Network Configuracion Change Management PDF

Compliments of EMC Edition
Understand the basics of

network configuration and Open the book and find:
change management
on f ig u ratio n
Network C
• A list of reasons to pick
If you’ve ever been curious about network NCCM
configuration and change management —
an ag e m en t
& Change M
abbreviated in this book as NCCM — you’ve got • Why managing change on
the right book. Here, you can find out what’s up complex networks is critical
with NCCM, and why acquiring and managing
• How to find value in
such information is so important to so many automated NCCM systems
enterprises and large-scale organizations.
• Information on EMC
• An NCCM primer — with explanations of technology
basic concepts and terms
• Examine the challenges — particularly when
configurations and their changes are handled
in a manual environment
• Automating NCCM — the many and
substantial benefits of automating NCCM
and letting intelligent computer systems
manage changes to configuration data
Making Everything Easier! ™ Learn to:
• Business use cases — that illustrate and
illuminate the business benefits to using • Understand why you need an
automated NCCM systems automated network configuration
and change management system
Go to Dummies.com® • Successfully manage change in a
for videos, step-by-step examples, complex multi-vendor network
how-to articles, or to shop!
environment
• Make a business case for your
NCCM system
978-1-118-06004-9
Not for resale Ed Tittel
About EMC
EMC Corporation (NYSE: EMC) is the world’s leading developer and
provider of information infrastructure technology and solutions that
enable organizations of all sizes to transform the way they compete
and create value from their information.
Helping Customers Accelerate the Journey to the Cloud

EMC helps customers meet critical business challenges with a comprehensive
set of offerings, including unique capabilities that allow organizations to
gain visibility into their virtualized and cloud environments, standardized
planning processes, change control operational processes, and automate
time consuming tasks using a scalable policy driven approach.
Information about EMC products and services that help to simplify and
automate IT infrastructure management as you move from physical to
virtual to cloud computing can be found at www.EMC.com.
Address
EMC
176 South St
Hopkinton, Massachusetts 01748
United States of America
These materials are the copyright of Wiley Publishing, Inc. and any
dissemination, distribution, or unauthorized use is strictly prohibited.
Network Configuration
& Change Management
FOR
DUMmIES
‰
EMC EDITION
by Ed Tittel
01_9781118060049-ffirs.indd i 4/12/11 5:53 PM

Network Configuration & Change Management For Dummies®, EMC Edition
Published by
Wiley Publishing, Inc.
111 River Street
Hoboken, NJ 07030-5774
www.wiley.com
Copyright © 2011 by Wiley Publishing, Inc., Indianapolis, Indiana
Published by Wiley Publishing, Inc., Indianapolis, Indiana
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any
form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise,
except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the
prior written permission of the Publisher. Requests to the Publisher for permission should be
addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ
07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference
for the Rest of Us!, The Dummies Way, Dummies.com, Making Everything Easier, and related trade
dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the
United States and other countries, and may not be used without written permission. All other trade-
marks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any
product or vendor mentioned in this book.
LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE

NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETE-
NESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES,
INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE.
NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS.
THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITU-
ATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT
ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PRO-
FESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL
PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE
FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS
REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER
INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE
INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT
MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN
THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRIT-
TEN AND WHEN IT IS READ.
For general information on our other products and services, please contact our Business Development
Department in the U.S. at 317-572-3205. For details on how to create a custom For Dummies book for
your business or organization, contact info@dummies.biz. For information about licensing the For
Dummies brand for products or services, contact BrandedRights&Licenses@Wiley.com.
ISBN: 978-1-118-06004-9
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
01_9781118060049-ffirs.indd ii 4/12/11 5:53 PM

Table of Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Chapter 1: Understanding Network Configuration

and Change Management . . . . . . . . . . . . . . . . . . . . . . . .5
The Very Basics of FCAPS ......................................................... 6
An NCCM Primer ........................................................................ 6
The Business Case for NCCM ................................................. 12
Why NCCM Matters ................................................................. 13
Chapter 2: NCCM’s Business Challenges . . . . . . . . . . . .15

Facing Down the Challenges ................................................... 16
Limiting Manual, Ad-Hoc Change ........................................... 20
Supporting Multivendor Environments ................................ 21
Examining the Great Chain of Management Systems .......... 22
Chapter 3: Making Best Use of NCCM . . . . . . . . . . . . . . .25

Automation Meets Key Challenges ........................................ 26
How Automated NCCM Creates Value .................................. 28
Key Attributes and Features of an
Automated NCCM System ................................................... 31
Chapter 4: Maximizing Automated NCCM . . . . . . . . . . .33

Putting NCCM to Work ............................................................ 33
Here’s the Beef: Value Resulting from Automated NCCM... 37
Introducing the EMC Ionix Network
Configuration Manager ........................................................ 38
Chapter 5: Ten Top Reasons to

Pick Automated NCCM . . . . . . . . . . . . . . . . . . . . . . . . .41
Save Money and Time ............................................................. 41
Refocus IT Efforts ..................................................................... 42
Meet IT Governance and Service Management Goals ........ 42
Achieve Legal and Regulatory Compliance .......................... 42
Bust Downtime ......................................................................... 43
Improve Productivity .............................................................. 43
Beat Human Error .................................................................... 43
Match Real Configurations ..................................................... 43
Work from Correct Configurations ........................................ 44
Attain Complete Coverage ...................................................... 44
02_9781118060049-ftoc.indd iii 4/12/11 5:53 PM

Publisher’s Acknowledgments
We’re proud of this book and of the people who worked on it. For details on how to
create a custom For Dummies book for your business or organization, contact info@
dummies.biz. For details on licensing the For Dummies brand for products or serv-
ices, contact BrandedRights&Licenses@Wiley.com.
Some of the people who helped bring this book to market include the following:
Acquisitions, Editorial, and Composition Services

Media Development Project Coordinator: Kristie Rees
Project Editor: Jennifer Bingham Layout and Graphics: Carl Byers
Editorial Manager: Rev Mengle Proofreader: Lindsay Amones
Business Development Representative:
Sue Blessing
Custom Publishing Project Specialist:
Michael Sullivan
Publishing and Editorial for Technology Dummies

Richard Swadley, Vice President and Executive Group Publisher
Andy Cummings, Vice President and Publisher
Mary Bednarek, Executive Director, Acquisitions
Mary C. Corder, Editorial Director
Publishing and Editorial for Consumer Dummies
Diane Graves Steele, Vice President and Publisher, Consumer Dummies
Composition Services
Debbie Stailey, Director of Composition Services
Business Development
Lisa Coleman, Director, New Market and Brand Development
03_9781118060049-flast.indd iv 4/12/11 5:53 PM

Introduction
I f you’ve ever been the slightest bit curious about network
configuration and change management — abbreviated in
this book as NCCM — you’ve got the right book. Here, you
can find out what’s up with network configuration, and why
acquiring and managing such information is so important to
so many enterprises and large-scale organizations. You can
also learn how instituting formal change management
processes and procedures, and managing configuration
changes explicitly, pays nice dividends.
Although NCCM may sound strange, or perhaps even a bit

exotic, it isn’t. NCCM technology relies on building and
maintaining an accurate and up-to-date configuration
management database, or CMDB. With a current and correct
CMDB at your disposal and the right software tools and
technologies in place, managing change becomes a matter
of careful, regularly scheduled routine.
Major players in many industries, from network and

management services, to healthcare and retirement
communities, to financial services, have bet on NCCM and
used it to trim costs and improve operating efficiencies and
service delivery. You can do the same.
About This Book

I have made some assumptions about you, our gentle reader,
for this book. First, I assume that you know something
about enterprise-grade networking infrastructures. Second,
I assume you’re at least acquainted with the basic principles
and activities involved in managing such networks. And
third, I assume that you understand the basics of Internet-
based communications and services, including routing
behaviors, elements of TCP/IP security, and what “network
discovery” means. (Hint: Network discovery uses networking
protocols to probe an active network, to identify what kinds
04_9781118060049-intro.indd 1 4/12/11 5:53 PM

2 Network Configuration & Change Management For Dummies
of devices and systems are present, and to identify what

kinds of protocols and services are in use.)
This book was specifically written for EMC and includes some
information about EMC products.
How This Book Is Organized

The five chapters in this book lead you into network
configuration and change management terminology, principles,
frameworks, and best practices. Here’s a snapshot of what
you’ll find in each one:
✓ Chapter 1: Offers an NCCM primer with basic concepts

and terms, and explains how to build a business case.
✓ Chapter 2: Explains the challenges involved in working
with NCCM, particularly when configurations and their
changes must be handled manually.
✓ Chapter 3: Describes the many and substantial benefits
of automating NCCM, and letting intelligent computer
systems manage changes to configuration data.
✓ Chapter 4: Explores several business use cases that
illustrate and illuminate the business benefits to using
automated NCCM systems. This chapter also covers
some EMC-specific technology.
✓ Chapter 5: A list of the top ten reasons why automated
NCCM creates value, helps to manage risk, and helps
enterprises meet their business goals.
These chapters are designed to stand alone, so if you’re

dying to read how organizations from various industries have
scored wins using automated NCCM systems, jump straight
to Chapter 4. If you want to understand the benefits of NCCM
automation, choose Chapter 3. Or simply go to the next page
and start reading!
Icons Used in This Book

Every For Dummies books uses small graphical elements
called icons at its margins to call attention to specific items.
Here are the icons used in this book:
04_9781118060049-intro.indd 2 4/12/11 5:53 PM

Introduction 3
This icon highlights points for you to keep in mind as you
immerse yourself in the world (and words) of NCCM.
This icon flags technical information you can skip if you’re not
inclined to revel in details or minutiae.
Use this on-target info to help maximize your investment in

NCCM.
This icon calls out situations to avoid and things to watch out
for as you put NCCM to work in your operation.
04_9781118060049-intro.indd 3 4/12/11 5:53 PM

04_9781118060049-intro.indd 4 4/12/11 5:53 PM

Chapter 1
Understanding Network
Configuration and
Change Management
In This Chapter
▶ Digging into the basics of network management
▶ Appreciating the ins and out of network configuration
▶ Making a business case for NCCM
N etwork management is deceptively simple-sounding.

You’ve got some — or lots — of networks, so of course
you need to manage them. What could be simpler than that?
Yet network management involves a lot of complexity, lots of
long-standing theory and practice, and lots of hard work.
In fact, network management is complex enough for the

International Organization for Standardization (ISO)
to have created a model for network management known as
ISO/IEC 7498-4. This model is also called the Open Systems
Interconnection Basic Reference Model Management
Framework, but it’s most commonly known by the acronym
FCAPS (short for fault-, configuration-, accounting-,
performance-, and security-management).
This chapter briefly explores the components of the FCAPS

model, and then focuses on two critical elements of network
management: configuration management and change control.
Creating and collecting configuration information for network
devices and systems is a key component of systems manage-
ment, as is tracking how configurations change over time.
05_9781118060049-ch01.indd 5 4/12/11 5:53 PM

The Very Basics of FCAPS

The ISO network management model is called FCAPS because
those are the first letters from each of the five areas of activity
that fall under the model’s theoretical and practical umbrella.
Those five areas are:
✓ Fault Management: The goal of this activity is detecting,

identifying, isolating, correcting, and recording faults
that occur in a network.
✓ Configuration Management: This involves establishing,
collecting, and tracking configurations for network
components, devices, and systems.
✓ Accounting Management: This involves gathering user
statistics to use for billing purposes.
✓ Performance Management: The goal of this activity is
tracking network behavior and activity levels.
✓ Security Management: Protecting assets on the network,
and protecting them from loss, harm, or unauthorized
access is the goal here.
As you dig more deeply into network configuration and

change management — which I abbreviate as NCCM — don’t
forget that they are just two areas involved in managing and
monitoring networks properly and professionally. NCCM is,
however, extremely important and unusually amenable to
handling via technological solutions. That’s what the rest of
this book is about.
An NCCM Primer
A basic formulation of configuration management might be:
1. Gather and store configuration data about everything

on your network. This is the configuration part, where
you record data for every piece of hardware and
software on your network.
2. Keep track of any and all configuration data as it
changes. This is the change management part, where
you update your collection of records as changes occur.
05_9781118060049-ch01.indd 6 4/12/11 5:53 PM

Chapter 1: Understanding Network Configuration . . . 7
In this context, “change” has a broad but surprisingly
specific meaning: Anything that results in adding to,
removing from, or altering the contents of your con-
figuration data counts as a change.
Given a relentless focus on configuration data, it should come

as no surprise that for most NCCM systems, the center of
attention and activity is a database where all configuration
data is stored and maintained. This is not just any old
database, either, but one with its own special acronym:
CMDB, which stands for — drum roll, please — configuration
management database.
What is network configuration?

