Help Docs

Site24x7 Network Configuration Manager

Site24x7's Network Configuration Manager (NCM) is a multi-vendor network device change and configuration management solution that helps continuously track and alert on configuration changes, compare configuration versions, perform audits, restore configurations, and automate device configuration backups. 

When device configurations are changed, you can get instant alerts via email, SMS, voice calls, or third-party integrations like Jira, Zapier, Slack, Microsoft Teams, ServiceNow, and more. 

Prerequisites

Ensure you have On-Premise Poller version 5.2.0 or above. You can manually upgrade to the latest version if you haven't already.

System Requirements

Explore the system requirements for installing the On-Premise Poller to start using Network Configuration Manager.

How it works

When a device wakes up, the startup configuration runs. For every change in the running configuration of the device, the changes must be copied to the startup configuration of the device. When a network device is added for monitoring, Network Configuration Manager tracks the changes in the configuration and keeps a backup of the change in the cloud. Network Configuration Manager also notes the differences between the configuration changes and triggers an alert to the end user about the change.

Enabling Network Configuration Manager

  1. Log in to your Site24x7 account.
  2. Navigate to Network > NCM > Settings.
  3. On the Manage NCM page, choose an On-Premise Poller from the drop-down.
  4. Toggle to Enable. Wait 5-10 minutes.
  5. Navigate to Admin > On-Premise Poller and ensure that the On-Premise Poller and the network module are running.

Adding devices to Network Configuration Manager

  1. Navigate to Network > NCM > NCM Devices(+). Alternatively, navigate to Admin > Add Monitor > Network > NCM Device.
  2. Enter the following fields:
    • Display Name: Provide a display name to identify the Network Configuration Manager monitor.
    • Host Name/IP Address: Enter the hostname or IP address of the device.
    • Vendor: Choose the device vendor from the drop-down.
    • Device Template: Choose the device template from the drop-down. Device Templates define the set of commands to connect, back up, restore, or perform other operations on a device. It is essential to select the correct Device Template for all operations to run properly.
    • Protocol: Choose SSH, SSH-SCP, SSH-TFTP, Telnet, or Telnet-TFTP from the drop-down to connect to the device. We use these protocols to fetch the device configuration.
    • Primary Credential: Choose the primary credential for device authentication or add one by clicking +.
    • SNMP Credential: Choose the SNMP credential of the device from the drop-down or add one by clicking +.
    • Check Frequency: Select the frequency of configuration backups. This determines the frequency at which a backup is taken for a device configuration.
    • Monitoring Locations: Choose an On-Premise Poller to serve as a monitoring location.
  3. Click Test and Save

Viewing devices on Network Configuration Manager Devices Dashboard

You can view the devices being monitored by Network Configuration Manager from the Network Configuration Manager devices dashboard.

To view this page: 

  1. Log in to your Site24x7 account.
  2. Navigate to Network > NCM > NCM Devices.
  3. Click the Network Configuration Manager device for which you wish to view the dashboard.

Network Configuration Manager credentials

The NCM Credentials section provides an overview of various credentials associated with your networks or devices. The supported credentials are SSH, Telnet, and SNMP v1, v2, and v3. You can view, edit, or delete the associated credentials from the network devices.

Perform the following actions in this section:

  • To associate a new credential, click Add Credential on the top-right corner of the page. Follow the steps in this help documentation to add the correct credentials to your network device.
  • To edit the already associated credential, click the pencil icon pencil iconfor the respective network device under the Action column. Make the necessary changes and click Save Credential.
  • To delete the already associated credential, click the garbage bin icon garbage icon for the respective network device under the Action column. Click Delete in the Delete Network Credential pop-up.
    NCM credentials
    Figure 1. NCM Credentials view

Current Configurations

The device configurations section lets you view the current device configuration information, like the running and startup configurations discovered by the Network Configuration Manager. Major details displayed include the Monitor Name, Type, Version, configuration capture date (Captured On), and Change Type of each device configuration in your network.

The Action column lets you perform various actions on each device configuration, including Set as Baseline, Mark as Authorized/Mark as Unauthorized, Edit Description, Compare with Baseline, Compare with Startup/Compare with RunningCompare with Previous, Compare with Any, or Upload Configuration. Click the hamburger Hamburger Icon icon in the Action column to view these options. This way, you can track your device configurations and take necessary actions if any discrepancy is found.

  • The Baseline configuration version is a reference configuration that works correctly according to your organizational requirements. It can be used as a benchmark to compare other versions of the configuration.
  • Unauthorized configuration versions are those where the exact source of change is unidentifiable.
  • If the changes have been made by an authorized source or the network administrator within your organization, you can mark the configuration version as authorized.
  • You can also mark a configuration version as unauthorized if an unauthorized person or activity within your organization makes changes to the device configuration. 

NCM Current Configurations view
Figure 2. Current Configurations view

All Configuration Changes

An overview of all the changes, including the list of historical configuration changes for each device, is listed in the All Configuration Changes section. Whenever a device or network associated with a monitor has a configuration changed, its details like configuration type, version, date of capture, and change type are tracked. You can view, analyze, track, and take action on the historical configuration changes for each device discovered by the Network Configuration Manager.

Various actions that can be performed on a configuration change include Set as Baseline, Mark as Authorized/Mark as Unauthorized, Edit Description, Compare with Baseline, Compare with Startup/Compare with Running, Compare with Previous, Compare with Any, or Upload Configuration.
All Configuration Changes
Figure 3. All Configuration Changes view

Compare Configurations

You can compare and analyze the configuration changes made to your device using the Compare Configurations feature.

Select the device, configuration type, and version for L.H.S and R.H.S. The Changed Date section shares insight into when the configuration was changed.

Compare Configurations
Figure 4. Compare Configurations

Firmware Vulnerabilities Dashboard

View all the firmware vulnerabilities in your NCM devices, sort them as needed, and 
verify if any patch fixes are available on the firmware vulnerabilities dashboard. Search vulnerabilities according to CVE ID, CVE Type, Severity, Exploit Status, or Description for faster access to a record.

The firmware vulnerabilities are classified as Critical, Important, Moderate, and Low to know which record requires your first attention quickly. You can also view all the vulnerabilities according to exposed devices or version distribution. 

Network configuration compliance

Network configuration compliance helps safeguard your networks against potential threats and ensure adherence to industry standards like Cisco IOS, SOX, HIPAA, the PCI DSS, or any custom organizational policies. To ensure compliance with network configurations, our network configuration management tool performs a compliance check whenever a configuration file is backed up and identifies non-compliance based on established policies that contain rule groups and rules. Accordingly, network administrators receive alerts based on their threshold settings. 

Related Articles

Troubleshooting Tips

Was this document helpful?

Shortlink has been copied!