Piggy-backing on last winter's Network Application Performance Analysis (NAPA) announcement, Cisco Systems Inc. came back to the table yesterday with the release of an automated configuration management system.
Cisco Proactive Automation of Change Execution (PACE) is a suite of products and services designed to help enterprises meet compliance requirements, accelerate growth and ensure business continuity, according to Karen Sage, Cisco's director of marketing in the networking group.
Whereas NAPA provides metric and performance measurements to gauge how applications are performing across the network, PACE is a combination of products and services to automate and control network changes, Sage said.
For most network engineers and architects, configuration and change management is still a manual process, and most problems are not discovered until after deployment. Even the smallest configuration errors can cause big headaches. Also, Sage said, many companies don't have a firm grasp of compliance.
"No one wants to talk about [compliance issues]," Sage said. "They have no idea what's appropriate for their domain."
PACE products already include Cisco's Secure Access Control Server and CiscoWorks LAN Management Solution. The PACE updates now include CiscoWorks Network Compliance Manager and Cisco Configuration Assurance Solution. A host of new services are also added, including operations, technical and deployment consulting.
Sage said that a number of point products are available now that fill some of the voids, but Cisco is "trying to build out the infrastructure of change control."
"It's really about raising the level of professionalism," Davidoff said of adding Cisco PACE functionality to the network.
After a half-billion-dollar network upgrade across all campuses, change and configuration management was still the root cause of network downtime, Davidoff said. The network has more than 5,000 switches.
"We didn't have a plan," he said. "There was not a process on most campuses for change management."
He said that oftentimes there was an attitude of "it's no big deal, I'm just going to do it" when it came to making changes across the network. "You just don't make changes to the network in a live environment," he said.
"Without [controlled and automated] change management, you have no accountability and authorization to be in that environment," Davidoff continued. "Once you can document everything you're doing, you can go back and track that."
Now, Davidoff said, California State University is in the process of defining and automating who can do what and when in relation to network changes. He said it will help simplify the lives of the IT staff and minimize friction.
"Part of this is really starting to change the culture," he said. "This forces you to have a process and a level of consistency."
And, Davidoff added, the culture is apparently starting to change.
"It's getting better every day," he said. "We're definitely making huge strides with it. It's starting to leverage the infrastructure and resources we have."
According to Sage, NAPA helped plan for new services, applications and equipment; troubleshoot network and application performance issues; and optimize network performance. Adding in PACE, she said, allows for secure centralized access and audit; network configuration change and compliance; and network analysis, validation and reporting. Combined, NAPA and PACE are a "lifecycle approach to the management of network equipment."
Some key features of PACE allow companies to adhere to compliance policies while also providing accountability to network and information changes, including:
- Changing user names and passwords -- from one central control point, companies can change and control access to devices affected by user name and password changes.
- Managing unplanned device configuration changes -- IT can provide a secure change control process that allows users to implement configuration changes by the right person at the right time.
- Detailed compliance reporting -- users can check network configurations for compliance with industry regulations, including SOX, HIPAA and COBIT. Audit reporting and rollback capability of all network changes also give corporate auditors detailed tracking.
- Comprehensive analysis and validation reporting -- users can analyze and view reports on security vulnerability, network resiliency, configuration trends, routing analytics, network design and other metrics to prevent unwanted or conflicting changes.
Along with those features, PACE also includes customized services such as operation consulting, technical consulting and deployment services. The operations consulting feature assesses, defines and optimizes a company's configuration and change management process. Technical consulting provides integration, custom compliance and policy rules development, and report generation. And deployment services help companies plan, design, implement and operate PACE solutions.