1 2 3 4 Previous Next

Product Blog

49 Posts authored by: cvachovecj

We are pleased to announce the general availability of Network Configuration Manager v7.2.

 

Version 7.2 includes the following enhancements:

  • Continue moving functionality from Win32 client to Web UI
    • Job management (Windows Task Scheduler not used anymore)
    • Config management (edit, delete, set baseline)
    • Possibility to test device login credentials
    • Import config from file
  • Provide End-of-Life information for managed devices.
  • Multiple global connection profiles
    • Define multiple connection profiles (device credentials, protocol, port etc.)
    • NCM will try which of the predefined connection profiles works for a device (configurable per device)
  • The execution of Config Change Templates can be scheduled.
  • Change Approval System enhancements
    • Approved requests to be executed at specified date/time
    • Approved requests to be returned to requestor for execution
    • Requesters can see a history of what they requested and was approved
    • Approvers can see a history of what they approved
  • SNMPv3 -- Support of AES-256 encryption
  • Inventory for Brocade devices
  • More devices supported natively (Palo Alto)
  • Config Change Template Extensions: 'delay' command, string <-> number conversion
  • Make downloaded configurations searchable for IP addresses with FTS enabled.
  • Security enhancements of the Web UI
  • Support for database encryption using MS SQL TDE.

 

NCM v7.2 is available for download in your customer portal for those customers under current SolarWinds NCM maintenance.

 

You can view the full set of release notes, including problems fixed here.

 

Enjoy NCM 7.2!

The engineering effort on Kiwi Syslog Server (KSS) v9.4 Release Candidate has been completed. RC is the last step before general availability and is a chance for existing customers to get the newest functionality before it is available to everyone else.

You will find the latest version on your customer portal in the Release Candidate section.

 

Here is the content of this RC version:

  • Moving to a new web server
    This change brings a lot of new functionality "for free". Examples:
  • Active Directory authentication for web access
  • Alerting for Message Queue Monitor
    Be notified when the number of messages in the message queue crosses certain threshold. This indicates there might be performance problems and gives you chance to take an action before messages get dropped.
  • Bug Fixes / resolved cases:

 

408596

AD support for Kiwi web access

416692

3 questions regarding Kiwi Syslog Web Access

396596

AD support for Kiwi web access

327093

Kiwi Syslog accounts - AD tie in?

312151

active directory authentication

299645

AD/LDAP Support for Web Console

491536

Kiwi Syslog Web User authentication via AD/LDAP

439899

Broken Support link

450187

Utra Dev Cassini Web Server Service

376801

After web access installation, Cassini Web service stops

380290

Feature Request - Support Newer UltiDev Cassini Server

317512

WebAdmin: HTTPS for Web Front End

159947

SSL for Web Access

491537

https for Kiwi web interface

435117

Alerting for Message Que Monitor

451568

Availability of Buffer statistics for alerting and reporting

447733

Milliseconds in Syslog in Descending Order!

459792

Feature Request - Email Summarization

465803

Database maintenance settings in Kiwi Syslog Webaccess doesn´t work

412290

Reducing number of syslogs on web access

412867

Question

416258

Radio button missing text on Archive Schedule Destination tab

416169

Wrong version displayed when cancelling licensing

334330

sounds not playing on alert

272984

"play a sound once" does not work

342995

Service crash after ORACLE ODBC configuration

427158

Status on 9.3.4

373025

Problem Creating Table for Oracle 11g Release 11.2.0.3.0

493671

Ability to see full list of devices

 

RC builds are made available to existing customers prior to the formal release. These are used to get customer feedback in production environments and are fully supported.

We have officially reached Release Candidate (RC) status for Network Configuration Manager 7.2. RC is the last step before general availability and is a chance for existing customers to get the newest functionality before it is available to everyone else.

