Have you ever tried rounding up details about every device installed in your enterprise and then meeting the demands of security, policy and maintenance compliance at a network level?
For IT managers trying to perform this task manually, or with proprietary tools, it must feel like herding cats. When there are too many unruly assets on the network, human error becomes a major factor in making mistakes that lead to inconsistent configuration management practices.
Addressing this business challenge are change and configuration management tools such as DeviceAuthority from Austin, Texas-based AlterPoint Inc.
A single tool that automates change and configuration management for products from 25 different vendors, DeviceAuthority evaluates the impact of changes across network devices such as routers, LAN switches, WAN switches, load balancers, firewalls, wireless access points, VPN concentrators and UPS systems. It helps fulfill compliance requirements, helps analyze network failures and performance problems and is a tool used in the planning for business change. It also discovers and gathers configuration data on devices in the network.
Last week AlterPoint released version 4.0 of the flagship tool, adding to the product's previous feature set that already included automated policy remediation, which allows for proactive change management of network devices that are out of compliance or in violation. It also included syntax checking, a feature that prevents manual configuration errors.
In version 4.0, AlterPoint has now added hardened application security, which consists of customizable user permissions and roles-based access used for the purpose of increasing control and decreasing errors.
AlterPoint's upgrade also includes granular activity logging to ensure audit and compliance requirements are met; user action auditing for complete accountability; and device lifecycle tracking for end-of-life/end-of-service data, a feature intended to improve timeliness of vendor support contract renewal.
"Configuration and change management is at the heart of compliance," and is a tool that can help avoid wasting money, according to Williams. For example, a company may purchase equipment in bulk to get a good price, yet they won't deploy all of their devices immediately. DeviceAuthority warns users about their renewal maintenance contracts ahead of time.
"A company may have purchased networking hardware last week, but won't use it for a few months," said Williams. "DeviceAuthority produces full reports about what is in production, what's not, what's in service, and what's not, in order to avoid compliance issues."
Configuration and change management turned out to be a worthy deployment for financial giant, Citigroup, which is a big Cisco shop but ultimately includes 40,000 to 50,000 devices of various mixes. Citigroup's initial DeviceAuthority rollout was used for discovering what their enterprise contained, what needed to change, how to secure it so that only certain people could make changes, and for ensuring that changes are in compliance with internal policy. Phase two will look at integration with operational needs such as help desk.
"Once you understand your inventory, then you can start integrating at a greater level," said Williams.