplified
  • RegEx Help

 

If you're curious about compliance or other features, then by all means download a free 30 day trial and check it out today!



Thank you,


~ Dez

SolarWinds Network Configuration Manager (NCM) 7.4 Hotfix 1

 

Hotfix 1 addresses the following issues:

  • You do not receive real-time notification email messages after upgrading.
  • Your real-time notification rules no longer work.

 

Hotfix 1 modifies the following files on the SolarWinds NCM server:

  • %ProgramFiles%\SolarWinds\Orion\NCM\SolarWinds.Cirrus.BusinessLayer.dll
  • %ProgramFiles%\SolarWinds\Orion\Information Service\3.0\SolarWinds.Cirrus.BusinessLayer.dll

 

Notes:

  • Hotfix 1 requires SolarWinds NCM 7.4.
  • Install this hotfix on your primary NCM server and any NCM additional pollers.

 

To install Hotfix 1:

  1. Log on to the SolarWinds server hosting your NCM installation as an administrator.
  2. Use the Orion Service Manager to stop all SolarWinds services as follows:
    1. Start the Orion Service Manager in your SolarWinds Orion program folder (SolarWinds Orion > Advanced Features > Orion Service Manager).
    2. Click "Shutdown Everything".
  3. Make a backup of the following files:
    • %ProgramFiles%\SolarWinds\Orion\NCM\SolarWinds.Cirrus.BusinessLayer.dll
    • %ProgramFiles%\SolarWinds\Orion\Information Service\3.0\SolarWinds.Cirrus.BusinessLayer.dll
  4. Extract and copy SolarWinds.Cirrus.BusinessLayer.dll from the Hotfix archive to the following locations:
    • %ProgramFiles%\SolarWinds\Orion\NCM
    • %ProgramFiles%\SolarWinds\Orion\Information Service\3.0
  5. In the Orion Service Manager, click "Start Everything".

 

You should now receive real-time notification email messages and the real-time notification rules work as expected.

 

To rollback Hotfix 1:

  1. Use the Orion Service Manager to stop all SolarWinds services as follows:
    1. Start the Orion Service Manager in your SolarWinds Orion program folder (SolarWinds Orion > Advanced Features > Orion Service Manager).
    2. Click "Shutdown Everything".
  2. Replace the following files with the backups you created:
    • %ProgramFiles%\SolarWinds\Orion\NCM\SolarWinds.Cirrus.BusinessLayer.dll
    • %ProgramFiles%\SolarWinds\Orion\Information Service\3.0\SolarWinds.Cirrus.BusinessLayer.dll
  3. In the Orion Service Manager, click "Start Everything".

We are looking at extending NCM capabilities with support for automated workflows. This is a very broad topic and that's why I would like you to tell me about your needs. What tasks would you like to be automated? What is your motivation? Would you invest in product(s) that would really make a difference? Or, have you already invested in one?

 

Please share your thoughts and let me know if you are willing to discuss the details with me -- thwack points are waiting for you .

New Features and Improvements of NCM 7.4

 

In case you missed the first two blogs you can find them here:

  1. Part 1: Leverage more from Network Configuration Manager (NCM)
  2. Part 2: Implementing Security with Network Configuration Manager (NCM)

 

          Cisco Live was definitely a great time and visiting with all of the current customers and soon to be was perfect for this blog.  I was able to see how people were wanting to use the new features and also what they wanted to know more about.  So in this blog we are going to jump into how to use these new features and improvements.  So hold on tight and get your NCM up in front of you to follow with me if you would like!


This blog will cover:

  • Cisco IOS and ASA Vulnerabilities
  • Enhanced Change Approval
  • Device Template Wizard
  • Automatic Compliance Remediation


Cisco IOS and ASA Vulnerability Reporting


          Lets enable this feature now by following these steps:


  1. Login as an admin account for you NCM website. 
  2. Go to the NCM Settings
  3. Scroll to the Advanced Section
  4. Click on the Firmware Vulnerability Settings
    1. You'll see the following screen below
    2. Click the Enable daily auto run of vulnerability matching logic
    3. Adjust time if needed for it to be executed
    4. If on a closed network click the "How to manually import xml files?
    5. Now choose to Run Now so your resource on your NCM summary page will be filled once the scan is complete

(For proxy user information scroll to the comments where this was answered.)

settings.jpg


  5.  The NCM summary resource will populate similar to the below:

 

        1.jpg


   
  6.  From this resource you are able to click in to each vulnerability and see the nodes that are connected to this.

  7.  This is where you will see the web link to the national vulnerability database for each issue and can see the remediation that is needed to resolve.

 

          Now this is where you are able to make your decisions based on your needs.  Some may not be an issue for so you can change these to low priority.  Others may be critical and leave as high priority.  You are able to set these and apply to all nodes or partial nodes.  If you are needing to roll out a change you can sat scheduled and leave comments so everyone can see.  If you need to roll out an IOS update or make a change on the device you can then schedule this in the Jobs and have it to execute your change or use the Config Change templates to remediate the vulnerabilities.

 

Here is a picture of vulnerability that will be applied to one of the devices and scheduled for a later date and time to be resolved:

3.jpg

 

          Pretty simple, huh?  This can be used to help you with any security or company audits to stay ahead of security issues.  You are able to show and track everything you change and comment on through the reports found here:

 

4.jpg

 

          The report will look like the following (notice it tracked my changes that I did above):

5.jpg


          Now you may have heard or known that you can be alerted to potential vulnerabilities.  Here is where you enable this alert so you can adjust and setup for your needs.


  1. Click on your settings top right of your webpage by the logout
  2. Scroll to the Alerts & Reports section
    1. 6.jpg
  3. Click on Manage Alerts
  4. Scroll to NCM Audits
    1. 7.jpg
  5. Scroll through these and find the "Vulnerability State Changed"
  6. Enable this and you are ready to go!
  7. Reports and ability to drill into the vulnerabilities out-of-the-box:
    1. 24.jpg
    2. 25.jpg



         


Enhanced Change Approval Workflow



          PCI compliance is increasing to a two tier approval change approval.  Luckily, NCM has improved this feature to allow you to do this with ease.  While at Cisco Live several people wanted this to be within their company as the more eyes on changes being made the easier it is to prevent human errors and potential downtime.

 

I'm going to go through the process with you here so you know how to use this either for one or two step approvals.

 

  1. Login as a local admin
  2. Go to your NCM settings
  3. Click on the Setup Wizard
    1. 8.jpg
  4. Then choose from the following:
    1. One-level approval
    2. Two-level approval for non privileged users
    3. Two-level approval for all users
    4. 13.jpg
  5. Then click on submit
  6. Here is where your SMTP information is verified or placed if you have not setup this information in the past.  Click submit when completed.
    1. 9.jpg
  7. Now to setup your Admin email information click submit
    1. 10.jpg
  8. User roles
    1. This is were you setup who is approves at level one and/or two.
    2. Click Finish and you are not ready to start preventing change errors!
    3. 11.jpg
  9. When you have this setup you are now able to manage your approvals.  As in my previous blog you will know that you are able to edit the change script or action, Approve, or Deny at any level.  You are able to do this also with comments and send to the requester for their information and learning benefits.
    1. 12.jpg
  10. Reports are useful for tracking changes
    1. 26.jpg
    2. 27.jpg



Device Template Wizard



          This is technically my favorite new addition to NCM!  This is because use to in order for you to create a device template for a device that was not out of the box (around 100 device templates included with NCM) you would have to call in or create a support ticket. Some knew how to adjust the templates and would manually do this themselves as well.  Not anymore!

 

          So when would you use this feature?  If you have a device that currently is not being recognized or if you are unable to get a device to download that is when you would use this feature of NCM.

 

 

        Let me walk you through how to use this:

 

  1. Login as admin and go to the NCM settings
  2. Scroll to the advanced location
    1. 14.jpg
  3. Click on the Device Templates
  4. From here you are able to choose add new or edit an existing template
    1. Edit one if it is similar to a device that you know of
    2. Don't worry we will not let you overwrite out of the box templates 
    3. For my example I am going to choose "add new"
      1. Using Interactive Wizard
      2. 15.jpg
      3. You can choose XML if you are familiar with the template process, however I caution you on this if you have not done this in the past.  Slight errors can cause the template to not work.
    4. Now I will choose the device I am wanting to work one on one with and create a template for and click next
      1. Even if the device shows up as unknown you can choose it as this is commands for the device
      2. 16.jpg
    5. Specify what I want the template used for and click next
      1. 17.jpg
    6. Here is where I place my access info for the device
      1. For additional login etc I have clicked the advanced portion to give more options
      2. 18.jpg
    7. I can also test my access from here and see the output section so I can adjust if needed.
      1. 19.jpg
    8. Now I can place the information needed for the downloading and/or executing scripts that I choose in Step 7
      1. 20.jpg
    9. I can verify these as well with the test feature then click next when satisfied
    10. Here I can save my template and assign to the nodes I want it to be used by
      1. 21.jpg
    11. Ability to fix connections from configuration management tab
      1. 29.jpg

     

     

              Pretty simple!  People have also told me they use this for one on one troubleshooting on connecting with devices.  I'm sure you will find this just as useful as well for your operational needs.

             

     



    Automatic Compliance Remediation

             


              Why would you use automatic remediation on out of compliance reports?  Well as I have stated before the compliance reports are a huge opportunity for everyone not just healthcare, federal, or PCI auditing businesses.  You are able to use this with your own security policies by setting up your personal compliance reports.  Or pick and choose from existing to create a report that suits your needs.


              Standardization of configurations is something several people use the compliance reports for.   Sometimes the simplest things that can cause your network to be in trouble or for you to lose a bonus check...  Example, customer stated he had to have a legal banner on all network devices.  He assumed he had all of this.  However, when randomly checked he did not have the banner on all of the devices.  I showed him how you can setup an automatic remediation to his banner report so he doesn't have to worry about that again!


    Since I have covered compliance reports in the past I am going to show you the new addition to these by using the automatic remediation.


    1. Go to your Configs Tab>Compliance ( you can also manage from your NCM settings)
    2. Click on the "Manage Policy Reports"
      1. 22.jpg
    3. Now to adjust a remediation where do you go?  Yes manage Rules!
    4. Fill in the criteria you want
      1. Mine is going to be looking for a banner
    5. Place the script to remediate the violation
    6. Now I will enable for automatic remediation
      1. 23.jpg
    7. I can now submit
    8. Then I can add a new policy and choose the Rule I created, or add the rule to an existing policy
    9. Then create a new report and add the new policy or use one that had the existing policy that I just added the rule to.
    10. Now anytime the report is ran it will automatically remediate the banner!  I can schedule the report to be ran in my jobs.

     

     

              The compliance reports are easy to use and completely broke down.  Just remember the following tips:

    • Rules are specific and have a remediation set to them
    • Gather rules to create a Policy or add to existing policies
    • Create a new report to include policies or add policies to existing reports

     


              I hope this information has been useful for you.  There will be an ebook coming on common uses and implementations of NCM I'll keep you posted on when it will be available.  The poll is still open for voting until June 24th so vote vote vote!  Ebook poll voting


              For further questions or how to's please comment below as I would be happy to assist on any of the topic we went over above.  Compliance remediation, device templates, enhanced change approval, and of course vulnerability reporting.  You can also add me  as a friend and message me any topics you would like to know more about and I will create some step by steps for you and others so we can have you fully using NCM!


    ~Dez

    Twitter @Dez_Sayz


    Update, currently working on ebook\ecourse and the poll is now being archived.

       

    Implementing Security with NCM

    Blog 2



    Security threats are growing every hour and frankly every minute…  I remember my first security class and my instructor telling us “Hacking at all levels just takes time, willpower, and egos. If you think you can secure your server take it to DEFCON and wait”. 


    Needless to say we did this and everyone’s server was easily hacked into. (Was there a doubt...) So from that point on I was pretty confident security was a myth or a false sense of security.  Until, I realized the most common attacks are on the simplest of overlooked mistakes!


    Eureka, this brought me to pursue ways to block out easily forgotten open gateways. That’s security being able to have a checks and balances in place to ensure that even the little things are not being accidentally overlooked.

     

    This is where SolarWinds Network Configuration Manager (NCM) becomes a crucial piece to the bigger puzzle in security.  There are many ways to use NCM for added security with Automation backups, Real-time change notification (RTN), Change Approval, and Compliance Reports for your company’s security needs, management of policies, and reports that instantly provides you value from your product. 


    This blog should jump start your security uses with NCM by leveraging these features together.  Next week’s blog will be over NCM 7.4 release and showcase some of the new additions and uses!