 

Here is the content of this RC version:

  • Continue moving functionality from Win32 client to Web UI
    • Job management (Windows Task Scheduler not used anymore)
    • Config management (edit, delete, set baseline)
    • Possibility to test device login credentials
    • Import config from file
  • Provide End-of-Life information for managed devices.
  • Multiple global connection profiles
    • Define multiple connection profiles (device credentials, protocol, port etc.)
    • NCM will try which of the predefined connection profiles works for a device (configurable per device)
  • The execution of Config Change Templates can be scheduled.
  • Change Approval System enhancements
    • Approved requests to be executed at specified date/time
    • Approved requests to be returned to requestor for execution
    • Requesters can see a history of what they requested and was approved
    • Approvers can see a history of what they approved
  • SNMPv3 -- Support of AES-256 encryption
  • Inventory for Brocade devices
  • More devices supported natively (Palo Alto)
  • Config Change Template Extensions: 'delay' command, string <-> number conversion
  • Make downloaded configurations searchable for IP addresses with FTS enabled.

More details and screenshots can be found in the NCM 7.2 Beta blog post and in Manage End-of-Life Information for Your Devices with NCM!

 

RC builds are made available to existing customers prior to the formal release. These are used to get customer feedback in production environments and are fully supported. If you have any questions, I encourage you to leverage the NCM RC forum.


You will find the latest version on your customer portal in the Release Candidate section.

We have completed the bulk of the development effort and are now focused on testing the latest release of Kiwi Syslog Server (KSS). KSS v9.4 has reached Beta status. This is your chance to install the latest version and provide feedback on the new features and fixes. Providing feedback during the beta is the best way to ensure that your feedback will be incorporated in to the release. To participate, simply fill out this survey and you will be sent the download links for the Beta. Remember, Betas cannot be installed in production and you cannot upgrade the Beta to any other future versions.

 

The following enhancement have been added to KSS:

  • Moving to a new web server
    This change brings a lot of new functionality "for free". Examples:
  • Active Directory authentication for web access
  • Alerting for Message Queue Monitor
    Be notified when the number of messages in the message queue crosses certain threshold. This indicates there might be performance problems and gives you chance to take an action before messages get dropped.

As described in this blog post, SolarWinds Network Configuration Manager v7.2 has reached Beta status. In the meantime, we have been working on further enhancements and improvements. One of the features we focused on is the possibility to attach end-of-life information to nodes managed by NCM. This blog post decribes the new version of this feature, available in NCM v7.2 Beta 2. To participate in the Beta program, simply fill out this survey and you will be sent the download links for the Beta. (If you already subscribed, you don't have to do it again.) Remember, Betas cannot be installed in production and you cannot upgrade the Beta to any other future versions.

 

NCM EOL Summary Page

 

Why Do I Need to Know the EoL Status of My Devices?

As described in SolarWinds EOL Lookup: Which of My Devices Will Become End-of-Life?, this is important for planning purposes; both budgetary and operational. Your organization may also be a subject of policies that require running up-to-date equipment. Please take a look at the referred post for more details.

 

As you can see in the picture above, the End-of-Life management screen is accessible directly from the NCM menu bar. The main grid provides an overview of various device attributes that help the user assign the End-of-Sales and End-of-Support dates (together called End-of-Life dates). By default, the nodes are grouped by matching type.

 

Assigning EoL Items to Devices

Matching the EoL information to devices is not an easy task. To address it, we have developed this End-of-Life feature that works in the following way: When user wants to assign EoL information to a device, NCM will search its EoL database and suggest a few possibilities to choose from (ordered by a rank). The user will then choose the best match himself. To make the choice easier, NCM will supply additional information such as node details, custom properties, link to vendor's EoL website (if available) etc. If there is no suitable EoL item, the user can enter his/her own dates. Another option is to mark the device as ignored by the End-of-Life feature. (Applicable e.g. to some special devices.)

 

Each night, NCM will process its EoL database and try to find the suggestions for devices with no EoL information assigned. (This can also be triggered on demand.) The EoL information for a particular device can be in one of the following states (called matching type):

  • Suggested Dates Found -- NCM found suggestions for EoL information and expects the user to choose one of them.
  • Suggested Dates Assigned -- User already assigned one of the suggested EoL items to this node.
  • Custom Dates Assigned -- User entered his own EoL dates.
  • No Suggestions -- NCM has not found any EoL candidates for that device.
  • Ignored -- For some reason, user does not want to manage EoL info for this device.

 

Show me the Workflow!

Typical workflow will look as follows:

  1. Go to the End-of-Life management screen (see the picture above) to check if there are any devices with suggested dates found.
  2. Select one or more nodes and click "Assign Dates".

    NCM EOL Summary

  3. On the Assign page, you can select one of the suggestions or enter your own EoL dates.

    NCM-EOL-Assign.png

  4. You can also easily select more nodes that will be assigned the same EoL dates. By default, devices of the same type (same SysOID) will be pre-selected.

    NCM EOL Add More Nodes

  5. You may enter a comment explaining your choice or any other information you want to attach.
  6. Click Assign.
  7. The devices you just processed can be found in the "Suggested Dates Assigned" category.

    NCM EOL Summary

You can take the same steps for devices with no suggestions, too. There will just be no options to choose from.

 

NCM stores the assigned EoL dates in the database, so that they are not overwritten when NCM generates suggestion next time. However, the user has the option to delete the EoL dates manually.

 

How Do I Create a Report?

You have the possibility to create the report by adjusting the information shown in the main grid and exporting the result in Excel or CSV format. Let's explore the flexibility that you have:

  • You can change the grouping. (Default is matching type.)

    NCM EOL Group By

  • You can add or remove columns.

    NCM-EOL-Add-Columns.png
  • You can filter the information. The EoL dates have a few predefined filters to make the reporting easier.

    NCM-EOL-Filter.png

Last but not least, we have a new resource that can be placed e.g. on the summary page:

 

NCM EOL Resource

We have officially reached Release Candidate (RC) status for User Device Tracker 3.0. RC is the last step before general availability and is a chance for existing customers to get the newest functionality for user device tracking and capacity planning before it is available to everyone else.

 

Here is the content of this RC version:

  • Whitelisting – Set up a white list of devices based on MAC address, IP address, or hostname.
  • Trap notifications - Get connectivity information in "real time"; receive an alert when a device not on whitelist connects to the network.
  • Watch List - Add users to the Watch List.
  • Domain Controller Wizard - Facilitate collection of user login information by configuring appropriate logging level on Windows® servers.
  • Virtual Route and Forwarding (VRF) - Polls devices for VRF data.
  • Alerts - Get an alert when an endpoint port changes.
  • Reports - See a report on Wireless Endpoints.
  • Groups - Add UDT ports to groups.
  • Port Shutdown - Remotely shutdown a compromised device port.


More details and screenshots can be found in the UDT 3.0 beta blog post.

 

RC builds are made available to existing customers prior to the formal release. These are used to get customer feedback in production environments and are fully supported. If you have any questions, I encourage you to leverage the UDT RC forum on thwack.

 

You will find the latest version on your customer portal in the Release Candidate section. Please note that you will need to activate this RC build using a temporary RC key that you can also find on your customer portal (Licensing and Maintenance – License Management). This temporary key will be replaced with a regular license key after official release of UDT v3.0.


Message was edited by: Jiri Cvachovec

We have just released UDT v3.0 RC2. You can find it on your customer portal. (Note: The downloaded package may say RC1 but the content is actually RC2.)

Enhancements:

  • A confirmation dialog pops up when user tries to shut down a port.
  • Only users with nodes management rights can shut down ports.
  • A few bugs fixed.

We have completed the bulk of the development effort and are now focused on testing the latest release of Network Configuration Manager (NCM); NCM v7.2 has reached Beta status. This is your chance to install the latest version and provide feedback on the new features and fixes. Providing feedback during the beta is the best way to ensure that your feedback will be incorporated in to the release. To participate, simply fill out this survey and you will be sent the download links for the Beta. Remember, Betas cannot be installed in production and you cannot upgrade the Beta to any other future versions.

 

The following enhancement have been added to NCM:

  • Continue moving functionality from Win32 client to Web UI
    • Job management (Windows Task Scheduler not used anymore)
    • Config management (edit, delete, set baseline)
    • Possibility to test device login credentials
    • Import config from file
  • Provide End-of-Life information for managed devices.
  • Multiple global connection profiles
  • The execution of Config Change Templates can be scheduled.
  • Change Approval System enhancements
    • Approved requests to be executed at specified date/time
    • Approved requests to be returned to requestor for execution
    • Requesters can see a history of what they requested and was approved
    • Approvers can see a history of what they approved
  • SNMPv3 -- Support of AES-256 encryption
  • Make downloaded configurations searchable for IP addresses with FTS enabled.

 

Continue Moving Functionality from Win32 Client to Web UI

 

Job Management

The Job management UI has been migrated from the Win32 application to the Web UI. Jobs are executed within Orion Platform infrastructure; there is no dependence on the Windows Task Scheduler anymore.

The summary page allows you to perform basic tasks like create, delete, enable/disable, or edit a job. You can also inspect the log for each job.

 

NCM-Jobs-List.png

 

There is wizard that helps you with editing jobs. Schedule can be entered either using user-friendly, intuitive controls (basic setup):

 

NCM-Jobs-Scheduling.png


Or there is advanced mode that gives you more flexibility. If you are familiar with CRON, then it will not be difficult for you.

 

NCM-Jobs-Scheduling-Advanced.png

After you go through all the steps, you can review job details again to ensure correctness of the properties.

 

NCM-Jobs-Review.png

Config Management

You can edit config, delete it or set baseline in the Web UI.

 

NCM-Manage-Configs.PNG

 

Import Config from File

NCM node details page gives you the same options plus you can import config from a file.

 

NCM-Manage-Configs2.PNG

 

Possibility to Test Device Login Credentials

You can now test the assigned device login credentials when you edit node properties. The session is captured to help you troubleshoot problems.

 

NCM-Test-Credentials.PNG

 

 

 

Provide End-of-Life Information for Managed Devices

This lookup tool will search through nodes and return suggested results for End of Sales and End of Support dates. All results will need to be confirmed and assigned manually by selecting one or more nodes and clicking on the "assign" button. If no information is available, there is an option to manually enter data and assign it to a node, or quickly bulk assign to a selection of many nodes.

You can filter the data according to different parameters and export the results as an Excel sheet or a CSV file.

 

NCM-EoL-Summary.PNG

 

You can either assigned the EoL item just to a single node,

 

NCM-EoL-Assign.PNG

 

or select multiple nodes in the Bulk Assing menu.

 

NCM-EoL-Assign-Bulk.PNG

 

Multiple Global Connection Profiles

You can define multiple connection profiles in NCM settings. Some of them can be marked as "auto-detect" (see below).

NCM-Connection-Profiles-Summary.PNG NCM-Connection-Profiles-Edit-Profile.PNG

 

The connection profile can be selected on the node properties page.

 

NCM-Connection-Profiles-Edit-Node.PNG

 

If you select "Auto Detect", NCM will try all profiles marked as "Auto Detect" in the setting when connecting to the device.

 

NCM-Connection-Profiles-Auto-Detect.PNG

 

The Execution of Config Change Templates Can Be Scheduled

You can choose "Schedule" as execution methind for Config Change Templates.

 

NCM-CCT-Review.png

 

Config Change Templates are scheduled as any other job.

 

NCM-CCT-Job.png

 

Change Approval System Enhancements

 

Approved Requests to Be Executed at Specified Date/Time Or to Be Returned to Requestor for Execution

You specify date and time or chose "Return to requestor" when requesting approval in the Web UI. Requestor's view on the left, approver's on the right:

 

NCM-CCA-Requestor.png NCM-CCA-Approver.png

 

Approvers and Requestors Can See History of the Requests

 

NCM-CCA-Summary-Approver.png

SNMPv3 -- Support of AES-256 Encryption

This is an extension for better security; applicable especially to inventory reports.

 

Make Downloaded Configurations Searchable for IP Addresses with FTS Enabled

You can search configurations for IP adresses in the Web UI while using Full-Text Search.

 

NCM-Search-FTS.PNG

We have completed the bulk of the development effort and are now focused on testing the latest release of User Device Tracker (UDT). UDT 3.0 is going to reach Beta status soon. This is your chance to install the latest version and provide feedback on the new features and fixes. Providing feedback during the beta is the best way to ensure that your feedback will be incorporated in to the release. To participate, simply fill out this survey and you will be sent the download links for the Beta. Remember, Betas cannot be installed in production and you cannot upgrade the Beta to any other future versions.

 

The following enhancement have been added to UDT:

  • White List to identify safe and rogue devices on your network
  • Trap notifications to update connection information in "real time"
  • Tracking users in watch list
  • Wizard to help UDT users configuring appropriate logging level on Windows servers to collect login information
  • Alert on endpoint port change
  • Port Shutdown
  • Admin status for ports
  • Wireless endpoints report
  • VRF polling
  • Support for UDT ports in Groups

 

White List

You can define the set of rules that UDT uses to determine if a network device belongs on your white list. If so, the device appears in UDT resources as a safe device.

 

Whitelist-Include.PNG

 

You can add

  • Individual devices based on IP address, MAC address, or hostname
  • IP address ranges
  • MAC address ranges
  • Subnets
  • Custom patterns

 

Whitelist-Add.PNG

 

If there are devices connected to your network that are not on the white list, they will appear in a new 'Rogue Devices' resource and alerts will be generated:

 

Rogue-Devices.PNG           Rougue-Alert.PNG

 

You can also define the set of rules that determine if a network device should be ignored by UDT. If so, UDT discards all related data. This is handy e.g. for HSRP and VRRP MAC addresses.

 

Whitelist-Ignore.PNG

 

Updating Connection Information in "Real Time"

Many network devices suppport sending trap notifications when an endpoint connects or disconnects. UDT is able to process these notifications now to update the endpoint connection information immediately (and not wait for the next poll).

 

Users Can Be Tracked in Watch List

VRF-User-Watchlist.PNG

 

Wizard to Help with Domain Controller Configuration

Configuring your Domain Controllers properly, so that UDT is able to collect login information, is not an easy task and users find it difficult. That's why we have prepared a set of tests that help you diagnose whether UDT can access the information in the Domain Controller.

First you need to test the credentials; if there are errors, UDT helps you fix them.

 

AddAD-Test.PNG             AddAD-Help-Me-Fix.PNG

 

Alert on Endpoint Port Change

When the port to which an endpoint is connected changes, an alert is generated:

 

Alert-Rogue-Moved.PNG

 

Port Shutdown

If the device is configured with read-write SNMP credentials (and supports this operation), you can easily shut down a port. This functionality is also available via the API/SDK.

 

ShutDown-Port.PNG            ShutDown-Port2.PNG

 

Admin Status for Ports

UDT now distinguishes between ports that are administratively down (icon with red cross) and operationally down:

 

Port-Status.PNG

 

Wireless Endpoints Report

There is a new report for wireless endpoints now:

 

Wireless-Report.PNG

 

VRF Polling

If a network device is configured with VRFs, UDT will display the information:

 

VRF.png

Here is the content that the Syslog dev team is currently looking at, for the next version of Syslog (current is v9.3.4). We will update this post with details once we get through the planning phase.

  • Moving to a new web server (UltiDev Web Server Pro)
  • Active Directory authentication for web access
  • Bug fixes

 

Disclaimer:  Comments given in this forum should not be interpreted as a commitment that SolarWinds will deliver any specific feature in any particular time frame. All discussions of future plans or product roadmaps are based on the product teams intentions, but those plans can change at any time.

Here is the content that the CatTools dev team is currently working on, for the next version of CatTools (current is v3.8).

  • Migration to SolarWinds Licensing Framework
  • Support for MikroTik devices
  • Improved support for several other devices
  • Bug Fixes

 

Disclaimer:  Comments given in this forum should not be interpreted as a commitment that SolarWinds will deliver any specific feature in any particular time frame. All discussions of future plans or product roadmaps are based on the product teams intentions, but those plans can change at any time.

Probably every network administrator knows this problem: How do I know what equipment in my network is going End-of-Life (EoL) and when?

This blog post discusses various aspects of this issue and offers some possibilities how the EoL problem can be solved using the newly updated EOL Lookup service from SolarWinds together with Network Configuration Manager.

 

Why Do I Need to Know the EoL Status of My Devices?

Basically, you need to know EoL status for planning purposes. Let's see why. The EoL process usually has a few common stages, although specific details may depend on the type of product and vendor:

 

  • End-of-Life Announcement -- The vendor publishes an EoL schedule for a particular product (or product line).
  • End-of-Sale Date -- After this date, you will not be able to purchase additional units of the product.
  • Last Shipment Date -- Depends on the previous item. Not all vendors publish it.
  • End of Software Maintenance -- No new bug fixes will be provided after this date.
  • End of Hardware Maintenance -- There is no guarantee you will be able to obtain spare parts after this date.
  • Last Date of Support -- This is the actual end of life. The product will no longer be supported by its vendor. Some companies offer support after this date based on a special contract.

