
2/52

About EMC

EMC Corporation (NYSE: EMC) is the worlds leading developer and

provider of information infrastructure technology and solutions that

enable organizations of all sizes to transform the way they compete

and create value from their information.

Helping Customers Accelerate the Journey to the Cloud

EMC helps customers meet critical business challenges with a comprehensive

set of offerings, including unique capabilities that allow organizations to

gain visibility into their virtualized and cloud environments, standardized

planning processes, change control operational processes, and automate

time consuming tasks using a scalable policy driven approach.

Information about EMC products and services that help to simplify and

automate IT infrastructure management as you move from physical to

virtual to cloud computing can be found at www.EMC.com.

Address

EMC

176 South StHopkinton, Massachusetts 01748

United States of America

These materials are the copyright of Wiley Publishing, Inc. and any

dissemination, distribution, or unauthorized use is strictly prohibited.


3/52

Network Configuration& Change Management

FOR

DUMmIES

EMC EDITION

by Ed Tittel




4/52

Network Configuration & Change Management For Dummies, EMC Edition

Published byWiley Publishing, Inc.111 River Street

Hoboken, NJ 07030-5774www.wiley.com

Copyright 2011 by Wiley Publishing, Inc., Indianapolis, Indiana

Published by Wiley Publishing, Inc., Indianapolis, Indiana

No part of this publication may be reproduced, stored in a retrieval system or transmitted in anyform or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise,except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without theprior written permission of the Publisher. Requests to the Publisher for permission should beaddressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference

for the Rest of Us!, The Dummies Way, Dummies.com, Making Everything Easier, and related tradedress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in theUnited States and other countries, and may not be used without written permission. All other trade-marks are the property of their respective owners. Wiley Publishing, Inc., is not associated with anyproduct or vendor mentioned in this book.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKENO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETE-NESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES,INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE.NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS.THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITU-ATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOTENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PRO-FESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONALPERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLEFOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE ISREFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHERINFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THEINFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS ITMAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED INTHIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRIT-TEN AND WHEN IT IS READ.

For general information on our other products and services, please contact our Business DevelopmentDepartment in the U.S. at 317-572-3205. For details on how to create a customFor Dummies book foryour business or organization, contact [email protected] . For information about licensing theForDummies brand for products or services, contact BrandedRights&[email protected].

ISBN: 978-1-118-06004-9

Manufactured in the United States of America

10 9 8 7 6 5 4 3 2 1




5/52

Table of Contents

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1

Chapter 1: Understanding Network Configurationand Change Management . . . . . . . . . . . . . . . . . . . . . . . .5

The Very Basics of FCAPS ......................................................... 6

An NCCM Primer ........................................................................ 6

The Business Case for NCCM ................................................. 12

Why NCCM Matters ................................................................. 13

Chapter 2: NCCMs Business Challenges . . . . . . . . . . . .15

Facing Down the Challenges ................................................... 16

Limiting Manual, Ad-Hoc Change ........................................... 20

Supporting Multivendor Environments ................................ 21

Examining the Great Chain of Management Systems .......... 22

Chapter 3: Making Best Use of NCCM . . . . . . . . . . . . . . . 25

Automation Meets Key Challenges ........................................ 26

How Automated NCCM Creates Value .................................. 28

Key Attributes and Features of an

Automated NCCM System ................................................... 31

Chapter 4: Maximizing Automated NCCM . . . . . . . . . . .33

Putting NCCM to Work ............................................................ 33

Heres the Beef: Value Resulting from Automated NCCM... 37

Introducing the EMC Ionix Network

Configuration Manager ........................................................ 38

Chapter 5: Ten Top Reasons toPick Automated NCCM . . . . . . . . . . . . . . . . . . . . . . . . .41

Save Money and Time ............................................................. 41

Refocus IT Efforts ..................................................................... 42

Meet IT Governance and Service Management Goals ........ 42

Achieve Legal and Regulatory Compliance .......................... 42

Bust Downtime ......................................................................... 43

Improve Productivity .............................................................. 43

Beat Human Error .................................................................... 43

Match Real Configurations ..................................................... 43Work from Correct Configurations ........................................ 44

Attain Complete Coverage ...................................................... 44




6/52

Publishers AcknowledgmentsWere proud of this book and of the people who worked on it. For details on how tocreate a customFor Dummies book for your business or organization, contact info@

dummies.biz. For details on licensing theFor Dummies brand for products or serv-ices, contact BrandedRights&[email protected].

Some of the people who helped bring this book to market include the following:

Acquisitions, Editorial, and

Media Development

Project Editor: Jennifer Bingham

Editorial Manager: Rev Mengle

Business Development Representative:Sue Blessing

Custom Publishing Project Specialist:Michael Sullivan

Composition Services

Project Coordinator: Kristie Rees

Layout and Graphics: Carl Byers

Proofreader: Lindsay Amones

Publishing and Editorial for Technology Dummies

Richard Swadley, Vice President and Executive Group Publisher

Andy Cummings, Vice President and Publisher

Mary Bednarek, Executive Director, Acquisitions

Mary C. Corder, Editorial Director

Publishing and Editorial for Consumer Dummies

Diane Graves Steele, Vice President and Publisher, Consumer Dummies

Composition Services

Debbie Stailey, Director of Composition Services

Business Development

Lisa Coleman, Director, New Market and Brand Development




7/52

Introduction

If youve ever been the slightest bit curious about networkconfiguration and change management abbreviated inthis book as NCCM youve got the right book. Here, youcan find out whats up with network configuration, and whyacquiring and managing such information is so important toso many enterprises and large-scale organizations. You can

also learn how instituting formal change managementprocesses and procedures, and managing configurationchanges explicitly, pays nice dividends.

Although NCCM may sound strange, or perhaps even a bitexotic, it isnt. NCCM technology relies on building andmaintaining an accurate and up-to-date configurationmanagement database, or CMDB. With a current and correctCMDB at your disposal and the right software tools andtechnologies in place, managing change becomes a matterof careful, regularly scheduled routine.

Major players in many industries, from network andmanagement services, to healthcare and retirementcommunities, to financial services, have bet on NCCM andused it to trim costs and improve operating efficiencies andservice delivery. You can do the same.

About This BookI have made some assumptions about you, our gentle reader,for this book. First, I assume that you know somethingabout enterprise-grade networking infrastructures. Second,I assume youre at least acquainted with the basic principlesand activities involved in managing such networks. Andthird, I assume that you understand the basics of Internet-based communications and services, including routingbehaviors, elements of TCP/IP security, and what network

discovery means. (Hint: Network discovery uses networkingprotocols to probe an active network, to identify what kinds




8/52

Network Configuration & Change Management For Dummies2

of devices and systems are present, and to identify whatkinds of protocols and services are in use.)

This book was specifically written for EMC and includes someinformation about EMC products.

How This Book Is OrganizedThe five chapters in this book lead you into networkconfiguration and change management terminology, principles,frameworks, and best practices. Heres a snapshot of what

youll find in each one:

Chapter 1: Offers an NCCM primer with basic conceptsand terms, and explains how to build a business case.

Chapter 2: Explains the challenges involved in workingwith NCCM, particularly when configurations and theirchanges must be handled manually.

Chapter 3: Describes the many and substantial benefitsof automating NCCM, and letting intelligent computer

systems manage changes to configuration data.

Chapter 4: Explores several business use cases thatillustrate and illuminate the business benefits to usingautomated NCCM systems. This chapter also coverssome EMC-specific technology.

Chapter 5: A list of the top ten reasons why automatedNCCM creates value, helps to manage risk, and helpsenterprises meet their business goals.

These chapters are designed to stand alone, so if youredying to read how organizations from various industries havescored wins using automated NCCM systems, jump straightto Chapter 4. If you want to understand the benefits of NCCMautomation, choose Chapter 3. Or simply go to the next pageand start reading!

Icons Used in This BookEveryFor Dummies books uses small graphical elementscalled icons at its margins to call attention to specific items.Here are the icons used in this book:




9/52

Introduction 3

This icon highlights points for you to keep in mind as youimmerse yourself in the world (and words) of NCCM.

This icon flags technical information you can skip if youre notinclined to revel in details or minutiae.

Use this on-target info to help maximize your investment inNCCM.

This icon calls out situations to avoid and things to watch out

for as you put NCCM to work in your operation.




10/52





11/52

Chapter 1

Understanding NetworkConfiguration and

Change ManagementIn This Chapter Digging into the basics of network management

Appreciating the ins and out of network configuration

Making a business case for NCCM

Network management is deceptively simple-sounding.Youve got some or lots of networks, so of courseyou need to manage them. What could be simpler than that?Yet network management involves a lot of complexity, lots oflong-standing theory and practice, and lots of hard work.

In fact, network management is complex enough for theInternational Organization for Standardization (ISO)

to have created a model for network management known asISO/IEC 7498-4. This model is also called the Open SystemsInterconnection Basic Reference Model ManagementFramework, but its most commonly known by the acronymFCAPS (short for fault-, configuration-, accounting-,performance-, and security-management).

This chapter briefly explores the components of the FCAPSmodel, and then focuses on two critical elements of networkmanagement: configuration management and change control.

Creating and collecting configuration information for networkdevices and systems is a key component of systems manage-ment, as is tracking how configurations change over time.




12/52


The Very Basics of FCAPSThe ISO network management model is called FCAPS becausethose are the first letters from each of the five areas of activitythat fall under the models theoretical and practical umbrella.Those five areas are:

Fault Management: The goal of this activity is detecting,identifying, isolating, correcting, and recording faultsthat occur in a network.

Configuration Management: This involves establishing,

collecting, and tracking configurations for networkcomponents, devices, and systems.

Accounting Management: This involves gathering userstatistics to use for billing purposes.

Performance Management: The goal of this activity istracking network behavior and activity levels.

Security Management: Protecting assets on the network,and protecting them from loss, harm, or unauthorizedaccess is the goal here.

As you dig more deeply into network configuration andchange management which I abbreviate asNCCM dontforget that they are just two areas involved in managing andmonitoring networks properly and professionally. NCCM is,however, extremely important and unusually amenable tohandling via technological solutions. Thats what the rest ofthis book is about.

An NCCM PrimerA basic formulation of configuration management might be:

1. Gather and store configuration data about everythingon your network. This is the configuration part, whereyou record data for every piece of hardware andsoftware on your network.

2. Keep track of any and all configuration data as itchanges. This is the change management part, whereyou update your collection of records as changes occur.




13/52

Chapter 1: Understanding Network Configuration . . . 7

In this context, change has a broad but surprisinglyspecific meaning: Anything that results in adding to,removing from, or altering the contents of your con-

figuration data counts as a change.

Given a relentless focus on configuration data, it should comeas no surprise that for most NCCM systems, the center ofattention and activity is a database where all configurationdata is stored and maintained. This is not just any olddatabase, either, but one with its own special acronym:CMDB, which stands for drum roll, please configurationmanagement database.

What is network configuration?The network configuration part of NCCM is a collection ofdata that represents configurations for all devices, systems,applications, and components that go into and onto a modernnetwork. In a modern enterprise, finding tens of thousands ofdesktop PCs, hundreds to thousands of servers, and severalthousand various and sundry network devices (routers,switches, VPN concentrators, security appliances, WAN

optimization devices, and so forth) isnt unusual.

Throw in a typical enterprise software library, which normallyincludes from 2,000 to 5,000 entries, and youve got a CMDBwith at least 25,000 items in its repositories. Every one ofthese items has an associated set of configuration data items(which can number from the hundreds into the thousands ofindividual entries), and every one of those configurations hasto be created, managed, and maintained. By the time you addeverything up, an enterprise CMDB can easily include millionsof data items.

Thats a lot of data. And for that data to have meaning andvalue, it must be kept completely in synch with the state ofthe actual device, system, or software program to which itis tied. Thats tricky to manage. On the one hand, considerthe pace at which old things leave and new things enter mostoperations. On the other hand, ponder the pace at whichpatches, updates, and fixes are propagated for firmware and

software programs in use in those operations. Thats whymucho management is involved in keeping a CMDB currentand correct.




14/52


What is change control?

Simply put, change controlimposes discipline, order, andrecord-keeping constraints on how changes get appliedto a networks systems and components. Nobody gets tomake any changes without going through a formal changemanagement process, which involves making sure that allchanges are carefully considered, and that any changes thatmight be made are planned, scheduled, executed, monitoredclosely, and reported on heavily. Any changes that might leadto adverse or unwanted consequences will include rollbackor failover plans. Then, if something goes wrong during

the execution phase, the network and its users will not benegatively impacted, or that impact can be minimized.

Why is this kind of structure necessary? The simplestexplanations come from different perspectives on managementand complexity. The first perspective might be best understoodas, Theres too much risk inherent to unplanned change. Thesecond perspective is probably best appreciated as, Whenthings change is also when they are most likely to break.

Why planning for change makes senseAn enterprise network is like a fine piece of clockworkmachinery, albeit one larger and more complex than anyindividual machine has a right to be. A huge number ofelements are involved, and the potential consequences ofnetwork failure are dire: Workers cant do their jobs, customerscant buy goods or services, the bills cant get paid, and so on.

Thus, most prudent business managers wont risk a try it

and see what happens approach to making changes to anyof the networks and systems on which the business depends.Thats one major and overriding cause for formal changemanagement processes and procedures. Thats also whyNCCM systems are generally regarded as mission-critical.

Whats a change planning process? Glad you asked:

Design and planning analysis: Change is inevitable, butnot all changes should or must be made. Any proposed

change begins with a change request, which explainsthe change proposed and explains why it should beconsidered. The change must then be designed, planned,and scoped so it can be considered for implementation.




15/52


Change authorization and implementation: This iswhen the plans for a change will be authorized or denied,depending on the merits, costs, and consequences

involved. If the change is authorized, it is scheduled forimplementation and its plans are executed during someappropriate change interval. (Enterprises generally opentime windows to make changes monthly, quarterly, andannually, as they see fit.)

Compliance checking: Once a change is implemented,it is reviewed in light of its governing plans andspecifications, and also in light of prevailing regulatoryand compliance requirements. Only changes that meet

all compliance requirements are allowed to stand; allothers are reversed or backed out.

