Chat Log - Day 1: Network Configuration Management (NCM, UDT, IPAM & FSM)

Version 1
    SenderTargetText
    sandip Let's do this
    JFrazier I do miss the    shuttles...  although I did participate    in the recovery effort for the Columbia.
    francois Who has FSM or    looking at it in the audience?
    francois How are you managing    your ACLs' in your routers and FW's?
    Steven does it make sure the    NSA can access your network? :P
    ScottSadlocha Don't have it here
    ScottSadlocha But I want to learn    more about to see if I can pitch it
    Kurt not here either. I    was going to test drive it though.
    michal.hrncirikStevenno NSA using Orion    for their purposes :)
    ErikD is FSM more context    friendly? when I demoed.... context firewalls were not functional...
    ScottSadlocha Quick question on    FSM--does it support Palo Alto devices?
    Jbeucler @ErikD
    StevenfrancoisI've attempted to    trial with one of our firewall guys for Checkpoint (I'm not a Checkpoint    engineer so I'm not 100% on the technical details/issue) but he couldn't load    all of the profiles(?) for the firewall.     If we went to load a second or third one
    francoisScottSadlochanot yet
    kbott we arePA as well
    ScottSadlocha We have both PAs and    Cisco ASAs
    Chris Is McAfee Sidewinder    on the list or firewalls that are to be supported?
    RichardLetts Fortinet/Fortigate
    MattNAdilIs watchguard    supported?
    wbrown Is NCM integration    required in order to modify configs?
    francoisErikDIn ASA multi-context    firewalls
    MattN Is Watchguard    supported
    Jbeucler If anyone is    interested in the FSM Beta please let me know!
    Jbeucler we are looking at    feedback on our user experience of our integration into Orion
    jspanitz Does it Analyze    Juniper SRX AppSecure data?
    ErikD am a user context in    a multi tenant
    francoiswbrownyes if you want to do    it directly. If no NCM
    francoisErikDare you a customer or    were you using an eval version?
    Steven Is the a black list    for UDT? Or would we have to add every device to the whitelist and alert on    non-whitelist devices?
    Steven Is there a*
    Jiri.Cvachovec There's currently no    black list.
    MattMatheus I've used the watch    list as a sort of blacklist
    RichardLetts the Watchlist is like    a blacklist
    Jbeucler @spanitz
    Jiri.Cvachovec but we do have a    feature request (voting idea) on thwack
    Jiri.Cvachovec http://thwack.solarwinds.com/ideas/1367
    RichardLetts if access control to    your network is a requirement then implementing 802.1x is probably the right    way instead of finding them after the event.
    Jiri.Cvachovec http://thwack.solarwinds.com/ideas/2330
    StevenJiri.CvachovecThanks Jiri
    ErikDfrancoisNPM/NCM/NTA/SAM/IPAM    customer
    Jiri.Cvachovec What are your other    wishes for UDT?
    jspanitz So one of the things    we want to do with UDT is report on unused ports over a period of time
    Kurt I would like to know    when UDT will have the abiltiy to recognize error disabled ports.
    francoisErikDok
    MattMatheus NPM can recognize    errdisabled ports through syslog
    ecklerwr1 Jiri got tux and J    beucler got some other avatar (neo maybe?) (A cop?)
    ChrisScottSadlochaMcAfee SideWinder    support?  Or at least in the near    future?
    RichardLetts support for NETCONF:    http://en.wikipedia.org/wiki/NETCONF
    ecklerwr1 We've got SideWinders    as well for L7 f/w.
    ErikDfrancois30% of my firewalls    are Contexts
    francoisChrisif you are asking    about FSM the anbswer is not today
    ScottSadlocha We don't have    Sidewinders here
    ecklerwr1 I sure hope so...    most newer ASA have multiple contexts
    Jiri.Cvachovec NETCONF for FSM or    also UDT?
    francoisErikDI'll ping you off    line
    Kurt the err-disabled port    idea has been in for a while and has top votes.    http://thwack.solarwinds.com/ideas/1507
    Jiri.Cvachovec Makes sense for NCM
    RichardLetts UDT -- way to disable    ports on Juniper switches.
    RichardLetts @jiri: yes
    Jiri.CvachovecjspanitzI'll send you some    info offline.
    jspanitzJiri.CvachovecExcellent!.  Thanks
    jake Doesnt cisco have a    similar shutdown feature built in?
    francoisErikDBTW
    jspanitzJiri.CvachovecNETCONF - YEs Please
    francois Who's big on NETCONF?
    Jbeucler @Spanitz
    Jiri.Cvachovec @RichardLetts: Have    you created an idea for UDT/NETCONF on thwack?
    jspanitzJbeuclerThanks again.  Will it be on thwack so others can vote?
    ScottSadlocha Liking these NCM    enhancements
    ErikDfrancoisyes ASA
    Jiri.Cvachovec @Kurt: Yes
    Jbeucler @Spantiz Yep
    francoisScottSadlochagood to hear
    Jiri.Cvachovec @ScottSadlocha: Which    enhancements do you like most?
    Kurt Thank you Jiri
    ScottSadlocha The entire first    point
    Jiri.Cvachovec Good
    Jiri.Cvachovec How do you find the    EoL stuff?
    jspanitz Multiple connection    profiles is great
    Jiri.Cvachovec thanks :-)
    ScottSadlocha I like the sound of    that a lot
    Paul Can EOL be used to    track service contracts for devices?
    Jiri.Cvachovec @Paul: Via custom    properties
    RichardLetts http://thwack.solarwinds.com/ideas/1571    exists for NCM
    jspanitz Do you guys support    Aruba Instant?  The newer code (last 6    months) supports a full CLI now.
    Paul Thanks Jiri
    ScottSadlocha Yay! PA support.
    francoisScottSadlochawas that abotu FSM?
    jspanitz Concept of EoL is    great
    Jiri.Cvachovec @jspanitz: Aruba    instant not OOTB. Not sure how difficult is to create a device template
    ScottSadlocha No
    francoisScottSadlochagotcha
    Jiri.Cvachovec @jspanitz: Yes
    ScottSadlocha Didn't have to deal    with PAs at my previous place when I rolled out NCM
    Angel13 [Emotion=emteeth.gif]
    francoisjspanitzyes
    Jiri.Cvachovec Exactly
    jspanitzJiri.CvachovecCorrect
    Jiri.Cvachovec Will fix that.
    jspanitzScottSadlochaScott
    ScottSadlocha At my previous place
    AshleyC BRB
    Jiri.Cvachovec If you don't know
    Paul jiri - can you send    link to that page on EoL/EoS ?
    StevenfrancoisA bit late
    Jiri.Cvachovec http://thwack.solarwinds.com/message/210440#210440
    Paul Thanks Jiri! :)
    Jiri.Cvachovec You're welcome!
    ecklerwr1 What's the    "catalyst" problem?  Devices    that run CatOS?
    francoisStevennot sure
    ecklerwr1 They should all be    EOL I would think.
    Jiri.Cvachovec Non-Catalyst Cisco    devices get suggestions with Catalyst EoL/EoS items.
    StevenM How long will the    recorded livestream videos be available?     I'm having a hard time listening in at work.
    ecklerwr1 I get it Jiri.
    Jiri.Cvachovec As I said
    sandipStevenMthe recording will be    available immediately following the presentation in the video player below
    sandipStevenMAnd will live on    forever :-)
    StevenM Thank you
    JbeuclerStevenSent you an email    following up with NTA RC. Thanks
    Paul We have IPAM today    but are dropping it (sorry) ... it's really slow and no support for common    tasks found in service provider networks ... for enterprise and small    environments it's probably a good tool
    michal.hrncirikPaulhi Paul
    francoisStevenWhen importing from    file system
    Jiri.Cvachovec @jspanitz:    http://thwack.solarwinds.com/docs/DOC-143398
    michal.hrncirikPaulit's more designed    for internal company use rather than for subnet provisioning in its current    version
    Jiri.Cvachovec UDT ports not used    over last XY days.
    michal.hrncirikPaulhave you found a    better replacement ?
    Paul @Michal - yes
    Chip may have missed this    but is there going to be more functionality around assigning options when    setting up or modifying scopes?
    michal.hrncirikPaulthanks for sharing    details Paul
    michal.hrncirikChipwhich ones would you    like to see there?
    Chip have to find the    notes I put together
    michal.hrncirikChipabsolutely - ping me    on michal.hrncirik@solarwinds.com
    Chipmichal.hrncirikthanks
    michal.hrncirikChipwe are working on    enabling all standard DHCP scope options for MS
    michal.hrncirikChip(may see something in    current beta build)
    StevenfrancoisI see. I think that    was the primary issue for the firewall engineer. He didn't want to have to go    and manually reload the separate policies (4+). If we imported a policy it    overwrote the first (so couldn't add separate ones into the contents/list)
    jspanitz Looking for Juniper    DHCP support on SRX firewalls.
    Chipmichal.hrncirikthat probably covers    it.
    Chipmichal.hrncirikbut I'll double check
    michal.hrncirikChipI would wait for beta    2 that should bring management of these options
    michal.hrncirikjspanitzon our list John
    jspanitzJiri.CvachovecJiri
    jspanitzmichal.hrncirikBooo :)
    michal.hrncirikjspanitzI can hear that    loudly and clearly :)
    Jiri.CvachovecjspanitzI can find out more    details with engineering -- don't know off the top of my head.
    jspanitzmichal.hrncirikBut we understand!
    michal.hrncirikjspanitzis there something    missing on the IPAM UI or is there something annoying you would like to    improve? (except search)
    jspanitz Acutally not!  We only use for monitoring though
    francois How interested are    you all in having IPAM storing details about IP Phones. Typical use case    could be to built-in the IPAM UI
    jspanitz ooooh.  sounds interesting.  would it do the same for lync or just    actual ip phones?
    michal.hrncirikjspanitzbasically any VoIP    phone
    ScottSadlocha That sounds very    interesting
    Kurt I would love to be    able to see more details about IP PHones.
    ScottSadlocha I agree
    michal.hrncirikjspanitzdo you guys use VNQM    and IPAM together or just IPAM?
    jspanitz Just IPAM
    Jiri.Cvachovec And for UDT: PC's    connected through IP phones -- how about that?
    Kurt I use VNQM and IPAM    together
    francois config data? IOW
    Jiri.Cvachovec I mean UDT being able    to monitor a PC behing VoIP phone...
    Steve thank you
    Stevenfrancoiswould it link into    VNQM for this or ?
    Kurt VNQM
    sandip Please feel free to    conitnue to chat with us after the session ends
    sandip Our SolarWinds    experts will stay online until 11:45a CT
    Jbeucler Yep
    RichardLetts The UI doesn't work    in IPAM3.0; will see what it looks like in the next version. it'svery slow    with the number of IPS we have.
    Jbeucler new shiney Orion    Module!
    francois yeah
    ecklerwr1 FSM inside Orion    sounds good.
    ScottSadlocha Just IPAM here
    RichardLetts LLDP on the switch    can help with IP-phone information.
    jake can we make a report    on IP Conflicts?
    ScottSadlocha Our UDT license was    not renewed this year
    michal.hrncirikScottSadlochawhat kind of info    would you like to see in IPAM for VoIP phones?
    Jiri.Cvachovec @Scott: Why?
    michal.hrncirikjakeyes you can
    ScottSadlocha Some of the    information mentioned. Right now
    jake ha
    francoisRichardLettsthanks
    ScottSadlocha Not sure Jiri. The    call was made shortly after I came onboard and was just getting up to speed    on the environment. Not much done here with device tracking I suppose.
    RichardLetts LLDP system name
    ScottSadlocha I think the idea was    that there aren't really devices on the network outside of company owned    systems
    Jiri.Cvachovec @Scott: Interesting    -- user device tracking is not important to your company?
