A sizeable percentage of network problems are caused by changes: new hardware, configuration changes, new applications or services. If you don’t know about every change, you’re fighting a losing battle.
Change control has a major role to play — any changes you want to make should be fully advertised to, and approved by, any other group within your organisation that may be affected. This notification must include details of the change itself, the expected impact, planned time of implementation, testing criteria, and backout plan.
But even if you do follow strict change processes, there will always be times when you know that something is different on the network but aren’t sure just what. This is where the requirement for an automated change management process comes in. When there are major issues in the morning, the first thing you need to know is what, if any, changes were made the night before.
You should back up all your router and switch configurations to a safe central repository. This allows you to compare versions for differences, and also lets you quickly deploy a replacement box should you have a complete hardware failure, by just copying over the latest configuration.
This archiving must be automatic — if it’s manual, people will forget to do it. If you have a Cisco-based network, it’s easy, since the CiscoWorks network management applications are designed to handle this archiving and change auditing. Changes are automatically recorded, with details on the actual change made, be it software or hardware, and the login id of the person who made it.
If you have a non-Cisco network, you'll have to go through a more manual process, initially, to set up this archiving. It's reIatively easy to get your routers and switches to send out snmp traps when a configuration change is made, but you will probably have to write a script on your management station to then go and retrieve that config. If you can't do this then, as a minimum, you should be able to create a timed job (a cron job if it's a Unix station, or using the command prompt on a Windows server) to pull down configs nightly. This isn't ideal since there is a lag between the change and the srchive process but it's better than expecting people to remember to do it.
With all your configs archived it’s also easy to look at historical changes, search for specific pieces of configuration, or compare configs between similar devices.
You also need up-to-date information on exactly what hardware and software you have. On the run up to 2000, everyone spent huge amounts of time identifying what levels of software they had running. How many people bother now?
If you minimise the number of different code versions across your platforms, it will be easier to manage and you will have fewer bugs to worry about. If you don’t check, you will find that devices in remote corners of your network sit with older and older versions of code until you find you can’t deploy a feature you want, or get support from the vendor. But if you don’t want to spend your days telnetting into dozens or hundreds of devices to check, you’ll need an application that does it for you and provides you with a simple one-page summary. This will quickly let you identify any devices running a different version from the rest, and help you plan upgrades, in a timely manner, without missing any.
The same rules apply to the hardware. Your asset control should tell you what you have but is it always correct? What happens if someone installs a card into a modular chassis and forgets to update the documentation? Are you sure you have all your equipment listed so that your supplier knows what they should be providing support for—and keeping spares for?
An automated inventory application will always be correct, and should also be able to tell you extra information, such as serial numbers, number of spare slots, whether single mode or multimode fibre interfaces are in use, and the amount of memory installed.
None of this is information that you can’t get by logging into every device and looking at the logs and configurations, but once your network is bigger than a handful of devices that isn’t sustainable. You have enough to worry about managing the network without being unsure what it is you’ve got out there. The tools, such as Cisco Works, SNMPc and NetViz and Deltalert are available to do all of this without effort on your part and it’s recommended that you take advantage of them.