Skip navigation

Product Blog

4 Posts authored by: mungerman Employee

Recently, Cisco® added a collection of Smart Services reports to Smart Net Total Care™.  The new Smart Net Total Care reports rely on current information about your network devices and how they are configured and used.  To get these reports, you must send information about your network to Cisco. One way to do this is to use SolarWinds® Network Configuration Manager (NCM). NCM utilizes a variety of network discovery methods to identify the network devices it manages. Therefore, NCM knows a great deal about your network devices and how they are configured and used. Using a special connector, NCM is able to send this information to Cisco.

 

What follows is a quick overview of the reports included with a Smart Net Total Care subscription that are now available using NCM and the NCM Cisco connector.  

Service Coverage

The service coverage reports, also known as Know the Network (KTN), show devices and components not covered under a valid service contract. If service coverage exists, the report includes details about the service agreement, including coverage start and end times. Use this report to identify hardware and software that may not be covered under a service agreement, and identify devices that are covered but are no longer in service.

 

EoxHW

The Hardware EoX report shows you which devices you have in your network that are approaching critical lifecycle milestones. In addition to providing important dates associated with End-of-Life (EoL), this report provides recommendations for hardware you might consider migrating to. It also provides links to published bulletins that are full of information about planning budgets, preparing for eventual replacement, and ways to avoid problems when devices require service.

 

EoxSW

The Software EoX report is similar to the EoxHW report, except that it shows the software running on your devices that are approaching critical lifecycle milestones. This report provides important EoL dates associated with iOS® versions, recommends which iOS versions to upgrade to, and includes links to published bulletins. This information can help you identify which devices require iOS updates.

 

PSIRT

The PSIRT report identifies security vulnerabilities associated with devices on your network as determined by the Cisco Product Security and Incident Response Team. Use this report to identify and investigate potential security problems.

 

Field Notice

The Field Notice report summarizes all product defects found in devices on your network. It specifies affected devices and provides a URL where you can access a published Field Notice advisory. The advisory provides details on how a product can be replaced or fixed with an upgrade. Use this report to identify hardware and software that may be defective, and receive instructions on how to remedy any defects.

 

IPv6 Profile

The IPv6 Profile report evaluates your network and tells you what actions you need to take to support IPv6-based network services. Use this report to see which devices are capable of supporting IPv6, which devices are capable of supporting IPv6 with recommended hardware and software upgrades, and which devices are not capable of supporting IPv6.

 

Medianet Profile

The Medianet™ pre-deploy assessment report helps you determine which network devices are capable of supporting multimedia services. Use this report to see which devices are capable of supporting multimedia, which devices are capable of supporting multimedia with recommended hardware and software upgrades, and which devices are not capable of supporting multimedia.

 

To use the connector, you must install the most current version of NCM (v7.4).  Then you can access these reports in two ways. First, the NCM connector will download a CSV version of these reports locally for you to use. Second, you can view these reports in your Cisco Smart Net Total care portal.

 

To download or to learn more about NCM and Cisco connector, visit this Web page. If you already own NCM, you can download the free connector from your customer portal.

SCAWARDS2016_winnerhoriz.jpg

 

On March 1, SolarWinds® Network Configuration Manager (NCM) was recognized for being the Best Policy/Risk Management Solution by SC Magazine for the fourth straight year. Other finalists for this years’ award included Bay Dynamics, TraceSecurity, Trustwave, and Venafi.

 

SC Magazine wrote, “Managing, monitoring, and auditing configuration policies on network devices are the top three reasons why IT pros select and use SolarWinds Network Configuration Manager.”

 

Risk management is a central element of IT governance for most organizations, even if they don’t have to comply with information privacy regulations. The purpose of IT risk management is to identify the business impact caused by the loss of IT services, and take measures to reasonably avoid or reduce this impact. Since the network is the very foundation for all IT services, and the function and suitability of the network is defined by the configurations for its constituent routers, switches, controllers, access control devices and more, then it makes sense to carefully manage, monitor, and audit these configurations. This is why NCM plays such a critical role in IT risk management and operations.

 

So how does NCM manage, monitor, and audit device configurations?  Here is a quick overview.

 

Manage

 

Device access  – Perhaps the first place to start is by removing ad hoc and remote access to devices. NCM lets you centrally manage device passwords, and even require configuration changes to be made using the change management features in NCM.

 

Backup and recover – Hardware failure and human error can break your network. Recover from these disasters quickly with the ability to schedule, back up, find, and restore device configurations.

 

User roles and permissions – Want to control who has access to network devices and what they can do? Use NCM user roles and permissions to determine who can access specific devices and what actions they can perform.

 

Configuration templates – Have a big network change looming, or need to standardize your configs? Use NCM configuration change templates. Change templates save you time making consistent changes across many devices by providing powerful device- and vendor-neutral automation using control logic and variable-based attributes stored in the device profile. 

 

Change approval – Want complete visibility on all changes? Use NCM workflow to review and approve changes before they can be applied.

 

Job scheduling – Want to control when changes are made? Use NCM scheduling to execute changes during maintenance windows.

 

Monitor

 

Change detection – Want to know whenever any change is made and who made the change? Detect configuration changes in near real-time, and even take automated actions, like archiving a configuration, writing a changed configuration to flash memory, or issuing an alert.

 

Change analysis – Want to know exactly what changed? Compare two configurations side-by-side and see exactly where statements have been added or removed.

 

Audit

 

Policies – Want to help ensure your configs contain (or don’t contain) specific configuration statements? Use NCM policies to define what is expected (or forbidden) in a configuration. NCM delivers out-of-the-box policies for PCI, DISA STIG, FISMA, SOX, and HIPPA, or you can build or customize your own.

 

Audit – Want to help ensure configurations never drift from your standards? Automatically audit your configurations as frequently as you like using the policies you have selected to use.

 

Report – Need to know when a violation occurs? Use interactive reports to see violations organized by policy or device, and then interactively drill into the details.

 

Remediation – Correct violations fast with remediation scripts (defined as part of the policy), that right violations quickly and consistently. Scripts can be manually executed from within interactive audit reports, or automatically when a violation is detected.

 

Summary

 

Managing, monitoring, and auditing are just three ways NCM helps you protect your network configs and manage IT risk. To learn about the SC Magazine 2016 awards and other category winners, read this article.  To learn more about Network Configuration Manager, visit our product page. To learn how to write a NCM policy, read this thwack® post.

 

How you are using NCM to manage, monitor, and audit your network configs? Use the comments below to share your stories.

NCM Compliance reporting isn’t just for security auditors!  Use it to ensure network devices are compliant with your operational standards and controls.

 

As a busy network engineer, are you always looking for cool skill hacks to help you work smarter? Well if so, here is new one for youcompliance reporting.  That’s right, NCM compliance reporting.  Compliance is an incredibly powerful tool that helps you ensure all network devices are compliant with your operational standards and controls.

 

Consider this example, a network engineer queues all planned network changes into a quarterly update and pushes the changes out using a versioned config.  After the push, he audits his configs using the NCM audit feature to make sure all devices are running the right config. By auditing configs for a specific version, he knows if a device is missed, or if a config has been rolled back to a prior version. If you’re looking for other practical uses, consider the following: Make sure public SNMP community strings are never enabled, password changes are synchronized, or you have required QoS settings needed for VoIP.  The NCM Compliance feature isn’t just for security auditors!

 

To show you how simple this is, let’s step through it together.  But first a little context.  When enabled, NCM Compliance Reports automatically run when the config backup job has completed.  At which time NCM will scour through your configs looking for violations as defined in Compliance Rules.  Compliance Rule use pattern matching to identify configuration commands which should be included in, or excluded from, your config files.  If a rule match is found, then a violation is recorded. In addition, a Compliance Rules also includes an optional remediation script.  A remediation script can be executed automatically or manually against each identified violation.  Compliance Rules are grouped and organized into Policies. A Policy is a container for rules and associated: 1) with one or more devices to audit and 2) a Compliance Report through which violations are reported.  From this quick overview, it should be easy to see how Compliance Auditing is a powerful tool to help you keep your network in sync with required regulatory and operational standards and controls.  Now let’s build a simple compliance report.  We will start with building the Compliance rule, associate with a policy and then associate the policy with a report.  For our example, we want to make sure we never have any devices that allow the use of public SNMP community strings.

 

 

1: Create Audit Rules

 

Follow along with these steps:

  1. Log in to the Orion® Web console website as an administrator.
  2. Click CONFIGS > Compliance.
  3. Click Manage Policy Reports.

 

Pic1.png

 

 

  1. Select Manage Rules, and click Add New Rule.

 

Pic2.png

 

 

  1. Enter a name for your new rule.
  2. Add a description, if needed.
  3. Click the alert level to associate with this rule.
  4. If you want to assign this rule to a folder, enter a name in New folder name. Otherwise, select an existing folder from Save in folder.
  5. Click the type of alert trigger to associate with this alert.
  6. If you want to search the device config for a simple string, click the appropriate option in String Type and enter text in the box. (Note: in this example we will build a remediation script and not use the testing tools.)
  7. Click Submit to save

 

 

Revised SNMP Rules1.png

 

 

2: Create an Audit Policy

 

Follow along with these steps:

 

  1. Click Manage Policies and Add New Policy.

 

Pic4.png

 

 

  1. Enter a name for your new Policy.
  2. Enter a Policy description.
  3. Specify where to save the Policy
  4. Select nodes to use with this Policy (default is all nodes).
  5. From the list, select the type of configuration you want to search with this Policy.
  6. Select and add Rules to associate with this Policy.
  7. Click Submit to save and exit.

 

Pic5.png

 

 

3: Create an Audit Report

 

Follow along with these steps:

 

  1. Click Manage Reports and then Add New Report.

Pic6.png

 

 

  1. Enter a name for your new report.
  2. Enter a description of the report.
  3. If you want to assign this report to a folder, enter a name in New folder name or select an existing folder from the Save in folder list.
  4. If you want to also display rules without violations, select Show rules without violation.
  5. Select the policy created from our previous task and associate it with this Report.
  6. Click Submit to save and exit.

 

Pic7.png

 

By default, your report is now enabled.

 

Pic8.png

 

The next time NCM archives your device configs, this report will automatically run and you will see any violations from the NCM summary screen using the Policy Violations resource.

 

Pic9.png

 

 

Are you a Network Control Freak?

 

Are a Network Control Freak? Try compliance auditing on your network and enter to win a SolarWinds Certified Network Control Freak swag-packClick here for contest rules and to enter.  Then simply take a screen-shot of a policy rule you create using this tutorial and submit it to here to win.  If you create something awesome, be sure to share it on thwack!

New NCM utility helps you quickly find vulnerable, obsolete, and unsupported hardware on your network

 

The care and feeding of your network involves more than managing configuration changes. To keep devices healthy and end-users happy, you must tend to a list of important things that usually get put off because you are just too busy. Let’s take a look at that list now and discuss why it’s so important.

 

Device failure

Network devices fail for a number of reasons, including human error and hardware and software defects. Many times, there are warranty fixes and technical workarounds, but determining whether you have a defective device isn’t exactly easy. Do you have a reliable way to identify defective devices in your network?


Out-of-support devices

Paying for support is like buying insurance. You don’t want to spend too much for it, but when you need it, you’re glad it’s there. So when devices are mistakenly excluded from support agreements, or you pay for a device that has been taken out of service, you have the problem of either not having sufficient coverage or paying too much for the support you have.  Are you over insured or under covered? How do you know?


Device vulnerabilities

Security is a never-ending cat-and-mouse game. When the bad guys find a vulnerability to exploit, you need to address it, and fast. If you don’t know about the vulnerabilities on your network, you can’t do anything about them.  Do you know what vulnerabilities are lurking in your network?


Device end-of-Life

Devices that have reached obsolescence are a particular problem because they are no longer supported. This means no technical support, no alerts or notifications, no engineering defect or security fixes. Once a device goes EoL, it’s a ticking time bomb. In this case it’s no longer a matter of if, but when they can be replaced with the least amount of disruption. Do you have the foresight, budget, plans and other preparations needed to make a smooth transition? 


Network evolution

Chances are the network you manage now is not the same network you built five years ago. Devices you installed and configured even a year ago may not have the capability to handle the new services your organization now demands.  Which devices can support the change?  Which devices require an upgrade?  Which devices are just too old?  What new devices should replace obsolete devices?  When the boss comes asking, will you have the answers?


The problem

The problem here is two-fold. First, we need to know about potential problems with our devices. Second, we need to know who these problems affect. Vendors publish notices on things like warranty-covered defects, security alerts, and obsolescence, so it’s important that you have a convenient way to receive and review such notices. This can be difficult because you have to have an understanding of your devices, whether they are in use, their number, which version they are, and how they are configured. Due to the tediousness, many network engineers and admins reluctantly admit that it’s a difficult situation to manage.


The solution

Luckily, there is a solution. SolarWinds and Cisco® have worked together to offer a network health check. This health check can tell you quickly and easily whether you have unsupported, defective, vulnerable, or obsolete devices in your network. This health check utilizes SolarWinds® Network Configuration Manager and Cisco SmartAdvisor reports.


SmartAdvisor.png


SolarWinds NCM knows a lot about your network, including which devices are in use, their model numbers, hardware and software revisions, and how they’re configured. A free connector we developed delivers this information to Cisco, where your network data is expertly analyzed and returned to you in the form of six insightful SmartAdvisor reports. Using your Cisco CCOID and SmartNet subscription, you can access these reports conveniently and as often as you like. By conducting this network health check regularly, you can receive important information about problems that exist on your network before they have a chance to negatively impact end-users.


To learn more about this powerful network health check, visit www.solarwinds.com/smartadvisor-bundle.aspx. If you already use SolarWinds NCM, you can download the free connector by visiting the SolarWinds Customer Portal.

Filter Blog

By date: By tag: