Itential’s Configuration Manager: Automating Network Compliance & Remediation
Part 2 of Blog Series on Itential’s Configuration Manager. For Part 1 on Automating Network Configuration Management click here.
The network is undergoing extreme pressure to deliver services quicker and be more agile than ever before. With the increase in complexity of network environments to support the accelerated pace of demand, the increase in frequency of network changes and ongoing compliance requirements are growing exponentially. Network compliance is a high priority for network administrators, but it is extremely challenging to stay on top of all the issues in your environment that consists of devices from multiple vendors, requiring appropriate changes using traditional tools that range from notepads and Excel spreadsheets to large-scale enterprise systems like MicroFocus Network Automation (previously and popularly known as HPNA).
Constant network changes causes devices to drift away from the set compliance standards over time. Validating network device configuration against a common set of compliance rules is critical to avoiding configuration drift. However, the ongoing issue for most companies is the manual and arduous nature of the process, even though they often use purpose-built NCCM point solutions that provide very specific functionalities. In most cases, these solutions rely on two key functions – banks of text files with versions of a given device configuration and some kind of scripting engine to automate configuration sweeps and deployment.
These traditional solutions are not likely to meet the ongoing and changing needs of most IT organizations as modern network deployments, such as SD-WAN and 5G, are very complex. Modern solutions need to support business process management, rules engine, automated compliance monitoring, advanced analytics and dashboards, along with end-to-end network automation to be truly successful.
Challenges with Traditional Approaches to Network Compliance Management and Remediation
Business needs are constantly evolving, and network teams are required to respond quickly to the requests by configuring the network devices, which is a time-consuming and challenging task due to:
Maintaining device configuration files – The manual process of maintaining device configuration files is just not scalable. Network teams struggle with the sheer volume of files and have to sift through thousands of configuration backup files to make network changes such as rollback, hoping they got the right version for the right device. Also, making any configuration change requires manually updating a large number of configuration files.
Managing multiple Golden Configuration templates – Golden Configuration should be a single and universal standard configuration that is used as a baseline for a class of devices such as routers, switches, servers, WAN optimization devices, etc. Network teams create multiple Golden Configuration templates for a class of devices based on country, region, office, customer, and others, landing up with many variants of a Golden Configuration template that doesn’t make it universal anymore.
Multiple sources of truth – When different departments/silos are involved in compliance management, using NCCM solutions that need to be the source of truth, information gets stored in multiple places that are not synced. Any compliance management strategy is bound to fail due to the inconsistent data sources across the network.
Manual processes – Manual comparison of configuration drift by ‘staring and comparing’ a device’s configuration against its golden configuration template, often results in incorrect remediation due to human errors and stale configuration data. Network teams often use fragmented tools to do specific tasks, and then correlate the output from each tool manually.
CLI and Python scripting – CLI/Python driven device configuration, syntactically complex attributes of the network configuration files, and custom automation scripting leads to frequent human errors and requires development support. The need for configuration pushes to multiple devices from different hardware vendors requires development of custom scripts to suit the syntax of each device type.
No end-to-end network automation capabilities – Point-solutions are purpose-built for NCCM that only support certain domains and vendors, making it very challenging to develop an end-to-end multi-domain and multi-vendor network automation strategy using a single solution.
Itential Modernizes Compliance Management and Remediation with End-to-End Network Automation
Itential modernizes the legacy Network Configuration and Change Management (NCCM) processes by simplifying and automating the management of network device configurations and compliance remediation, enabling customers to drastically reduce risks and improve efficiency. Itential’s low-code network automation environment empowers network teams to replace manual processes with automation to monitor and control the change process and ensure real time compliance and remediation.
Itential’s comprehensive device configuration compliance and remediation functionalities enable you to:
- Streamline compliance management and remediation
- Increase business agility
- Deliver higher levels of service
- Make informed decisions with real-time data
- Reduce scope of human errors
Single Golden Configuration Tree
Define and manage a single Golden Configuration tree that represents your universal base configuration at the base node. Rather than have numerous “golden configs” for the same device type, you create a tree-based parent-child configuration inheritance structure. Each node can be specific to a given purpose, for example, you can create nodes based on regions like North America, EMEA and APAC. Then under each of those nodes, you can create a profile for core devices and one for edge devices, and so on. This capability allows you to execute a multi-phase configuration change rollout as in the case of SD-WAN and 5G deployments. Itential federates all devices in your network so users can perform compliance and remediation across physical and virtual domains.
- Assign devices to all or just parts of the tree by simply linking devices to their respective spot on the tree
- The Golden Configuration tree propagates root configurations to child nodes
- Configurations are derived from the parent node and you can write or copy native device configuration onto nodes
- Apply RBAC rules
Simplified Device Configuration Audits
Review and perform reconciliation of the errors generated from mismatched configurations between the Golden Configuration and the actual live configuration of the devices. Simplify device configuration audits and remediate configuration drift by editing the native device configuration specifications. Network engineers do not need to learn proprietary vendor specific modeling languages, resulting in faster remediation, onboarding and the ability to backtrack any changes made to configurations at the tree, node, and device level. Backups are automatically created when audit changes are applied to device configuration.
Robust Analytics and Reporting
Gain complete insight into the compliance level of all your devices in the network through a consolidated dashboard that provides you top issues to remediate at the tree and node level. Easily identify nodes that are out compliance and view the device compliance analytics of an individual or group of devices that require remediation in order to maintain the desired network compliance level at all times. The compliance report output simplifies the complexity embedded in within your Golden Configuration tree.
Score-Based Compliance Drift Remediation
Always know when devices on your network are drifting away from their Golden Configuration with real-time compliance scoring. Based on the compliance score, remediate device configuration drifts manually, through a workflow, or even by scheduling a zero-touch remediation workflow. You have the flexibility to react to the contingency rapidly either by remediating the root cause or by reverting to a previous configuration.
End-to-End Network Automation
Itential is much more than just an NCCM tool. Its low-code environment with built-in network intelligence supports your current network configuration and compliance management requirements, as well as your organization’s end-to-end network automation strategy. Engineers of all skill levels can participate in creating, visualizing and executing network automations, even without deep network specific knowledge. Easily accelerate the automation of network changes and activities, while reducing human errors and operational inefficiencies.
- Automate running compliance reports and zero-touch remediation
- All configuration manager operations are available as network intelligent actions within workflows
- Leverages any orchestrator, controller, or DevOps tool to drive compliance and remediation across your network
- Leverage built-in fall out queues for non-predictive behavior with automatic rollback
- Utilize exhaustive pre and post check capabilities to ensure error free configuration changes
- Include manual steps in your automation workflows as checkpoints
Managing the network is challenging as business continuity depends on network availability. Network complexity continues to grow exponentially as organizations transition to the modern network. Itential’s Automation Platform enables network teams to ensure compliance across their network and deliver operational efficiency in a multi-domain and multi-vendor environment.