White Paper

Cost Analysis Using CiscoWorks LAN Management Solution

Introduction

As networks grow in both size and complexity, the need for network management increases
greatly. Many organizations, however, continue to rely on costly, repetitive, and error-prone
processes in which operators resort to the primitive technique of manually managing the
devices in the network. In today’s business environment, the Cisco network management
products—which automate these procedures—make both financial and practical sense. But
without bottom-line evidence, network managers and decision makers may be reluctant to
invest in network management products.

As with any capital expenditure, the benefits provided by CiscoWorks network management
products must outweigh the investment required. One way to provide evidence of these
benefits is to compare the cost savings of using Cisco network management products to a
traditional, manual approach.

It is difficult to provide a hard and fast algorithm to calculate exact savings, because there
are many variables involved, ranging from expertise of existing staff, current policies and
procedures, and the level of management desired. However, it is possible to calculate an
approximate value based on commonly performed network management tasks and
assumptions about some fixed variables.

The online Cisco Cost Analysis Tool attempts to bridge this gap by estimating cost savings
based on a set of assumed parameters and variables determined by the user. This paper is a
companion piece to the online Cost Analysis calculator and explains the rationale and
methodology used by the tool to produce the analysis.

Note that the calculations do not take into account the “soft” costs, such as the cost of
having an individual spend time on routine manual tasks, the savings achieved by not
requiring additional staff, or the impact of poor network performance on brand image.

Cisco Systems, Inc.

All contents are Copyright © 2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 1 of 15
 Cost Analysis Using CiscoWorks LAN Management Solution

Although small networks can be effectively managed by manually accessing each device and meticulously
documenting the results, the same methodology is often impractical and cost-prohibitive when applied to larger
networks. The CiscoWorks family of network management applications provides the following benefits to large
networks:
• Manual labor reduction
• Network availability enhancement, through mitigation of network downtime and/or degradation due to
device failure

The following sections describe each benefit in detail.

Manual Labor Reduction

Basic network infrastructure management requires the performance of many tasks, such as initial configuration,
monitoring of inventory, software upgrades, and preventive maintenance of devices. There are three principal benefits
of using CiscoWorks LAN Management Solution (LMS) for configuration management:
• Significantly reduced preparation time for a given task
• Automated distribution of tasks to allow multiple jobs to be run simultaneously
• Automated change audit records and inventory tracking

Note that Cisco network management products do not affect the planning time or the time required to process each
job by a given device. Logically planning for an audit, software upgrade, or configuration update is identical whether
performed manually or with CiscoWorks. Further, there is a physical limit to the speed at which a given device can
process a job, whether the request was generated from CiscoWorks or if it were generated through a manual process
via command-line interface (CLI). In other words, once the “What shall we do?” is defined, the differences between
manual configuration and automated configuration are demonstrated in the “How shall we do it?” phase.

While every network requires a different mix of management activity (depending on network criticality, design, use,
and so on), there are several tasks common to all managed networks: configuring password changes, distributing
software upgrades; and gathering inventory and change audit information.

Configuring Password Changes

It is a common administrative task to change and enable secret passwords, which allow users to enter the enable
mode on devices. For security purposes, many administrators change device passwords quarterly.

Whether this is done manually or through CiscoWorks, advance planning—such as what to change the password to,
when the devices should be configured, who needs to approve the changes, and so on—must be performed. The
advance time required is identical for both the manual and automated processes, so this has not been factored into
the cost savings calculation.

To perform the password changes, the system administrator must Telnet into each applicable device, make the
requisite password change, logout, and then document the change information—a fairly straightforward process
which should require no more than a few minutes to complete.

Cisco Systems, Inc.

All contents are Copyright © 2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 2 of 15
 For a small number of devices, changing passwords manually via CLI is effective and practical. However, as the
number of devices increases, the opportunity for human error increases dramatically. A study conducted by the
American Management Association has shown that on average, one of 300 characters is mis-typed. The risk for error
is further increased with multiple, simultaneous Telnet sessions to configure a number of devices at one time. Given
these parameters, it is reasonable to expect anywhere from one- to eight-percent error rate for manual configurations.

CiscoWorks provides automatic and simultaneous distribution of multiple jobs, while automatically updating a
Change Audit database. Automation of activities such as changing passwords on all devices dramatically reduces the
time spent: Manual configuration of password changes for 800 devices may take as much as 93 hours annually.
With CiscoWorks, the same process requires only 24 minutes.

