What Is Network Configuration Management? -如何运作

As an infrastructure or network manager, configuring your expansive IT network can be a headache. Not only do you have to keep your network devices running efficiently, 但是，您必须确保您的整个财产符合公司的控制和政策，以保护您的网络. 这就是为什么强大的网络配置管理流程和支持工具对您的成功至关重要.

What Is Network Configuration Management?

网络配置管理是定期监视和实现对网络设备元素(如IP地址)的配置更改的过程, 项目, 默认设置, 和版本. 网络配置管理的主要目标是确保网络安全有效地运行.

Network Configuration 和 Change Management (NCCM)

网络配置和变更管理(NCCM)是系统地、系统地控制和管理网络基础设施变更的过程. 这包括改变, 检测变化, 日志记录的变化使企业可以很容易地识别当前网络配置和存档版本之间的差异. NCCM can show which lines have changed, what they were, 和 what they are now.

In many NCCM 系统s, an automated report can be generated to show any time a change happens. 这种类型的报告是必不可少的，以确保修改不干扰网络的正常运作，并将任何危险降到最低.

Change Authorization (Human In-the-Loop)

网络管理中的配置管理允许相对任意的逻辑脚本和代码运行. 通常, 它旨在通过连接到控制台的安全外壳(SSH)实现与网络设备的自动对话. 这允许网络配置工具执行任何管理员通过SSH登录到设备才能执行的操作, 询问信息, 和 instructing it to make config changes. This replaces the need for human identification 和 updating of network configurations.

Conversations with devices can be automated to improve speed, 一致性, 和 可伸缩性 of changes you want to apply to device configurations. 可以通过网络配置管理软件对多个设备或多个设备上的多个端口进行配置.

The risk in this process is that automating network config changes could lead to unexpected results. A change authorization process is sometime present with NCCM tools to keep humans in the loop. Having a network admin weigh in on recommended changes can help minimize unexpected outcomes, 最大化您的政策遵从性, 和 减少网络停机时间!

Configuration Management in Virtual Networks

There are physical network appliances or virtual network appliances (software) available, but there is typically no difference between managing virtual 和 physical appliances. 虚拟产品的一个例子是帕洛阿尔托虚拟防火墙，它可以作为物理设备或软件购买.

Configuration Management in Network Security

网络安全中的配置管理是保证网络环境安全和正常运行的重要组成部分之一. 确保网络设备, 系统, 和 安全 mechanism settings comply with 安全 policies, 最佳实践, 遵守标准, you must methodically manage 和 regulate those configurations.

固件管理

网络配置管理和固件管理齐头并进，因为网络设备固件对整体效率至关重要, 安全, 以及网络的功能. Firmware updates are 系统atically applied, 测试, 和 documented in a controlled manner, minimizing risks associated with outdated or vulnerable firmware configurations.

Network Configuration Management vs. 网络配置监控

取决于你选择的工具, network configuration monitoring can be thought of as a subcategory of network configuration management.

例如，在 Entuity, Park Place’s Network monitoring software, 网络配置监视使用相同的通信自动化引擎来执行与设备的对话，目的是指示它们检索其配置文件。. 这些文件可以拉回网络配置管理软件进行分析和潜在的存档. This allows for the automated archiving of configuration files with a history of changes.

当检测到更改时，Entuity保留了旧网络配置的备份副本，因为最新版本的配置可以定期更改. 这允许在控制台中查看文件，并允许检索存档的副本. 例如, reinstalling an older copy so that the configuration version can be effectively rolled back is available.

This is also important in case of hardware failures which require a device replacement. 要在替换设备上安装，需要故障设备上最新配置的副本. The automated archive of configurations is essential in case it’s needed at a moment’s notice.

How to Evaluate Network Configuration Management Tools

选择最适合您公司需求的网络配置管理套件需要仔细评估. An informed decision is based on functionality, 特性, 易用性, 可伸缩性, 安全及更多.

1. 报告能力

Reporting is tied into configuration management 和 monitoring; a list can be gathered of all the devices for which your company is monitoring configurations 和 tell which ones are currently failing. There are policy checks on which devices are failing to upload configuration files, 哪些是成功的.

2. 特定于供应商的对. 多供应商

市场上的一个区别是硬件供应商提供了一些网络设备配置管理工具, 和 they are only applicable to that vendor’s equipment. 然后，还有一些工具可以从与供应商无关的第三方(如Entuity)获得，这些工具属于多供应商范围.

今天, if a company already has a certain vendor’s equipment, then there’s a temptation to go with their software. If there is any possibility that new equipment might be introduced, either because of a personal decision or because of a merger or acquisition, this will make it difficult to address the wider set of device requirements.

3. 策略合规性监察

Network configuration compliance implies checking against a centralized company policy. 每个公司都有策略检查功能，允许检查现有配置文件中的模式. If a required pattern can’t be found, an alert is raised. Alerts may also be raised if a pattern exists that should not, as this could lead to a 安全 problem.

An example of this is a public community string in SNMP. If a public community string is being used, that is breaking the first rule of network device 安全. The same goes for management protocols; the default access password should never be put on a production device because it is a 安全 hazard.

这些策略可以由客户调整和定义，如果需要，也可以在不同的设备上单独执行. 这是一种发现由未被注意到的配置更改引入的问题的方法. Every time configuration files are uploaded from a device, a policy check is performed 和 any deviations from the design policy rules will be reported.

4. Automated Remediation/Rollback of Policy Failures

网络配置变更管理(Network Configuration Change Management, NCCM)包括检测变更，还包括使用回滚到最近的“良好”配置等技术来修复策略失败. So, if someone would make a change that failed the policy check, it would automatically roll back to the previous version.

从历史上看，许多组织不希望管理员对其配置进行自动化更改, but different organizations have different opinions about automation.

Network Configuration Management 十大赌博正规老平台 at Park Place Technologies

Park Place Technologies可以有效地为您的公司管理网络配置，同时优先考虑遵从性, 安全, 以及网络运营. By implementing a network configuration management service, 网络管理员有更多的时间用于数字化转型项目，从而实现更强大的数据中心.

If you have in-house talent 和 are looking for an award-winning enterprise network management software、Entuity软件^TM 这个解决方案适合你吗.

Alternatively, if your team is already stretched too thin, our IT infrastructure management services 能帮你消除IT方面的琐事吗. 借助我们强大的监控技术和24×7企业运营中心(EOC)工程师, 我们将密切关注您的网络资产，并定期应用更新和关键维护.