I’m currently investigating options w.r.t. enterprise-wide (over 250 device, and by ‘device’ i mean router and/or switch) configuration management (and (ideally) compliance-auditing_and_assurance) software.
We currently use Voyence (now EMC) and are looking into other options for various reasons, support being in the top-3 …
So, I pose: To you operators of multi-hundred-device networks : what do you use for such purposes() ?
()see subject
This topic seemed to spark lively debate on efnet, so i thought it appropriate to ask here. Feel free to respond privately (and I will post summaries to the list), or direct.
In any case, for the benefit of all, I will post in any case my/our findings.
In the long run everybody was afraid of IASON. They dared not
work on it.
Later I developed some bits and parts.
When we changed hardware in a small company (200 PCs, 20 servers
5 HP Procurve switches and two routers) IASON would discover
the switches as fast as they were powered and would move them
to a management network.
Operators and management were not amused.
IASON was changing passwords and ip-addresses
That has been the only try.
They idea is still a prolog based AI system, learning and knowing
every hardware, how it is configures and connected.
You move a PC from one location to another because people do move
or because a port on a switch has gone dead. IASON reprogrammes
switches and ports so you get the same VLAN.
Somebody is replacing a switch for whatever reason. IASON finds
the new switch and sees the connected pcs and uplinks. It reconfigures
the switch so as to replace the old one. You do net even need to
mind where everything was connected. IASON can change across vendors.
I guess it will take same time - but in the long run we will get it
and it will be open source.
There are tons of products out there. You could try looking at Cisco Network Compliance Manager. It supposedly has built-in compliance rules for financial institutions (GLB, SOX, etc). If you want to pay, people will gladly take your money.
I'm currently investigating options w.r.t. enterprise-wide (over 250
device, and by 'device' i mean router and/or switch) configuration
management (and (ideally) compliance-auditing_and_assurance) software.
We currently use Voyence (now EMC) and are looking into other options for
various reasons, support being in the top-3 ...
So, I pose: To you operators of multi-hundred-device networks : what do
you use for such purposes(*) ?
(*)see subject
We have several thousand network devices currently in play:
mpetach@nowherespecial:/tftp/conf/latest> ls *.conf | wc -l
7419
mpetach@nowherespecial:/tftp/conf/latest>
I hand read each device configuration check-in email that goes past
to see if there's errors in the configs, security violations, or other WTF-ish
elements in the config check-in, and mail back a nag notice to the
person who changed the config.
Currently, I received between 1900 and 3000 email messages a day.