Network Config Management
Im sure this topic has been brought up before and if so just point me in the right direction. Im looking for an application that solves the needs to configuration management across an entire Cisco network, so routers, switches, ASAs. Ideally it would provide the following capability:
A many to one global configuration diff and remediation option. For example if weve defined a VTY / SNMP access-list that would applied to every device regardless of type Id like the tool to go out parse the configs and present me with a list of devices that do not match master configs. Then of course be able to remediate this.
Be able to return devices with a specific configuration or version. And then act on them perhaps push configuration changes or IOS etc.
Im open to options I think CiscoWorks might be able to do this, Im also open to any open source tools that might be able to accomplish this as well because well free is nice too.--
Solarwinds Network Configuration Manager. You would use the Policy Reporter to weed out things in configs,missing from config, etc. Take their Eval for a spin. We use it, works well on a small budget.
ManageEngine's similar product. Take their Eval for a spin too.
Those are relatively cheap. You can spends 100's of thousands if you want to get crazy.
If you are willing to spend $, EMC Voyence and CA Spectrum both do the job. I have tried the solarwinds one and been dissappointed. If you want free, you can easily rig something up with rancid or other open source config backer-upper-config-differ config-trap catching apps and a linux box.
That's good to hear about Spectrum. The company just purchased and is going down the road of implementing it but I haven't heard / seen anything about it. So I guess I'll see what I get from CA.
Thanks for the feedback.--
|reply to rsaturns |
I've dealt with many network management tools in my time. Bar none, the best one out there is Opsware (also sold as a product called Cisco Network Compliance Manager). It can manage not only Cisco gear but about 100 different vendors. CiscoWorks would be my second choice but only works on Cisco gear. Opsware was bought by HP but the product is outstanding at what it does. Far superior to lesser talents like Voyence, Solarwinds, etc. We put all of them up for RFI and compared all of their strengths and weaknesses and this product stood out.