free training on ncm - discovery & disaster recovery
TRANSCRIPT
• Manual Configuration changes
• Faulty configuration changes.
• Unplanned, unauthorized configuration changes to their network devices
• Business needs demand frequent, quick configuration changes. Task becomes complex when multiple administrators manage devices from multi-vendors.
• Keeping track of configuration changes
Why is a tool needed for configuration management?
NCM offers a perfect solution for all the above issues:
• Designed to automate the entire lifecycle of device configuration management.
• Process of changing configurations, managing changes, ensuring compliance and security are all automated.
•Helps in ensuring high levels of security in the network
What does NCM do?
Minimum system requirements
2.4 GHz dual-coreprocessor, or
equivalent
12GB RAM 50GB storage PostgreSQL/MSSQL Windows/Linux
The above given specifications are for an environment with 1000 devices. Refer: System requirements
Agenda
• Initial setup
• Device discovery & templates
• Credentials
• Configuration backups & upload
• Real-time change detection & change management
• Disaster recovery
Pre-requisites: Ports & Protocols
Protocols:
SSH, SCP, TFTP
Ports:
69 – TFTP | 22 – SSH/SCP | 514 – Syslog
13306 – Postgres database | HTTP (80 Default web port)
Device templateWhat are device templates and what are they used for?
Device specific configuration commands : • Configuration backup• Configuration upload • Enable/disable syslog change detection• Fetching hardware information
Device discoverySNMP Request
SysOID
SNMP Profile
V1, V2, V3
NCM Discovery
Add device & associate with corresponding device
template
Match received SysOID with
default/custom SysOID
Match found
Match not foundDevice not
added
‘Device is not responding for SNMP requests’
Common causes:
The device is reachable yet not responding:
- Incorrect SNMP read community
- Disabled SNMP in the device
Possible error:
Device not addedCommon causes:Device reachable & SNMP community is correct but still device is not getting added:
1. Device SysOID not mapped with any device templateFix: Add sysOID to device template at SysOID finder in settings.
Possible error:
2. No default device template is available in NCM for the particular device type
Fix: Add/clone new device template.or Contact NCM support
Manual device addition
Single device- IP Address/Hostname
- Vendor
- Device template
Bulk addition-CSV File import
Format: <Hostname/ IP Address>,<Device Template Name>,<Series>,<Model>
Backup credential
Possible combinations of protocol for backup:
• SSH/TELNET
• SSH - TFTP / TELNET - TFTP
• SSH - SCP
• SNMP - TFTP
SSH / TELNET
SSH / TELNET
Device configuration
Encrypted configuration
stored in database
Configbackup
commandsNCM
SSH/TELNET - TFTP
TFTP Server
Config backup commands
Config file transfer using TFTP
Encrypted configuration file
stored in DB
NCM
SSH/TELNET -TFTP
SSH - SCP
SCP Server
Config backup commands
Config file transfer using SCP
Encrypted configuration file
stored in DB
NCM
SSH - SCP
SNMP - TFTP
SNMP Request for config backup
Configuration file transfer using TFTP
TFTP Server
Encrypted configuration file
stored in DB
NCM
How to provide credentials?
Refer: https://download.manageengine.com/network-configuration-manager/Device-Expert-Credentials-Tutorial.pdf
Credentials are valid but file transfer is failed
Common cause:
1. TFTP or SCP servers have not been started.
Fix: Check running status of TFTP or SCP servers in NCM server settings. (69 & 22)
2. Timeout due to config file sizeFix: Increase backup timeout value in the corresponding device template.
Possible error:
Configuration backup
• Why should you backup?
• Instant (Single & Bulk)
• Real-time change detection
• Scheduled
Real-time change detection
• What is it? Configuration change madeConfiguration change made
Configuration backup
• Why is it important?
• How does it work?
We don’t support Enable Change Detection for this device.
Common cause:
NCM doesn’t support syslog for the particular model.
- Fix: Enable syslog by connecting to the device and executing the enable syslog commands manually.
or
Contact NCM support.
Possible error:
Change detection is enabled but change is not detected
Common cause:
When the device & NCM support syslog,
- Mismatched ports
- Check NCM syslog server running status in NCM server settings
Possible error:
Schedule failure
Common causes:
1. Overall schedule execution time is exceeded 5 minsFix: Increase execution time in system properties.
2. More than 500 devices being scheduled at one go
3. Less than 1/2 hour time difference between the scheduled run times
4. Particular device credentials incorrect.
Backup failure
Common causes:
1. Credentials are changed or invalid.
2. Ports blocked or TFTP/SCP server not started• Check port 69 & 22 (TFTP & SCP) in NCM server settings
3. Huge config file • Fix: Change the timeout settings in the corresponding device template.
4. Unsupported backup commands
• Edit the commands in device template or create a new device template by cloning the closest template.
Change tracking, versioning, & history
• View all changes made in a device
• Automatic configuration versioning
• Know the who, when & what of each change
• Know the historical change trend of a device
• View the number of modified, deleted & added config lines
Compare configurations
• Compare different versions of same device
• Compare different devices configurations
• View colour coded differences: added, modified & deleted
Disaster recovery
What’s a disaster in networks?
• A network outage• A security breach• Performance degradation of
business critical services and applications
How to be prepared?
• Baseline configuration
• Startup/running sync
• Change notification & rollback
• Export configuration | Upload draft
‘We don’t support upload feature for this device’
Common causes:
• TELNET/SSH protocol doesn’t support upload
• Fix: Edit the credential and Change the protocol from
SSH, TELNET to SSH - TFTP, SSH - SCP , TELNET -TFTP
depending the devices.
• When SCP/TFTP protocol is used:
• Device vendor supports but NCM device template
doesn’t have upload commands for the specific device.
• Fix: Clone/create a new device template with
suitable SCP/TFTP commands
or Contact NCM support
Possible error:
‘Upload failure’
Common causes:
1. Command timeoutFix: Change timeout in device template command settings for the device type.
2. Based on the protocol, check the running status of TFTP & SCP servers in Server Settings.
Possible error:
Startup/running sync
• Why is it important? • Loss of changes made in running
configuration during device reboot
• How NCM helps?• Detects conflict
• Sync configurations
‘Change happens, but startup-running conflict is not detected by NCM in real-time.’
Common cause:
Disabled real-time change detection.
Fix:
- Enable change detection if syslog is supported.
- If syslog is not supported, the startup-running conflict will be detected and reported after the next successful schedule backup or manual backup operation.
Possible error:
Change notification & roll back
Configure change notifications• Email
• SNMP Trap for change event
• Trouble ticket
• Generate syslog message for change event
Associate notification profile to devices/device groups.
• Roll backTo previous versionTo baseline version
Part 2 on 11.30AM EST | 30th JanuaryAutomation, notification, compliance & reports
Agenda: • Scheduling configuration tasks
• CLI Configlets
• Compliance (PCI and others)
• Role based Access control (change approval)
• Notification & Alerts
• Reports
Let’s keep in touch!
https://www.youtube.com/channel/UCHLusaahd4nS9esD3xBVeUQ
https://forums.manageengine.com/network-configuration-manager