    Jiri.Cvachovec I see
    ScottSadlocha It seems that way
    Jiri.Cvachovec But how do you know    without a white list? ;-)
    ScottSadlocha But what you    mentioned about UDT being able to track a system connected to a VoIP phone    interested me
    ScottSadlocha All of our systems    here are connected to the phones
    RichardLetts Media Endpoint Class
    Jiri.Cvachovec That's a feature    request -- I'd like to gather customer's opinion.
    ScottSadlocha Interesting
    ScottSadlocha I know very little    about UDT
    Jiri.Cvachovec or take a look at our    online demo
    ScottSadlocha Right
    Jiri.Cvachovec http://oriondemo.solarwinds.com/Orion/UDT/Summary.aspx
    Paul Any chance an app    will come out for Thwack vs just web access? :)
    StevenScottSadlochaSome companies use it    for switchport utilisation
    Jiri.Cvachovec Yes
    sandip thwack has a mobile    website
    Paul also
    Jiri.Cvachovec thwack is not the    only place
    francoisPaulgood to know
    AshleyC back back
    Jiri.Cvachovec any feature request    that comes via support is processed
    Jiri.Cvachovec thwack is maybe    better for visibility -- others can add votes
    AshleyC Have I missed    anything to do with the NCM?
    Jiri.Cvachovec How can i know? :-)
    francoisPaulJiri is right
    Jiri.Cvachovec What would you like    to know about NCM?
    francoisPaulAt the end of the day    the big benefit of doing it through Thwack is to get teh votes (if created as    an Idea)
    AprilRiese With NCM what is the    improvements what does the 'delay' command
    Paul Thank you Jiri and    Francois for your responses - appreciate it
    Jiri.Cvachovec ok
    Jiri.Cvachovec useful for e.g.    firmware upgrades
    francoisPaulno worries
    Chris fture requestts can    als be put in with a SolarWinds ticket through the customer portal
    AprilRiese perfect
    Jiri.Cvachovec string <->    number conversion -- you can perform e.g. arithmetic operations on IP    addresses
    AshleyC how long until the    next Session?
    Jbeucler 89 minutes
    Jbeucler 1pm CST
    StevenScottSadlocha5am ^_^
    AshleyC Ah oK
    Jiri.Cvachovec custom properties or    inventory data may be stored as strings -- you can process them as numbers
    RhidiansJiri.Cvachovec7pm GMT
    Paul Does anyone know if    it's possible to monitor ESXI under Virtualization in NPM?  I need to spend more time figuring out how    to get our ESXI monitored but thought this was a great place to ask :)
    AshleyC im in the UK so that    would be 1900
    ScottSadlochaPaulPaul
    michal.hrncirikPaulNPM does have basic    ESX monitoring functionality. have you simply try to add your node and see    "virtualization" tab?
    Paul Thank you Scott and    Michal - I'll have to play around more ... I did add the node but it doesn't    show up under Virtualization .. as long as i know the answer is    "yes" then I'll dig deeper to figure out why it's not showing up :)
    Paul Scott / Michal - it    helps if you click "Poll for VM" doesn't it? lol ... think I just    found my issue :)
    ScottSadlochaPaulyes
    jake can we set the mac    address assignment history?
    michal.hrncirikPaulproblem solved :)
    michal.hrncirikjakeyou mean that you    would like to see historical reports of IP addresses for a given MAC    right>
    jake yes
    michal.hrncirikjakethat's currently    visible only on web but we don't have report for that. you currently also    can't set retention period. Do you want me to open up a feature request for    this?
    jake Yes please
    michal.hrncirikjakeok got it. how long    the retention period should be?
    jake we are being alerted    on several IP address mac address conflicts that arnt really issues.
    jake for the mac address    history? 8 days for us
    michal.hrncirikjakeok
    jake Ok thanks
    Moe If GUI inefficient in    config tab
    Jiri.CvachovecMoeI'm not sure I'm    getting the question. Could you please add more details?
    Moe If something fail    during config
    Jiri.CvachovecMoeYou can connect to    the device directly
    Moe Thanks