I know this seems like an odd question to ask but what I’m really talking about is whether you just put a Band-Aid on the problem or whether you change the way you work to prevent future problems. In the network world the Band-Aid behavior still seems fairly common – you have performance monitoring tools to tell you when something goes down, you investigate, find a configuration issue a lot of the time, and then fix it and go on your way. How often do you stop to think about preventing those configuration issues?
It continues to surprise me how many IT folks believe performance and availability monitoring is critical but preventing problems through automated network change and configuration management (NCCM) is a nice to have. Here’s a few of the things that I’ve learned over the years:
- Config change detection – You know when you change a password on a site you get an email telling you that you changed your password. Well config change detection tells you when you (or someone else) makes changes to your network configurations – none of these should surprise you when they arrive, but one day one of them will and you’ll thank your lucky stars you had a config management product in place.
- Backup, backup, backup – Automated NCM allows you to backup your configs so when that day comes when you don’t have time to figure out what’s changed you can go back to your old working config quickly.Broad changes to your infrastructure – sometimes you have compliance changes, or just broad config changes that need to be applied consistently across the board. Do you really want to do each device manually?
- Troubleshooting – When there is a problem wouldn’t it be nice to quickly see if the config has changed since the last time you took a snapshot? Even better, wouldn’t it be nice if your performance monitoring tool was able to connect to your config management tool and tell you whether the config had changed when it alerted you to the problem?
- Make simple changes repeatable and consistent – So sometimes you may have a simple change like setting a VLAN id or setting a base security config for a new device, you could do all of those yourself or you could have a system where you create a parameterized config script that can then be handed over to a junior engineer to do the leg work.
- Compliance – ughhh. It’s not fun, but everyone’s got to do it, if you take credit cards as a business, or if you’re in a regulated industry, or even if you just have security policies that you care about enforcing you’ll want to be able to verify that all your devices are configured to meet your own policies. Without a config management product that’s going to be a lot more painful.
So, for 2012 will you make the resolution to prevent problems in your network or will it be an ongoing game of whac-a-mole (for our non-US readers here are the instructions for whac-a-mole )?
If you’re ready to see what an NCCM product can do for you, you can check out our version, called Network Configuration Manager (NCM) not surprisingly.