SMarts Network Manager Fundamentals

Welcome to Smarts Network Configuration Manager Fundamentals.
.
Copyright 1996, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 EMC Corporation. All Rights Reserved.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY
KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY
OR FITNESS FOR A PARTICULAR PURPOSE.
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC2, EMC, Data Domain, RSA, EMC Centera, EMC ControlCenter, EMC LifeLine, EMC OnCourse, EMC Proven, EMC Snap, EMC SourceOne,
EMC Storage Administrator, Acartus, Access Logix, AdvantEdge, AlphaStor, ApplicationXtender, ArchiveXtender, Atmos, Authentica, Authentic
Problems, Automated Resource Manager, AutoStart, AutoSwap, AVALONidm, Avamar, Captiva, Catalog Solution, C-Clip, Celerra, Celerra
Replicator, Centera, CenterStage, CentraStar, ClaimPack, ClaimsEditor, CLARiiON, ClientPak, Codebook Correlation Technology, Common
Information Model, Configuration Intelligence, Configuresoft, Connectrix, CopyCross, CopyPoint, Dantz, DatabaseXtender, Direct Matrix
Architecture, DiskXtender, DiskXtender 2000, Document Sciences, Documentum, elnput, E-Lab, EmailXaminer, EmailXtender, Enginuity,
eRoom, Event Explorer, FarPoint, FirstPass, FLARE, FormWare, Geosynchrony, Global File Virtualization, Graphic Visualization, Greenplum,
HighRoad, HomeBase, InfoMover, Infoscape, Infra, InputAccel, InputAccel Express, Invista, Ionix, ISIS, Max Retriever, MediaStor, MirrorView,
Navisphere, NetWorker, nLayers, OnAlert, OpenScale, PixTools, Powerlink, PowerPath, PowerSnap, QuickScan, Rainfinity, RepliCare, RepliStor,
ResourcePak, Retrospect, RSA, the RSA logo, SafeLine, SAN Advisor, SAN Copy, SAN Manager, Smarts, SnapImage, SnapSure, SnapView, SRDF,
StorageScope, SupportMate, SymmAPI, SymmEnabler, Symmetrix, Symmetrix DMX, Symmetrix VMAX, TimeFinder, UltraFlex, UltraPoint,
UltraScale, Unisphere, VMAX, Vblock, Viewlets, Virtual Matrix, Virtual Matrix Architecture, Virtual Provisioning, VisualSAN, VisualSRM,
Voyence, VPLEX, VSAM-Assist, WebXtender, xPression, xPresso, YottaYotta, the EMC logo, and where information lives, are registered
trademarks or trademarks of EMC Corporation in the United States and other countries.
All other trademarks used herein are the property of their respective owners.
Copyright 2013 EMC Corporation. All rights reserved. Published in the USA.
Revision Date: November 2013

Revision Number: MR-1WN-NCMFUN.9.2.1
Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.
Smarts Network Configuration Manager Fundamentals
This course covers EMCs Smarts Network Configuration Manager solution, its architecture,
features, and functionality. Also discussed are some hardware and software options, as well as
key management options and capabilities of NCM.
This module focuses on an introduction to the Smarts Network Configuration Manager (NCM)
solution, its main benefits, and some key use cases.
Todays businesses are focused on managing valuable information while at the same time
mitigating potential risk from it. Corporate infrastructure information needs to be protected
from compromise, retained according to corporate requirements, and be available in the event
of discovery requests or for general business use.
Network Configuration Manager is a network configuration management tool that gives you
the power to quickly, easily, and accurately design, modify, and maintain networks, using an
intuitive graphical network view.
Network Configuration Manager automates complex and routine engineering tasks, such as
adding devices and connections, with drag-and-drop simplicity.
Using real-time auto discovery of network devices including logical and physical topology
information, Network Configuration Manager provides a proactive configuration management
approach.
NCM incorporates automated monitoring of compliance, change, and configuration
management. It delivers industry-recognized best practices and ensures compliance with
corporate and regulatory requirements, enabling you to ensure the security, availability, and
operational efficiency of your network.
Smarts Network Configuration Manager is designed to fully support all phases of the network
change management cycle.
Network Change Identification, begins when a change is made to a network device. Network
devices are auto-discovered, then a baseline of known-good device states is established. This is
done for the entire managed network. Any change that is made is a deviation from this
baseline. NCM can also be used to design changes, or to capture changes made outside the
management application as well.
Validation occurs once device changes are complete. All changes must be validated.
Validation will determine if the change has caused the device to be out of compliance with any
of the compliance rules governing the site. NCM is then used to update the status of network
devices following the change.
With Compliance Violation Recognition devices are audited every time a change is detected.
If the device is out of compliance, then NCM will report the detected compliance violation.
Automated Remedy occurs if a remedy has been established for violations to the compliance
rule that the device change has broken, then a job can be scheduled to remedy that
compliance violation. If a remedy has not been pre-set, NCM can be used to remediate the
violation by pushing out another change to the device, or by rolling back the device to an
established known compliant state.
Change management affects the infrastructure the most. Without proper change management,
it is nearly impossible to implement the proper controls necessary for successful configuration
management. It is important to eliminate uncontrolled access, and lack of change oversight
with strong workflow validations and structured methods for change approvals. Controlling and
automating change management is key to reducing network outages.
Once effective change management is in place, configurations can be evaluated using
predefined tests, set into standards, and policies. These can be employed through the use of
configuration templates that assure each new configuration change is error free and meets all
practices, standards and security policies. Thus promoting strong corporate governance and
high degrees of operational efficiency. Finally, the combination of both allows the creation of
audit trails that answer the following questions:
Who made the change?
What change was made?
Where within the infrastructure was the change made?
When was it made?
And, most importantly, can we reverse it if necessary?
When making a configuration change without Network Configuration Manager, network

engineers must manually backup the original configuration, create a new configuration, and
push out the change. Then they must validate their work by running diagnostic tests, write the
change to non-volatile RAM, back up the new configuration, and document the configuration
change. Without a change management system in place, most if not all of these steps are
performed manually and are thus subject to human error.
Network Configuration Manager automates the steps needed for configuration change control.
Backups of the original configuration of each device are stored by NCM.
When changes are required, the Automation Library automates most changes through the use
of best proactive templates with variable validation.
This automation can help perform commonly repeated IT network management tasks in a
fraction of the time it would take to perform them manually.
Automation also enables the network management team to meet the ideal frequency of
credential and OS updates.
Without NCM, network engineers must find compliance violations before they cause a
disruption in the network or violate a regulatory requirement. Before the engineer can find
compliance issues, the relevant industry and regulatory standards must be known and
evaluated against running configurations. Once a violation is found, a remedy must be
constructed for the violation which performs all of the steps required to write a new
configuration for each affected system in the network, including the device that had the
original violation.
NCM provides a library of compliance tests for network devices, as well as the Payment Card
Industry (PCI), compliance reporting tool. Each time a device is changed, NCM will pull the new
configuration and test it against a pre-configured compliance test. If the device does not pass
the prescribed test, the device will be marked as non-compliant, so that appropriate steps can
be taken.
Smarts Network Configuration Manager Fundamentals 10
The Smarts Network Configuration Manager provides an effective solution to network

infrastructure change and compliance management by spanning governance and compliance,
network engineering, and day-to-day operational responsibilities. The Change management
and auditing is achieved by maintaining a history of all hardware and configuration changes as
well as the ability to recognize device configuration discrepancies by comparing running and
startup configurations.
Operational management of network devices is accomplished by providing for device OS
upgrades and configuration updates including the ability to roll back any needed changes.
Compliance and governance reporting is provided by evaluating configurations against
industry and regulatory standards for configuration compliance such as Defense Information
Systems Agency (DISA), PCI, and others.
Change management process definition is used in NCM to create both small and large updates
that may be automated through the use of job scheduling, with approvals required for
accountability.
System integration allows NCM to access data from and pass data to Smarts managers,
authenticate using RSA SecureID, and integrate with Watch4net for additional reporting.
Smarts Service Assurance Suite is a suite of software for unified infrastructure management
across network, storage, and servers that helps provide service assurance for the availability
and performance of applications and services. It also manages and monitors virtualized and
cloud environments, and the new software-defined data center.
SA Suite products help you visualize and understand the complex, fast-changing relationships
interconnecting physical and virtual IT infrastructure components of compute, network, and
storage levels, making infrastructure management less complex and service assurance a reality.
SA Suite can also analyze infrastructure management information for availability, performance,
and configurations, enabling service assurance by quickly identifying root causes and risk
conditions, and resolve issues before business impact and SLA violations occur.
SA Suite will optimize the infrastructure management environment and control costs with endto-end performance and capacity management and reporting, that helps enable service
assurance.
The Service Assurance Suite is a bundle of products and functionality, which includes the
Smarts products, the Watch4net products with SolutionPacks, and the Network Configuration
Manager products, orderable as a single part number.
The Smarts Network Configuration Manager fulfills these recognized infrastructure