The network configuration part of NCCM is a collection of
data that represents configurations for all devices, systems,
applications, and components that go into and onto a modern
network. In a modern enterprise, finding tens of thousands of
desktop PCs, hundreds to thousands of servers, and several
thousand various and sundry network devices (routers,
switches, VPN concentrators, security appliances, WAN
optimization devices, and so forth) isn’t unusual.
Throw in a typical enterprise software library, which normally

includes from 2,000 to 5,000 entries, and you’ve got a CMDB
with at least 25,000 items in its repositories. Every one of
these items has an associated set of configuration data items
(which can number from the hundreds into the thousands of
individual entries), and every one of those configurations has
to be created, managed, and maintained. By the time you add
everything up, an enterprise CMDB can easily include millions
of data items.
That’s a lot of data. And for that data to have meaning and
value, it must be kept completely in synch with the state of
the actual device, system, or software program to which it
is tied. That’s tricky to manage. On the one hand, consider
the pace at which old things leave and new things enter most
operations. On the other hand, ponder the pace at which
patches, updates, and fixes are propagated for firmware and
software programs in use in those operations. That’s why
mucho management is involved in keeping a CMDB current
and correct.
05_9781118060049-ch01.indd 7 4/12/11 5:53 PM

What is change control?

Simply put, change control imposes discipline, order, and
record-keeping constraints on how changes get applied
to a network’s systems and components. Nobody gets to
make any changes without going through a formal change
management process, which involves making sure that all
changes are carefully considered, and that any changes that
might be made are planned, scheduled, executed, monitored
closely, and reported on heavily. Any changes that might lead
to adverse or unwanted consequences will include rollback
or failover plans. Then, if something goes wrong during
the execution phase, the network and its users will not be
negatively impacted, or that impact can be minimized.
Why is this kind of structure necessary? The simplest

explanations come from different perspectives on management
and complexity. The first perspective might be best understood
as, “There’s too much risk inherent to unplanned change.” The
second perspective is probably best appreciated as, “When
things change is also when they are most likely to break.”
Why planning for change makes sense

An enterprise network is like a fine piece of clockwork
machinery, albeit one larger and more complex than any
individual machine has a right to be. A huge number of
elements are involved, and the potential consequences of
network failure are dire: Workers can’t do their jobs, customers
can’t buy goods or services, the bills can’t get paid, and so on.
Thus, most prudent business managers won’t risk a “try it

and see what happens” approach to making changes to any
of the networks and systems on which the business depends.
That’s one major and overriding cause for formal change
management processes and procedures. That’s also why
NCCM systems are generally regarded as mission-critical.
What’s a change planning process? Glad you asked:
✓ Design and planning analysis: Change is inevitable, but

not all changes should or must be made. Any proposed
change begins with a change request, which explains
the change proposed and explains why it should be
considered. The change must then be designed, planned,
and scoped so it can be considered for implementation.
05_9781118060049-ch01.indd 8 4/12/11 5:53 PM

✓ Change authorization and implementation: This is
when the plans for a change will be authorized or denied,
depending on the merits, costs, and consequences
involved. If the change is authorized, it is scheduled for
implementation and its plans are executed during some
appropriate change interval. (Enterprises generally open
time windows to make changes monthly, quarterly, and
annually, as they see fit.)
✓ Compliance checking: Once a change is implemented,
it is reviewed in light of its governing plans and
specifications, and also in light of prevailing regulatory
and compliance requirements. Only changes that meet
all compliance requirements are allowed to stand; all
others are reversed or backed out.
✓ Inventory reconciliation: This is where changes
executed become reflected in the contents of the CMDB.
Only successful and valid changes affect the CMDB’s
contents; all transitory changes are ignored (or reversed,
depending on the kinds of tools used for NCCM).
These four stages form a management lifecycle, as shown in

Figure 1-1.
Design and Change authorization

planning analysis and implementation
Inventory Compliance
reconciliation checking
Figure 1-1: A typical process lifecycle for network configuration and

change management.
Remember the CMDB? As all this “change stuff” is underway,

each update or configuration item that changes as a result
must be documented, and the CMDB must be updated.
Automating this process saves huge amounts of labor and
prevents further complications owing to human error.
05_9781118060049-ch01.indd 9 4/12/11 5:53 PM

