Configuring network equipment can sometimes be a challenge. Actually, it’s not the configuration itself that’s so challenging but rather maintaining it and ensuring it is somewhat standardized. I recall starting a new job and discovering that all of the dozens of network switches had a somewhat different configuration. It made troubleshooting problems a royal pain. And with today’s regulations such as PCI/DSS, SOX, and others, it is more important than ever to have some sort of configuration management process in place.
This is where configuration tools and software can come in handy. The best of these tools will not only ensure that your configurations are normalized but they can also be used to demonstrate their regulatory compliance. There’s also a security element to these tools. It is all too common nowadays to see hackers start their attacks by modifying device’s configuration to gain access to networks and many tools will either protect you from unauthorized changes or at least alert you of them. For all these reasons, we’re going to be sharing our list of the top network configuration tools and software.
We’ll start off our journey by discussing network configuration tools and software. We’ll have a look at what they are about, how they operate and why you need them. We’ll then introduce some of the main features found in these tools. Tools vary a lot in their feature set but there’s a base that you can expect to find in every tool. With all that behind us, we’ll jump into the core of the matter and review some of the best network configuration tools and software we could find.
Network Configuration Tools And Software – What They’re All About
Network configuration tools are software tools that assist administrators with network configuration management. That’s simple enough. But what is network configuration management, exactly? Answering this question is somewhat harder as it seems that everyone has their own opinion about that. There are several elements to network configuration management. First and foremost, it has to do with documenting and/or somehow preserving device configuration data. Whenever a network switch breaks and needs to be replaced, we’d rather pull its configuration from some archive than to redo it from scratch which can lead to delays and inconsistencies.
Configuration management also helps with deploying standard device configurations. This makes maintenance much easier and also helps with troubleshooting. But in addition to standard configurations, configuration management will also help with regulatory compliance. Many regulatory frameworks—such as PCI/DSS, just to name one example—have strict guidelines as to how switches should be configured. Configuration management will help you audit switches and demonstrate their compliance.
And while on the subject of auditing, configuration management processes can also assist with auditing switch configuration for unauthorized changes. We’ve all heard of malicious users trying to gain access to corporate networks by first modifying networking devices configuration to put backdoors in place. Whether this is a true risk or an urban legend is open to debate but we’re never too careful and auditing device configuration for unauthorized changes is a common configuration management task. And even if you’re not that paranoid, it’s also useful for ensuring that change management processes are followed.
What To Look For In Network Configuration Tools
While network configuration tools vary greatly, they all share at least a basic set of features. Those are considered to be essential features and each tool will include them even though their implementation could vary from tool to tool. Here are some of the common features that you should find in a network configuration tool.
It should provide a way of establishing a configuration baseline. It should also handle configuration backups. As stated before, it should provide some form of configuration monitoring to alert administrators of unauthorized changes. A good network configuration tool should also provide a way to rollback changes easily and last but not least, it should assist in distributing firmware updates.
In addition to these essentials, the best network configuration tools will also include extra features. Among the most common—and the most useful—standards compliance auditing is a great feature. Bulk configuration updates, as well as firmware patch management, are also among the most useful optional features.
The Best Network Configuration Tools
We’ve compiled a list of the best network configuration tools. Our main selection criterium was that the tools include at least all the basic features. Many products go far beyond that and include not only all the optional features we mentioned but even more than that. This is not a sorted list and don’t assume that a tool’s position is an indication of its value as compared to the others. All the tools suggested here are excellent tools that we wouldn’t hesitate to recommend. Picking one that suits you best will likely be a matter of personal preference. Your choice could be guided by a unique feature of a tool that particularly appeals to you.
1. SolarWinds Network Configuration Manager (FREE TRIAL)
SolarWinds has been making some of the very best network administration tools for years. Its Network Performance Monitor and its NetFlow Traffic Analyzer are some of the best SNMP network monitoring and NetFlow collector and analyzer packages you can find. SolarWinds also makes some excellent free tools which address specific needs such as a subnet calculator or a TFTP server.