    Automation Backups

    First we should setup a scheduled job to back up your network devices.  To do this open your website to the configs location and click on “jobs” from the toolbar.  Here you can check the weekly or nightly config backup and edit to your liking. 


    Jobs View

    1.png

    Some Engineers may only want certain devices while others will setup all devices within NCM.  This is really up to you as the Engineer.  Once you have this enabled and scheduled we will turn on your Real-time change notification (RTN). Here is link to how you can do this: Enable Real-time Chance Notification


    Real-Time Change Notification

    RTN allows you as the Network Engineer to be on top of any changes to your devices. Giving you automatic notifications and the ability to revert these once they have been made.  This can help against errors, sabotage, and defective equipment. 


    When you are focusing on network security you need to make sure that changes are correctly being made and accounted for.  The built in auditing of who made the change and when also allows you to audit who is on your network and what they are doing.


    Real-Time Change View

    2.png


    Change Approval

    This leads me to the next part of great security practices, Change Approval Systems. You may ask why this would be such a great security tool or you may be thinking “OF COURSE”.  Either way implementing an approval system is key to securing your network right out of the box with NCM.


    There are more requirements coming down the pipeline to businesses where change approval has to be bare minimum one tier.  This is because it vastly decreases your chances for human error that can cause horrible network issues and downtime.  If there is even a slight bit of a chance you can prevent unauthorized or incorrect changes on your network, then I’d say that is a win for all network engineers.


    You are able to set this up quickly with the approval setup wizard found under the NCM settings>Config Management Change Approval>Setup Wizard (bottom right of the NCM settings page).  This will take you through a step by step implementation of activating your approval system.


    Setup wizard location:

    3.png

    Once complete you now have email alerts and website resources that bring yourself or a different approver aware of a change to be made.  From the website resource of “Pending Approval List” you are able to see all pending and past changes.

     

    So in essence you are able to prevent unexpected config changes that could cause downtime.  Which is a great investment in your network reliability since downtime cost more and more as applications and services are being used within more businesses.


    From the pending location you are able to now view the change completely. You have choices you can make as an approver like view the script or change being requested, Edit the script if you notice it is incorrect or perhaps needs just an extra line of commands to make it official, approve this to be executed immediately or schedule to be made at a later time.


    Change Approval View

    5.png

    Compliance Reports

    Since we have the basics enabled lets dive into the compliance reporting.  These are key on monitoring your configurations for security errors, standardization of configs, and are fully customizable to adhere to your organizational needs.  If you are being audited or foresee this in your future, NCM takes the burden from countless hours of manually auditing your configs or piecing together programs to provide this information accurately.


    Choose the Compliance portion of the Config toolbar and you will see out of the box best practices and awareness of compliance reporting.  I will be focusing on the “Cisco Reports” for this blog to get your feet wet in the compliance realm. 


    When I click on the Cisco Reports folder I see two that populate Cisco Policy Report and Cisco Security Audit.  Check the policy report and then click the “view report” above.  Notice this will bring up your report and show you any violations.  If you click on the red x violation and you are presented with remediation options. How easy is that?


    From this Violation Details popup you are presented with 3 options.  1. View the configuration of the device that’s config was found out of compliance.  2. Execute remediation Script on this node.  3. Execute remediation Script on all nodes in violation.


    Compliance Report View

    6.png


    This is valuable and time saving for a few reasons.  For instance, you are new to a company and you’re wanting to bring things up to date or verify best practices currently within your environment. Standardization is key to efficiency on networks and you now have a way to carefully adjust and bring your configs to standardization with the help of these reports.


    What if you are handed a new security policy that has to be enforced? NCM is fully customizable to your needs. You can edit an existing report or create a new report.  This allows you to manually setup your own rules to be checked against your configs. Then you are able to set a group of rules as your own policy.  Once this is complete move the policies and or rules to create a report that you need for your company.  Implement and run to verify your configurations and you’re done!


    The customization and ease of implementation allows you to stay on top of your network needs in the ever changing security realm.  Compliance is a great defense for you company to ensure standardization, security, and reporting for auditing.

     

    How can you set remediation scripts:

    • Click on compliance from toolbar
    • Then Manage policy reports

    8.png

    • Click on manage rules
    • then choose are rule and click edit
      • or create a new rule

    9.png

    • Scroll to remediation
    • add script to match your need to the rule

    10.png

    Security policies are only as good as the ones in place.  Time to dust off the policy book and start implementing and maintaining your network with the help of NCM’s security features like Real-time change notification, Change approval, and compliance reports.


