Skip navigation

This post compiles all the information you need to know about the support for DISA STIGs compliance reports, in SolarWinds Network Configuration Manager (NCM). Don’t miss this DISA STIG posting about LEM: DISA STIG Compliance with Log & Event Manager.

Bookmark it and use it to remember everything about Solarwind’s NCM capabilities in this area. We will update and maintain it moving forward.

 

Example of a DISA STIG report checking 150 network configurations in a single click!

image_thumb_0BB31D66.png

 

How to install DISA STIG reports on my NCM?

With NCM 7.x

Just open your NCM 7.x Web interface, go to the Configs tab / Compliance view / Manage Policy Reports.

Go to the "Shared on Thwack" tab and Search for the DISA STIG reports.

Select and Import what you need. More information about the newest refresh, for V8R16 here: How to use the NCM DISA STIG - Cisco.pdf, How to use the NCM DISA STIG - Juniper.pdf.


[For history tracking purpose only: More information about the newest refresh, for V8R14 here.]

[For history tracking purpose only: More information DISA STIG V8R9 Updates about the recent V8R9 update.]

 

NCM DISA.PNG

 

With NCM 6.1

The installation of NCM compliance reports (including DISA STIG) can be done only by the WEB UI of the NPM Integration (this constraint will be removed in the next release of NCM) and requires Internet access and thwack credentials.

If you do not have this integration installed you need to install it before you can import the DISA STIG reports.

If you do not have NPM, you can download for free, an evaluation version of NPM from this page, for the purpose of running the integration module and import the DISA STIG reports.

 

Once you have NPM and the integration module installed an running:

  1. Navigate to the Configs / Compliance view
  2. Click the Manage Policy Reports
  3. Open the Shared on Thwack tab
  4. Select one or multiple DISA STIG reports (use the Search tool to narrow down the content of the window)
  5. You will be asked for your Thwack credentials
    Looking for more information about the recent V8R16 update? How to use the NCM DISA STIG - Cisco.pdf, How to use the NCM DISA STIG - Juniper.pdf.

image_thumb_578ACCA1.png

 

And what if you are not connected to the Internet?

From any workstation that has an Internet access, download the DISA STIGS xml reports from thwack Content Exchange and copy them on a memory stick or any media that allows you to copy them easily on the target NCM computer (that does not have Internet access).

More information about the new package for V8R16: How to use the NCM DISA STIG - Cisco.pdf, How to use the NCM DISA STIG - Juniper.pdf.


[For history tracking purpose only: More information about the newest refresh, for V8R14 here.]

[For history tracking purpose only: More information about the recent V8R9 update: DISA STIG V8R9 Updates.]

 

Then:

  1. Navigate to the Configs / Compliance view of the WEB UI of the NCM integration for NPM.
  2. Click the Manage Policy Reports.
  3. From the Manage Reports tab, select Import and select a DISA STIG XML file.
  4. Repeat the last step for all DISA STIG reports you want to import.

image_thumb_3A54FECA.png

 

Related Thwack postings

 

Support of the reports

As any Thwack content, the DISA STIG reports are not supported and maintained by Solarwinds.

 

As NCM users in the Federal Government (and government IT consultants) configure, modify and update the DISA STIG and FISMA compliance reports so they work better in their unique environments, we hope that changes that would be useful to the community would be uploaded and shared on Thwack.

 

Miscellaneous

  • Please note that the US Army has granted a Certificate of Networthiness (CoN) to NCM V 6.0. CERT-201109082. CoN has also been granted to NPM, APM, NTA and Engineering Toolset.
  • The following SolarWinds products are Common Criteria EAL 2 certified by the NIAP: NPM, SAM (APM), IPAM, NTA, IPSLAM, NCM, EOC. Our Validation ID is 10453
  • You can also find Federal Information Security Management Act (FISMA) / NIST reports for NCM 6.1, on Thwack.com (same installation procedure applies)
  • Did you know that Gartner positions NCM in their research “MarketScope for Network Configuration and Change Management”, Deb Curtis, David Williams, 31 March 2010, ID Number: G00175140, as follows:
    • NCM is the most widely deployed of the products meeting Gartner’s criteria for evaluation (except CiscoWorks)
    • NCM is rated in the top tier (Positive / Strong positive) with the “Big-4”
  • A reference to SolarWinds (NPM) in the SIGNAL Online article “Marines Revolutionize Network In Southwest Afghanistan