management areas in many ways.
To enhance understanding and visualize the complex fast-changing network infrastructure,
and to alleviate the complexity, NCM provides extensive reporting via standard preset reports
like inventory, analysis, and problem reports. Additional reports are available via Report Advisor
integration with Watch4net and the Smarts managers, for consolidated infrastructure reporting
across all domains.
Analysis within NCM revolves primarily around change management and compliance
validation. NCM provides automated support for all facets of the network infrastructure
lifecycle, seamlessly integrating critical design, change, and compliance management
requirements.
Optimizing network operations involves the creation of efficient network designs, thoroughly
tested configurations, and automated processes to deliver configurations across numerous
devices to assure reliability, availability, and compliance with corporate rules, industry
standards, and regulatory mandates.
This module covered an introduction to the Network Configuration Manager, how it automates
network engineering tasks, and continuously monitors devices for changes and compliance.
We learned the main benefits of NCM are automation of change management, compliance
validation, and remediation. We were also introduced to the Service Assurance Suite of
software for network management including the Smarts products, Watch4net, and the
Network Configuration Manager.
This module focuses on the architecture of Smarts Network Configuration Manager and
identification of its key components. A description of NCM combined with Smarts and
Watch4net components emphasize the usefulness of the combination in a tightly integrated
Service Assurance Suite.
The main architectural components of an NCM installation are the Application, Database,
Report and Device servers. Although these servers are depicted here as an all in one physical
device, they can actually be distributed in several different fashions, both physical and virtual.
NCM is accessed for management using the web based NCM client which is downloaded by
accessing the Application server. Once downloaded, the Client may also be used to access the
other Servers.
The Application Server is the master server that provides the Graphical User Interface (GUI),
and coordinates with the device server to communicate with discovered network devices. The
Application Server can manage one or many Device Servers, which in turn can manage
thousands of devices. The Application Server is usually centralized in the infrastructure.
Alternatively, there can be additional Application Servers in an inactive state for backup and
disaster recovery purposes.
The Database Server manages all the data used by NCM. A local database refers to a
database that is installed on the same physical sever as the application server. A remote
database refers to a database that is installed on a dedicated physical server.
The Report Server is the server that hosts the Report Advisor application and is used to access
the numerous provided reports as well as any customized reports that may be created.
The Device Server is the communication portal between the Application Server and the
managed network devices. Device Servers may be distributed throughout the network, and
use industry standard techniques that do not require use of specialized agents to collect
information. The Device Servers communicate data back up to the Application Server through
an encrypted pipe. At setup, the Device Server registers itself automatically with the
Application Server.
Devices are the actual network devices in the infrastructure that can be managed by NCM.
In a combination server installation, all NCM components are installed on one physical or
virtual server. This would include the Application, Device, Database, and Report Servers.
This implementation has numerous scalability limitations and is primarily meant for managing
small infrastructures. Always consult the latest Smarts Network Configuration Manager
documentation, available on EMCs Support web site, for the most current information on
scaling and sizing considerations when designing a NCM implementation.
The Distributed architecture installation allows for NCM server components to be installed on
independent physical or virtual servers. The core application must be installed on each
individual server. The installation script prompts for the components that should be installed.
For example, if you are installing a distributed server configuration, with separate Application
Server and Device Servers, you must first install NCM on the Application Server, and then install
it on the Device Servers. At setup, the Device Server registers itself with the Application Server.
In the distributed model, if the Device Server cannot communicate with the Application Server,
this step fails and you must reinstall the Device Server.
This implementation provides one form of scalability. For example, running the database
process on another server frees up processing cycles for the application services. General sizing
information for most architectures is provided in the latest Smarts Network Configuration
Manager Release Notes and Installation Guide, available on EMCs Support web site.
Inventory and Baseline is provided through the use of Discovery in the creation of inventories
for the managed network, which includes the configuration details of devices on the network.
This information can then be used to baseline the infrastructure so that even after multiple
changes, an administrator can compare a current configuration with the original baseline
configuration to identify any discrepancies between the current state and the beginning state
of devices.
Security and Standardization provides NCM with a template library that customers can also
customize to address the types of errors that create service-impacting issues. This allows
companies to standardize network changes, so they can use less-skilled operators to repair
failed infrastructure configurations, and allow more-skilled people to focus on high-value
initiatives such as developing new service architectures.
Change Management determines how each change made to a network device that is managed
by NCM is captured and recorded, with all revisions maintained for auditing and forensic
analysis.
Audit and Compliance of network devices can be managed by a compliance policy which
checks every device change against a policy that identifies and evaluates specific conditions in
the device configuration. Device changes that fail the tests are marked non-compliant, and any
prescribed remedies to bring the device back into compliance are scheduled.
Design and Activation of the design workspace allows prospective designs to be evaluated and
tested before full implementation. The design wizards, templates and inventory management
allow very flexible testing prior to actual implementation.
The core product in the NCM suite is a model-based application which automates change,
configuration, and compliance management.
The Report Advisor is provided with the core product and provides an insight to the
underlying data gathered by NCM in a set of pre-configured reports. For example, reports can
be run to capture which devices have changed over a specified period of time, including who
made the changes. In addition, a variety of other reports can be easily accessed with
configuration and compliance considerations.
Compliance Advisor is an additional plug-in to NCM to enhance compliance by ensuring that
the state of network devices is in compliance with business standards and regulatory
mandates. It was the first advisor in a series to address mandates and regulations like PCI DSS
which reports compliance state of devices with regard to the Payment Card Industry Data
Security Standard (PCI DSS), and DISA which monitors compliance mandates for the Defense
Information Systems Agency.
Integration Modules, integrate NCM into existing Fault Management Solutions (FMS). The
following Integration Modules are currently available:
EMC Smarts Adapter which is included with the core NCM distribution
Watch4net Solution pack for NCM
Some other 3rd party FMS products
In cases where an integration module does not exist for a particular 3 rd party FMS, the Network
Configuration Manager provides customers with the ability to use the integrated event
framework and public API to deliver network data and status to any external source or
application.
Report Advisor which is included with the Network Configuration Manager, represents an
advanced application for creating reports. All information contained and viewable from the
results of running a report is stored in metadata tables within Network Configuration Manager.
Once a report is generated, the metadata which is based on the settings and parameters an
operator selects when creating or customizing a report, is quickly gleaned from within Network
Configuration Manager and then displayed as report results. Report Advisor offers the options
of running and viewing reports used most often, selecting from a listing of core reports to
quickly display report results, creation of your own Ad Hoc reports, and customization of report
results for your network and system.
The EMC Smarts Network Configuration Manager User Guide provides additional information
on the features and functions, and how to use the Report Advisor.
The Smarts Compliance Advisor helps IT managers ensure compliance of network devices with
prescribed standards by evaluating security, change control, and compliance enforcement of
regulatory standards.
Compliance Advisor provides adherence to the Payment Card Industry Data Security Standard,
and DISA STIG 1.1 standards for the Department of the Defense.
Smarts Network Configuration Manager integrates with two other applications of the Service
Assurance Suite.
The first set of adapters connects NCM to Smarts IP Availability and Performance Manager as
well as Smarts Service Assurance Manager, or SAM.
First , the topology adapter provides device synchronization and ensures that discovered
devices from NCM appear in Smarts, and visa-versa. It also provides SNMP credential
synchronization between the two solutions.
Second, the event adapter pushes NCM events to the SAM notification console. The integration
between NCM and Smarts provides a unified view of the operations of the network.
Integration of NCM with Watch4net provides historical reporting of configuration and
compliance statistics for the managed domain, as well as health and usage statistics of the
NCM solution.
This module covered the main components of the Network Configuration Manager including
the Application, Database, and Report servers, as well as the Device server which interfaces
with the actual network devices in the infrastructure. We also saw how these components can
be deployed in a single server architecture for small networks, or in a distributed architecture
across multiple, physical or virtual servers, for large infrastructures. Lastly we saw that NCM
can interface with many external system modules for additional network management
practices.
This module focuses on the key features and capabilities of the Smarts Network Configuration
Manager.
Managing todays complex networks is an ever increasing challenge. Smarts Network