    Don’t miss next week’s blog on 7.4 new features and improvements.  Not to spoil anything, but there is more security and better troubleshooting coming your way! 

     

    Tell me about your uses with NCM and Security as I would love to hear from everyone!  Also, comment on any ideas you have or things you want within NCM that helps or would help your security needs.

     

    ~Dez

    I am happy to announce General Availability (GA) of SolarWinds Network Configuration Manager (NCM) v7.4. This version includes the following new features and improvements:

     

    • Cisco IOS and ASA Vulnerability Reporting
      NCM uses Cisco IOS and ASA firmware and configuration vulnerability data from the National Vulnerability Database to record which nodes in NCM are vulnerable. This information is available in a new Firmware Vulnerability resource and as a report.
    • NCM Entirely Web-based
      The NCM desktop application is no longer available and all functionality has migrated to the SolarWinds Orion Web Console.
    • New Compliance Reports
      • You can run over 60 Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) policy reports, preconfigured with the necessary rules and policies.
      • You can run National Institute of Standards and Technology Federal Information Security Management Act (NIST FISMA) and Payment Card Industry Data Security Standard (PCI DSS) reports.
    • Device Template Wizard
      • Create and edit device templates using the new, web-based Device Template Wizard in the SolarWinds Orion Web Console.
      • All templates from previous versions of NCM are migrated to the SolarWinds Orion database during an upgrade.
      • Access templates that other SolarWinds users share through thwack directly in Device Template Management.
    • Enhanced Change Approval Workflow
      The NCM approval system allows three different workflows:
      • Use a one-tier approval workflow to submit configuration changes to an NCM administrator.
      • Use a non-privileged, two-tier approval workflow to require non-privileged users (any user with the WebUploader role) to submit configuration changes to two different approval groups.
      • Use an inclusive, two-tier approval workflow to require all users to submit configuration changes to two different approval groups.
    • Web-based Reports
      • Create and edit reports using new, web-based reports.
      • NCM now uses Orion Platform reports (HOME > Reports) instead of the NCM reporting pages (CONFIGS > Reports).
      • Previous reports are not migrated to the web-based reports system and can no longer be edited after an upgrade.
      • Schedule reports with the Orion Report Schedulers instead of the NCM Run Report job.
    • Policy Violation Remediation
      You can automatically remediate violations in a device configuration on multiple nodes using a script.
    • Web-based Alerts
      • Create and manage alerts using the web-based alerting engine.
      • Alerts created using the desktop-based alerting engine are automatically migrated to the web-based alerting engine.

     

    More details can be found in the Release Notes and in the RC blog post: Network Configuration Manager v7.4 Release Candidate is Available!.

    Configuration Change Management Software is more than backing up configs!

    This will be a three part series focusing on NCM

     

    Fast Forward to Part 2 Here 

    Don't Miss Out on Part 3 Here

     

     

                    Generally speaking we all should know that backing up configurations and being able to see when a change was made is crucial to network infrastructures.  But what happens when you have the basics done like automation backup and real-time change notifications?  Has it just become the infamous saying of “set it and forget it”?  The answer is NO!  There is a whole world to SolarWinds Network Configuration Manager (NCM) that is just waiting for you to use in your everyday work life. 


    This blog will focus on some of the "out-of-the-box" features that are available like:

              • Asset Management
              • Change Approvals
              • Script Management
              • Compliance Reports
              • Troubleshooting
              • End-of-Life/End-of-Engineering


              with a quick overview on their uses.


    The next blog will be more in depth on setup and uses for your security needs and how NCM has your back!  The third one will focus on 7.4 with more in depth information on how to use the new features.


              I'm hoping you have the basics of nightly backups and real-time change notifications (RTN) setup.  (Crossing fingers, but if not here is the tech tip on setting up your RTN Enable RTN)  So let’s get started.


    Asset Management:

    Let’s talk about a network inventory.  Seems boring but what does this really provide you?  Asset management, ugh, I know it’s a dreaded word that provokes thoughts of monotonous, tedious, and timely work! 


    Stop wasting hours of punching numbers and gathering information.  Use NCM to run a nightly inventory or a one time inventory to gather information like Model, Serial, IOS version, cards in routers, chassis switches etc.  BOOM, you freed up your time instantly by using what you already have. 

