Network Governance And Build Standardization

• Archiving – All run logs will be saved and archived in a preset location on a dedicated network share. The run logs will list all scanning activity and the status of all discovered and polled devices.  These logs will be vital for reconciliation purposes and provide an excellent audit trail for network portfolio management.
• Encryption And Security - Device configurations will be saved in an encrypted format in a secured area of the network.  This will be important especially if items such as TACACS logs are being backed up and persisted.
• Robust Version Control - Configuration changes pertaining to each device will be maintained as separate versions that are stored in a mutually exclusive logical silo, differentiated from each other by scan date/time.  Safeguards must be taken so that changes between any two versions will be easily identified in side-by-side comparisons.  Network administrators often have a need to quickly recover a device’s past configuration information (previous build versions) and repair critical misconfigurations; also they must have the ability to effortlessly rollback to a previous “safe” configuration when a device failure or exception is detected.
• Email Notifications – Real-time email notifications will be sent upon the detection of device and configuration anomalies. These emails will be categorized and tagged with various levels of severity and criticality so that the seriousness of each can be immediately ascertained and prioritized.
• Audit Reports - Through a dashboard front-end, detailed audit reports will be available.  Audit records can contain a list of all configuration changes performed, with details such as who performed the operation, timestamps and the result of the operation.  A variety of standardized output formats (XML, CSV, etc.) will assure that the report data can be shared and integrated with other software applications and analysis tools.

5 Steps To Governance Of A Standard Build

With automated discovery software, the workflow for device change management should remove much of the human error associated with build governance.  For starters, I recommend that infrastructure departments conform to the following simple five-step progression:

1. Classification – Scanning software notices an incident that requires the attention of a network administrator
2. Evaluation – The problem is socialized and the best solution proposed
3. Documentation – A help desk ticket is produced
4. Resolution – The problem is fixed and a follow-up deployment commences
5. Maintenance – Future feedback loops (discovery and IT audits) enforce ongoing conformity

Conclusion

For most network administrators, enterprise networks have progressively become more complicated and difficult to manage.  While automated discovery agents and device scanning software has greatly reduced the manual effort required to enforce standardized configurations and builds for network devices, such software needs to be carefully optimized and retrofitted into existing network topologies and change management methods.  Periodic audits should take place to make sure that standard build governance is working as expected and that the licenses for all discovery, dashboard and encryption software is up-to-date and priced attractively.  Audits should be conducted with the expectation that potential improvements in workflow will be identified and suggested, and that all configuration and standard build information is accurate, complete and secure at all times.

About the Author

William Laurent is one of the world's leading experts in information strategy and governance. For 20 years, he has advised numerous businesses and governments on technology strategy, performance management, and best practices�across all market sectors. William currently runs an independent consulting company that bears his name. In addition, he frequently teaches classes, publishes books and magazine articles, and lectures on various technology and business topics worldwide. As Senior Contributing Author for Dashboard Insight, he would enjoy your comments at wlaurent@williamlaurent.com

Copyright 2010 - Dashboard Insight - All Rights Reserved.