 

For your business-critical production environment you obviously cannot afford to use unsupported products. You need your equipment to use the most up-to-date firmware version, have the possibility to order spare parts, have someone from technical support to help you troubleshoot problems, etc. That is why you need to check regularly which devices are going end-of-life and plan appropriate replacement. The planning is important not only because of the technical aspects but also because of budget. Imagine you have many pieces of certain hardware on your network and this hardware goes end-of-life; such replacement may require considerable investment.

 

How Can I find EoL Information?

Now we know why EoL information is important. The question is: How do I find it? There are two options:

 

Pay Someone Else

This is the easiest but also the most expensive option. Besides a big fat wallet you need a software tool that will create a complete inventory report for all your devices. Then you can send the report to the contractor and he should return back the list of equipment going end-of-life in a predefined time interval. This service may also be provided by the vendor, but then it is limited to the vendor's products. Additionally, the vendor and/or contractor may only accept inventory reports from his own asset management software, which can incur extra costs.

 

Do It Yourself

If you do not like the previous option, you can always manage the EoL information yourself. When you try to do that, you will quickly find out that it is not so easy. Let's take Cisco as an example. Their EoL summary page lists lots of products -- routers, switches, firmware, extension modules etc. However for many items, the EoL information is not actually included or the linked page does not contain the required details.

 

Cisco EoL Summary Page          Cisco Card No EoL

 

You must also realize that a device often consists of several parts some of which reach end of life sooner than the rest (e.g., certain firmware version). Last but not least, different vendors publish EoL statements in different formats or even require a partner account for access. Google may sometimes help but not in 100 % cases.

 

Why Is It a Problem to Get a Good EoL Report?

You finally managed to collect various pieces of EoL information and you have inventoried your devices. What comes next? Well, you have to match those two. And that is really not simple. On one hand, your device inventory may include data such as System OIDs or serial numbers that identify the model very well. On the other hand, vendors publish their EoL statements in terms of product names or some kind of internal codes. These pieces of information are not always exposed to the usual SNMP inventory data collection. The next section shows how our new EOL Lookup service can be used together with inventory data from NCM to get as much information as possible.

 

EOL Lookup and NCM

The EOL Lookup space does not have the ambition to replace the 100% accurate service that you can purchase from the vendors or professional services providers. It is intended as a tool for the do-it-yourself approach. How do you use it with NCM? First, you must select an inventory report that enumerates all your devices. Good candidates are 'All Nodes' and 'System Information of Each Device'. (By default, these can be found in the 'Node Details' category.)

 

NCM Inventory All Nodes

 

NCM Inventory System Info

 

Let's assume you want to find out the EoL status of the 'Core-3640' router. In the EOL Lookup tool, you enter the appropriate information:

 

EOL Lookup Enter Details

 

and get the result:

 

EOL Lookup 3640 Details

 

You have various options how to record the EoL information for your devices, e.g.:

  • Export the NCM inventory report in Excel format and add the information there. As you will probably have multiple devices of the same kind, you can group the result according to Machine Type and attach EoL data in bulk.
  • Create a custom property and fill in the EoL information. Again you can select all nodes of the same type and define the EoL info at once.

 

Further Resources

You can watch the following video to learn about the EoL/EoS feature available in NCM: How To Use the EoL Feature in NCM - YouTube.

As you probably know, Config Change Templates (CCT) are a very powerful feature of the Network Configuration Manager. On top of the Execute Script functionality, they add flow control statements such as conditions and loops. You can also use custom properties, define input parameters etc. -- please see More Automation in NCM: Usage of Variables and Custom Properties in Command Scripts and Config Change Templates for details. Just remember that your device must be inventoried in NCM in order to be targeted with Config Change Templates.

 

You can use one of the templates provided with NCM out of the box, import from thwack, or create your own from scratch. Today I would like to show you a few tips and tricks that you might find useful when creating your own, advanced templates.

