For any experienced network administrator, configuring devices is a piece of cake. Many could likely do it in their sleep. But although configuration may appear simple, with modern networking equipment operating systems—such as Cisco’s IOS—having lots of options, there is a lot of room for errors. And the bigger the network, the more room for error there appears to be.
What if you’d manage a number of devices, wouldn’t you like them to have similar configurations? They wouldn’t be identical but the general options should be the same across all devices. With today’s regulations such as PCI/DSS, SOX, and others, some configurations options are mandatory and must be present on all devices. This is where the best tools to manage network configurations can help and this is what we’ll be discussing today.
The best of these tools will not only ensure that your equipment configurations are normalized, but they will also demonstrate their regulatory compliance. Security is also an important aspect of these tools as hackers often start their attacks by modifying device configurations to gain access to networks. Many network configuration management tools will either protect you from unauthorized changes or at least alert you of them.
We’ll begin by discussing network configuration management. We’ll have a look at what it is and why you need it. Then, we’ll talk about the essential elements of network configuration management tools. While they vary a lot in their feature set, there’s a common base that you can expect to find in every good one. Finally, we’ll jump into the core of the matter and review some of the best tools to manage network configurations.
All You Need To Know About Network Configuration Management
Put simply, any tool which assists administrators with network configuration management can be referred to as a network configuration tool, plain and simple. But what is network configuration management, exactly? Well, it seems like everyone has their own opinion about that. But in reality, there are many elements to network configuration management. First and foremost, those tools are used for documenting and/or somehow preserving device configuration data. Whenever a piece of equipment breaks and must be replaced, it’s much easier to pull its configuration from some archive than to redo it from scratch which can lead to delays and inconsistencies.
Deploying standard device configurations is another place where network configuration management tools can help a lot. Having standard configurations makes maintenance much easier and also helps with troubleshooting. In addition to standard configurations, network configuration management tools will also help with regulatory compliance. Many regulatory frameworks—such as PCI/DSS or SOX—have strict guidelines as to how switches should be configured, what security options must be enabled, etc. Network configuration management tools can assist with device configuration auditing and compliance demonstration.
And while on the subject of auditing, network configuration management tools can also assist with auditing switch configuration for unauthorized changes. We’ve all heard of malicious users trying to gain access to corporate networks by first modifying networking devices configuration to put backdoors in place. This could be just an urban legend or a sequence from a movie but is it a risk you’re willing to take? Auditing networking device configuration for unauthorized changes is not just for the paranoids among us, it can also be useful for verifying that change management processes are followed.
Typical Elements Of Network Configuration Tools
While network configuration management tools vary greatly, they all share at least a common set of basic features. They are considered to be essential features and each tool will include them even though their implementation could vary from tool to tool. Here are some of the common features that you should find in most network configuration management tools.
First, the tool should offer a way to establish a configuration baseline. It should also handle device configuration backups. It should provide some form of configuration monitoring and alert administrators or managers of unauthorized changes. Most good network configuration management tools will also provide a way to rollback changes easily and last but not least, it should assist in distributing firmware updates, although this last element is less common.
In addition to these essentials, network configuration management tools can also include extra features. Among the most common and useful, standards compliance auditing is a great feature. Bulk configuration changes, as well as firmware upgrades and patch management, are also among the most useful optional features.
The Best Tools To Manage Network Configuration
We’ve tried to compile a list of the best network configuration management tools. Many products go far beyond the basic features and include not only all the optional features we mentioned before but even more than that. All the tools reviewed below are excellent tools that we wouldn’t hesitate to recommend. Picking one that suits you best will likely be a matter of personal preference. Your choice could be guided by a unique feature of a tool that particularly appeals to you. Many of the tools have a free trial or a free feature-reduced version so feel free to give them a try. After all, this s the best way to see if a tool is a good fit for your needs.
SolarWinds has been making some of the very best network administration tools for years. The company has gained a solid reputation with network administrators. Its Network Performance Monitor and its NetFlow Traffic Analyzer are among the best SNMP network monitoring and NetFlow collector and analyzers. SolarWinds is also famous for making several great free tools which address specific needs of network administrators such as a subnet calculator or a TFTP server.
SolarWinds also makes the Network Configuration Manager, or NCM, one of the best tools you can find. The tool has many uses. It can help you ensure that all equipment configurations are standardized. You can also use it to push bulk configuration changes to thousands of network devices. And from a security standpoint, the tool will detect unauthorized changes which could be a sign of malicious configuration tampering. And to make it even more appealing, this product also has some interesting vulnerability assessment features and its integration with the National Vulnerability Database lets it access to the most current Common Vulnerability Exposures and identify vulnerabilities in your devices.
- FREE TRIAL: SOLARWINDS NETWORK CONFIGURATION MANAGER
- Official download link: https://www.solarwinds.com/network-configuration-manager
The SolarWinds Network Configuration Manager can help you quickly recover from failures by restoring previous configurations. This means that the tool will also back up configurations. And you can use its change management features to quickly identify what changed inside a configuration file and highlight the changes. Furthermore, this tool will allow you to demonstrate compliance and pass regulatory audits thanks to its built-in, industry-standard reports.
If your network has Cisco ASA firewalls or Cisco Nexus switches, you’ll benefit from even more advanced features. Network Insight for Cisco ASA, a built-in feature of the NCM, will discover security contexts, backup and restore config files, discover, visualize, and audit Access Control Lists, and easily manage firmware upgrades for Cisco ASA devices. The Network Insight for Nexus, also included, will give you deeper visibility into your data center switches and let you filter, search, and identify configuration changes as well as view interface configuration snippets and get Virtual Device Context (VDC) support for parent/child detection.
