Happy Monday Everybody!
In my last two blog posts we talked about network configuration management. I talked about my previously experience with various tools and techniques, and how my needs have changed over the years as my job and networks evolved. We then went into a kicking the tires exercise and talked about one scripting-based methodology for performing basic configuration archival, and hopefully gave you a glimpse of just a small sample of things that are possible with network configuration management techniques. In this post, I’d like to talk about some of the benefits for implementing a network configuration management solution, types of information you can collect, and how we can use this information that we’ve gathered.
First and foremost, one of the areas of focus we commonly explore with a network configuration management strategy is that of configuration archival. This can be something as simple as daily or weekly configuration backups into a repository for ‘just in case the device dies’ recovery, or it can be far more complex and deal with being able to go back in the past and review prior configuration revisions, whatever the reason. I can’t tell you how many times I wish I had a reference point for how something used to work. Even configurations I created myself as much as a decade or more ago can have value in the things I do today.
Bulk Change Deployment
Don’t think of configuration management as being a one-way task. It’s not just about pulling information from devices, but can be a very valuable tool for pushing configuration to devices. When I left a previous company where I had been for 8+ years, it would have been negligent had the employer not insisted that all critical passwords be changed. The keys I held to that environment were pretty powerful. I hate to laugh about it, but we didn’t have the best configuration management tools in that environment, and somebody had to manually touch a few hundred devices and change passwords. With a little bit of scripting, or an off the shelf product, that task could have been greatly simplified. Deploying even the most trivial or the most advanced of changes using a configuration management solution can pay off in spades.
Maintaining Standards / Detecting Unauthorized Changes
Especially if you have a mid-size or larger network, it’s likely that you employ some sort of ‘configuration standards’ or configuration consistencies that need to be maintained across a multitude of devices. Maybe this policy based, or maybe it’s purely technical in nature, but with proper configuration management tools, you can audit your devices and make sure that things are being done ‘the way we planned’. This can go a long way in ensuring operational availability of your environment. You can also use this same logic to detect when policy violations may have occurred by detecting anomalous configurations.
Assist with Inventory Management and Asset Control
Finally, but certainly not the least important, a network configuration management strategy can greatly help audit device inventory and assist with asset control. Being able to pull a list of all active devices on your network sure helps come maintenance renewal time. Don’t ask me how many times I’ve had to have an engineer perform a physical inventory because we weren’t 100% sure of what was installed in a particular location.
I’ve touched on many of the network configuration management benefits and key pieces of information that I use in my operations – tell me about yours, how you use the network configuration management tools that you have implemented in your network, and how it benefits running your operation.