IT governance remains a slippery slope for technology managers the world over, despite drastically increased awareness on IT governance matters. For directors of IT infrastructure and network services, the challenge of achieving a governable and transparent environment - one where assets and their configurations are effectively tracked and change is properly managed - lingers on in perpetuity.
While many infrastructure departments have made decent advances in portfolio management, the enforcement of enterprise-wide standards on device builds and configurations of network hardware is far too often subject to failure. Nevertheless, having a consistent and enforceable build-out standard for network routers and switches is a primary prerequisite that will enable infrastructure directors to achieve much higher levels of customer support and ROI for their most critical network components.
The ability to consistently carry out a robust standard build strategy will result in a drastic decrease in the costs required to run and maintain a corporation’s web of wide-area and local-area-networks (WAN and LANs), from both reactive and proactive perspectives. The preferred approach to realizing build standardization for network equipment will rely on three distinct components:
- The reliable storage of all configuration parameters
- An intelligent discovery process that will scan networks for network assets and capture vital details about their configuration parameters and state
- A dashboard approach to viewing, tracking and reporting on build configuration and build history
With respect to the above: Without a proper supporting physical architecture and methodology for actualization, future network change management and configuration management/asset tracking efforts will fall short of their goals.
- There will be an interminable and immutable inability to perform impact and change analysis.
- Routine troubleshooting and problem resolution will burn endless cycles due to information discovery cycles that are not repeatable or documented.
- Network availability will be lowered; performance issues will gradually increase, in both geographic scope and resolution time.
- Network costs will be much higher than required, due to the proliferation of unneeded devices or the inability to properly decommission unused devices in a timely fashion. It will also be much more burdensome to diagnose poorly performing network components.
- Security risks to all enterprise networks grow exponentially.
The primary means of compliance monitoring will be effectuated by the use of automated (discovery) software which will identify deviations from network build standards and capture configuration data about devices on all enterprise network subnets. (For those new to this concept, the most popular of these automated solutions is CiscoWorks by Cisco Systems Inc. - www.cisco.com.).
Discovery software will serve as a catalyst for all network change management workflow. All discovery data will be saved to a secure but accessible data store and be viewable (sliceable and diceable) through a dynamic dashboard interface. The dashboard should also serve as a process control center and job scheduler for all discovery processes; likewise, it should allow network administrators to perform incremental discovery and scan processes in a highly customizable convention. Finally, the entire configuration history for all scanned network devices will be viewable via the same dashboard. It is important to make sure that all incremental backups of device configurations and associated metadata are fully encrypted and archived/backed-up on a secured SAN or NAS.
When evaluating discovery software and dashboards, exception handling and error routing functionality must never be overlooked. Network discovery processes will generate a fair share of exceptions - pointing out what configurations deviate from corporate standards and what assets are underperforming or are experiencing issues - and generate timely alerts to network administrators when “discovered’ items do not match or conform to expectations.
In general, automated network asset discovery must incorporate the following functionality in order to ensure seamless compliance and conformance with (router, switches, etc.) build standards: