Network Configuration Manager (NCM) v7.9 is available today on the customer portal! For a broad overview of this release, the release notes are a great place to start. This is a particularly pleasing release as we are delivering a feature that has received over 470 votes: Multi-Device Baselines.
What are Configuration Baselines?
Baselines are often attached to the act of measuring and rating the performance of a given object (interface, device, or similar) in real time. In configuration management terms, baselines are used to provide a framework for change control and management. The configuration baselines measure and evaluate the content set within the config and indicate whether the content is aligned to the baseline or not.
Given that configuration changes over time are more difficult to directly observe and more complex to manage, this means that baselines play a role in monitoring and preventing unwanted changes. I find that this definition of baselines from Techopedia is interesting and accurate:
“It is the center of an effective configuration management program whose purpose is to give a definite basis for change control in a project by controlling various configuration items like work, features, product performance and other measurable configuration.”
This means that monitoring may be possible for a small number of nodes, but it is not practical nor is it reasonable to scale this type of manual monitoring framework. Actively monitoring each device’s config makes the validation of consistency and alignment to corporate or regulatory requirements reliable and possible.
The great news is that NCM already helps with mitigating the challenges related to monitoring configuration drift by providing config change reports, Real Time Change Detection, rules and policies that monitor configurations based on a set of user-defined conditions, and a one-to-one configuration baselining. What we implemented in the latest version of NCM extends and improves configuration baselines to include:
- Creating new baseline(s) through
- Promoting an existing config to be a baseline, or
- Creating a new baseline by copy/paste or loading a file
- Ignoring unnecessary configuration lines (or lines unique to each device)
- Applying baseline(s) to a single node or multiple nodes
<New!> Baseline Management
In this release, there is a new list view of all baselines that have been created or migrated from an upgrade. From this new page, users can create new baselines, edit existing, apply or remove nodes for a given baseline, enable or disable a baseline, update the status of the baseline, or delete a baseline.
<New!> Updated Diff Viewer
A major improvement in this release is the implementation of a new diff viewer for baselines. This new diff viewer will collapse lines that are unchanged, highlight ignored lines as gray, and mark all changes as yellow.
More Ways to Create a Baseline
The process of creating baselines should be easy—take an existing config and simply apply it against a set of nodes, right? In NCM, you can do just that by promoting an existing configuration, loading a config from file, or copying and pasting.
Promoting a config is now nested under the node and in the baseline column:
Creating a new baseline can be done through the new Baseline Management Page:
No matter the steps to create the baseline, each will ultimately lead to applying the baseline to the nodes and configs.
Ignoring Extraneous Config Lines
One of the key challenges with baselines is being able to get an accurate assessment of the config and not having false positives for config lines that are unique to a node or not relevant to the baseline. In NCM v7.9, we have introduced an ignore line capability that allows users to click through lines that are not relevant to the baseline to aid in reducing false positives. To read more on this, check out this link.
Baseline Status Indicators
To monitor whether or not a node (config) is in compliance with a baseline or baselines, there needs to be a visual and written indication. Baseline Management, Configuration Management, and ‘Baseline vs. Config Conflicts’ report all now have visual and written indicators. On the Configuration Management page, there is a new baseline column that contains the visual and written indication of whether or not that node is in alignment with the baselines applied.
For each status, there is a hover that provides a list of all the baselines and their associated status for that node.
The new Baseline Management view provides a complete list view of all baselines that have been created. This view is meant to show the alignment of all the nodes that are applied against a single baseline.
Each baseline can be expanded to show the status for different nodes to which it is applied (similar to the hover for Configuration Management). Each one of the statuses is clickable and will load the diff of that baseline vs. the config selected.
Lastly, the “Baseline vs. Config Conflicts” report also inherits the visual indicators and now shows the status of a node to one or many baselines.
This is a major step forward for baselines and the monitoring of configuration drift within NCM. Of course, please be sure to create new feature requests for any additional functionality you would like to see with baselines or NCM in general.