Inventory reconciliation: This is where changesexecuted become reflected in the contents of the CMDB.Only successful and valid changes affect the CMDBscontents; all transitory changes are ignored (or reversed,depending on the kinds of tools used for NCCM).

These four stages form a management lifecycle, as shown inFigure 1-1.

Change authorizationand implementation

Design andplanning analysis

Compliance

checking

Inventory

reconciliation

Figure 1-1: A typical process lifecycle for network configuration and

change management.

Remember the CMDB? As all this change stuff is underway,each update or configuration item that changes as a resultmust be documented, and the CMDB must be updated.

Automating this process saves huge amounts of labor andprevents further complications owing to human error.




16/52


Why theres always a rollback orfailover planned for changes

The basic form of Murphys Law is: What can go wrong,will. Real life isnt always unforgiving. A great many changesactually do go through as planned without having to bereversed or undone. But occasionally, prior testing andanalysis fails to capture some circumstance or event thatdoes cause a problem as a change is applied. And sometimes,the engineers on hand are unable to counteract the problemor devise a workaround to apply the change.

In such cases, a fallback or failover plan kicks in on its own

schedule. Such plans are designed to restore a network andits systems to their pre-change states without impacting usersor scheduled workloads. Subsequent analysis can determinewhat caused the problems, and another set of plans for afuture application may be built (or not, depending on theresults of problem analysis).

How NCCM processes match up

with management frameworksAlthough network configuration and change managementfigure prominently into the ISO network management model,NCCM also plays a role in other important business processmodels. These include:

IT Infrastructure Library (ITIL): A key framework for ITservice management, ITIL covers designing, delivering,monitoring, and maintaining information technology

services. In the ITIL V3 framework, change managementis part of its Service Transition processes, but is drivenby service design and operation, and continual serviceimprovement as well. Figure 1-2 shows how changemanagement plugs into the CMDB.

Control Objectives for Information & relatedTechnology. Also known as COBIT, this is a best practicesframework for IT management issued in 1996 by theindustry groupISACA (the Information Systems Audit and

Control Association) and the IT Governance Institute in1996. COBIT offers managers, auditors, and IT users a set




17/52


of generally accepted measures, indicators, processes,and best practices for maximizing benefits from use ofinformation technology. The emphasis is on developing

functional and appropriate IT governance and control.

Change control figures into the Acquire and Implement(AI) domain for COBIT, and falls specifically into the AI6Manage Changes area, while configuration managementfalls into the Deliver and Support (DS) domain, in theDS9 Manage the Configuration area. The Monitor andEvaluate (ME) domain also figures into this area, with itsemphasis on formal IT processes, internal controls,regulatory compliance, and IT governance.

Six Sigma. This business management strategy, originallydeveloped at Motorola in 1986, is still in wide use inmany industries, and sometimes finds applicationsin IT deployment and use. Six Sigmas key focus is onidentifying and removing the causes of errors andproblems in business processes, and is best explained bythe acronym DMAIC:

CapacityMgt.

IncidentMgt.

Config-uration

Mgt.

ProblemMgt.

ReleaseMgt.

ServiceLevelMgt.

FinancialMgt.

AvailabilityMgt.

CMDB

ChangeMgt.

Figure 1-2: Although other management processes can affect the CMDB,

Change Management is the primary driver for all changes to

this body of data.




18/52


Define the problem

Measure the key aspects of the current process and

collect relevant data Analyze the data to investigate and verify causes

and effects

Improve or optimize the process

Control the future state process to ensureappropriate service quality.

There is no explicit configuration or changemanagement component to Six Sigma, though it

can be used to develop such methodologies.

As network management frameworks go, the ITILs servicemanagement model represents the current state of the artfor network configuration and change management. COBITcomes in a close second, with Six Sigma being more of ado-it-yourself toolset.

The Business Case for NCCM

A capable and powerful NCCM system brings significantuseful function and control to the network configurationand change management process. Enterprises must oftenovercome serious issues when deploying an NCCM solution especially in tying together all the many systems and networkcomponents in an IT infrastructure, and enforcing a commonand consistent view of the processes involved.

As Figure 1-2 illustrates, configuration change activity canoriginate from many different areas or groups within anenterprise. Financial, availability, service level, and capacitymanagement teams can have inputs, as do groups that handleincident management for security reasons or problemmanagement for customer or user support reasons. Likewise,in-house software development teams have releasemanagement processes that drive changes as well.

Key issues that any NCCM system should address must

include the following:




19/52


Centralize the management and create a standard way torepresent configuration data for equipment and softwarefrom multiple vendors.

Provide sufficient flexibility to accommodate increasinglyvirtualized components and infrastructures for networksand systems. Not only are servers and clients likely to bevirtualized nowadays, but so also are network interfaces(vNICs) and switches (vSwitches).

Accommodate cloud services and components, includingPlatform as a Service (PaaS) and Infrastructure as aService (IaaS), as well as Software as a Service (SaaS).

Support rapid, on-the-fly configuration changes andupdates, particularly when such updates come fromservice providers operating outside the premises andcontrol of the enterprise.

Support powerful data/model workflow integration, sothat everyone shares a single, common, and consistentview of configuration data and changes to be appliedto them.

Support workflow integration, so that data can flow

between management systems, including NCCM systemsand other management consoles as needed. This ensuresnothing gets lost along the way and that responsibleparties participate as and when theyre needed. At itsbest, integration naturally brings together all the partiesinvolved in change management not only as ITIL sees it,but also as it works on the ground.

Why NCCM MattersWhy does this stuff matter? Because change isnt only aconstant that must be carefully planned and managed.Change needs to be managed because otherwise it mightprovoke inefficiencies, upsets, or outright system or networkfailures. In short, NCCM matters so much because it is neededto ensure smooth, reliable, and ongoing function of key ITsystems and assets. This also explains why automation is akey concern for any NCCM system. There is too much change,

too many data items involved, and too much opportunityfor human error to creep in, to handle configuration updatesmanually.




20/52





21/52

Chapter 2

NCCMs BusinessChallenges

In This Chapter Understanding how to make NCCM effective and efficient

Overcoming manual labor and human error

Fitting into complex, multi-vendor environments

Making the most of NCCMs tools and capabilities

Organizations interested in using network configurationand change management systems face certain challenges.

Some of these challenges relate to resources and the vastvolumes of configuration data. Some of these challengesare process- or procedure-oriented, and relate to how anorganization establishes and controls its use of NCCM tools.

Still other challenges come from the outside, and relateto rules and regulations that stipulate how information particularly information related to customer or client records,

financial transactions, and accounts, and their privacy andconfidentiality must be handled, audited, and stored.

Finally, organizations must recognize that configurationdata is particularly attractive and interesting to the criminalelement, both outside their network boundaries and amongtheir employees, contractors, and others allowed to work inand on their networks.

Theres another elephant in this room, too. Industry analysts

observe that 50 to 80 percent of all downtime stems fromhuman error resulting from incorrect or invalid changesto systems and networks. Unfortunately, implementing




22/52


and managing changes manually introduces substantialopportunities for errors. Such errors can be caused byinadequate testing and planning or from using incorrect or

invalid configuration data as the point of departure whenapplying changes to systems and networks.