Why there’s always a rollback or

failover planned for changes
The basic form of Murphy’s Law is: “What can go wrong,
will.” Real life isn’t always unforgiving. A great many changes
actually do go through as planned without having to be
reversed or undone. But occasionally, prior testing and
analysis fails to capture some circumstance or event that
does cause a problem as a change is applied. And sometimes,
the engineers on hand are unable to counteract the problem
or devise a workaround to apply the change.
In such cases, a fallback or failover plan kicks in on its own

schedule. Such plans are designed to restore a network and
its systems to their pre-change states without impacting users
or scheduled workloads. Subsequent analysis can determine
what caused the problems, and another set of plans for a
future application may be built (or not, depending on the
results of problem analysis).
How NCCM processes match up

with management frameworks
Although network configuration and change management
figure prominently into the ISO network management model,
NCCM also plays a role in other important business process
models. These include:
✓ IT Infrastructure Library (ITIL): A key framework for IT

service management, ITIL covers designing, delivering,
monitoring, and maintaining information technology
services. In the ITIL V3 framework, change management
is part of its Service Transition processes, but is driven
by service design and operation, and continual service
improvement as well. Figure 1-2 shows how change
management plugs into the CMDB.
✓ Control Objectives for Information & related
Technology. Also known as COBIT, this is a best practices
framework for IT management issued in 1996 by the
industry group ISACA (the Information Systems Audit and
Control Association) and the IT Governance Institute in
1996. COBIT offers managers, auditors, and IT users a set
05_9781118060049-ch01.indd 10 4/12/11 5:53 PM

of generally accepted measures, indicators, processes,
and best practices for maximizing benefits from use of
information technology. The emphasis is on developing
functional and appropriate IT governance and control.
Change control figures into the Acquire and Implement
(AI) domain for COBIT, and falls specifically into the AI6
Manage Changes area, while configuration management
falls into the Deliver and Support (DS) domain, in the
DS9 Manage the Configuration area. The Monitor and
Evaluate (ME) domain also figures into this area, with its
emphasis on formal IT processes, internal controls,
regulatory compliance, and IT governance.
✓ Six Sigma. This business management strategy, originally
developed at Motorola in 1986, is still in wide use in
many industries, and sometimes finds applications
in IT deployment and use. Six Sigma’s key focus is on
identifying and removing the causes of errors and
problems in business processes, and is best explained by
the acronym DMAIC:
Financial Problem
Mgt. Mgt.
Service
Level Incident
Mgt. Mgt.
CMDB Config-
Capacity uration
Mgt. Mgt.
Availability
Mgt.
Release
Ch
Mgt.
an
ge
M
gt.
Figure 1-2: Although other management processes can affect the CMDB,
Change Management is the primary driver for all changes to
this body of data.
05_9781118060049-ch01.indd 11 4/12/11 5:53 PM

• Define the problem

• Measure the key aspects of the current process and
collect relevant data
• Analyze the data to investigate and verify causes
and effects
• Improve or optimize the process
• Control the future state process to ensure
appropriate service quality.
There is no explicit configuration or change
management component to Six Sigma, though it
can be used to develop such methodologies.
As network management frameworks go, the ITIL’s service

management model represents the current state of the art
for network configuration and change management. COBIT
comes in a close second, with Six Sigma being more of a
do-it-yourself toolset.
The Business Case for NCCM

A capable and powerful NCCM system brings significant
useful function and control to the network configuration
and change management process. Enterprises must often
overcome serious issues when deploying an NCCM solution —
especially in tying together all the many systems and network
components in an IT infrastructure, and enforcing a common
and consistent view of the processes involved.
As Figure 1-2 illustrates, configuration change activity can

originate from many different areas or groups within an
enterprise. Financial, availability, service level, and capacity
management teams can have inputs, as do groups that handle
incident management for security reasons or problem
management for customer or user support reasons. Likewise,
in-house software development teams have release
management processes that drive changes as well.
Key issues that any NCCM system should address must