Price for the SolarWinds Network Configuration Manager starts at $2 895 for up to fifty nodes and goes up with the number of managed nodes. If you want to try the software before purchasing it, free fully-functional, node-unlimited 30-day trial is available.
2. ManageEngine Network Configuration Manager
ManageEngine is another familiar name with network administrators. The company also makes a wide array of network administration tools. Its Network Configuration Manager is a comprehensive package that can help ensure the integrity of your network. The tool can be used to manage the configuration of most networking equipment, regardless of the vendor, and it is compliant with the NCCCM (Network Change, Configuration, and Compliance Management) standards.
The ManageEngine Network Configuration Manager will automatically handle the backups of your devices’ configurations on a regular basis. It will compare each successive backup to the previous one, looking for configuration changes and alert you of unauthorized or suspicious ones. It can also generate reports on configuration discrepancies between similar devices.
This tool includes a logging function which will register every change made as well as which user made it. Accounts from users performing unauthorized changes can be automatically suspended. The system can also alert you when it suspects that a user account has been compromised.
The software, which installs on Windows or Linux is available as a free version which is limited to two devices. For larger installations, prices start at $595 for up to 10 managed devices and vary based on the number of managed devices. A free 30-day trial is available on paid licenses.
3. TrueSight Network Automation
TrueSight Network Automation from BMC software used to be known as BladeLogic Network Automation. But they didn’t only change the product’s name, the vendor also upgraded the software and turned it into a very good configuration management system. And great attention was paid in the standards compliance features of the product.
Compliance auditing is done through policies. The tool comes with several pre-made policies for such regulatory requirements as HIST, HIPAA, PCI/DSS, DIS, SOX or SCAP. The TrueSight Network Automation system uses these policies to check device configurations for compliance. But it doesn’t only check the configurations, it can also automatically enforce standards, modifying configurations as required. This is a powerful feature.
Upon installation, the software will perform an initial scan of the network to find all devices, check them for compliance and, if needed, tweak their configurations. It will then back up the configurations and use them as a baseline comparison point to detect unauthorized configuration changes.
TrueSight Network Automation lets you create users and groups and you can authorize different user groups to access different sections of its user interface. This feature lets you have different dashboards for different users. Another powerful feature of the product is the bulk configuration changes or firmware updates. The system also has patch management capabilities.
TrueSight Network Automation can be installed on Windows Server, RedHat Enterprise Linux, and Ubuntu. Pricing information can be obtained by contacting the vendor’s sales department and a free trial does not appear to be available.
4. Lan-Secure Configuration Center
The Lan-Secure Configuration Center is another excellent network configuration management tool well-worth its spot on our list. It has all the essential features and then some. Like most other similar tools, this one initially scans your network to discover network devices and performs a backup of their configurations. One can then use the tool to examine configurations and decide on the correct policies for their organization’s needs and regulatory or contractual obligations.
The Lan-Secure Configuration Center is very flexible and can be used to update configurations or modify settings of all devices, specific device types, or individual devices. The product can also do periodical checks of device configurations against the backups to discover unauthorized changes. When detected, it can either trigger an alert or automatically roll them back to their initial state. This tool can be used to manage remote sites from a centralized location and it uses SSH to securely communicate with remote sites, even over unsecured circuits.
The Lan-Secure Configuration Center is available in several editions. There’s a Workgroup version which can be purchased for $99. It is, however, limited to managing up to ten devices. For more devices, an Enterprise version is available at prices varying according to the number of managed devices. A free 30-day trial of either version is available.
5. WhatsUp Gold Network Configuration Management Add-on
Who doesn’t know WhatsUp Gold? It’s has been around for ages as an up-or-down type of monitoring tool. The product never stopped evolving and new features kept being added and it has now become a full-fledged network monitoring system, at par with some of the best tools in the business. One great thing about WhatsUp Gold is that its functionality can be expanded by using add-ons. And one of these add-ons is the Configuration Management Add-on.
The WhatsUp Gold Configuration Management Add-on lets administrators preserve the integrity of their network devices. Like many similar tools, it will initially scan all devices and store their configuration in its database. From then on, The tool can audit configurations for conformity or compare the current version to the reference one and detect unauthorized changes. The software will also let you easily rollback those changes and restore the original configuration.
The WhatsUp Gold Configuration Management Add-on is available as an add-on to the Premium, MSP and Distributed editions of WhatsUp Gold and is included with the WhatsUp Gold Total Plus edition and the WhatsUp Gold network administrator bundle. And like with most products in this range, a free 30-day trial is available.
6. Net LineDancer
One thing that can be said of our next entry is that it sure bears an unusual name. Despite that, Net LineDancer is an excellent tool from LogicVein and it’s got all the features that you would expect from any network configuration manager. It can be used to manage thousands of devices through automated processes. The product initially finds all devices and takes a snapshot of their configurations, establishing a baseline. This baseline can then be used to identify changes to each device’s configuration. This is a common pattern that is found in many such tools.
What differentiates Net LineDancer is that, in addition to providing a backup of the configurations, the stored files can also be used to configure equipment in batches. This can be done by device type or individually. Reporting is another strong suit of this product. It can, for example, report on what user made what configuration change, a useful feature for auditing.
Net LineDancer can run on Windows servers or on CentOS and RedHat Enterprise Linux. It is also available as a virtual appliance for VMware ESX or as a cloud service. Pricing information can be obtained by contacting LogicVein’s sales and a 30-day trial is available.
There are many different tools available to manage network configuration. Many more than we can list in here. we’ve tried to include the best tools we could find and we wouldn’t hesitate to recommend any of them. With all but one of the tools reviewed here offering a free 30-day trial, there’s no reason why not to try at least a few of them to see which one best fits your need.