The Ghosts of Config Past, Present, and Future (Well, Sort Of)
The scene is set: the curtains open to a person in bed trying to get a good night’s sleep during a dark and windy night. The hair on the back of their neck is standing on end and with one big gust their worst features come true! In bursts a flurry of emails demanding proof for configs of old.
Okay, okay, while I’m no Hemingway, I can tell you that we’ve all experienced the nightmare of being visited by configs of old. Being bothered to prove an older configuration was in compliance is a real pain, and the thought of doing this manually makes skin crawl. Enter SolarWinds® Network Configuration Manager (NCM) network configuration management software and the Favorite config.
Being a “favorite” is always a good thing, and the same can be said for Favorite configs inside of Network Configuration Manager. Just as any favorite gets special handling, Favorite configs are granted special privileges within compliance policies. Compliance Policies are always evaluating the most recent version of a configuration file. If you’re trying to prove compliance of an old file, you need to tell NCM to use that file instead. You do that by setting the config as Favorite.
If you set one config from each node as Favorite, then those Favorites will forever be the most recent. This means that you as the user, would be able to prove these configs’ compliance at any point in the future from that day without any extraordinary effort. The best part of getting this setup is that it can be fairly easy, if you have established rules and policies.
Simply mark a config as Favorite either through the UI or, for the savvy user, through the SDK. This is done by navigating to the Configuration Management page and expanding the list of configs nested under a node.
Once this is done, you need to make sure to set up or modify your Policies to use this config type.
After the policies are set, just add these policies to a Compliance Report.
After the Compliance Report is set up, update the report and click on it to see the output. You can verify that this is evaluating the correct config by drilling into any violation and clicking the “View Config” link.
If everything is set up correctly, you will see the details for the Favorite config.
And there you have it! You’ll no longer be pressed to manually evaluate older configs for audit review or documentation. If you find this useful, have any comments, or would like to see how this can be done through the SDK, please let me know below!