The IT Swiss Army Knife - Cisco Network Compliance Manager

Cisco Network Compliance Manager, Known as NCM, is a standout management product that performs. Need a network device audit based on things like PCI, HIPAA, ITIL, etc? Need to roll-out config and software changes to several devices? Need a real-time visio network diagram? Need a super detailed inventory of all your network devices? Want a live PSIRT alert system that tells you exactly what devices need remediation, downloads the code to fix it with, and produces a report showing if the device can support the new code? Need a configuration archiving mechanism with one click roll-back? Need full configuration change management with workflow even changes not done through NCM? Well, you guessed it NCM has all that and a few other things worth noting like it supports about 30 other vendors products. See the screenshots of these features throughout the blog. Given the corporate focus on regulations and standards this year, several have been searching for a tool to help them become, remain, and prove compliance. Picture this, your PCI auditor asks you to provide them with tons of information. You login to NCM, click on compliance center, click on PCI audit, click run and email the auditor a real-time PCI audit report of your devices… Swish, nothing but net!

Now some screenshots of the other features I mentioned: Screenshot of all of the tasks you can run on your devices. These tasks can be run on each device individually or on groups of devices. The Run command script option lets you input any device commands or scripts you want, even show commands.

The Image below shows the UNIX style diff view of two configurations. It highlights the changes and then provides context around those changes by providing 3 lines before and 3 lines after. You can then roll-back by adding the older config changes to either running-config or startup-config.

The executive dashboards give you high level views of your device compliance, polling status, policy violations, software compliance violations, and a few others.

NCM has a built-in summary report spreadsheet with a bunch of tabs. It shows your full device inventory, Full OS versions in use inventory, top 5 vendors, Top 5 OS versions, change frequency, device access failures, and more. http://www.jheary.com/NCM-sample-Report.xls Click here for a sample NCM .xls report You can use NCM as a terminal server for device management. The way this works is you SSH or telnet to NCM and then from there you connect to your various devices. You can enable single sign-on so NCM will auto populate your credentials into the new devices saving you time. This allows for stricter, centralized access restrictions on your devices. You can also connect to devices directly from the NCM GUI. If you choose to connect directly to the device then NCM can use syslog and snmp alerts to do change detection, reporting and auditing. Here is a sampling of what’s available for reporting in NCM

Click here for a sample Device And Module End-of-Sale / End-of-Life Report There are lots more to show in NCM but alas I have run out of time. I need to go pick out my Christmas tree! I hope everyone had a great thanksgiving. Cisco’s NCM site http://www.cisco.com/en/US/products/ps6923/index.html

The opinions and information presented here are my personal views and not those of my employer.

More from Jamey Heary: Credit Card Skimming: How thieves can steal your card info without you knowing it Cisco enters the crowded AV and DLP client marketCisco's new ASA code allows you to securely take your Cisco IP Phone with you anywhereCisco targets Symantec, McAfee with its new antivirus client Google's Chrome raises security concerns and tastes like chicken feet a>Go to Jamey’s Blog for more articles on security.

*

*

*

*

*

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.