In other words, the challenges that organizations face whenimplementing NCCM are sizable. In fact, implementing NCCMoften requires rethinking of the way that IT operates, andestablishing formal, repeatable processes and proceduresto plan, manage, and document change.

Facing Down the ChallengesImplementing NCCM imposes formal structure and flow onhow change is planned and implemented. It also recognizesthat the processes involved must be clearly stated and well-understood. All parties involved need to understand theirresponsibilities to manage change in the best way possible.

The sections that follow explore issues that organizations

confront when considering use of NCCM tools and methods.You learn how such issues are usually addressed whenimplementing NCCM and putting a formal change managementprocess to work.

Taking time and effort up frontMake no mistake! The first steps to implementing NCCM arehuge: Collecting, assembling, and rationalizing configuration

data for an entire enterprise. To make that happen, youmust conduct a thorough and exhaustive inventory of allsystems and hardware devices, both physical and virtual,in use in the enterprise. Then you must collect (and verify)all configuration data.

The time and effort required to create an initial configurationdatabase, even with automated discovery and data acquisitiontools, usually involves one or two full-time employees for aperiod from one to several months. At the same time, however,

planning for change processes and procedures can also getunderway.




23/52

Chapter 2: NCCMs Business Challenges 17

Then you must do the same for your organizations softwarelibrary, which is the sum total of all applications (and allversions of such applications) that the organization uses.

Your team will invariably uncover a few surprises alongthe way, which may necessitate hasty acquisitions of newsoftware licenses. This step causes many organizations toacquire a new perspective on the thousands of applicationsthat they own and use and which they must monitor andmanage as well.

Understanding that governance

is neededIn IT terms, governance means creating value for an organizationwhile managing risks and optimizing resources. The overarchingnotion is to use all these activities to achieve enterprise goals.Configuration and change management are ingredients ingovernance processes, but theyre also subject to governancethemselves.

This means that organizations must be willing to understand

and own up to the requirements that attach to formalgovernance to make the most of NCCM systems and methods.This is another reason why buying into NCCM in particular,and the concepts and methods of IT governance in general,usually entails major changes to an organizations culture,mindset, and operating principles.

At the same time that configuration data is being collected,assembled, and rationalized, and change processes designedand planned, IT governance must become part of an

enterprises processes and procedures playbook if NCCMis to succeed. This is usually driven by strong buy-in anddirection from executive staff, acting as a governing body,with design and implementation coming from a managementand assurance team responsible for creating, maintaining, andcontrolling a governance framework.

For a nice introduction to governance principles and practicessee ISACAs and the IT Governance Institutes Governance onA Page at www.takinggovernanceforward.org/Pages/.




24/52


Ensuring compliance

Changes to IT devices, systems, and software dont occur in avacuum. An NCCM system must be able to support two typesof compliance checking:

Framework-based processes to ensure that changescomply with requirements for formulation, approval,implementation, and validation. Changes must bechecked and validated to make sure they comply withstandard best practices and procedures as specified inITIL, COBIT, and other frameworks (such as Frameworx,

formerly known as NGOSS for New Generation OperatingSystems and Software from the TeleManagement Forum).

This type of compliance checking aims to make sure thatchanges are properly specified and formulated, havebeen properly authorized and applied to their targets,and are reflected in the current state of the CMDB andrelated documentation. This helps ensure consistency,and to make sure that unauthorized, unwanted,incomplete, or incorrect changes arent allowed to stand.

Mandatory processes to ensure that changes comply withall applicable rules and regulations regarding theirapplication, content, and history. When enterpriseshandle certain types of data or client records, rules andregulations that govern such information must be followed.

In this case, checking compliance means maintaininga required data trail of changes so their history can bedissected and reconstructed as mandates require. It alsomeans performing and reporting on regular audits to

ensure proper and complete compliance is maintained.And finally, it means reporting and handling incidentsrelated to potential data breaches or violations carefully,transparently, and thoroughly.

Establishing and maintainingsecurity

NCCM systems must support management of networksecurity, and of the devices, systems, and software involvedin establishing and maintaining such security. Thus, NCCM




25/52


must be able to manage security components that includeintrusion detection and prevention systems (IDS/IPS), firewalls,public key infrastructures (PKIs), and AAA (authentication,

authorization, and accounting) systems. NCCM systems mustalso perform security logging, to attribute changes to specificuser identities at specific time stamps in a permanent record.

In environments where inter-network operations occur, NCCMsystems must interoperate with various third-party networkauthentication and authorization environments. Theseinclude TACACS+, RADIUS, and LDAP, among others.

An NCCM must be able to accommodate security updates and

patches for security infrastructure elements, and applicationsand operating systems. This includes CERT-driven operatingsystem and application security updates, as well as vendor-supplied security updates (like those released the secondTuesday of each month for Microsoft operating systems andapplications through the Windows Update service).

Remote access control acronymsTACACS+ (Terminal Access ControllerAccess-Control System Plus) isa Cisco proprietary protocol thatprovides access control for rout-ers, network access devices, andother networked computing systems

through one centralized server orseveral centralized servers. In gen-

eral, TACACS+ delivers AAA services.RADIUS (Remote AuthenticationDial-In User Service) is a networkprotocol that provides centralizedAAA management for computersseeking to connect and use variousnetwork services. RADIUS startedas a proprietary technology, but is

now governed by a sizable collectionof Internet standard RFC documents.See en.wikipedia.org/wiki/RADIUS for a complete list.

LDAP (Lightweight Directory AccessProtocol) is a network protocoldesigned to provide access to adirectory and directory services via

an IP network. In practice, LDAPoffers a thoroughgoing set of access

tools and controls that can deliverAAA services, along with directoryservices, service provisioning, andservice location. Microsoft usesLDAP to manage access to its ActiveDirectory services and information.




26/52


In keeping with best security practices, NCCM systems mustalso support virus management. This includes identificationof virus-related network events, along with related impact

management and remediation or rectification changes. Forexample, this might require rapid application of accesscontrol list (ACL) changes to contain virus or wormpropagation on a production network.

Finally, and perhaps most important (for mandatorycompliance as well as best practices reasons), an NCCM mustsupport security audits on networks it manages. Human orautomated auditors must be able to assess security on networkdevices. The NCCM must allow and support routine hardening

of all network devices to maintain acceptable security.

Limiting Manual,Ad-Hoc Change

In a surprising number of organizations and enterprises, manualmethods for handling changes and updates remain the norm.

This approach leaves handling updates to groups responsiblefor their maintenance and upkeep. It exerts no formal controlsover or requirements for planning, managing, and controllingchanges and updates. Updates are performed ad-hoc,based on user requests or perceived need and urgency.Documenting changes is left in the hands of those who makechanges, to be performed whenever they can, as best theycan or perhaps never. The result is confusion and error.

Here are some of the drawbacks for manual change methods:

Theyre inherently inefficient. When manual methodsprevail, documentation often disagrees with actualconfigurations. Conscientious staff members lose timeand expend extra effort confirming current status beforethey proceed, and changes often fail because bothsource and target states for change are mistaken ormisinformed. Haphazard documentation updates in thewake of change also takes further time and effort, andcreate further opportunities for human error.

They create risk. Network configuration files aresyntactically complex (see Figure 2-1), so its easy tointroduce errors when making manual changes. In




27/52


addition, because manual change processes are oftenbased on incorrect or invalid data, they introduce addedrisks of failure or post-install problems and failures in

affected systems.

Theyre usually slow and time-consuming. In fact,manual changes may sometimes run longer than isreasonable or workable for maintenance of a standardworking schedule. They might even cut into prime-timeworking hours or important elements in business cycleprocessing (end-of-month, -quarter, or -year accountingand reporting interruptions or delays serve as dramaticexamples). When change processes are unplanned,

untested, and loosely scheduled, they often proceedon a haphazard basis. Some changes may work, butdocumentation or validation may follow only later, or notat all. Some changes may fail, and subsequent repair orremediation may exceed the time window allocated forchanges and updates to complete or be rolled back.

Figure 2-1: A portion of a network configuration file.

Supporting MultivendorEnvironments

Interoperability is a must. Given that modern enterprisenetworks usually include network and security devices frommany vendors, switches and routers from several more,




28/52


servers and storage systems from still other providers, it isimperative that NCCM systems be able to communicate withand interrogate all the devices and systems on the network.

The same goes for the thousands of software programs thattypically reside in an enterprise software library.

An NCCM system must be able to connect with one or manydevices or servers at the same time, all under the controlof a single, consistent management console and dashboard.NCCMs need to function as well on remote networks ason local ones. They should accommodate various ways tointerconnect geographically distributed networks. This meanssupport for MPLS, various routing protocols, Carrier Ethernet,

and other MAN/WAN technologies.

Gathering and managing configuration data, and trackingchanges to that data, means the NCCM system must be ableto acquire and log all such changes, no matter what kindof managed elements sit on the other side of any networkconnection. This goes for virtual instances as well as physicalones. Equally important, an NCCM must be able to usethis data to validate changes, and then to update relevantdocumentation to reflect all applied changes.

Examining the Great Chainof Management Systems

Network configuration and change management is justone area in the major models that describe how networkmanagement should be practiced. In real production

environments, this means that NCCM systems must interactwith numerous other management systems to exchangeinformation and share data. This usually means interactingwith a performance and monitoring system, a software releasemanagement and deployment system, and a help desk andtrouble ticket or customer support and follow-up system.

NCCM doesnt function by itself. It needs to take inputsfrom various systems, then provide those systems withoutputs as well. None of these outputs is as important asthe configuration documents that NCCM manages to reflect




29/52


current and valid configuration data. These ultimately driveall system planning, operations, and activities, both insideand outside the scope of NCCM.

Manual change methods simply cant cope with enterpriselevels of volume, activity, and complexity. Simply put,automation is the only way to wrestle enterprise configurationdata to the ground and to make it work properly. Thus,automated NCCM systems offer the only real hope ofimplementing and managing change management systemsthat comply with governance concepts, best practices, andall applicable rules and regulations.




30/52





31/52

Chapter 3

Making Best Use of NCCMIn This Chapter Automating yourself out of trouble

Finding value in automated NCCM systems

Finding key features in automated NCCM systems

The only way to get anything out of a networkconfiguration and change management system is to putone to work. Start by capturing and storing configurationdata for everything youve got, and keep up with changes asthey occur. Then make sure that whats in the CMDB matches

precisely to whats on the ground or in the clouds, asthe case may very well sometimes be on todays heavilydistributed and virtualized enterprise networks.

Sound like a daunting task? It is but automation can help.There is no better way to acquire configuration data for anNCCM system, nor to handle and document configurationchanges as they occur going forward, than through intelligentautomation of configuration data acquisition and updates. Iftheres one hyper-critical attribute of a workable and usable

NCCM system, effective automation has to be it.

Without effective automation, human intervention of somekind is needed to create and maintain the CMDB. Given thetens of thousands of sets of configuration data in a typicalCMDB, with elements and associated values for all sets in themillions of items, this isnt the kind of chore anyone would orshould tackle manually. This chapter shows why the right wayto handle configuration data is to turn that responsibility overto the NCCM system, and let it do its job.




32/52


Automation Meets

Key ChallengesWhen properly done, automation can handle all thechallenges associated with running and using NCCM properlywith ease. A well-designed, highly automated NCCM systemcan deal with these challenges:

Data acquisition and CMDB population: Even with largenumbers of systems and devices on modern networksand large software libraries to document, modern NCCM

systems can ferret out and acquire the data they needfrom the elements whose configurations need to findtheir way into the CMDB. This may involve one-time useof a special software agent or configuration intake tool,but it can be scheduled and managed in a reasonableamount of time. Once the acquisition phase is completed,theres no further need for ongoing interrogation anddocumentation of configuration data.

Automatic change and update handling: Once the

CMDB has been populated, only confirmed changesneed to find their way into that database. A modernNCCM communicates with the systems and componentsinvolved to track such changes, and to enter them intothe CMDB without human interaction or intervention.

Centralized management and data for all hardwareand software components: The NCCM can interact withhardware and software from any and all vendors, andobtain any needed information. Thanks to automated

change tracking and recording, configuration updatescan be applied automatically to the CMDB.

Standardized, consistent configuration datarepresentation: Thanks to standard and canonical waysof capturing and representing configuration data, usuallybased on XML (extensible markup language; which isself-documenting and self-describing), hardware andsoftware components can present their configurationdata in a standard and highly readable form to an NCCM.This makes it easy to get configurations into the CMDB,and to make sense of its contents as well.

Ability to handle virtualized and real physicalcomponents and elements: Modern NCCMs are as able




33/52

Chapter 3: Making Best Use of NCCM 27

to acquire and manage configuration data for virtualdevices and components as they are real ones. Thatsbecause modern NCCMs use software that interacts

with individual elements directly, and inquires to obtainconfiguration data or change information.

Accommodate cloud services and components: ModernNCCMs can work with remote devices, systems, andprograms via the Internet in much the same way thatthey work with local networked elements. Combinedwith support for virtualized items, this lets these systemsinteract with cloud services and components to acquirenecessary configuration and change data.

Support rapid, on-the-fly configuration changes andupdates: Particularly in virtualized environments, entirevirtual networks, hosts, and clients can move aroundfrequently and rapidly. Modern NCCM systems maintainongoing communications with such elements, and updatetheir configuration databases to keep pace with changesautomatically. Automated discovery across convergedEthernet and IP network infrastructures lets the NCCMdetect as and when changes occur, and tune into themimmediately.

Support powerful data model integration: This isthe foundation for NCCM, and is what permits suchsystems to interact with hardware and software from amultitude of vendors. Thanks to standard configurationrepresentations and ready network communications, theconfiguration data on individual devices, systems, andprograms makes its way easily and automatically into theCMDB via the NCCM.

Support workflow integration: Workflow integrationenables the NCCM to interact with other managementsystems in a transparent and tightly controlled way.Information and approvals follow the work from systemto system, and updates propagate as and where theyreneeded.