Link: http://www.solarwinds.com/resources/webcasts/wan-analysis-best-practices-and-technologies.html

 

Description:

 

WANs or Wide Area Networks are some of the most important networks that we manage today. WANs make up the connections that link our sites together, connect us to the internet, and are usually the ones that cost us the most money. As a result, we’re always trying to increase WAN performance and optimize our investments in this area.

 

During this webcast we’ll discuss best practices and technologies for analyzing WAN optimization and performance. Some of what we’ll discuss will include:

 
      
  • Understanding flow based technologies like NetFlow, jFlow, SFlow, and IPFIX
  •    
  • Leveraging Cisco IP SLA
  •    
  • Measuring performance through WAN optimization technologies and load balancers
  •    
  • Best practices for leveraging all of the above
 

Also during this webcast we’ll demonstrate how each of these technologies is used and discuss the data made available through them.

Date/Time: Thursday July 7, 2011 @ 11:00 AM CDT      

 

GTW link: https://www1.gotomeeting.com/register/567572777

 

Description:

 

Please join us for an exclusive training session on Orion Network Performance Monitor (NPM) and SolarWinds Application Performance Monitor.

 

During this 60 minute training session we’ll cover:

 
      
  • Optimizing hardware configurations for Orion
  •    
  • Installation, discovery, and base configuration
  •    
  • Configuring reports and alerts
  •    
  • Leveraging the information that Orion provides
 

This training is most beneficial to current new users of Network Performance Monitor and Application Performance Monitor and will be hosted by Andy McBride, Technical Support Specialist and Jason Ferree, Technical Support Representative.

Title: A Case Study in Best Practices for Network Management

 

Date/Time: Thursday June 23, 2011 @ 11:00 AM CDT

 

Sign-Up:  https://www1.gotomeeting.com/register/390327232

 

Description:

 

Discover how SolarWinds IT management solutions are helping state, local and education organizations maximize their dollars and do more with less. Join us as we discuss the solutions and practices deployed by Monroe City Schools, and how they can be applied to other environments within the education, state and federal government space.

Do you love free tools? What do you want us to build next? In true SolarWinds style, instead of just making the decision ourselves, we decided to go out and ask you directly. Because, of course, these tools are for you, and you should have some say in what they are!

Choose from five contenders in three categories. Vote in one category or vote in all of them, but by all means Vote Today!!

Application/Systems Tools

Storage/Virtual Tools

Network Tools

 

And... do you have opinions? Oh, come on, I'm sure you do! We have two free tools in beta and we'd love to get your feedback. 

1. VM to Cloud Calculator - inventories VMs and prices them in the cloud at three major vendors. 

2. Storage Response Time Monitor - Monitor the performance of your vCenter and ESX host datastores. Easily see the host to datastore connections with the highest response times and see the busiest VMs for each connection via IOPs.

 

If you are interested in trying out and providing feedback on either one (or both) of these, please send me a message or comment here and I'll get you the bits asap!

 

 

SolarWinds Netflow Traffic Analyzer will keep detailed information for 60 minutes by default. This means you can get up to 1 minute granularity of flow information for the last 60 minutes. If you look for information from 2 hours ago, only the last hour will be represented up to 1 minute granularity. Below is a description of how exactly the NetFlow collector and database process information. Hopefully this will help in planning and understanding what you can do with the product to meet your needs.

1. Receive data and store in a temporary processing queue in memory

2. Every minute, this temporary queue will be processed before writing to the database. The main two processing steps are collapsing flows and Top Talker Optimization.

A. Flow Collapsing is the process of taking related flows (same source interface, source IP and port, destination IP and port) and aggregating the data into one record. When this information is written to disk, we will mark the time that the collapsed data was written. This means you cannot see granularity within this 1 minute interval.

For example: if you have this table of all collected raw flows

    

Interface

Source IP

Source Port

Destination IP

Destination Port

# Bytes

# Packets

Fa0/1

1.1.1.1

80

2.2.2.2

80

1024

2

Fa0/1

1.1.1.1

80

2.2.2.2

80

1024

2

Fa0/1

1.1.1.1

80

2.2.2.2

80

512

1

Fa0/1

1.1.1.1

443

2.2.2.2

443

1024

2

Fa0/1

1.1.1.1

443

2.2.2.2

443

1024

2

It will be collapsed into this table

    

Interface

Source IP

Source Port

Destination IP

Destination Port

# Bytes

# Packets

Fa0/1

1.1.1.1

80

2.2.2.2

0

2560

5

Fa0/1

1.1.1.1

443

2.2.2.2

0

2048

4

B. Top Talker optimization is the process of recording the flows that represent the most traffic in your network. By default, this value is set to 95%. For some users who need auditing precision, they change this setting to 100%. Based on research with internal testing and customers, 95% has the best results. Most of the other packets that are not being recorded usually have only sent a few packets and are not interesting from a traffic utilization perspective.

3. After the flows are collapsed and the top talkers are filtered, the data is written to disk. This data is written to a NetFlowDetail table. The exact table name depends on the node ID and a timestamp.

4. After the “Keep uncompressed data for X minutes” interval, this detail table will be further collapsed (compressed) and written to the NetFlowSummary1 table. The default of this interval is 60 minutes and can be increased up to 240 minutes in the web UI. The setting can be manually modified in the database by changing the NetFlowGlobalSettings.RetainUncompressedDataIn15MinuteIncrements value. We do not recommend you increase this value above what can be done through the web UI. The settings in the web UI are based on extensive testing with customers and internal performance testing. Once the data goes to this table from the Detail table, you can only see the traffic at a 15 minute granularity. That means, if your interval is from 10:00 – 10:15, you won’t be able to distinguish if the traffic was sent at 10:02 or 10:13 – we will just show you that is occurred in that range.

Here is a screenshot of the settings from the website with the settings.

image

5. 24 hours later, this information will be collapsed from 15 minute granularity to 1 hour granularity and stored in NetFlowSummary2 table. There is no way to modify this interval (24 hours) in the web UI. You can modify it manually in the database by changing the NetFlowGlobalSettings.CollapseTrigger2InHours value. This means, when you look at data from the previous day, you will only see that the traffic occurred in a 1 hour period.

6. After 3 days, this 1 hour data will be collapsed into daily data and stored in the NetFlowSummary3 table. This interval is set by the NetFlowGlobalSettings.CollapseTrigger3InDays value (default 3 days). This means, you will only know what day the traffic occurred and not what hour or minute. This data is kept for 30 days by default. This interval can be increased to up to 3650 directly in the web UI.

7. When flow data is expired (based on the above settings) the expired data will be permanently deleted from the database based on the “Delete expired flow data” interval (available in the web UI, once a day by default).

 

It's worth noting that this is just an example. All intervals are relative to the time when the flow arrives at the service. The various aggregation steps can happen at a later time if the service is too busy. However, the daily aggregation will always occur once a day.

I'm working on a new free tool and would really appreciate some feedback on our beta. Let me describe it like I'm pitching a movie.. it's like VM Console meets Pricegrabber and there's a huge budget and elaborate scenery and all the best actors.  Perhaps I am exaggerating a bit, but does it sound interesting? If so, send me a message or comment below and I'll get you the bits asap. 

--Christine 

Every day we are asked by customers, “Why do I need network change and configuration management (NCCM)?”   To that I like to reply, “Do you drive your car on the road without insurance?”  To me, NCCM is like having insurance for your network.  It protects you and makes your job a lot easier in case of network mayhem.

 

 

 

These are just a few examples of real-world unforeseen circumstances that can result in network downtime. 

SNMP Community Strings and Passwords – Have you ever had a network engineer leave your company (voluntarily or involuntarily) and then realize that he has the passwords and community strings for all of your devices?  Network management best practices suggest that you should change these every 30-60 days.  With SolarWinds NCM, you can simultaneously update all of your devices without requiring complex and error prone CLI commands using pre-defined change templates or by sharing with fellow network engineers on thwack.

 

Identify vulnerable devices – When Cisco releases a new PSIRT security vulnerability, do you have a way to determine which of your devices are vulnerable?

 

 

Backup! Backup! And Backup again! – Over 70% of all network issues are a result of faulty configurations.  By backing up device configs on a regular basis, you’ll always have a known good state that you can revert to.  In addition, with SolarWinds NCM, you can compare device configs side-by-side and see who changed what and when.

 

Receive real-time alerts – SolarWinds NCM allows you to quickly respond to unauthorized, unscheduled or erroneous changes by providing real time alerts and actions that can be integrated with NPM and customized to your needs.

Compliance – Ensuring that your device configs are compliant with internal, external and best practice policies gets the auditors off your back and makes your boss happy.  SolarWinds NCM includes a number of pre-defined policy violation reports or, again, you can share with the thousands of engineers on thwack.

 

 

 

Download now and see how SolarWinds Network Configuration Manager can protect you from network mayhem.

 

 

 

 

 

 

 

Lately I have had a couple conversations with some of you, and it became clear that there is some confusion lately on standalone vs. module in Orion means.  Do I get less functionality if I deploy one way or the other?

 

First, let me set some context for those of you not familiar with what I am talking about.  Until recently, if you wanted to purchase our SolarWinds Application Performance Monitor (APM) or SolarWinds IP Address Manager (IPAM) product, then you had to own Orion Network Performance Monitor (NPM).  Now, with the most recent releases of both of these products, this is no longer true.  We also just recently released a new product, SolarWinds User Device Tracker (UDT), which can be installed either way as well.

 

So why do this?  It seems confusing.  There are two main reasons:

 
      
  1. Some folks came to look at SolarWinds whose need was just for Application Monitoring or IP Address Management, but they already owned an NMS and didn’t need or want to purchase our NPM product.
  2.    
  3. In other cases, we had existing customers of NPM and other teams/groups within their organization saw it, learned that we had APM for apps and servers, and they wanted it; however, the two groups did not want to share the same database because they had different approaches to the product (or they just hated each other, or whatever). 
 

Question: Do I get different functionality by installing standalone vs. a module?  Meaning do I get functionality by installing one way that I do not get installing the other way? 

 

Answer: No, they are identical in functionality.  The only difference is that if you own NPM currently, then purchase APM and choose to deploy standalone and not as a module.  In that case, you would now have two web consoles, two database, etc. so you will lose the single pane of glass.  I have put together an image, below, to help illustrate this.

 

image

 

Question: If I want to deploy as a module, does NPM have to be the base or can any standalone product be the base/initial product. 

 

Answer: Any standalone product (with the exception of NCM) can be the base product and the other standalone products can be installed on top as modules.  The only products which have any relationship/dependency is IPSLA Manager and NTA, which both require NPM to be present, see the below image as an example.

 

 

 

image

 

The ultimate goal of this decision on our part was to give customers more flexibility in deploying our technology.

 

So which Orion-family products can now be deployed as either stand-alone or a module and which can only be deployed as a module for Orion?

 

Stand-alone or Module:

 
      
  • NPM
  •    
  • APM
  •    
  • IPAM
  •    
  • UDT
 

Module Only (requires NPM):

 
      
  • NTA
  •    
  • IPSLA Manager
 

Virtualization Manager (formerly Hyper9) and Storage Manager (formerly Storage Profiler) live on a different platform, and while we do have or will have integrations with these products, the standalone vs. module discussion doesn’t apply.

Filter Blog

By date: By tag: