The NCM 7.9 changes to baseline have negatively impacted how we report on configuration conflicts for audit reason. I'm hoping this community will review our current usage of Baseline and Compliance Checker and help me clarify how the new changes to Baseline should be applied.
Here is our process for using NCM, Baseline, Config Compliance Checker, Running vs. Startup Config Conflicts, etc., when answering to our Internal IT Audit team:
At the start of a Quarter we run a job to "Baseline Entire Network". And any given day, we could go to Config Summary and monitor "Baseline vs. Config Conflicts" or "Overall Running vs. Startup Config Conflicts" to see if and how many conflicts exist.
If at any time an auditor would inquire about changes or we reached the end of the quarter and had to report on changes we could gather "Baseline vs. config conflicts" from SolarWinds and match them, one for one, with Help Desk Ticket Change Requests. Then we would baseline all of the configs so that our Baseline vs. Config Conflicts chart would go all green again.
Also from Config Summary we report on Config Compliance Checker Policy Violations. There is a Report for each designated type of device (access switch, router, firewall, etc.). This report has a tailored policy consisting of several rules that use Regex or simple pattern matching to snippets of code that are relevant to features for that device type. And daily this Config Compliance Checker can be monitored for "out of compliance" devices.
But the latest changes with Baseline have me confused on where Solar Winds is ging with Config Managment. For one, they have taken the Job Type "Baseline Entire Network" away. That breaks our current process of Baselining everything periodically. Also, I'm still trying to find out why I can't promote any configs to Baseline, even on a one for one basis. I thought I had full admin rights but maybe not. And it seems to me the new Baseline features of ignoring lines or creating baseline snippets or applying baselines to multiple devices of the same type really just bleed into Config Compliance Checker Policy Violations.
Its like Baseline from NCM 7.8 and older is dead as we know it and Baseline will be replacing Config Compliance Checker?