Config Compliance Check

Basic Principles

Configuration conformity in network devices (independent of manufacturer), as well as the assurance that safety and security guidelines have been complied with, has been gaining in importance when operating corporate-wide networks.

International guidelines such as SOX, ITIL, etc. require verifiable and accountable proof of conformity to corporate guidelines that are not simply based on "good faith“. ERAMON CCC provides network administrators with a tool that enables them to reliably execute these tasks and issues auditable proof to that effect.

In the course of this, CCC analyzes the configurations of devices monitored by ERAMON while applying pre-defined sets of rules. The example below examines a configuration for the presence of the “172.22.10.10” ntp server:

Rulesets

These rulesets are the result of those previously specified and binding corporate guidelines. Within these sets of rules the network administrator can determine which configuration commands are permitted in the configurations, as well as their frequency and/or content. The ruleset is defined by regular expressions, while also allowing the configuration in question to be searched in sections. CCC then monitors the conformity of the current configuration and will send an alert in the event of errors to the responsible member of staff (event, e-mail, etc.).

ERAMON not only covers the technical aspects of this task, such as the transmission of error alerts or configuration violations to ensure their appropriate clearance, but it also supports corporate processes, e.g. service assurance, with appropriate reports and direct integration into workflow systems. Using ERAMON CCC and other supporting modules from the NMS range would therefore provide you with measurable proof of successful changes, for example, within the corporate-wide change management.

CCC-Template

 

Highlights
  • Reports for the technical and commercial sections (revision)
  • Alerts of recognized violations by e-mail, SMS, etc.
  • Prioritization of violations
  • Commencement of check, either manually or scheduled
  • Several rules can be pooled into one job thus requirements from various sectors can be checked in a single step
  • Perl conform Regex’s can be used
  • Automatic grouping of devices which had errors in their configurations
  • Integration into workflow systems is possible
  • Manufacturer-independent – can be used for all manufacturers working with text-based configurations
  • Ease-of-use and comprehensive sets of rules to set up the configuration guidelines that are to be applied