See Appendix A: Configuring Password Changes for a step-by-step walkthrough of this calculation.

Distributing Software Upgrades

Cisco devices contain software that may need periodic updating for optimum performance. Generally, network
administrators search the Cisco.com Web site for updated or upgraded software, and then download the software
to the applicable devices.

Both manual and automated upgrades require several preparatory steps. System administrators should ask the
following questions before attempting an upgrade:
• Have the appropriate images containing the minimum required device configurations been located in Cisco.com?
• Have all of the prerequisites for loading the software on the device been met?
• Has the effect of the upgrade on the network and the network users been considered? (When should the upgrade
occur? In what order should the devices be upgraded?)

The cost savings of using CiscoWorks LMS on software upgrades is difficult to calculate, as it is heavily dependant
on factors such as the network administrator’s familiarity with Cisco.com, the availability of current configuration
information, and the number and variety of devices in the network. However, CiscoWorks LMS provides Change
Audit databases, which contain data pertaining to all changes made to devices (hardware and software), and
automatically compare the information to the recommendations from Cisco.com, drastically reducing preparation
time for a software upgrade.

In addition, jobs can be scheduled simultaneously, decreasing the time required for the entire network to be upgraded.
It is important to note that Cisco recommends no more than 12 simultaneous upgrade sessions be scheduled (as
opposed to 300+ for password changes). Further, note that the time required for a device to receive the download
and reboot is identical for both CiscoWorks and CLI manual procedures.

Another key benefit of using CiscoWorks for software distribution is the ability to create scheduled jobs. System
administrators can set up the job request during normal working hours, and have LMS automatically run the requests
during non-business hours. While the actual time the devices are down may not change, the administrator no longer
has to be constantly available while the upgrades are commencing, conserving valuable workday time.

See Appendix B: Distributing Software Images for a walk-through of the CiscoWorks and manual software upgrade
processes.

Cisco Systems, Inc.

All contents are Copyright © 2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 3 of 15
 Gathering Inventory and Change Audit Information
Adequately documenting the physical devices in a network is a time-consuming task. The complexity of the task is
further compounded by the fact that a single device may contain several different blades or configurations, as well
as many different versions of installed software. There are no short-cuts to conducting a thorough manual
documentation of inventory: Each device, with its components and software, must be examined individually. Further,
there is no easy way to determine whether the inventory has changed without conducting an audit to compare
existing records to that of the actual network—another daunting and time-consuming task.

The sudden, inexplicable failure of a device can be costly to a company. System administrators must analyze the
device in order to discover the cause of the failure. After hardware failure, the most common cause of such failures
is a change in configuration. Perhaps an inexperienced administrator entered the wrong commands, or made
typographical errors. While solving the problem may be simple as returning the device to its original configuration,
unless meticulous records exist that detail who made what changes to which device, arriving at this conclusion and
rectifying the error could take many hours. Because manually maintaining records of every physical and logical
change applied to a given device is both impractical and time-consuming, system administrators rarely have this kind
of documentation on hand.

CiscoWorks LMS, however, automatically records every change applied to a device—whether by CiscoWorks
applications or via CLI—in the Change Audit database. This process is transparent to the administrator, and requires
no additional time or effort on his or her behalf.

Gathering inventory data using LMS is equally simple and fast. CiscoWorks LMS has the ability to simultaneously
access each managed device and obtain both hardware and software information, providing far more efficient and
accurate records than can be manually maintained or created.

For further information on the Change Audit function, see Appendix C: Gathering Inventory and Change Audit
Information.

Network Availability Enhancement

In order to determine the level of fault management necessary, system administrators must ask how much does
network downtime or network degradation cost their company?

When determining cost of downtime or degradation, lost productivity and lost revenue must be taken into account.
A study conducted by Infonetics, Inc., an international market research company, showed that network degradations
result in an approximate 16 percent loss of networked worker productivity and a 10 percent loss in revenue, as a
result of the decreased productivity of revenue-producing employees. If the network were to be down completely,
these figures increase to 24 percent lost productivity from networked employees and revenue loss of as much as 60
percent. A company with 1000 employees and annual revenues of $200 million, as an example, could suffer losses
that easily surpass $8000 per hour. (See Appendix D: Availability Enhancement using LMS+DFM).

Fault management is a crucial component of any network management scheme to minimize or eliminate such losses.
CiscoWorks LMS (with Device Fault Manager as an add-on) can serve as a key element in such an environment.

Cisco Systems, Inc.

All contents are Copyright © 2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 4 of 15
 While it is important to quickly pinpoint trouble areas, it is equally important to prevent such problems from
occurring in the first place. Device Fault Manager (DFM), a component of LMS, actively monitors Cisco devices and
reports on any problems it detects. Depending on the type of device, DFM actively monitors different conditions via
Internet Control Message Protocol (ICMP) polling, Simple Network Management Protocol (SNMP) management
information base (MIB) interrogation, and SNMP trap reception. The DFM then tracks only those conditions known
to contribute to higher-level problems in that particular device. When used with Real-Time Monitor
(RTM)—another LMS component which provides both real-time and historical RMON and RMON2 reports—the
DFM can spot problems before they become critical and bring down the network. Given the above cost of network
degradation, this proactive fault notification feature alone can easily pay for the cost of LMS. (See Appendix D:
Availability Enhancement using LMS+DFM for more information on DFM and RTM).

Although LMS is a component of a comprehensive fault management system, it does not provide complete,
system-wide functionality by themselves. For example, a complete fault management scheme would monitor servers,
users, applications, links, as well as the network devices. LMS can be integrated with such comprehensive systems
by providing in-depth information on the network devices to the system management platform (such as HP
OpenView Network Node Manager).

Conclusion

The CiscoWorks product family can provide a quantifiable financial and IT benefit to an organization, through the
automation of routine labor, as well as helping to mitigate network degradation due to device failures. While it is
difficult to derive an exact figure of the true and potential cost savings for every customer situation, the Cost Analysis
Tool can provide an understanding of the scale of savings involved. At this point, the question that needs to be asked
is not “What is the cost of the product?” but “What is the cost of NOT using CiscoWorks?”

Cisco Systems, Inc.

All contents are Copyright © 2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 5 of 15
 Appendix A: Configuring Password Changes

Assuming 800 devices that require quarterly password changes and a manual configuration error rate of 5 percent,
the time spent per quarter on password changes is calculated as:

800 devices x 5 min x 1.05 = 4200 min (70 hours)/qtr

= 280 hours/year

Assuming that the system administrator can open up three simultaneous Telnet sessions and configure these devices
simultaneously, the process will still take 23 hours per quarter (or 93 hours per year) to complete. Although it is
possible to open up more than three simultaneous Telnet sessions, the rate of error will consequently rise as well.

Simultaneous configuration of three devices with multiple Telnet sessions

= 280 hours/year / 3 = 93.3 hours/year

Compare the time required to conduct the same procedure using CiscoWorks LAN Management Solution (LMS).
The following steps were taken in setting up LMS to conduct simultaneous password changes in batches of 300
configured devices: (Note that the product has been tested for up to 700 simultaneous batches.)
1. Log into the CiscoWorks management console.
2. Click on Resource Manager Essentials/Configuration Management/NetConfig.

3. Select “New Jobs” from the Jobs Menu.

Cisco Systems, Inc.

All contents are Copyright © 2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 6 of 15
 4. Select Device Category from the pull-down menu (Cisco IOS® software, FastSwitch, or Catalyst®), click Next.

5. Select the devices that require password changes.

6. Apply the “Enable Password” system-defined template from the pulldown menu.
7. Select devices from the pull-down menu, click Next.

8. Set job properties (such as schedule, notification, failure policy, and parallel/serial configuration jobs).

Cisco Systems, Inc.

All contents are Copyright © 2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 7 of 15
 9. Review job content, then click Finish.

The above steps in the netconfig wizard should take an experienced operator approximately five minutes to complete.
Although an additional three minutes is required for LMS to Telnet into each device make the requisite changes, then
logout, this time is immaterial to the administrator. (Note, however, that CiscoWorks processes the device changes
simultaneously, so the three-minute-per-device configuration time is not cumulative). In other words, once the job
setup is complete and the Finish button is clicked, the operator’s work is done (unless an error message is generated
as configured in the Job Properties step).