    Use the Cisco inventory and route tables to help you quickly see neighbors and routing information on your monitored devices.  IOS image lists and memory pools also offer you detailed information to help you know what you are working with in your environment.


    Inventory view

    Inv.png


    Change Approval System

    Prevent unexpected downtime or incorrect roll outs BEFORE they happen.  Wait… did she seriously say prevent downtime?  Sure did , with NCM’s Change Approval you can be emailed when someone on your team is wanting to change a configuration on the network you’re responsible for.  Once you have the email you can login to the NCM web site and then see the change that is being requested, edit, approve, or deny it.  Now you have instantly prevented issues before they even happened.


    Change approval is more than preventing errors.  This can be a valuable training tool for your team. Stopping and preventing potential issues and\or errors allows you to teach\coach the person that was making the change to prevent future endeavors. 


    This is crucial in fast pace environments that are consistently growing with new devices and protocols.  It’s always better to teach and learn from almost mistakes then scrambling around recovering from them.

     

    Change Approval View

    CPV.png


    Script Management

    How about NCM’s script management?  I’m sure you and your team have an arsenal of scripts you use daily or even certain policy updating scripts.  With script management you are able to store, name, edit, and use scripts from within NCM. 


    You can access these for compliance remediation (more on compliance in a moment), jobs to be scheduled, configuration templates, and even from the node details.  Gone are the days of saved notepads or google searches.


    Script Management View

    SM.png


    Compliance Reports

    Compliance Reports benefit more than just Government and Healthcare companies. All networks should take security as a priority and be able to show they are secure.  NCM helps you do this seamlessly with detailed customization to fit your organizational needs.  Use the reports out-of-the-box to quickly assess your network configs to common standards we have gathered. 


    You can also customize the existing reports or create your own.  Take your security policies and create your own rules to look for and use for policies.  Then you’re able to report on these as a whole and remediate any out of compliance issues.


    The compliance reports are queried against your configurations within NCM. This helps you with standardization and security compliance by knowing if a command or verbiage is present or not. Talk about instant security and auditing checks available within your product.


    Being ahead of the game or even if you’re catching up, NCM eases you into compliance and takes the frustration out of auditing.  Remediation by using scripts already stored also helps you to quickly address any out of compliant needs efficiently from the same report.


    Compliance Report View

    CR.png

    Troubleshooting

    What about the need for troubleshooting network issues while they are happening?  Would NCM be beneficial in assisting you in anyway?  The answer is undeniably, yes!  You are able to use CDP neighbors, ARP information, routing configs, and run your show commands instantly from within the product. 


    This is the perfect product to use for troubleshooting network devices as this is where all your data is being stored already.  You can see past implementations, monitor any changes, monitor the effects of changes, and use for recovery of devices in failure.


    Troubleshooting View Example

    TV.png

    End-of-Life/End-of-Engineering

    How many times does upper management refuse your budget for device refreshes, but then 3 months later when you can’t get support (because the box is now 3 years past EOL) they blame YOU for not making it clear? That’s why EOL and EOE reports are so valuable.


    With almost NO effort from you, you can generate a detailed report of all (or part) of your inventory and when those devices WILL BE falling out of maintenance. That allows you to escalate potential support issues before they happen, and plan budgets accordingly.


    EOE/EOL View

    eol.png

     

     

    As you can see your basic Network Configuration Change Management (NCCM) needs are more than backing up and change notification.  There are features like Change Approval, Compliance reports, and Troubleshooting within NCM that are begging to be leveraged.  Even if you’re currently not tracking or using these features it’s time to step it up and be knowledgeable on your infrastructure.


    Which leads me to my next blog which will be over the dreaded word, security… We all know we need it, but how can NCM help you to implement and maintain security?  I will drill in to some of the security features like Real-time change and Change approval within NCM and how to implement and use these together among other features.  Typical use cases and ideas on why you would want to use these features among your environment.


    If there is specific topic that you would like to learn more about please let me know.  I would be happy to dive in to those and post step by steps and how to's for anything related to NCM. 

    We have reached the Release Candidate (RC) status for Network Configuration Manager (NCM) 7.4. RC is the last step before general availability and is a chance for existing customers to get the newest functionality before it is available to everyone else.

     

    Update: NCM v7.4 RC2 is available on customer portal. Please note that an NCM server host with SolarWinds NPM installed cannot install or upgrade to NCM 7.4 RC2 until the NPM is ugraded to NPM 11.5.2 RC1. More details can be found in NCM 7.4 RC2 is Available on Customer Portal.

     

    • Device Template Wizard
      Use the web-based wizard to create or edit a device template. NCM stores all device templates in the Orion Platform database instead of the NCM server's local file system.
    • Cisco Vulnerability Reports
      Receive alerts when the latest NIST data indicates a vulnerability in a version of Cisco device software (IOS or non-IOS) running on deployed switches, routers, and security appliances.
    • Compliance Reports
      DISA STIG, NIST FISMA, and PCI policy reports, with all necessary rules and policies already set-up, become available to run after installation.
    • Enhanced Change Approval
      Use a one tier approval workflow to allow any NCM user with the WebUploader role to submit device configuration changes to a single NCM Administrator. Use a two tier approval for non-privileged users to require two NCM Administrators to approve a device configuration change submitted by any NCM user with the WebUploader role. And use a two tier approval for all users to require two NCM Administrators to approve a device configuration change submitted by any NCM user.
    • Web-based Alerts and Reports
      Fully eliminating the NCM desktop application, NCM uses the Orion Platform alerts and reports systems, enhancing NCM's integration with other Orion Platform products.
    • Remediation of Policy Violation
      Automatically or manually remediate violations from within the Policy Report interface for all relevant blocks in a device configuration.
    • Configuration Change Auditing
      Syslog data forwarded from network devices as part of real-time change detection includes the name of the user associated with the change.

     

    Extend and troubleshoot device templates easily

    Device templates have been moved to the database. You can modify the templates in the Web UI and no longer have to replicate them accross your polling engines. Smooth thwack integration was a must!

    In addition, we have integrated a wizard into NCM that helps you develop new templates or troubleshoot problems with the existing ones.

     

    Device-Template-Management.PNG Device-Template-Wizard.PNG

     

    Identify and manage firmware vulnerabilities

    If network security is a concern in your organization, you should definitely use this new capability of NCM -- run a nightly vulnerability assessment based on recent CVE data provided by the National Vulnerability Database (by NIST). NCM will download and process the CVE data in a SCAP-compatible way and will notify you of potential vulnerabilities, provide detailed information and let you take an appropriate action. This security scan works even if your NCM server is not connected to the Internet -- you just have to download the datafiles manually. Complimentary reports are provided out of the box.

    Note: Cisco IOS and ASA devices are supported as of now.

     

    Vulnerability-Report.PNG

    Vulnerability-Manage.PNG Vulnerability-Settings.PNG

     

    Run your favourite regulatory compliance checks out of the box

    Tired of importing the obligatory reports from thwack? No longer a problem! NCM now ships the latest DISA STIG, NIST FISMA, and PCI reports out of the box. The updates also include broader vendor coverage and more detailed checks.

     

    Note: If you upgrade from NCM v7.2.x to v7.4 Release Candidate, these new reports will be missing. The workaround is to upgrade from 7.2.x to 7.3.2 first and then to 7.4 RC. The problem is related to upgrades from NCM 7.2.x only; upgrades from NCM 7.3.x and clean installations are not affected. We apologoize for incovenience and work on solution for the final NCM 7.4 release.

     

    DISA-STIG.PNG

     

    Manage your NCM reports and alerts on the web

    Were you looking forward to the day when you could customize your NCM reports in the web and combine them with information from other modules? The day has come! Not only have we migrated all the existing inventory reports to the Orion reporting engine, but we have also added a decent number of new ones. The same applies to alerts.

     

    Web-Reports.PNG

    Web-Alerts.PNG

     

    Automatic Compliance Enforcement

    Maintaining your configurations compliance has never been so easy. Just configure the remediation script to be executed automatically! Works for interfaces, too.

     

    Automatic-Remediation.PNG

     

    Ant that's not all -- check Network Configuration Manager v7.4 Beta2 is Available! for other improvements that cannot fit in this post.

     

    RC builds are made available to existing customers prior to the formal release. These are used to get customer feedback in production environments and are fully supported. If you have any questions, I encourage you to leverage the NCM forum.

     

    You will find the latest version on your customer portal in the Release Candidate section.

    SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.