Offer extensibility, flexibility, and capacity to handlefuture growth and expansion: Because the XML usedto capture and represent configuration data is easilyextended, new devices, systems, and software can be

added to the NCCM. Distributed, highly available consolesand database management for the CMDB enable the NCCMto adapt to just about any situation, and to accommodate




34/52


various models for operation and control. Modern serverclusters (or virtualized consoles and servers) make addingcapacity a simple matter of licensing and configuration

control this time, for the NCCM itself! Such systemscan grow and change quickly, to keep pace with changingsituations and circumstances in the enterprise.

For an NCCM system to really do its job properly, it must beready and able to interact with complex, far-flung virtual andphysical devices, systems, and software across virtual andphysical networks of all kinds. Automation is the key to keepingup with an ever-changing and evolving managed environment.

How Automated NCCMCreates Value

Making a business case for a technology investment requiresyou to understand whether and how quickly such aninvestment can pay for itself. Traditional cost justificationmodels concentrate on key elements related to putting some

technology to work. These include outright cost reductionsthat reduce capital outlays or lower costs of service,subscription, or use. These models also estimate increases inefficiency and productivity, and put a dollar value on thoseadditions to offset up-front and ongoing costs related tothe technology investment. In the same vein, a value is puton any improvements to service levels that the technologycan deliver. And finally, a value is assigned for compliancewith applicable rules and regulations that the technologyinvestment can help to ensure.

In the sections that follow, you learn how NCCM systems candeliver such value, and how they can be cost-justified foracquisition, deployment, and use.

Reduced costs of operationIn general, network automation reduces staffing levels requiredwhen such systems are in use. Because automated networkmanagement may be centrally managed and staffed, constantor regular presence in branch offices and smaller sites isinvariably reduced and sometimes becomes unnecessary.




35/52


Because NCCM systems rely on automated discovery andupdates to manage everyday changes and updates, IT staffmembers are freed to concentrate on other higher-value tasks

and projects.

NCCM also helps to improve reliability and availability ofnetworks and systems. In addition to increases in efficiency andimproved service levels discussed in the following sections,this also pays a nice dividend in requiring less staff time andeffort to detect, diagnose, and repair faults and problems.When things dont break as much, its not necessary to spendas much time and effort to fix them, either.

A lower level of human involvement also helps to reduceoperator errors, and removes a major cause of inconsistenciesbetween the CMDB and the various networks, systems, andsoftware it represents. Industry analysts estimate that 50 to80 percent of all network outages may be attributed directlyto errors introduced during manual change processes. Whenautomation is at work, such errors no longer occur, therebysaving the costs of the outages themselves along with the timeand effort no longer required to set things right.

Increased efficiencyNCCM systems permit an enterprise to control the fullprocess of network design and modification on a continuingbasis. You dont have to schedule such activity, or to allocateextra resources to undertake it. The change managementprocess flows naturally into design, and tracks allmodifications as a natural consequence of its operation.

A formal change management process model also permits thechange process itself to be measured and monitored. Thisresults in more reliable networks and improved enterpriseproductivity. Though more time is spent on planning andworking through the change process, the total effort involvedpales beside the effort required to troubleshoot problemswhen theyre allowed to occur not to mention theurgency, the stress, and the unpredictability that outages canintroduce into productivity, output, and revenue forecasts.

A more reliable and predictable network means that workerscan be more productive, that users and customers willobtain a better online experience, and that overall resources




36/52


and information can be used more quickly and effectivelyto get the job done. Net overall increases in productivity of10 percent are common, with higher numbers sometimes

measured as a result of formal change management.

Improved service levelsFewer outages, plus more reliability and availability translateinto higher service levels across the entire enterprise. Thesehigher levels mean that individual work items are handledmore quickly, and users enjoy a more positive experience inworking with systems and networks. Putting a hard and fast

value on the benefits of improved employee morale can bedifficult, but no such problems attach to the value of the workthey produce as a consequence. A 10 percent improvementin output with little or no increases in cost makes a very nicecontribution to the bottom line.

Similar improvements in remote or Web access can also payextra dividends. When their user experience is uniformlypositive, employees are more inclined to put in extrahours on the road or at home, when theyre off the clock.

Likewise, enterprises with substantial customer-facing onlineoperations can achieve round-the-clock improvements insales and service delivery when users are glad to interact withinformation assets online. Theyll be more eager to log on, andless likely to log off quickly, when service levels encouragetheir appetites for online interaction.

In situations where service levels come with guarantees,or so-called service level agreements (SLAs), improvedservice levels will translate more directly into bottom-lineimprovements. If an organization needs to devote less timeand effort to handling service-level reports and complaints,theyll save on the staff costs always involved in workingsuch things through. And because many SLAs assess financialpenalties when theyre not met, organizations can avoid thoselosses if service levels remain at or above guaranteed levelsmore of the time.

Ensuring complianceIn many industries, information services must meet regulatoryrequirements for specific kinds of data, especially financial




37/52


transactions, credit-card processing, and handling of customermedical records and information. Maintaining compliancenormally includes providing proof in the form of auditing and

related reports. When faults, data breaches, or other incidentsoccur, various reports and notifications are required, and cancome with substantial penalties when compliance isnt achieved.

Formal change management systems help to documentcompliance as a natural consequence of the data theymanage, monitor, and report on. This information can alsospeed audit processing and reduce the time, effort, and costinvolved in meeting related reporting requirements.

And because formal change management enables changesto be checked for compliance requirements as part of themanagement process, unintended breaches or violations arefar less likely to occur. Compliance efforts and activities are aregular part of the overall process, rather than an exceptional,every-now-and-then effort. This makes problems far less likelyto occur, and associated costs and reputation damage far lesslikely to be assessed.

Key Attributes and Features ofan Automated NCCM System

When choosing an automated NCCM system, enterprises needto be aware of lots of features and functions. In particular,choosy buyers should look for certain key attributes andfeatures like these:

Network configuration version management. Automaticnumbering and tracking of configuration data (andeven data elements) is important for keeping track ofconfigurations over time, but also essential to successfulrollbacks or change reversals. Version information alsopermits history to be fully reconstructed for after-the-factproblem analysis and process-improvement purposes.

Network document generation. Automatic generationof network documents ensures that IT staff members are

always working from current and correct informationas they handle incidents or problems, or plan for futurechange and growth. Because so many errors that occur




38/52


in manual systems come from outdated or incorrectdocumentation, its hard to overstate the importanceof this capability.

Network change job scheduling. Managing changerequires formal scheduling of change jobs (whenchanges get executed). Time slots have to match thejob requirements, and there has to be sufficient time forrollback or reversal if any problems occur as changesare applied.

Change process management. The ITIL model described inChapter 1 takes continual service improvement as a centralprinciple in creating a formal and effective discipline for

service delivery. Where change is concerned, this meansmonitoring and managing the change process itself, justlike any other process. This is the only way to improvethe change process, and to achieve higher efficiencies andfewer faults in how that process operates.

Distributed device communication and control. Todaysnetworks are far-flung, highly distributed, and virtualized.A capable NCCM must be able to reach out and interactwith devices, systems, and software no matter where

theyre located, or whether theyre real or virtual, withnary a hiccup nor an access issue. This capability is anabsolute must for todays complex enterprise networks.

Change auditing and reporting. To capture informationabout the change process, to track configurations overtime, and to ensure compliance, NCCM systems mustincorporate automatic auditing and reporting facilities.This makes producing necessary and valuable reports easyand timely, and helps ensure that NCCM is doing its job.

Extensible, flexible data modeling and capture. Todaysenterprise networks include all kinds of devices, systems,and software. NCCM systems must be able to capture andrepresent all those configurations, and to accommodatenew devices and entirely new technologies assystems change and evolve going forward.

All in all, NCCM systems represent a formidable collection ofcommunication, command and control, data collection andmanagement, and auditing and reporting capabilities. Buyers

must be careful to ensure that any systems that make it ontotheir short lists of final candidates excel in all of these areas.




39/52

Chapter 4

Maximizing AutomatedNCCM

In This Chapter Looking at specific companies that put NCCM to work

Examining the benefits of NCCM for real-world companies

Understanding how EMC Ionix Network Configuration Manager works

Well-run companies look for innovative ways to retaincustomers, get new customers, and stand out among

competitors. In the network services industry, switching tonetwork configuration and change management (NCCM) is aprime way to meet those goals.

In this chapter, I look at four companies that chose an NCCMsolution, and why. While browsing those case studies, if anyof the scenarios sound familiar (same challenges in yourshop?), keep reading for a description of the benefits thecompanies realized after making the switch to NCCM. Finally,

we offer a birds-eye view of EMC Ionix Network ConfigurationManager.

Putting NCCM to WorkPrevious chapters described the virtues of NCCM in generaland its value to companies. Now take a look at how four well-known companies have improved their services, and theircustomers businesses, by putting NCCM to work.




40/52


CompuCom Systems, Inc.

CompuCom Systems, Inc., is an IT outsourcer for Fortune 500companies in energy, finance, healthcare, pharmaceuticals,manufacturing, and retail. CompuCom designs, deploys,and manages IT infrastructures, in addition to developingapplications and providing governance services.

Many of CompuComs clients began processing applicationsin real time and over wide-area networks. The result washeavier network loads that slowed performance. On thesupport side, large-scale network configuration updates were

time-consuming. CompuCom administrators made manyupdates manually, which sometimes required upwards of twoweeks to complete. In addition, it could take CompuCom upto 15 minutes to poll customer devices and over four hoursto generate network maps for root-cause analysis. Seniormanagement knew that todays business climate requiresmuch faster response and resolution times.

CompuCom needed a real-time monitoring and managementsolution that gave them true visibilityinto their customers

networks. Visibility in this sense means to be aware of thedevices, services, and data on a network. The better thevisibility, the easier it is to detect and resolve network faultsquickly.

CompuCom chose two products: EMC Ionix IT OperationsIntelligence (ITOI) and EMC Ionix Network ConfigurationManager (NCM). The combination of products lowered thenumber of monthly trouble tickets by 75 percent, dropped thetime needed for root-cause analysis to less than one hour, and

reduced the time for network configuration updates to about 30minutes. As a boost to the companys bottom line, CompuComsaved over $500,000 in the first year the tools were deployed.

Reliance GlobalcomReliance Globalcom (formerly Vanco) is a leader in globalbusiness communications. This network service provideroffers data, voice, video, security, and remote access services.

Customers around the world rely on Reliance Globalcom todesign, deploy, and manage their global communicationsnetworks.




41/52

Chapter 4: Maximizing Automated NCCM 35

Reliance Globalcom has always had high customersatisfaction rates. However, as customers deployed newtechnologies, their needs changed, requiring Reliance

Globalcom to keep pace. Another hurdle was integratingproducts from different vendors.

To remain the go-to network service provider for currentcustomers and attract new customers, Reliance Globalcomhad a laundry list of requirements for a new technologysolution. The tool needed to:

Manage IT service delivery more efficiently

Automate problem and fault tasks, and configuration andmanagement tasks

Provide complete integration with other vendorsproducts

Enhance security and demonstrate compliance withcustomers corporate and regulatory requirements

Allow absolute control over the IT environment tomaintain quality and ensure accuracy of compliance,change, and configuration processes

Reduce overall costs

Like CompuCom, Reliance Globalcom chose EMC Ionix forIT Operations Intelligence (ITOI) and EMC Ionix NetworkConfiguration Manager (NCM). The combined solutionallowed Reliance Globalcom to meet its goals. Among otherbenefits, the companys operations became much moreefficient, reducing the time to push an update to all systemsfrom hours to minutes, with no errors. NCM also allows

the company to control who may see and make updates,and consistently monitor compliance across devices andnetworks.

CUNA Mutual GroupFrom its offices in Wisconsin, the CUNA Mutual Groupprovides insurance, loans, and other financial services tocredit unions and their members. As a financial company,

it must protect its customers data and privacy, so ITinfrastructure security is a top priority.




42/52


With more and more viruses, worms, and other threats hittingcompanies daily, CUNA Mutual took a hard look at the levelof security across its business units. The company found that

manual IT configuration changes to its more than 500 networkdevices created security vulnerabilities, mainly becausedifferent staff made changes in different ways. Standardizationwas needed to make network updates consistent, regardlessof who performed them. And the company needed a way toaudit those changes to ensure they were done according toregulatory requirements and internal security policies.

CUNA Mutual chose EMC Ionix Network Configuration Manager(NCM) to streamline its configuration change process

eliminating errors and providing an automated way to provesecurity compliance. Another big plus was the return oninvestment. Because the change process was automated, ITstaff had much more time to focus on mission-critical tasksrather than routine maintenance.

NEC Unified SolutionsNEC Unified Solutions provides unified communications

systems to Fortune 1,000 customers. The products includenetworks and network security, Internet Protocol (IP) andwireless communications, video solutions, and much more.

As many of NEC Unified Solutions customers migratedto new technologies, such as voice over IP (VoIP), thecompany looked for new ways to meet customer demands.One way was to expand from basic remote monitoring tofull remote management. To give remote customers thebest possible support and minimize downtime, NEC UnifiedSolutions needed a highly reliable configuration and changemanagement solution.

The company selected EMC Ionix Network ConfigurationManager (NMC). The tool let NEC Unified Solutions seecustomer networks completely, which made problemresolution much faster. Manual configuration changes, andeven new deployments, became automated. The solution alsolet NEC Unified Solutions more easily provide backup and

audit trails of configuration changes.




43/52


Heres the Beef: Value Resulting

from Automated NCCMThe four companies in our case studies realized a string ofcommon benefits:

Comprehensive network management: The companiesgained a single, comprehensive management view oftheir network environments. Reliance Globalcom, forexample, had full visibility from one interface whenmanaging a multi-vendor network.

Compliance auditing: The companies were able totrack and audit configuration changes automatically.Doing so allowed them to maintain compliance withinternal policies in addition to industry and regulatoryrequirements.

Compliance is like a spectrum. In addition to things likeregulations, IT teams increasingly want to align with bestpractices, such as those outlined in InformationTechnology Infrastructure Library (ITIL). Even having amechanism to ensure consistency among workgroupteams can be key to an organization. No executive wantsto unnecessarily take on the business risk associatedwith all individuals on a network team handling change-related processes inconsistently.

