Wednesday, March 21, 2007

Network configuration management – Wrap Up

I am working on wrapping up a couple of projects so I haven't been blogging as much. I am currently finishing up our network configuration management project. It's been going very well and we are finding so many uses for the technology:

Here is a snippet from our business case on the product:

This product enables large amounts of functionality that we don't currently have from the CiscoWorks LME implementation. The major advantages are multi-vendor support (Cisco Wireless, Cisco, Nortel, Checkpoint, PIX, and F5). The product tracks all changes, captures configurations, and allows for software and configuration upgrades centrally. It allows for dynamic complex grouping, enabling us to track the environment when devices are added and removed. The tool allows for policy management, inventory, and vulnerability management. Ability to proxy into the legacy environment to manage devices we've never been able to access. Opsware NAS allows for the sharing of information, by advanced reporting and dashboarding. These reports allow for reporting to auditors and customers (Business).


Other major benefits of the tool:

  1. Switch port utilization and capacity
  2. Checking and fixing DST compliance across network devices. (corrected several hundred devices). This is what the Server product would have helped us with as well.
  3. Generate inventory reports to allow for verification of maintenance renewals. Reports included serial numbers, modules, models, and IOS versions.
  4. Update access controls, and enable passwords across large numbers of devices easily.
  5. Port capacity planning, and switch port utilization for future switch purchases.
  6. Dynamic grouping allows for inventory to be grouped and reported on by business ownership.
  7. The GSOC was given a large list of IP addresses of virus-infected machines.  The only way to find these machines previously was to hop from switch to switch tracing out the MAC addresses/IP addresses via MAC tables, cam tables, etc until a switch port can be identified.  Opsware does this in second with its search for addresses "seen from port" feature
  8. Ability to track what and by whom devices were changed. This has been in use on various occasions to avoid outages and finger pointing.


No comments: