In the first part of this series on network configuration management automation, we explored how automated network configuration management tools limit human error and save time by lessening the need for manual configuration. In this second part of the series, we discuss varying automated network configuration management tools and their implementation.
Networking teams take a major step when they decide to place their trust in automated network configuration management tools. So making the right choice of tool and then learning to implement it correctly are complicated processes.
A wide variety of automated configuration products are available today from companies such as Dorado Software, Netcordia and Solarwinds. Larger vendors such as EMC and HP have acquired products from smaller vendors, which they have integrated with their wider product lines. Then there is an array of open source software packages including RANCID and Netomata Config Generator, as well as the ZipTie package, which Alterpoint has incorporated into its product.
What to consider in an automated network configuration management tool
First, human intervention is still generally required to make configuration changes. The ability of a configuration tool to make changes automatically, known as closed loop configuration management (CLCM), has been used only in very limited cases. Developing the ability for a configuration tool to make automatic changes requires creation of a detailed set of templates, for which vendors provide product-specific documentation. These templates then guide the tool by specifying a set of conditions that must be met and the actions to be taken.
To date, CLCM has been used to react specifically to a failure occurring immediately after a configuration change, at which time the tool immediately returns the network to its previous configuration. Creating templates for more complex situations would require a detailed understanding of all of the interrelationships in the network and a carefully defined set of conditions and desired actions.
Second, the network fault-management tool must be in sync with the current network configuration. When using manual network configuration tools, the fault manager must be manually updated after every network change.
The use of configuration management tools with an integrated fault manager addresses this issue. For instance, EMC's Ionix Network Configuration Manager is integrated with EMC's network fault management product. Both are updated simultaneously, so the fault manager always views the current state of the network.
Steps to implementing network configuration automation tools
A formal organizational structure is required to gain the full advantages of an automated configuration tool. The structure must specify who is permitted to make changes and the extent of changes permitted for each individual. For example, a junior staff member may be permitted to apply patch updates, while only senior personnel are allowed to implement more significant changes.
Access controls must also be created and maintained to enforce this policy. Giving full access to an inexperienced staff member can result in a disaster because of the speed at which the tool can make network changes.
Looking ahead, integration with system configuration tools will be the next step for network tools. With virtualization, network interfaces are created and deleted as VMs move from physical server to server. Network data flow patterns shift as applications move from system to system. Management tasks become more complex, making automated tools an absolute requirement.
About the author: David B. Jacobs of The Jacobs Group has more than 20 years of networking industry experience. He has managed leading-edge software development projects and consulted to Fortune 500 companies as well as software startups.
This was first published in March 2010