include the following:
05_9781118060049-ch01.indd 12 4/12/11 5:53 PM

✓ Centralize the management and create a standard way to
represent configuration data for equipment and software
from multiple vendors.
✓ Provide sufficient flexibility to accommodate increasingly
virtualized components and infrastructures for networks
and systems. Not only are servers and clients likely to be
virtualized nowadays, but so also are network interfaces
(vNICs) and switches (vSwitches).
✓ Accommodate cloud services and components, including
Platform as a Service (PaaS) and Infrastructure as a
Service (IaaS), as well as Software as a Service (SaaS).
✓ Support rapid, on-the-fly configuration changes and
updates, particularly when such updates come from
service providers operating outside the premises and
control of the enterprise.
✓ Support powerful data/model workflow integration, so
that everyone shares a single, common, and consistent
view of configuration data and changes to be applied
to them.
✓ Support workflow integration, so that data can flow
between management systems, including NCCM systems
and other management consoles as needed. This ensures
nothing gets lost along the way and that responsible
parties participate as and when they’re needed. At its
best, integration naturally brings together all the parties
involved in change management not only as ITIL sees it,
but also as it works on the ground.
Why NCCM Matters

Why does this stuff matter? Because change isn’t only a
constant that must be carefully planned and managed.
Change needs to be managed because otherwise it might
provoke inefficiencies, upsets, or outright system or network
failures. In short, NCCM matters so much because it is needed
to ensure smooth, reliable, and ongoing function of key IT
systems and assets. This also explains why automation is a
key concern for any NCCM system. There is too much change,
too many data items involved, and too much opportunity
for human error to creep in, to handle configuration updates
manually.
05_9781118060049-ch01.indd 13 4/12/11 5:53 PM

05_9781118060049-ch01.indd 14 4/12/11 5:53 PM

Chapter 2
NCCM’s Business
Challenges
In This Chapter
▶ Understanding how to make NCCM effective and efficient
▶ Overcoming manual labor and human error
▶ Fitting into complex, multi-vendor environments
▶ Making the most of NCCM’s tools and capabilities
O rganizations interested in using network configuration

and change management systems face certain challenges.
Some of these challenges relate to resources and the vast
volumes of configuration data. Some of these challenges
are process- or procedure-oriented, and relate to how an
organization establishes and controls its use of NCCM tools.
Still other challenges come from the outside, and relate

to rules and regulations that stipulate how information —
particularly information related to customer or client records,
financial transactions, and accounts, and their privacy and
confidentiality — must be handled, audited, and stored.
Finally, organizations must recognize that configuration

data is particularly attractive and interesting to the criminal
element, both outside their network boundaries and among
their employees, contractors, and others allowed to work in
and on their networks.
There’s another elephant in this room, too. Industry analysts

observe that 50 to 80 percent of all downtime stems from
human error — resulting from incorrect or invalid changes
to systems and networks. Unfortunately, implementing
06_9781118060049-ch02.indd 15 4/12/11 5:54 PM

and managing changes manually introduces substantial

opportunities for errors. Such errors can be caused by
inadequate testing and planning or from using incorrect or
invalid configuration data as the point of departure when
applying changes to systems and networks.
In other words, the challenges that organizations face when

implementing NCCM are sizable. In fact, implementing NCCM
often requires rethinking of the way that IT operates, and
establishing formal, repeatable processes and procedures
to plan, manage, and document change.
Facing Down the Challenges

Implementing NCCM imposes formal structure and flow on
how change is planned and implemented. It also recognizes
that the processes involved must be clearly stated and well-
understood. All parties involved need to understand their
responsibilities to manage change in the best way possible.
The sections that follow explore issues that organizations

confront when considering use of NCCM tools and methods.
You learn how such issues are usually addressed when
implementing NCCM and putting a formal change management
process to work.
Taking time and effort up front

Make no mistake! The first steps to implementing NCCM are
huge: Collecting, assembling, and rationalizing configuration
data for an entire enterprise. To make that happen, you
must conduct a thorough and exhaustive inventory of all
systems and hardware devices, both physical and virtual,
in use in the enterprise. Then you must collect (and verify)
all configuration data.
The time and effort required to create an initial configuration

database, even with automated discovery and data acquisition
tools, usually involves one or two full-time employees for a
period from one to several months. At the same time, however,
planning for change processes and procedures can also get
underway.
06_9781118060049-ch02.indd 16 4/12/11 5:54 PM

Chapter 2: NCCM’s Business Challenges 17
Then you must do the same for your organization’s software
library, which is the sum total of all applications (and all
versions of such applications) that the organization uses.
Your team will invariably uncover a few surprises along
the way, which may necessitate hasty acquisitions of new
software licenses. This step causes many organizations to
acquire a new perspective on the thousands of applications
that they own and use — and which they must monitor and
manage as well.
Understanding that governance

is needed
In IT terms, governance means creating value for an organization
while managing risks and optimizing resources. The overarching
notion is to use all these activities to achieve enterprise goals.
Configuration and change management are ingredients in
governance processes, but they’re also subject to governance
themselves.
This means that organizations must be willing to understand

and own up to the requirements that attach to formal
governance to make the most of NCCM systems and methods.
This is another reason why buying into NCCM in particular,
and the concepts and methods of IT governance in general,
usually entails major changes to an organization’s culture,
mindset, and operating principles.
At the same time that configuration data is being collected,

assembled, and rationalized, and change processes designed
and planned, IT governance must become part of an
enterprise’s processes and procedures playbook if NCCM
is to succeed. This is usually driven by strong buy-in and
direction from executive staff, acting as a governing body,
with design and implementation coming from a management
and assurance team responsible for creating, maintaining, and
controlling a governance framework.
For a nice introduction to governance principles and practices

see ISACA’s and the IT Governance Institute’s “Governance on
A Page” at www.takinggovernanceforward.org/Pages/.
06_9781118060049-ch02.indd 17 4/12/11 5:54 PM

Ensuring compliance
Changes to IT devices, systems, and software don’t occur in a
vacuum. An NCCM system must be able to support two types
of compliance checking:
✓ Framework-based processes to ensure that changes

comply with requirements for formulation, approval,
implementation, and validation. Changes must be
checked and validated to make sure they comply with
standard best practices and procedures as specified in
ITIL, COBIT, and other frameworks (such as Frameworx,
formerly known as NGOSS for “New Generation Operating
Systems and Software” from the TeleManagement Forum).
This type of compliance checking aims to make sure that
changes are properly specified and formulated, have
been properly authorized and applied to their targets,
and are reflected in the current state of the CMDB and
related documentation. This helps ensure consistency,
and to make sure that unauthorized, unwanted,
incomplete, or incorrect changes aren’t allowed to stand.
✓ Mandatory processes to ensure that changes comply with
all applicable rules and regulations regarding their
application, content, and history. When enterprises
handle certain types of data or client records, rules and
regulations that govern such information must be followed.
In this case, checking compliance means maintaining
a required data trail of changes so their history can be
dissected and reconstructed as mandates require. It also
means performing and reporting on regular audits to
ensure proper and complete compliance is maintained.
And finally, it means reporting and handling incidents
related to potential data breaches or violations carefully,
transparently, and thoroughly.
Establishing and maintaining

security
NCCM systems must support management of network
security, and of the devices, systems, and software involved
in establishing and maintaining such security. Thus, NCCM
06_9781118060049-ch02.indd 18 4/12/11 5:54 PM

must be able to manage security components that include
intrusion detection and prevention systems (IDS/IPS), firewalls,
public key infrastructures (PKIs), and AAA (authentication,
authorization, and accounting) systems. NCCM systems must
also perform security logging, to attribute changes to specific
user identities at specific time stamps in a permanent record.
In environments where inter-network operations occur, NCCM

systems must interoperate with various third-party network
authentication and authorization environments. These
include TACACS+, RADIUS, and LDAP, among others.
An NCCM must be able to accommodate security updates and

patches for security infrastructure elements, and applications
and operating systems. This includes CERT-driven operating
system and application security updates, as well as vendor-
supplied security updates (like those released the second
Tuesday of each month for Microsoft operating systems and
applications through the Windows Update service).
Remote access control acronyms

TACACS+ (Terminal Access Controller now governed by a sizable collection
Access-Control System Plus) is of Internet standard RFC documents.
a Cisco proprietary protocol that See e n . w i k i p e d i a . o r g /
provides access control for rout- wiki/RADIUS for a complete list.
ers, network access devices, and
LDAP (Lightweight Directory Access
other networked computing systems
Protocol) is a network protocol
through one centralized server or
designed to provide access to a
several centralized servers. In gen-
directory and directory services via
eral, TACACS+ delivers AAA services.
an IP network. In practice, LDAP
RADIUS (Remote Authentication offers a thoroughgoing set of access
Dial-In User Service) is a network tools and controls that can deliver
protocol that provides centralized AAA services, along with directory
AAA management for computers services, service provisioning, and
seeking to connect and use various service location. Microsoft uses
network services. RADIUS started LDAP to manage access to its Active
as a proprietary technology, but is Directory services and information.
06_9781118060049-ch02.indd 19 4/12/11 5:54 PM

