A good Network Change and Configuration Management (NCCM) Policy will monitor all settings, attributes and metrics contributing to the network’s working state and identify where any particular network device deviates from this ‘good’ configuration state.
It is important to keep in check all Cisco (or other vendor) switch, router, firewall and other network device configuration settings, performance metrics and application response times that together govern the quality and consistency of delivered IT service levels to the business.
However, the need to ensure all network devices are compliant with security and external corporate governance legislations is now equally necessary.
Corporate Governance policies such as Sarbanes Oxley (SOX), GLBA, NERC, PCI DSS, HIPAA, MiFID, SAS 70, and Basel II have all been introduced to ensure minimum levels of security and integrity are maintained for company financial information and any stored personal details of customers.
Your Servicedesk or Helpdesk system has a role to play, supporting an ITIL or similar Change and Configuration Management Process, providing reconciliation data for any planned changes to any configuration item.
Here are the Top Ten issues for NCCM
1. Network Performance Management – Measure and control all parameters affecting IT Service Delivery, including performance, configuration settings and end to end user experience and application performance for all Cisco routers, switches, firewalls and other network devices
2. Network Compliance Audits – Take steps to automate the audit process for your Cisco routers and other network devices in order to provide auditors with accurate details of all security and access controls for compliance with all Corporate Governance legislations, such as PCI DSS, SOX, GLBA, NERC, HIPAA, MiFID, SAS 70 and Basel II
3. Cisco router/switch/firewall configuration backup – backup Cisco router configuration settings and backup Cisco switch and firewall configuration settings automatically and on a regular basis to ensure you can always revert or rollback to an earlier known working configuration if a problem occurs following a configuration change. The best network change and configuration management (NCCM) systems will also provide an open configuration backup system for all Nortel, 3Com, Juniper, Extreme, Foundry Networks, Riverbed, Nokia Checkpoint, Alteon, HP, Meru, Huawei and Fortinet or Fortigate firewall configurations.
4. Backup and track changes to Cisco Running and Startup Configurations – it is important to backup startup configuration and backup running configuration settings for Cisco routers, switches and firewalls and a good tip is to compare startup and running configuration settings to ensure they are not out of step unless this is intended i.e. before a scheduled update of the running configuration has been implemented.
5. Cisco Router/Switch/Firewall Security Management – Best practise is to limit access to the router, switch and firewall devices to as few personnel as possible and track any configuration changes in as near real-time as possible. The best network change and configuration management (NCCM) systems use SNMP Trap or Syslog Event analysis to identify when configuration changes have been made and also indentify who made the configuration change.
6. Automatically audit for compliance with network configuration best practise – Where possible, automate auditing of Cisco router, switch and firewall configuration settings for best practise measures such as regular updates to passwords, SNMP community string changed from default (public) and Access Control Lists are configured.
7. Updating or upgrading Cisco IOS version using TFTP – before scheduling an update to the IOS version, verify the checksum for the IOS file is consistent with the checksum of the downloaded IOS version update to ensure corruption of the file during TFTP upload to the router has not occurred.
8. Troubleshoot Router Configuration Problems – By comparing ‘one router to many’ you can pinpoint all differences between a ‘policy compliant’ (i.e. ‘working’) router and those that aren’t and in doing so, identify which configuration changes need to be made to rectify the problem
9. Integration with Network Management and Servicedesk/Helpdesk systems – Ensure your Network Change and Configuration Management (NCCM) system integrates with all major Network Management Systems such as HP OpenView” and Castlerock SNMPc”, and leading Servicedesk systems such as Peregrine, Remedy, Touchpaper, Hornbill, Heat, ITSM, Assyst or HP Servicedesk. If a router, switch or firewall is reconfigured, the configuration change will be alerted into the Servicedesk, Helpdesk or Network Management system for immediate investigation.
10. Change Management Process – By integrating the NCCM system with your existing Change Management/Change Request/Change Approval system you can ensure planned changes are reconciled with actual changes. A full audit trial of changes made can be collated, together with the Request for Change (RFC), the Change Approval Board (CAB) approval for the change, and all details of who made the change, and what was changed.
All the above change and configuration management tasks can be automated using network change and configuration management (NCCM) software solutions, the best of which will cover desktop PCs together with change and configuration management of your servers and all network devices such as firewalls, switches and routers.