High return on investment: Because the EMC NCMsolution automates tedious manual tasks, and eliminateserrors, the companies saved significant money onpersonnel costs. NEC Unified Solutions, for example, was

able to eliminate onsite installation services and manualactivations. Automation decreased the time needed forcustomer deployments, and slashed the cost of providingthose services.

Ongoing network operational efficiency: Althoughreturn on investment (ROI) and payback periodassociated with NCCM is compelling and quick, the realvalue comes from the ongoing operational application ofautomated NCCM. Saving time, avoiding problems, and

ensuring compliance results in more efficient operationsday in and day out. That increased efficiency reducescosts, and lower costs mean higher profitability.




44/52


Introducing the EMC Ionix

Network Configuration ManagerEMC Ionix Network Configuration Manager is an automatednetwork compliance, change, and configuration managementtool that works seamlessly in physical and virtualenvironments.

One of the characteristics that makes it unique is its scalableand flexible model (shown in Figure 4-1). This model meanscustomers can use the tool to custom-configure their networks,

rather than having to adjust their processes to fit the tool.

Report Manager Executive level views Compliance reports Inventory reports Change reports

DB Server Application Server Device Server

EMCS Network Change and Configuration Manager (NCM)Automated Change, Configuration, and Compliance Management

Change and ConfigurationManagement

Multi-vendor network infrastructure discovery

FirewallsVPN

Concentrators

Multi-Vendor Network Infrastructure

Routers

Switches

Optical Switches

BroadbandRouters

WirelessRouters

Access Points

Figure 4-1: The Network Configuration Manager model includes amulti-tiered architecture.

Network Configuration Manager integrates three importantnetwork management processes: design, change, andcompliance.

DesignBefore rolling out changes or new configurations, NetworkConfiguration Manager helps you create an implementation




45/52


design. In this phase, you plan for and set up change automa-tion using templates called Golden Configs in EMC-speak.

The tools interface, shown in Figure 4-2, is intuitive and easyto use, even when supporting large networks. It displays theinformation you need or makes it available with only a click ortwo of your mouse.

VoyenceControl was the precursor to Network ConfigurationManager. Some of the Network Configuration Manager screensstill carry the VoyenceControl logo and branding.

Figure 4-2: The Network Configuration Manager interface lets you easilydesign, and then implement, change management tasks.

ChangeAfter you design a change, youre ready to push it to yournetwork devices automatically. This automation is whatreplaces manual change processes and reduces or eliminateshuman errors. You dont need to log in to devices individuallyto change configs, spending days or weeks to update largenetworks. No more bare-metal provisioning, no more site




46/52


visits. The system performs discovery on a per-device basis(see Figure 4-3), providing flexibility for the customer.

Figure 4-3: An example of the Auto Discovery feature for NetworkConfiguration Manager.

The management system runs on an application server,which can manage one or thousands of devices from differentvendors. That design allows the environment to easily scaleto meet needs of network environments large, midsize, and

small.

Pre- and Post-ComplianceStepping back a bit, Network Configuration Managers auditdesign feature helps ensure your automated change willbe in compliance with regulations and policies before youimplement changes.

Network Configuration Manager provides built-in policy tem-plates for regulations including Payment Card Industry (PCI),Sarbanes-Oxley Act of 2002 (SOX), Gramm-Leach-Bliley Act(GLB), Statement on Auditing Standards No. 70 (SAS 70), andHealth Insurance Portability and Accountability Act (HIPAA).

Once changes are made, the software tracks all changesindividually. You can check settings and generate reportsthrough the management interface on demand.




47/52

Chapter 5

Ten Top Reasons to PickAutomated NCCM

In This Chapter Saving time, money, and human resources

Meeting best practices, governance, and compliance requirements

Reducing outages and downtime

Eliminating risk of costly human errors

Keeping configuration changes in sync

Traditionally, everyFor Dummies book ends with a Partof Tens.Why is this? Think about it, then answer these puzzlers:

How many commandments did Moses bring down fromthe mount?

How many fingers do most people have on both hands?

Solve the unknown in this phrase: Top X List

So here are ten benefits of network configuration and changecontrol.

Save Money and TimeAutomated NCCM makes managing change faster, but also

easier to plan for, implement, validate, and document. Byadopting formal change control processes and procedures,




48/52


and using automated NCCM, organizations reduce the amountof time it takes to implement changes, thereby reducing needsfor staff time, problem-solving, and rollbacks.

Automated NCCM users save money on IT staff costs and timespent dealing with configuration changes.

Refocus IT EffortsAutomated NCCM users can refocus IT efforts on planning andproactive efforts to create new IT services and innovate for

the business, rather than spending those efforts on manualchange activity.

Meet IT Governance and ServiceManagement Goals

In the NCCM world, compliance takes two different forms.

The first form usually deals with meeting IT governance andservice management process models, and helps to ensurechange management is working properly, efficiently, andreliably. Automated NCCM users can verify and audit thatchanges are authorized and correctly implemented. They canalso use change processes to manage the change processitself!

Achieve Legal and RegulatoryComplianceThe second form deals with legal and regulatory compliance,and the planning, assessment, auditing, and reporting itrequires. Automated NCCM helps to facilitate both. AutomatedNCCM users can integrate regulatory and legal compliancerequirements into their change planning, authorization,implementation, verification, and audit processes. This makes

compliance issues routine to track, manage, research, andreport.




49/52

Chapter 5: Ten Top Reasons to Pick Automated NCCM 43

Bust DowntimeProper network configuration and change management resultsin networks that are more reliable and available, and lesssubject to service degradations or outright outages. All thesethings contribute to a better end-user experience, and evento meeting or exceeding service level guarantees. Automatingconfiguration changes using NCCM reduces downtime, ascompared to manual change control methods.

Improve ProductivityImproved service delivery and a better end-user experiencederived from NCCM systems translate into improvedproductivity.

Beat Human ErrorManual change processes and procedures are fraught with

error and create regular problems with applications, services,and network access. Industry analysts estimate that errorsrelated to unforeseen or unwanted side effects resultingfrom manual changes account for the vast majority 50 to80 percent of service outages. Automated NCCM eliminateshuman errors associated with manual change control, andgives that time and access to those resources back to theenterprise. Automating change control procedures andrelated documentation helps to reduce errors significantlythrough proper planning, authorization, execution,verification, and audit.

Match Real ConfigurationsAutomating change control procedures and related recordingof those changes ensures that configurations referenced inplanning match real configurations in service. This removes akey source of error in the change management process.




50/52


Work from Correct

ConfigurationsWhen it comes to understanding and explaining the errors towhich manual change control is subject, the most commonroot cause is attributed to incorrect, invalid, missing, orout-of-date configuration data for the devices, systems, andsoftware involved. Automated NCCM ties into the changemanagement database (CMDB), making it easy and automaticto keep changes to systems whether real or virtual inagreement with each other.

Validating configuration changes ensures that configurationsin the CMDB agree with configurations o

Network Config & Chg Mgmnt 4 Dummies Bk

Documents

Transcript of Network Config & Chg Mgmnt 4 Dummies Bk