The Challenge
Networks form the backbone of the modern IT and other enterprises. The components of the backbone—the network infrastructure—are quite complex and varied with the presence of hundreds or even thousands of mission-critical edge devices such as switches, routers, firewalls and others from dozens of hardware vendors. Enterprises make huge investments on procuring network infrastructure and employ highly skilled professionals to manage and administer the network infrastructure. Typically, a few administrators manage a large infrastructure.

Managing the network is a challenging task as business continuity directly depends on network availability. Even a few minutes of network outage could have a rippling effect on the revenue stream as critical business services get affected. And as business needs grow, network complexity also grows up exponentially. The enterprise naturally puts the squeeze on the few network administrators mandating them with the responsibility of ensuring network availability. Not just network availability, but also ensuring security and reliability, optimizing performance, capacity and utilization of the network fall under the ambit of the administrators.

Business needs are in a constant state of flux and administrators are required to respond to the needs often by configuring the network devices, which is a sensitive and time-consuming task. It requires specialized knowledge, familiarity with all types of devices from different vendors, awareness on the impact of changes, precision and accuracy. Naturally, the highly skilled network administrators carry out the configuration changes.

Ironically, most of the configuration changes are repetitive, labor-intensive tasks—for instance, changing passwords and Access Control Lists. Yet, as even minor errors in configuration changes to the devices in production carry the risk of causing network outage, the skilled network administrators spend a significant part of their time on configuring the devices. They find it hard to concentrate on strategic network engineering and administration tasks.

Besides, with increasing security threats to mission-critical network resources and serious legal consequences of information mis-management, enterprises everywhere are required not just to follow standard practices, internal security policies, stringent Government regulations and industrial guidelines, but also demonstrate that the policies are enforced and network devices remain compliant to the policies defined. Ensuring compliance has become a priority for network administrators nowadays. This drives them take extra care while changing configurations.

Administrators also have to continuously monitor the changes carried out to the devices, as any unauthorized change can wreak havoc to the network. The organization expects the network administrator and the IT department to deliver operational efficiency continuously and contribute to cost-effective network management.

It is evident that administrators face pressures from multiple angles; but, how do they normally manage configurations? Let us have a look at some of the traditional network configuration management practices:

• While carrying out changes, most of the administrators document the proposed changes. They login to each device separately and carry out the change. In case the configuration changes are not successful, they will turn the configuration to the previous working state by undoing the changes as recorded by them in the documentation.
• In big enterprises with a large number of devices, the administrators cannot follow the 'change documentation' process. Instead, they develop custom scripts to push configurations to multiple devices. With the enormous diversity of hardware vendors, the administrators develop numerous custom scripts to suit the syntax of each device type.
• Others juggle with fragmented tools to do specific tasks in configuration management. They correlate the output from each tool manually.
• Still worse, some administrators follow the haphazard way of carrying out changes to live equipment without any management plan. When errors in configuration cause network outage, they end up wishing that they could move the configuration back to a proper working version. They manually troubleshoot the cause.

The Limitations of the Traditional Approach
The manual way of configuring the devices suffer various disadvantages and serious limitations. The following are prominent among the many:

• The highly skilled network administrators spend most part of their precious time on doing repetitive, time-consuming configuration tasks. They get little time to focus on strategic network administration plans and tasks. This amounts to wastage of resource, cost and time.
• There is no provision to apply configuration changes in bulk to many devices at one go. Administrators have to logon to devices separately or, at best, execute many custom scripts to get the work done, which would be time consuming.
• Even simple tasks like rotating passwords of devices, viewing access lists etc. could prove an uphill task.
• As the number of devices grows, administrators find it difficult to respond to the business priorities that require frequent configuration changes. Possibilities of committing errors become evident.
• A trivial error in a configuration could have devastating effect on network security, leaving room for malicious hackers. The traditional approach has no provision to check configurations before deployment from the standpoint of security.
• Administrators lose track of configuration changes. As a result, configuration management becomes a daunting task. In the face of a network outage, troubleshooting becomes laborious. The mean time to repair (MTTR) climbs significantly.
• There is no way to control the access to device configurations based on user roles. No way to check/prevent unauthorized configuration changes either.
• The traditional practice has no scope to ensure accountability for user actions. When something goes wrong due to faulty configuration change or when a security breach occurs, it would not be possible to trace the actions to a particular individual in the absence of audit trails.
• There is no provision to monitor and ensure compliance to government regulations, industry best practices and standards.

Issues at a Glance

• Wastage of skilled resources in repetitive configuration tasks
• Administrators require a lot of time to do configuration changes
• Troubleshooting in the face of outages becomes monumental
• No provision to monitor unauthorized changes, security and compliance
• Unable to keep track of configuration changes
• No centralized control
• Lack of accountability for actions

The Way Out
Conquering the complex, multifaceted operational and technological challenges of network configuration management is getting simpler nowadays with the availability of Network Change and Configuration Management (NCCM) solutions.

The NCCM solutions are designed to automate the entire lifecycle of device configuration management. The process of changing configurations, managing changes, ensuring compliance and security are all automated and the NCCM solutions prove to be powerful at the hands of network administrators. They help save time and ensure network uptime.

By leveraging NCCM solutions, administrators can put in place both proactive and reactive configuration management strategies. Proactively, administrators can reduce manual errors and prevent unauthorized changes; when something goes wrong, they can react to the contingency within minutes by getting to the root cause or by rolling-back to the previous working version.

Conclusion
Lack of efficient and effective device configuration management affects the business continuity of enterprises. Manual configuration of devices eat away the time and efforts of the skilled administrators, who are struggling to keep track of configuration changes. Increasing security threats and government regulations force enterprises to comply to standard practices and policies.

Automated NCCM solutions enable network administrators to take total control of the entire life cycle of device configuration management. Changing configurations, managing changes, ensuring compliance and security are all automated. These solutions improve efficiency, enhance productivity, help save time, cost and resources and minimize human errors and network downtime.

With a good NCCM solution in place, enterprises can make best use of their network infrastructure. They can achieve increased network uptime and reduced degradation and performance issues.