BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Upgrading network configurations can cause massive turmoil in the network and be a serious time burden on networking teams. Problems often arise from human error in implementation or documenting, which is why network managers and administrators are turning to automated network configuration management tools.
As many as 90% of network problems can be traced to configuration errors, says Dennis Drogseth, vice president of IT consulting firm Enterprise Management Associates. Making a configuration error is easy. Most configuration changes must be coordinated across multiple devices. An error on a single device among hundreds or thousands in the network can send data into a dead end.
Adding an extra link, upgrading the capacity of an existing link, or adding a new server can change data flow patterns across an entire network. A complete lack of connectivity is immediately obvious; but more subtle errors, such as reduced performance or a security vulnerability, may persist for weeks or months. Unfortunately, these more subtle vulnerabilities may not show up until there is a successful attack or – in a better-case scenario -- until administrators notice them during further updates.
The use of automated configuration management software products can substantially reduce the percentage of outages caused by configuration errors -- from as high as 90% to as low as 10%, according to Drogseth. The use of automated network configuration management tools can also help increase staff productivity.
How automated network configuration management tools reduce errors
Automated network configuration management tools reduce errors by:
- Analyzing each change before it is applied, so errors are caught before being applied.
- Checking configurations against corporate policies and standards such as PCI, HIPAA and ITIL. The tools can also identify and report security vulnerabilities and performance problems.
- Eliminating the need for staff to learn different command syntaxes of different vendors' devices in multi-vendor networks. The configuration software tool is programmed by the vendor to understand how to issue commands to any of the widely used network products. For devices that are not widely used, the software will need custom integration.
- Simplifying the task of applying a standard configuration to multiple devices. It is necessary to specify the configuration only once per application to multiple devices. The tools make necessary modifications, such as applying different IP addresses to each device.
- Automatically documenting all changes made with the tool, including who made the change and when. This capability eliminates cases in which an administrator decides to make a minor change to a device but neglects to document it.
- Detecting and reporting that someone has made a manual change to a device.
Why the need for automated network configuration management?
Network change and configuration management primer
Virtualization change and configuration management primer
Storage area networks change and configuration management primer
Automated network configuration management boosts staff productivity
Configuration automation reduces the time required to make network changes and to resolve problems. Drogseth cites one client that has gone from manually making 20 changes per hour to individual network elements to implementing 10,000 changes per hour using an automated configuration management tool. In another case, the average time to discover a security vulnerability has been reduced from two weeks to less than two minutes.
For Texas A&M University, the use of network automation software has eliminated the need to recruit network professionals adept at using Unix scripting tools, explains Matt Almand, chief network engineer. Netcordia's NetMRI configuration management software, a network management product focused on network configuration and change management (NCCM), is used as the default tool for collecting information from devices. NetMRI automates and parses information such as Cisco IOS release levels across a network with more than 2,000 switches and routers.
In part 2 of this series on automated network configuration management, learn how to choose and implement the right network configuration management automation tool.
About the author:
David B. Jacobs of The Jacobs Group has more than 20 years of networking industry experience. He has managed leading-edge software development projects and consulted to Fortune 500 companies as well as software startups.