When most people think about configuration management solutions it often conjures up images of very expensive enterprise-class software packages. These software packages can be large and cumbersome and may be overkill for most organizations who want to achieve some of the same results on a tighter budget. Over the past several years there has been a lot of consolidation among the leaders in the Network Change and Configuration Management (NCCM) Market. The top companies in this technology sector are: Opsware Network Compliance Manager (NCM) (purchased Rendition) (now HP), AlterPoint , Voyance (now EMC), Intelliden. Other companies in this NCCM arena are: Netcordia NetMRI, Aprisma (now CA), Emprisa Networks (now BMC), Dorado Software, Tripwire, Pari Networks, and SolarWinds. Some of these solutions are more costly than others and some may be a good fit for your organization but quite a bit of investigation is required to determine the best use of your hard fought budget money.
Whether your organization has fully bought into IT Infrastructure Library (ITIL), COBIT, Microsoft Operations Framework 4.0, or ISO/IEC 17799:2005, we can all agree that it is pretty universal that managing the critical IT assets of an organization is important. In the ITIL framework, configuration management is found within the Service Support Set. Configuration management is also mentioned in the same sentences release management, change management, problem management, and incident management. The importance increases when those IT assets affect the communication foundation for every enterprise application for the entire organization. These days the network is the critical foundation layer for the entire livelihood of the business.
Configuration management can be performed for software or hardware development. However, when we networking folks think of configuration management we think about backing up the configuration commands from the network devices and security devices. The main reason we want to keep these configurations around for historical reference is to do one of the following tasks:
1) Check some box for corporate auditors that our company is “safe”
2) Restore the network to full operations after a human error
3) Find the human that caused the error and inflict pain on them
Those are all fine reasons but in my line of work I am focusing on keeping my client’s networks running as smoothly as possible with a minimum of hiccups.
I would argue that configuration management entails more than just backing up your configurations every night. Besides backing up the “show running-configuration” data it is important to back up device “state” information that may be lost if the device was rebooted or crashed. The startup configuration only tells half the story. The state information tells you how that device is operating with its neighboring devices in a live network and that is also important to gather. That information will help with troubleshooting by giving the network administrator a baseline to work from. You can compare the historical status of how things were working well when the devices are quiescent and routes are fully converged.
For years I have tinkered with my home-grown Perl/Expect scripts that I use to push commands to network devices and gather the output into flat files. These tools have morphed with me for more than a decade but are still very trusty. I use them to gather “show” command output into flat files that I create additional scripts to parse through the mountains of data. I also use these scripts to push out changes to large numbers of devices in record time. However, the downside to my scripts is that they aren’t pretty so they really aren’t fit for public consumption. Therefore, I am always on the lookout for tools written by programmers much more knowledgeable than myself that are easier to use. Recently I have stumbled across several Open Source solutions available that represent good value in the configuration management space. Three tools that I am referring to are Zenoss, ZipTie (from AlterPoint), and the Really Awesome New Cisco confIg Differ (RANCID).
Another tool that I have found very useful lately is a simple utility that allows me to perform a manual side-by-side comparison of two configuration files. I have been using a great little tool called Notepad++ ever since my colleague Tim Clegg from GTRI turned me onto it. It is a great little text editor, has many benefits when coding or scripting, and has the ability to aid in configuration management.
Cisco Catalyst 6500 switches are often deployed in mated pairs but they do not synchronize their configurations with each other. During network assessments I find myself trying to do a side-by-side comparison of configuration files to check on spanning-tree, VLAN, HSRP, routing, and other parameters to make sure the core network is operating smoothly. I have used Notepad++ many times in the past few months to speed up the configuration file comparison and I have found , shall we say, many opportunities for configuration improvement. The picture below shows what it looks like when you are using Notepad++ to review two router configurations side-by-side. The utility is very intelligent about its comparison and the color coding is very helpful to visualize the differences.
I encourage you to look at how you are managing your configurations and to continuously improve how your network operates and how you maintain your network. I think that no matter what your budget is you will find that these tools can help you be a good “keeper of the flame” of network configuration management.