Network Management Strategies for the CIO
In a lab or staging area (because you want all the configurations to be standardized) you'll probably order all the devices into your central office, configure them and then ship them to the remote offices to be configured. You'd configure and test the component for one branch in the lab, then box it up and ship it off. Then you would configure and test the component for the next branch, and box and ship it, repeating this process for each branch. This type of assembly-line staging is usually efficient enough to justify the cost of extra shipping.
Requires Free Membership to View
 |
||||
|
|
|||
|
||||
The best way to build your staging lab is to create a replica of the environment where your new device or configuration will be installed. Usually, having all the physical neighbors is sufficient. Sometimes you'll need the logical neighbor's too. For example, if the physical neighbors are Layer 2 switches and your changes involve routing, you should also have routers in your staging lab so you can make sure the adjacencies form correctly and any route-maps, filtering or redistribution are working.
Another thing to consider when building a staging lab is connectivity to your production network. Of course, you want remote access so you can work from a comfortable location; and you want the devices to be able to reach your network management systems so you can make sure they show up on maps and will be monitored correctly. In addition, make sure your device or configuration can reach an authentication server if you're using TACACS+ or RADIUS. It's no fun to ship a device to a remote location and then not be able to log in to fix problems. Even so, be careful here because connectivity should be limited so that if you misconfigure something or want to test a configuration, the configuration can't affect the production network. For instance, if the device is a firewall advertising a default route, you don't want to accidentally re-route all your production Internet traffic to your lab. One method is to use a firewall and Network Address Translation. Another is to disconnect the lab from your network completely and allow access only via terminal servers.
Your staging lab may include physical stuff if you have to assemble the hardware or need to add special rails or rack- or wall-mounting equipment. Normally, though, there's not a lot of value in providing equivalent environmental facilities, like multiple electrical circuits, racks on raised floors and HVAC.
About the author:
Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years of experience in the networking industry. He is co-author of several books on networking, most recently,CCSP: Secure PIX and Secure VPN Study Guide, published by Sybex.
This was first published in October 2006
Join the conversationComment
Share
Comments
Results
Contribute to the conversation