Configuration Manager automates management from the design of a new network
infrastructure, through change, and implementation. Once implementation is complete, NCM
fully supports both local and industry standard best practices and security requirements.
NCMs use of a virtual design workspace allows creation of new infrastructure design or
modification of current designs by allowing the creation of a virtual network that has all the
necessary connections simulated and includes the configurations. Elements in the workspace
can be evaluated for proper configuration and compliance with both internal and industry
required standards.
This capability supports rapid creation of error-free large-scale infrastructure designs that can
be audited for compliance with policies and standards before the actual infrastructure is
deployed.
Once the design phase is complete, NCM automates the deployment of the design by
automating the configuration of the infrastructure as designed. NCM can deploy the design
using templates to push configurations to new devices or pushing changes to existing devices.
NCM can accomplish both routine change tasks and complex implementation tasks all the
while using ITIL compliant change processes, workflow controls, and approvals.
NCM can also adapt to local processes and procedures by integrating with popular
management solutions like the Smarts Service Assurance Manager.
Finally, NCM enables the design of tests that can be used for monitoring, enforcing, and
reporting strict adherence to complex policies and industry standards. It addresses nonstandard or unauthorized changes through the use of automated remediation and reporting to
return changed devices to an authorized running state. This enforcement can be expanded
across an infrastructure or used to selectively maintain strict adherence within a smaller
portion of a network.
NCM can demonstrate compliance through audit controls. It can report historical compliance
with policies in reference to the policies in place on any given date.
The Automation Library is used for creating and storing standardized templates, saved
commands, policies, compliance standards, and engineering metadata that can be used to
create customized tests and enforce your corporate best practices.
Elements of the Automation Library help satisfy design needs by providing components, that
are tested and known to be good, which can be readily imported into workspace designs.
Monitoring of devices is accomplished using tests or compliance policies in templates to
evaluate a devices current state against the currently defined desired running state.
Numerous elements from the Automation Library may be combined to create compliance
policies to satisfy either local requirements or industry standard requirements.
The Automation Library templates can be used globally, for all NCM managed networks, or
locally for selective management of any specific network.
The Schedule Manager View is used to observe job related operations. Any operation
performed by the server will be managed by the Schedule Manager before, during, and after
the operation is executed. Users may access the Schedule Manager to monitor a job as it is
executed. The status of a scheduled job is also displayed, and each job can be examined for
detailed results of tasks performed and the resulting state of the impacted device or devices.
During an operation, the Schedule Manager view is automatically refreshed to reflect changes
as the job is executed.
The Operating System Inventory is highly useful in both design and change management by
supporting the upgrade of Cisco IOS device operating system images through the Job Scheduler.
Images are conveniently located and maintained on an OS image server providing a

