What is Network Configuration Management?

Automation helps scale network teams and their ability to identify drift, correct non-compliant configurations, and manage updates across the network in a reliable and timely manner. At the product level, automation also simplifies complex processes and scales functionality across the network, performing better than legacy solutions.

To better understand why automation has become so important, it’s useful to look at the following “must have” functions of network configuration management for the modern enterprise.

• Device discovery. Device discovery is the first step in onboarding devices into a network configuration management solution. Discovery can happen in several ways, from importing a text file of IP addresses to scanning a range of IP addresses and importing network devices. Once imported, a device inventory is automatically generated, giving a detailed view of the network’s makeup that can be used to track configuration changes, manage device lifecycles, or perform vulnerability management. Going further, syncing devices with an ITSM like ServiceNow for device discovery automates ticket creation/updates/closing, ensuring issues are tracked and resolved efficiently.
• Software updates and rollbacks. Software updates are complicated and time consuming, and one of the most important things that network engineers can do to keep their networks safe. Network configuration management should integrate backups simply into the software update process to ensure that there’s a recent backup should the team need to roll back to previous configurations in case of error. Update automations should be HA-aware, meaning updates to a high-availability pair should be done automatically and without downtime. Updates should support multi-step updates if an update needs to be performed across multiple software versions. Updates should be simplified for both network devices like routers and switches and security devices like firewalls.
• Change management. The network configuration management tools should audit all network changes, whether they’re done manually or through automation, to identify drift. Changes should be groomed back into compliance automatically when they differ from the expected standard configurations. Additionally, in the event of a known vulnerability, administrators should be able to run a check to find vulnerable configurations and remediate them automatically.
• Executing complex network operations. All tasks should be able to be automated without writing any code, no matter how trivial or complex, as long as they can be accomplished either at the command line interface (CLI) or via the API. Automation of tasks in bulk has huge time-saving benefits. For example, updating a firewall license on nearly 100 Palo Alto firewalls is reduced from 10 hours of manual work to 30 minutes of automation work, including creating the automation.
• Continuous compliance. Whether your devices must comply with industry standards, the standards your organization puts in place as preferences, or open tickets in an ITSM, network configuration management is responsible for continuous compliance – ensuring that devices start and stay compliant with your requirements. These solutions should also include support for industry best practices like CIS Benchmarks, DISA STIGs, HIPAA, PCI DSS, and more. Compliance also involves checking the network for vulnerabilities to ensure no known vulnerabilities are exposing the network. Finally, managing the lifecycle of devices to remove devices that are approaching end of life (EOL) and no longer get security updates is an important compliance activity.