When it comes to network configuration tools, the SolarWinds Network Configuration Manager, or NCM, is one of the top packages you can find. It will, for instance, help you ensure that all equipment configurations are standardized. You can use this tool to push bulk configuration changes to thousands of network devices. And from a security standpoint, the tool will detect unauthorized changes which could be a sign of malicious configuration tampering. While on the subject of security, this product also has some interesting vulnerability assessment features and its integration with the National Vulnerability Database lets it access to the most current Common Vulnerability Exposures to identify vulnerabilities in your Cisco devices.
The SolarWinds Network Configuration Manager can help you quickly recover from failures by restoring previous configurations. And of course, the tool will also back up configurations. You can also use its change management features to quickly identify what changed inside a configuration file and highlight the changes. Furthermore, this tool will allow you to demonstrate compliance and pass regulatory audits thanks to its built-in, industry-standard reports.
If your network has Cisco ASA firewalls or Cisco Nexus switches, you’ll benefit from even more advanced features. Network Insight for Cisco ASA, a built-in feature of the NCM, it will discover security contexts, backup and restore config files; discover, visualize, and audit Access Control Lists, and easily manage firmware upgrades for Cisco ASA devices. Likewise, the Network Insight for Nexus, also included, will give you deeper visibility into your data center switches and let you filter, search, and identify configuration changes for ACLs as well as view interface configuration snippets and get Virtual Device Context (VDC) support for parent/child detection.
Prices for the SolarWinds Network Configuration Manager start at $2,895 and vary according to the number of managed nodes with seven licensing tiers. If you want to try the software before purchasing it, free fully-functional, unlimited 30-day trial is available.
2. ManageEngine Network Configuration Manager
ManageEngine is another familiar name with network administrators. Its Network Configuration Manager is a comprehensive package that can help ensure the integrity of your network. The tool can be used to manage the configuration of most networking equipment, regardless of vendor. Furthermore, it is compliant with the NCCCM (Network Change, Configuration, and Compliance Management) standards.
The ManageEngine Network Configuration Manager will automatically handle the backups of your devices’ configurations on a regular basis. It will compare each successive backup to the previous one, looking for configuration changes and alert you of unauthorized ones. It can also generate reports on configuration discrepancies between similar devices.
The ManageEngine Network Configuration Manager includes a logging function which records every change made as well as which user made it. Accounts from users performing unauthorized changes can be suspended automatically. The system will also alert you when it suspects that a user account has been compromised.
The software, which installs on Windows and Linux is available as a free version which is limited to two devices. For more devices, prices start at $595 for up to 10 managed devices and vary based on the number of managed devices. A free 30-day trial is available on paid licenses.
3. WhatsUp Gold Network Configuration Management Add-on
WhatsUp Gold has been around forever as an up-or-down type of monitoring tool. Through the ages, it evolved constantly and kept adding more features to get to where it is now: a full-fledged network monitoring system. But one great thing about WhatsUp Gold is that its functionality can be expanded by using add-ons. And one of these add-ons is called the Configuration Management Add-on.
The WhatsUp Gold Configuration Management Add-on allows you to maintain the integrity of your network devices. The tool will initially scan all your devices and store their configuration in its database. From then on, it can audit configurations for conformity or compare the current one to the reference one to detect unauthorized changes. The software will also let you easily rollback those changes and restore the original configuration.
The WhatsUp Gold Configuration Management Add-on is available as an add-on to the Premium, MSP and Distributed editions of WhatsUp Gold and is included with the WhatsUp Gold Total Plus edition and the WhatsUp Gold network administrator bundle. A free 30-day trial is also available.
We thought we’d include ConfiBack on this list despite the fact that it lacks some of the features of a bona fide network configuration tool. It is a good example of what a simpler configuration management tool can look like. It is a free device configuration backup system from the Czech Republic which runs mainly on Linux. Although it has limited functionality compared to the three previous entries, it’s still a very interesting option for smaller business and non-profit organizations who want to be able to enjoy some of the benefits of configuration management without spending thousands of dollars.
ConfiBack backups need to be started manually but you can schedule them to take place on a regular basis The tool also helps with detecting unauthorized changes albeit through a manual process. You need to compare two backups of a device’s configuration manually using a diff command. Diff will find every difference between the two files, thereby highlighting any line that has changed. It is then up to you to determine if the change is legit or not
That’s pretty much all you’ll get with ConfiBack. It a very basic product but then again, it might be enough for your need. And its price just can’t be beaten.
Next on our list is a tool called rConfig. This interesting tool has limited features but it works very well. It will auto-detect all your networking devices and back up their configurations into text files. Backups can be run manually or in a scheduled fashion. One feature we found useful is the grouping of devices into categories. It allows administrators to carry actions either on individual devices, on devices within a category or on all devices. Verification and auditing of configuration unauthorized changes is a manual process, much like it was with ConfiBack.
rConfig can be used to quickly push standardized configurations to devices either individually or in categorized groups. Standard configuration from the file store can be pushed out to devices. This tool also provides some compliance auditing functionality. Policies matching specific compliance requirements or your own corporate practices can be set in rConfig. The Configuration Compliance Manager which is part of the system can then verify your configurations against the set policies and demonstrate their compliance.
rConfig is available in a free community version or in a pro version with free support and bug fixes at just under 500 Euros per year. It only runs on CentOS and RedHat Enterprise Linux.
6. Net LineDancer
Despite its unusual name, Net LineDancer, which often simply called NetLD, is a great tool from vendor LogicVein with all the features that you would expect from a configuration manager. This tool can manage thousands of devices through automated processes. The product will initially find all your devices and take a snapshot of their configurations, establishing a baseline. This baseline can then be used to identify changes to each device’s configuration.
In addition to providing a backup of the configurations, the stored files can be used to configure equipment in batches. This can be done by device type or individually. Reporting is also very good in NetLD. It can, for example, report on what user made what configuration change, a useful feature for compliance auditing.
Net LineDancer can run on Widows servers or on CentOS and RedHat Enterprise Linux. It is also available as a virtual appliance from WMware ESX or as a cloud service. Pricing information is not readily available but a 30-day trial can be obtained.
7. TrueSight Network Automation
TrueSight Network Automation is the new name of BladeLogic Network Automation from BMC Software. The vendor also upgraded the software and turned it into a pretty good configuration management system. It seems like great attention was paid in the standards compliance features of the product.
Compliance auditing is done through policies. The tool comes with several pre-made policies for such regulatory requirements as HIST, HIPAA, PCI/DSS, DIS, SOX or SCAP. TrueSight Network Automation will use the policies to check device configurations for compliance. It can also automatically enforce standards, modifying configurations as required.
Like many similar tools, the software initially scans the network to find all your devices, checks them for compliance and, if needed, adjusts their configurations. It will then back up the configurations and use them as a comparison point to detect unauthorized configuration changes.
TrueSight Network Automation allows you to create users and groups and allocate different sections of it’s user interface to different user groups. You could have different dashboards for different users. Another powerful feature of this tool is the bulk configuration changes or firmware updates. The system also has patch management capabilities.
TrueSight Network Automation can be installed on Windows Server, RedHat Enterprise Linux and Ubuntu. Pricing information can be obtained by contacting the vendor’s sales department and a free trial does not appear to be available.
8. Lan-Secure Configuration Center
Our last entry is the Lan-Secure Configuration Center, a pretty good network configuration mangement system. It has all the essential features and more. Like most other such tools, it will initially scan your network to discover all of your network devices and make backups of their configurations. Next, you can examine your configurations and decide on the correct policies for your organization’s needs and obligations.
You can use the Lan-Secure Configuration Center to update the configurations or modify settings of all devices, specific device types, or individual devices. The tool also does periodical checks of device configurations against the backups to discover unauthorized changes. Such changes can either trigger an alert or be automatically rolled back to their initial value. The tool can be used to manage remote sites from a centralized locations and uses SSH to securely communicate with remote sites, even over unsecured circuits.
The Lan-Secure Configuration Center is available in a Workgroup version for $99. This is limited to managing up to ten devices. For more devices, the Enterprise version is available at prices varying according to the number of managed devices. A free 30-day trial is available on either version.