centralized repository for easy access and importing by the device servers when necessary to
update an existing device or configure a newly acquired device.
These images are used by the NCM application to verify network device OS details, design
new device rollouts, or to rollout a new OS configuration to supported devices. Each image is
described in the OS Inventory along with how it is accessed.
The Event Manager is a tool that records all activity related to the application, device jobs, and
security. It allows users to view and manage activities that have transpired on the network.
Events can be related to device events, system events, and security events. The Event Manager
can be used as an audit tool to identify what tasks were run when. The view is automatically
refreshed whenever new events occur.
Copyright
2011
EMC
Corporation.
Docopy
not -Copy
- All Reserved.
Rights Reserved.
Copyright 2013
EMC
Corporation.
Do not
All Rights
As mentioned earlier, the Compliance Advisor is specifically designed to address regulatory

standards and thus security concerns. This capability directly addresses the top three concerns
for migration to the cloud and the concerns foremost in the minds of IT infrastructure
managers as well. These concerns include meeting industry standards for governance,
infrastructure security standards, both locally defined and industry requirements, and
accessibility to critical information.
In the realm of transaction security, the preeminent standard is the Payment Card Industry
Data Security Standard (PCI-DSS) which outlines numerous standards for network and
transaction security that must be upheld, and compliance evaluated regularly by entities that
process credit card transactions. Though designed for that purpose, these standards are also
highly useful in all industries.
Compliance Advisor ensures the compliance of network devices to PCI DSS and functions as a
benchmark for DISA STIG standards for the Department of the Defense. This is done by:
Embedding the applicable requirements into Network Configuration Manager and
Automatically mapping change and configuration data to each mandate for a clear view into
compliance throughout your network.
Sample tests, standards, and policies associated with the compliance checklists are included in
Compliance Advisor and the Compliance auditors reports can be used to show the result of
testing and compliance. With the help of the samples, users can construct their own tests,
standards, policies, and templates to ensure internal corporate compliance is monitored as
well.
The PCI-DSS is a set of best practices that require companies to enhance data security and
proactively protect customer account information at all points in the payment process.
The PCI DSS standards fall into six major categories:
Build and maintain a secure network
Protect cardholder data
Maintain a vulnerability management program
Implement strong access control measures
Regularly monitor and test networks
Maintain an information security policy
While the standards specified by the PCI-DSS requirements are predominately designated for
use in the payment card industry, it is important to note that several of the requirements cross
over into other domains of infrastructure security as well. For example, the first high-level
grouping of standards address the configuration of firewalls and appropriate use of user IDs
and passwords, especially a set of requirements to not use vendor-supplied defaults. The
grouping that specifies regular monitoring and testing of networks specifies requirements to
track and monitor network resource access and to regularly test the security of both systems
and processes.
While it is readily apparent that these elements are critical to the payment card industry, we
can also recognize that these specifications are also very useful in most other infrastructures as
well. Because of this, the use of NCM and application of many of the PCI-DSS standards using
the Compliance Advisor will be beneficial in practically all network management settings.
PCI DSS Requirement Best Practices
Establish firewall and router configuration standards that include the following: Current
network diagram with all connections to cardholder data, including any wireless networks.
Network Configuration Manager discovers and provides valuable information related to layer 3
connectivity between network devices, which can be used to build and validate network
diagrams.
The Network Configuration Managers network diagram displays layer 3 connectivity between
network devices based on connections discovered when performing configuration pulls of the
devices. Since the diagram does not display server or workstation information it most likely will
not be used as your final diagram, but by arranging and saving the layout of the diagram of a
network, site, or view, you will be able to continuously refer back to the diagram to learn
whether layer 3 connectivity has changed.
The connection report in NCM displays the same information as displayed in the diagram, but
additionally it shows the IP addresses of each endpoint. When preparing or validating your
network diagram, you can print out the connection report and walk through the connections
on the report to validate that the diagram is accurate.
The Defense Information Systems Agency (DISA) has created numerous configuration standards
for U. S. Department of Defense devices and systems. Specifically, the Security Technical
Implementation Guides (STIGs) are filled with guidance to secure information systems to lessen
vulnerability to malicious attacks. A STIG, is essentially a document that contains instructions or
procedures to manually verify compliance.
For example, when browsing the DISA requirements in the Compliance Advisor, the
specification for requirement number 17 is a set of specifications on the use of SNMP in DOD
systems. This requirement indicates that only SNMP version 3, with Federal Information
Processing Standard (FIPS) 140-2 cryptography enabled, is acceptable for compliance with this
standard requirement. NCM device data would include the existence of SNMP and the current
version. Configuration files for the devices would contain settings appropriate for FIPS 140-2. To
comply with this requirement, these settings must be configured properly.
As mentioned earlier, the Automation Library is used for creating and storing standardized
templates, saved commands, policies, compliance standards, along with engineering metadata
that can be used to create customized tests and enforce your corporate best practices.
At installation, numerous samples that are read-only are provided covering compliance issues,
queries, saved commands, and templates. These samples can be copied, modified, and used to
detect many issues in the infrastructure. They may also be associated with the requirements
that are contained in the Compliance Advisor.
Report Advisor, included with Network Configuration Manager, is an advanced application for
creating reports. All information contained and viewable within the results of running a report
is stored in metadata tables within Network Configuration Managers database.
Once a report is generated, the metadata, based on the settings and parameters selected when
creating or customizing a report, is quickly gleaned from the database and displayed as report
results.
Report Advisor offers several options for running and viewing reports including:
Viewing frequently run reports There are numerous predefined reports based on typical
requests for IT infrastructure information.
Selecting from a list of core reports The predefined reports also include many reports that
are considered core reports used to quickly display information.
Creating ad hoc reports The many editors in MCM provide a wealth of capacity for the
creation of unique reports joining together many factors into special user-defined output.
Customizing reports All reports can be customized to provide information about many types
of devices in a way that is unique to the network and system needs.
There are seven groups of predefined reports:
Change reports detail the changes that have occurred in the infrastructure including changes by
user, configuration differences, how the changes were made (approved, not approved, or cutthrough).
Compliance reports detail the result of audits including the association of tests, standards, and
policies to the devices affected by them, compliance audit results, and the audit trail.
PCI reports are all associated to the Payment Card Industry Data Security Standards and are
used in compliance management by the Compliance Advisor.
Inventory reports are general reports on the devices in the infrastructure inventory covering
devices by vendor, operating systems by vendor, model, version, and device inventory with
management IP and serial number.
Problem reportS provide results for device communication and problems, non-compliant
devices, and duplicate IP addresses.
Operational reports reflect the results on jobs; pending, holding, and running, as well as job
status.
System reports deliver information on permissions and credentials, policies, standards,
templates, saved commands, and test definitions.
This module covered a brief description of the Smarts Network Configuration Managers key
features and capabilities including identification of key features and capabilities as they relate
to design, change, and compliance in an IT environment
This module focuses on the management of Smarts Network Configuration Manager by

describing management options and identifying common utilities provided to aid in system
management including integration with Smarts Service Assurance and Watch4net components
in the Smarts Service Assurance Suite.
Discovery is employed on networks to be managed to construct an inventory of managed

devices. Configurations and system information of discovered devices are pulled and stored
in a database by NCM and is visible through the device view. This configuration information is
then used to create a baseline configuration.
NCM Provides a proactive configuration management approach via real-time auto discovery of
network devices and logical and physical topology information.
The samples provided in the Automation Library include many elements for ensuring security
and compliance with security standards. One group in particular, the Compliance group has
many sub-groups related to security and standards. Each sub-group contains one or more tests
related to the sub-group title.
When NCM is used to modify a configuration, the modification is pushed to the device and a
revision is pulled. The revisions are stored in the devices history. If it becomes necessary to
rollback a change, the desired revision can be easily selected and the rollback scheduled with
the click of a button. All changes made through NCM are maintained in the audit trail for the
device which will be very useful in troubleshooting and forensics. Configurations performed
within NCM follow industry standard workflow and approval requirements.
NCM will audit your network devices for any changes that may occur. A baseline can be set for
each device. Periodically the current startup and running configurations of each device will be
compared to the baselines, identifying any unauthorized changes. Additionally devices can be
audited for their compliance to different industry standards, such as PCI and DISA STIG. NCM
can also be used to track any commands performed on each system by tracking and logging
keystrokes.
NCM provides several tools to plan the rollout of a new network infrastructure, as well as the
reconfiguration of existing network equipment. Just as in normal management, templates can
be used to streamline the configuration process, assure that proper syntax is used in each
devices configuration, and that all configuration items are included in each configuration.
Workspaces serve as work-in-progress containers for service delivery or other projects.
Working copies of existing network devices and new virtual devices can be stored in a
workspace during a design phase.
Existing device configurations may be edited and wizards may be used to establish external
relations.
The Smarts IP Manager integration adapter ensures that discovered devices from NCM appear
in Smarts (and visa-versa). The adapter reconciles devices between Smarts and NCM, and
provides a mapping used for notifications and contextual launches.
NCM has strong capabilities for managing device credentials, including credential rolling. The
integration adapter detects when device passwords (community strings) have been changed
and propagates the changes into Smarts.
NCM events are sent to the notification console in Smarts. Device events are linked to the
corresponding Smarts device, while non-device events, such as Network Create events, are
linked with the NCM server.
The events and device reconciliation provide a number of launch points from Smarts into the
NCM
When NCM is integrated with Smart IP Availability and Performance Manager, it

ensures that devices being managed by NCM or Smarts will be synchronized
with the other. By reconciling the devices between the two, NCM notifications
can be forwarded to Smarts Service Assurance Manager and associated to the
affected system in the SAM topology.
The events and device reconciliation provide a number of launch points from
Smarts into the NCM system. A client tool can be launched in context to get
immediate visibility into complete device change history, compliance,
configuration, and hardware information. This tool is available in the SAM
Notification Log, Topology Browser, and Map Consoles.
One major benefit of the integration Between NCM and the Smarts SAM suite is the
automation that can be achieved between the two solutions.
In the example, a network engineer has made a change manually to the SNMP credentials of a
router.
Smarts IP Manager can no longer communicate with the router, and an Unresponsive
notification is generated.
NCM periodically pulls the running configuration on each managed system.
NCM recognizes that there has been a policy violation on the router in question and steps are
taken to remediate this violation.
A Compliance event is sent to SAM, and this event appears in the SAM console, associated to
the Router.
The Router Unresponsive event is correlated to the Router Compliance event automatically in
SAM.
In LAUNCH TO VIOLATION?
The job to remediate the policy violation passes through the approval process.
Once the job is approved, it is run, and the changes are made to the router to bring it back
into compliance.
Compliant once again, the router now responds to the SNMP polls of Smart IP Manager, and
the Unresponsive event clears.
Since NCM, SAM, and IP Manager are working in an integrated manner, all downtime that
would have been lost to troubleshooting has been eliminated.
Process and procedures wrapped around change are the best way to ensure compliance. If
devices are out of policy, remediation will not only bring the device back in to corporate
standards but will also help eliminate future cascading issues. Scheduled recurring daily
compliance reports not only show that your network is configured as expected they allow for
peace of mind when its time for an audit.
Policies can check all configuration changes as they occur and optionally remediate them if
needed. EMC ships with a wide variety of templates and compliance rules for best practices
these may be easily customized by administrators as needed.
Rather than typing in commands that you may or may not remember the syntax for
templates allow for easy insertion by the user. Templates may be constructed in many ways, ie,
hard-coded, with drop-down menus, with variable substitution, user entered data or from a
spreadsheet. Templates help insure that your corporate standards are being followed.
The workflow process allows for approval checks and may be restricted to individuals with the
approval permission. If an approver is on vacation, its easy for an administrator to add a
standby approver to the list.
Integration of NCM and Watch4net is achieved by implementing the Watch4net NCM Reporting
SolutionPack. This set of reports generate a wide spectrum of reports regarding NCM
Application Servers, Device Servers and Report Advisor servers within the topology. It will
provide rich understanding of the inventory of assets, compliance, and changes being
performed on any NCM Application Server.
This module covered management of Smarts Network Configuration Manager by discussing

several management features of NCM along with examples of how NCM may be used to
manage an infrastructure. We concluded with a discussion of how other SA Suite modules can
be integrated with NCM to create a complete infrastructure management solution.
This course covered Smarts Network Configuration Manager architecture, features and
capabilities for managing the configuration and compliance with standards for core
infrastructure objects in a network. We also illustrated how NCM integrates into the Smarts
Service Assurance Suite to create a complete fault, compliance, configuration, and reporting
suite.

SMarts Network Manager Fundamentals

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

SMarts Network Manager Fundamentals

Diunggah oleh

Hak Cipta:

Format Tersedia

Welcome to Smarts Network Configuration Manager Fundamentals.

Revision Date: November 2013

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals

Who made the change?

What change was made?

Where within the infrastructure was the change made?

When was it made?

And, most importantly, can we reverse it if necessary?

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals

When making a configuration change without Network Configuration Manager, network

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals 10

The Smarts Network Configuration Manager provides an effective solution to network

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals 11

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals 12

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals 13

The Smarts Network Configuration Manager fulfills these recognized infrastructure

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals 14

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals 15

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals 16

Smarts Network Configuration Manager Fundamentals 17

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals 18

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals 19

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals 20

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals 21

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals 22

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals 23

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals 24

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals 25

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals 26

Managing todays complex networks is an ever increasing challenge. Smarts Network

Copyright 2013 EMC Corporation. Do not copy - All Rights Reserved.

Smarts Network Configuration Manager Fundamentals 27