Given these figures, using LMS to configure quarterly password changes on a 800-device network in which 300
devices are configured simultaneously, the amount of time required per year can be calculated as follows:

(800 devices/ 300 devices at once) x 5 minutes to configure = 13.3 min (0.22 hrs)/qtr
= 0.89 hrs/yr

When an password is enabled or disabled, the change information is automatically sent as an update to the
CiscoWorks inventory database. As a result, there is no need for a manual documentation to track how/when/who
concerning the password change, which saves additional system administration time.

Given the above assumptions, using CiscoWorks LMS for password changes saves:

Manual process: 93.3hours/ year

Using LMS: 0.9 hours/ year
Saved time: 92.4 hours/ year

Cisco Systems, Inc.

All contents are Copyright © 2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 8 of 15
 Appendix B: Distributing Software Images

The manual process for distributing software upgrades is extremely time-consuming, especially in the preparation
and initial research phases. A typical manual procedure for a software upgrade is outlined below:
1. Determine current device image revisions. If the administrator kept meticulous records, this step should be fairly
simple. Without these records, it is impossible to proceed with a software image upgrade. Although obtaining
device information is a simple procedure, it is still no small task to obtain a current and accurate report if a large
number of devices, or multiple device types (for example, a mix of Catalyst 6500 switches, 3600 routers, and
7200 routers) are involved, It may only take three minutes per device to get the required data, but recording the
information is a serial task when done manually.
2. Log on to Cisco.com and find the appropriate software image to determine whether an upgrade image is
available. This step requires only five to ten minutes per image, provided the system administrator is familiar with
the naming conventions of Cisco IOS Software, the Cisco.com Web site, and is familiar with the required version
number and feature sets.

3. Determine whether the destination device satisfies the minimum requirements specified on Cisco.com. If the
administrator has kept meticulous inventory records of the devices on the networks, this information should
already be available, but as mentioned above, this is rare. In addition, the amount of time required increases
greatly if there are multiple hardware device configurations and device types on the network.
4. Download the image and reboot the device. Often, to prevent downtimes from affecting network users, upgrades
are performed after business hours. While administrators may conduct the activities from a remote location
(home as opposed to office), it still requires that they be online during off hours.

Cisco Systems, Inc.

All contents are Copyright © 2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 9 of 15
 Compare this to the time required to conduct the same preparation using CiscoWorks LMS. The following steps were
taken in setting up LMS to distribute software images to the devices.
1. Log into the CiscoWorks management console.
2. Select Resource Manager Essentials/Software management/Distribution/Cisco.com Upgrade Analysis and select
the filtering criteria. Filters can be selected from one or more of the following:
• Images newer than running image
• Same image feature subset as running image
• General deployment
• Latest maintenance release (of each major release)
3. Next, select the devices to be analyzed. In this case, we have chosen to analyze Cisco IOS Software versions for
Cisco 2600, 3600, and IOS switches. Note that the specific devices in our network that fit the description have
automatically been discovered. Click Next.

Cisco Systems, Inc.

All contents are Copyright © 2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 10 of 15
 4. From the drop-down list boxes, select the images to analyze, then click Finish.

5. Depending on the number of devices analyzed, within two to five minutes, the Upgrade Analysis report is
generated. This report contains individual, device-specific information indicating whether hardware upgrades are
required, and provides notes on Telnet access requirements. CiscoWorks LMS also obtains up-to-date
information on the specified device configuration. Because every change made on a device (whether via
CiscoWorks or via CLI) is recorded in the Change Audit database, the administrator is assured of obtaining the
most current snapshot of the device’s hardware and software configurations. Manual performance of this task,
performed by Telneting into a device and browsing though Cisco.com, would take substantially longer.

Cisco Systems, Inc.

All contents are Copyright © 2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 11 of 15
 6. To distribute the required image upgrades, select Resource Manager Essentials/Software Management/
Distribution/Distribute Images.
7. Select the devices to upgrade. (Note that specific devices that fit the search criteria are also automatically
discovered.) Click Next to display a set of upgrade recommendations.

8. Select distribution sequence. Note that LMS does not shorten the time required for each device to process the
software upgrade. Further, each upgrade, whether done via CLI or through the LMS graphic user interface (GUI),
is performed sequentially.
9. Finally, schedule the upgrade/reboot for a time when impact to network users will be minimal.

Cisco Systems, Inc.

All contents are Copyright © 2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 12 of 15
 Appendix C: Gathering Inventory and Change Audit Information

Any changes implemented on the managed devices, whether by CiscoWorks applications or via CLI are recorded in
the Change Audit database. This information is used to generate Change Audit reports (Figure 1).

Figure 1 Generating a Change Audit Report

Changes to CLI Changes from CiscoWorks2000 Change Audit

1 2 periodic scans or scheduled jobs Reports

AAA Configuration
Manager

Inventory Software
All Manager Manager
Syslog
Events

Syslog
Analyzer
Change Audit
All
Syslog Database
Events

Syslog Inventory
Database Database

Cisco Systems, Inc.

All contents are Copyright © 2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 13 of 15
 Appendix D: Availability Enhancement Using CiscoWorks LMS+DFM

Calculate the cost of network degradation as follows:

Productivity Loss Assumptions:

Number of networked employees: 1000
Average salary: $40/hr
Productivity loss due to network degradation 16 percent (as reported by Infonetics)

Productivity loss cost due to degradation: $6400/hr

Revenue Loss Assumptions:

Annual revenue: $200 million
Hourly revenue: $104,000
($200 million divided by 48, 40-hour weeks)
Percentage of networked employees directly 44% (as reported by Infonetics)
generating revenue:
Hourly revenue impacted by network: $45,700
Revenue loss due to network degradation: 10%

Revenue loss cost due to degradation: $4570/hr

How Can CiscoWorks LMS Help?

The Device Fault Manager, a component of LMS, provides real-time, detailed fault analysis, designed specifically for
Cisco devices. DFM actively monitors a wide range of Cisco devices. Depending on the type of device, DFM actively
monitors different conditions via ICMP polling, SNMP MIB interrogation, and SNMP trap reception, and track only
those conditions known to result in higher-level problems. When used with RTM, the DFM provides both real-time
and historical RMON and RMON2 reports, and can spot problems before they become critical and bring down the
network.

Cisco Systems, Inc.

All contents are Copyright © 2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 14 of 15
 Further, once problems are identified, resolution efforts are greatly aided by the detailed and current information
stored in the Change Audit database. This database contains information on device software image, hardware
configuration, as well as a record of who made what changes at what time. This database is updated regardless of
whether a change was made manually or if it was done through a Cisco GUI, so the administrator has the most current
information available. Other tools, such as path analysis and topology views, can also help pinpoint a problem locale
for a faster recovery.

Corporate Headquarters European Headquarters Americas Headquarters Asia Pacific Headquarters

Cisco Systems, Inc. Cisco Systems Europe Cisco Systems, Inc. Cisco Systems, Inc.
170 West Tasman Drive 11 Rue Camille Desmoulins 170 West Tasman Drive Capital Tower
San Jose, CA 95134-1706 92782 Issy-les-Moulineaux San Jose, CA 95134-1706 168 Robinson Road
USA Cedex 9 USA #22-01 to #29-01
www.cisco.com France www.cisco.com Singapore 068912
Tel: 408 526-4000 www-europe.cisco.com Tel: 408 526-7660 www.cisco.com
800 553-NETS (6387) Tel: 33 1 58 04 60 00 Fax: 408 527-0883 Tel: +65 317 7777
Fax: 408 526-4100 Fax: 33 1 58 04 61 00 Fax: +65 317 7799

Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on the
Cisco Web site at www.cisco.com/go/offices
Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica • Croatia
Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong SAR • Hungary • India • Indonesia • Ireland
Israel • Italy • Japan • Korea • Luxembourg • Malaysia • Mexico • The Netherlands • New Zealand • Norway • Peru • Philippines • Poland
Portugal • Puerto Rico • Romania • Russia • Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden
S w i t z e r l a n d • Ta i w a n • T h a i l a n d • Tu r k e y • U k r a i n e • U n i t e d K i n g d o m • U n i t e d S t a t e s • Ve n e z u e l a • Vi e t n a m • Z i m b a b w e

All contents are Copyright © 2002 Cisco Systems, Inc. All rights reserved. Catalyst, Cisco, Cisco IOS, Cisco Systems, the Cisco Systems logo, and Fast Step are registered trademarks of Cisco Systems, Inc. and/or its affiliates
in the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
(0203R)
04/02 BW8219