 

How to Use Special Symbols in CLI Statements

Imagine you need to include the following command in a CLI statement of your CCT:

 

show clock | append disk0:show_tech

 

You can not do it directly -- the pipe symbol breaks the script. Here is the trick:

 

script BaseChangeTemplate(NCM.Nodes @ContextNode)

  string @PipeSymbol='|'                               Define a string variable to carry the special symbol.

  CLI

  {

    show clock @PipeSymbol append disk0:show_tech      Place the variable in the command.

  }

}

 

The same trick can be used for other special characters such as the '@' symbol.

 

How to Add Variables to CLI Statements

You may want to include certain variables, that you normally use e.g. in device templates, in your CCT. This approach helps you keep your template as device-independent as possible. Additionally, you can include e.g. IP address (of your TFTP server, for example) in a clean way which will not make you modify the CCT source code when this IP address changes. The trick is basically identical to the previous case. The following fragment can be used e.g. when handling firmware.

 

script BaseChangeTemplate(NCM.Nodes @ContextNode)

  string @myTFTPImage='${StorageAddress}' + '/image.bin'    ${StorageAddress} is the IP address of TFTP server that comes with NCM. It is used e.g. in device templates for config downloads.

  CLI

  {

    copy tftp://@myTFTPImage flash                          You do not have to hard-code the IP address in the command.

    ...

  }

}

 

Resulting script:

copy tftp://${StorageAddress}/image.bin flash

 

Using Custom Properties in CCTs

Unlike variables, custom properties are tied with nodes, and therefore can be referenced via the node parameter:


script BaseChangeTemplate (NCM.Nodes @ContextNode)
{
  CLI
  {
    show @ContextNode.MyCustomProperty
  }
}

Details about the use of custom properties in Config Change Templates is described in More Automation in NCM: Usage of Variables and Custom Properties in Command Scripts and Config Change Templates.

 

Configuring Specific Interfaces

A customer once asked how he could run a command on an interface with a specific IP address. (He wanted to set logging source interface on a Cisco router.) All you have to do is to iterate through interfaces and their IP addresses:

 

script BaseChangeTemplate(NCM.Nodes @ContextNode)

{

    foreach (@interfaceItem in @ContextNode.Interfaces)                        Iterate through all interfaces of the node.

    {

foreach(@ip in @interfaceItem.IpAddresses)                              Iterate through all IP addresses of that interface.

{

        if (@ip.IPAddress contains '10.199.2.1')                               Test the IP address.

        {

          CLI

          {

            logging source-interface @interfaceItem.InterfaceDescription       Set logging source.

          }

        }

      }

    }

}


Simultaneous Execution of CCTs

Last but not least, you can configure the number of devices for that can execute in parallel. In the Web UI (NCM v7.1), go to Settings -> NCM Settings -> Configs -> Config Transfer -> Simultaneous Downloads/Uploads.


NCM Config Settings


The default value is 10, i.e. when you run a template on 50 devices, the task will be carried out in 5 batches (10 devices each).

After the release of UDT v2.5 (and service release 2.5.1), here is what the UDT team is working on now, for the future of the product:

  • Access Monitoring
    • Define a device whitelist (based on MAC, IP, or hostname), i.e. list of devices that are allowed to connect.
    • Receive SNMP traps and syslog for updating connectivity information in “real-time”. An alert should be generated when a device is connected that is not on the whitelist.
    • Shut down a port (providing user has write access).
    • Users can be tracked in watch list.
    • Distinguish between ports that are administratively down and administratively up but disconnected.
  • IPAM Integration
    • Provide link to IPAM subnet information in the Endpoint Details resource
    • Business logic enhancements to enable integration from IPAM side.
  • Wizard to help users configure appropriate logging level on Windows servers to collect login information.
  • NTA Integration (Support NTA resources on Endpoint Details page.)
  • Windows Server 2012

 

Disclaimer:  Comments given in this forum should not be interpreted as a commitment that SolarWinds will deliver any specific feature in any particular time frame. All discussions of future plans or product roadmaps are based on the product teams intentions, but those plans can change at any time.

