Best Practices: Network Configuration Management

Network and device configuration isn’t the sexiest IT topic, but don’t tell that to a security officer facing down a misconfiguration-based breach or a network pro struggling to keep myriad devices working properly.

The good news? Configuration updating and maintenance, often a grueling process of tedious toil, is eased through configuration management best practices — practices this blog endeavors to impart!

What is Configuration Management?

Where do we start? How about what is IT configuration management? Simply put, configuration management is a process for tracking the configuration of items of any IT system. The key is to actually have a process.

Any time you go into anything, (software, hardware) and monkey around with settings, that's configuration management — at least a low level of configuration management. Configuration on a one-off basis.

With proper configuration management, IT establishes and maintains a consistent set of configurations for performance, functions, and even physical attributes. These configurations make your systems, data centers, servers, networks, and everything else work. On the flip side, systems not configured properly do not work — at least not safely and properly.

The goal of configuration management is to keep all these systems configured properly for your IT’s operational, security and perhaps compliance needs. Think of configuration management as version control for IT infrastructure and software. With this form of version control, IT knows what devices are configured and how, and if something is out of whack, reverts back to the previous version. 

Proper Configuration Drives Security

Why does IT care about configuration management? Some like to be organized, enjoying the confidence of knowing everything is just right.

For most, the two big draws are security and compliance. To achieve both, IT must know when configuration changes are made. When a configuration is changed, it usually means something is wrong. Perhaps someone made an error, or worse—someone got in, and changed configurations to make it easier for them to get in again. Or maybe someone added incorrectly configured hardware or software to your network. All of these are security risks and can lead to a breach.

In fact, Gartner predicts that by 2022, a whopping 95% of security failures in cloud and SaaS will be the customer’s fault, much of it due to misconfiguration which experts like Gartner believe is already behind some 80% of breaches.

That is why having everything configured properly is critical to keeping systems tight and secure. For instance, if you have open ports, or areas where the password is still set up as ‘admin admin’ or ‘password password,’ configuration management will identify these weaknesses and keep them from being exploited. 

Compliance Demands Proper Configuration

All these security issues also play into compliance, such as HIPAA, GDPR, the California CCPA, and myriad others. There can also be internal and contractual compliance issues, or simply a business policy that no traffic is allowed on port 80, for instance.

IT and systems managers must ensure everything is configured to meet those regulations. Having configurations all in one place and keeping them there is arguably the number one and number two goals of IT configuration management.

Configuration Management Drives IT Efficiency

Configuration management is a massive time-saver thanks to automation. That same automation dramatically reduces errors.

Smart IT pros do not want to be re-configuring the settings for every switch or router manually. Nor does IT want to rely on a binder or document to look up what to do and type it in — with the chance of keying in an error. That's insane.

IT saves time and removes any possibility of human error by automating trusted configurations, and simply hitting a button and having that proven configuration automatically applied. At the same time, this configuration is stored in the system. If something goes wrong, say a router dies or needs to be replaced, with one click, IT can revert to an existing or previous configuration.

Advantages of Scalability

All this speaks to scalability. Let’s say there are 25 routers all configured the same way, and suddenly your shop needs to add another 10. That’s easy. Just apply those proven configurations to the new routers and do it all automatically. See how easy it is to scale? You're not doing all of that manually. In fact, you are not doing ANY of it manually. That goes for hardware and software. 

Network Visibility

A huge configuration management benefit is network visibility, which not only keeps everything nice and easy but also greatly benefits security.

A big part of this is troubleshooting. Many network errors (and breaches!) are due to hardware or software misconfiguration. In the case of an error or breach, a configuration management system looks at your systems and identifies if it was configured properly. If not, that's likely the culprit. If it is, then fine. Move on to the rest of the diagnostics. But checking configuration is an important first step. Knowing at a glance whether your hardware and software are properly configured is a huge tool in diagnosing and fixing problems. 

Boosting End User Experience

The best news may be that proper configuration and management of those configurations improve the end-user experience — and that's really what IT is all about — keeping the network running smoothly, safely, and easily for end-users without security breaches or non-compliance. 

How WhatsUp Gold Helps

So how does WhatsUp Gold help with all this? WhatsUp Gold has an add-on feature aptly called Configuration Management designed specifically to help IT and sysadmins who are already monitoring their networks also monitor and manage network configurations. And it can archive and restore network configurations, keeping them all in a secure and encrypted repository. It even highlights areas that have changed, making it easy to zero in on where problems may lie.

It also supports automatic bulk changes. Say you've got monthly password changes that need to be implemented, or patches that need installing. Configuration Management performs these quickly, easily, and accurately.

Configuration Alerts and Notifications

The real value is leveraging WhatsUp Gold's sophisticated and capable alerting and notification capabilities to know when something changes. Administrators must account for every single change, whether those changes are approved or not.

If you're audited, you absolutely must show when those things happened. Configuration Management not only notices those changes, but it also alerts IT as well. Alerts can come via Slack, Teams, email — whatever IT decides. And all of that is tracked and reported on. IT can even schedule automatic scans to make sure no one has added something new or made modifications since the last time IT looked. 

Compliance Calls

Compliance benefits enormously from Configuration Management. Here, IT can automatically produce an array of reports from the network Configuration Management feature, supporting regular audits. These can be delivered automatically via email to the auditors, and IT can archive them as well. This makes it simpler to set the sole proof of compliance up and to keep track regularly of what's going on with the network. 

Meanwhile, configuration management allows IT to maintain configuration archives.

WhatsUp Gold Configuration Management Greatest Hits

Automated Network Configuration and Change Management: Automate configuration and change management for routers, switches, and firewalls on your network. Archive and audit network configurations. Get alerted to changes. Compare versions side by side with discrepancies highlighted.

Network Configuration Backup: Avoid the negative effects of accidental or malicious network device configuration changes. WhatsUp Gold lets you implement best practice controls by automating backups of both running and 'gold standard' network configurations.  

Policy Compliance Audits: Audit device configurations against a set of predefined policies to assure compliance with requirements such as 'password encryption is enabled.' Compare before and after configuration changes and get a text-based comparison highlighting differences.

Archive and Restore Network Configurations: WhatsUp Gold’s Configuration Management module provides central archiving of network configurations in a secure, encrypted repository. Network admins can store multiple configurations for each device, including start-up and running configurations.

New devices added to the network can be simply deployed with a download of an archived configuration. If there is a problem, the device can be restored to a known good configuration, minimizing downtime. In both cases, a network configuration manager saves considerable time versus building configurations from scratch.

Alert on Configuration Changes: Network admins need to account for every network configuration change, approved or not. Configuration Management alerts on any changes it detects each time it scans its configuration database. Scans can be scheduled to run automatically to shorten the window between when a change is made and when an alert is issued. In addition, WhatsUp Gold software can also alert on configuration changes using SNMP traps. Alerts are integrated into the Alert Center.

 

Tags

Get Started with WhatsUp Gold

Subscribe to our mailing list

Get our latest blog posts delivered in a monthly email.

Loading animation

Comments
Comments are disabled in preview mode.