One of the toughest tasks for a network manager is to configure the network, including devices, servers and desktops. Configuring management includes keeping track of the hardware and software resources present on the network and their details. It includes controlling things such as OS and application installation on desktops and servers, configuring settings on switches, routers and other devices, among other things. Configuration management also deals with change-change in configuration of devices, new applications getting installed, installation of updates, change in network topology, new devices getting added and new services being provided. Managing and automating all this becomes really complex even for small networks, leave aside big ones.
There are various steps required for a configuration-management process and some of the steps are repeated whenever there is a change in the network. The first step is the process of obtaining data from network devices, servers, desktops as well as setting any configuration data in them. This helps in checking, comparing and setting current configuration automatically. It makes handling the configuration of a large number of devices efficiently and provides up-to-data inventory of all the hardware and software running on them, including firmware. Obtaining data from the network should be automatic with network auto discovery. Modification to the devices should be recorded before they are sent out. All the data, which is obtained from the network and modifications should be stored in a proper format such as ASCII files or a database. This helps in maintaining inventory and generating reports about the resources present within the enterprise. Any change in the network-like firmware upgradation of devices-may lead to errors. So a process for comparing the current and stored configuration of the device is required. This helps in doing any rollbacks to the update. Plus, keeping log files of the various devices helps in analysis and diagnosis in case of a problem. The current configuration should be verified with the stored configuration on regular intervals to remove any inconsistencies and traps generated if mis-configuration is found.
|
Some of the technologies that provide a foundation for effective network configuration management are SNMP, Syslog, SSH, TFTP, Telnet, RADIUS and TACACS.
SNMP provides a common way for a network configuration-management solution to retrieve configuration settings (which can be saved to a database) and to reconfigure a device, if necessary. SNMP is generic and can work with any object. It uses MIBs (Management Information Base), which define device-specific parameters, describing to an SNMP management station which parameters are available for the device. Another aspect of SNMP is traps, which can serve as a trigger, notifying the solution that the device's configuration might have changed.
Syslog is a remote logging protocol for network devices and servers. Rather than generating their own onboard log files (which many devices can still do), log messages are sent to a central logging server-the Syslog server or collector-and stored in a central database.
TFTP (Trivial FTP) provides the most efficient way for network devices to dump their configuration files and to read new configuration files. Almost all managed network devices can act as a TFTP client, writing and reading configurations to and from a TFTP server. A network configuration-management solution can work in conjunction with a TFTP server to move configuration data to and from network devices.
|
RADIUS can make it much easier for a network manager or network-management solution to access a variety of devices. Rather than configuring each of your network devices with an individual password to be used by the network
configuration-management solution, you configure each network device to use RADIUS, allowing the network configuration management solution to use a single, universal set of credentials.
TACACS has a similar role as RADIUS in network configuration management, with the exception that TACACS is primarily supported in Cisco devices.