After the release of NCM v7.1 (and service release 7.1.1), here is what the NCM team is working on now, for the future of the product:

  • Continue moving functionality from Win32 client to Web UI
    • Job management (Windows Task Scheduler not used anymore)
    • Config management (edit, delete, set baseline)
    • Possibility to test device login credentials
    • Import config from file
  • Provide End-of-Life/End-of-Support information for managed devices.
  • The execution of Config Change Templates can be scheduled.
  • Change Approval System enhancements
    • Approved requests to be executed at specified date/time
    • Approved requests to be returned to requester for execution
    • Requesters can see a history of what they requested and was approved
    • Approvers can see a history of what they approved
  • Multiple Global Connection Profiles
    • Define multiple connection profiles (device credentials, protocol, port etc.)
    • NCM will try which of the predefined connection profile works for a device (configurable pre device)
  • More native device support
  • Inventory for Brocade devices
  • Support of AES 256-bit encryption for SNMPv3
  • Make downloaded configurations searchable for IP addresses with FTS enabled.
  • Config Change Template Extensions: 'delay' command, string <-> number conversion
  • Security enhancements of the Web UI
  • Support for database encryption using MS SQL TDE.

 

Disclaimer:  Comments given in this forum should not be interpreted as a commitment that SolarWinds will deliver any specific feature in any particular time frame. All discussions of future plans or product roadmaps are based on the product teams intentions, but those plans can change at any time.

Version 7.1 of SolarWinds Network Configuration Manager brings a few enhancements of the scripting language for Config Change Templates (CCT). (For all new features of NCM 7.1, please see NCM 7.1 Release Candidate Available.) This new functionality is especially useful for access-control list (ACL) creation. In this blog post, we provide a commented example of a CCT that adds ACL entries for routers located in different branches of the company. Although the structure of the entries is the same for all branches, the IP addresses in the ACL statements depend on the subnet, which differs for every office.

 

How to Create a Config Change Template

When you want to create a brand new CCT, click on 'Create New Config Change Template' on the Config Change Templates page:

Create new Config Change Template

You will be redirected to the page where you enter all necessary details -- name, description, tags, and, most importantly, the script itself:

Config Change Template Details

As you can see, a CCT consists of parameter section and script body. The @ContextNode parameter is mandatory for each CCT. For more details about CCT language see Understanding Config Change Template Semantics in NCM Admin Guide.

 

ACL Entries for Routers in Different Offices

Assume the company has a lot of branches and there is a router for each branch. Their IP addresses have the form 10.20.[branch#].40. Now we want to add two ACL statements to device configuration across the company with a single CCT run. The third octet of each device IP address equals branch# as a rule. (This is a simplified version of a real customer situation. Imagine there are hundreds of routers and more complex conditions and you get the real case.)

Except for @ContextNode, the CCT will have another parameter -- the 'template' of router IP address (called @ipTemplate). In the ACL statements that will be passed to each device, the third octet of this template IP address will be replaced with the third octet of the IP address of the device.

The CCT code:

 

script ChangeACL(NCM.Nodes @ContextNode, string @ipTemplate )           Header

string @octet = getoctet(@ContextNode.AgentIP,3)                        Extract 3rd octet of device IP -- this is branch#.

string @ipnew = setoctet(@ipTemplate, 3,@octet)                         Take the template IP and replace the 3rd octet.

CLI                                                                     Beginning of CLI statements

{

     Allow @ipnew out                                                   First ACL statement

     Allow @ipnew UDP 2055 OUT                                          Second ACL statement

}

 

When you run the CCT, you will get something like

Run a Config Change Template

The complete CCT is attached (at the bottom).

 

Overview of New String Manipulation Functions

This is for your reference. The following functions are now available:

  • string SubString(string str, int startIndex, int length)
    Retrieves a substring from this instance. The substring starts at a specified character position and has a specified length.

  • int StrLength(string str)
    Return the length of the string.
  • int IndexOf(string str, string search)
    Reports the index of the first occurence of the specified substring in the string.
  • string GetOctet(string ipAddress, int octetPosition)
    Retrieve octet from an IP address at the specified position.
  • string SetOctet(string ipAddr, int octetPosition, string octet)
    Replace specified octet in IP address.

 

Recommended Further Reading: SolarWinds Firewall Security Manager

While you can create your ACL statements in bulk with NCM, SolarWinds has recently introduced its Firewall Security Manager (FSM), that you can use (among others) to check the newly deployed ACL changes e.g. before they go to production. Details can be found in You have NCM and manage firewalls: Firewall Security Manager is for you.

Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.