In keeping with best security practices, NCCM systems must

also support virus management. This includes identification
of virus-related network events, along with related impact
management and remediation or rectification changes. For
example, this might require rapid application of access
control list (ACL) changes to contain virus or worm
propagation on a production network.
Finally, and perhaps most important (for mandatory

compliance as well as best practices reasons), an NCCM must
support security audits on networks it manages. Human or
automated auditors must be able to assess security on network
devices. The NCCM must allow and support routine hardening
of all network devices to maintain acceptable security.
Limiting Manual,
Ad-Hoc Change
In a surprising number of organizations and enterprises, manual
methods for handling changes and updates remain the norm.
This approach leaves handling updates to groups responsible
for their maintenance and upkeep. It exerts no formal controls
over or requirements for planning, managing, and controlling
changes and updates. Updates are performed ad-hoc,
based on user requests or perceived need and urgency.
Documenting changes is left in the hands of those who make
changes, to be performed whenever they can, as best they
can — or perhaps never. The result is confusion and error.
Here are some of the drawbacks for manual change methods:
✓ They’re inherently inefficient. When manual methods

prevail, documentation often disagrees with actual
configurations. Conscientious staff members lose time
and expend extra effort confirming current status before
they proceed, and changes often fail because both
source and target states for change are mistaken or
misinformed. Haphazard documentation updates in the
wake of change also takes further time and effort, and
create further opportunities for human error.
✓ They create risk. Network configuration files are
syntactically complex (see Figure 2-1), so it’s easy to
introduce errors when making manual changes. In
06_9781118060049-ch02.indd 20 4/12/11 5:54 PM

addition, because manual change processes are often
based on incorrect or invalid data, they introduce added
risks of failure or post-install problems and failures in
affected systems.
✓ They’re usually slow and time-consuming. In fact,
manual changes may sometimes run longer than is
reasonable or workable for maintenance of a standard
working schedule. They might even cut into prime-time
working hours or important elements in business cycle
processing (end-of-month, -quarter, or -year accounting
and reporting interruptions or delays serve as dramatic
examples). When change processes are unplanned,
untested, and loosely scheduled, they often proceed
on a haphazard basis. Some changes may work, but
documentation or validation may follow only later, or not
at all. Some changes may fail, and subsequent repair or
remediation may exceed the time window allocated for
changes and updates to complete or be rolled back.
Figure 2-1: A portion of a network configuration file.
Supporting Multivendor
Environments
Interoperability is a must. Given that modern enterprise
networks usually include network and security devices from
many vendors, switches and routers from several more,
06_9781118060049-ch02.indd 21 4/12/11 5:54 PM

servers and storage systems from still other providers, it is

imperative that NCCM systems be able to communicate with
and interrogate all the devices and systems on the network.
The same goes for the thousands of software programs that
typically reside in an enterprise software library.
An NCCM system must be able to connect with one or many

devices or servers at the same time, all under the control
of a single, consistent management console and dashboard.
NCCMs need to function as well on remote networks as
on local ones. They should accommodate various ways to
interconnect geographically distributed networks. This means
support for MPLS, various routing protocols, Carrier Ethernet,
and other MAN/WAN technologies.
Gathering and managing configuration data, and tracking

changes to that data, means the NCCM system must be able
to acquire and log all such changes, no matter what kind
of managed elements sit on the other side of any network
connection. This goes for virtual instances as well as physical
ones. Equally important, an NCCM must be able to use
this data to validate changes, and then to update relevant
documentation to reflect all applied changes.
Examining the Great Chain

of Management Systems
Network configuration and change management is just
one area in the major models that describe how network
management should be practiced. In real production
environments, this means that NCCM systems must interact
with numerous other management systems to exchange
information and share data. This usually means interacting
with a performance and monitoring system, a software release
management and deployment system, and a help desk and
trouble ticket or customer support and follow-up system.
NCCM doesn’t function by itself. It needs to take inputs

from various systems, then provide those systems with
outputs as well. None of these outputs is as important as
the configuration documents that NCCM manages to reflect
06_9781118060049-ch02.indd 22 4/12/11 5:54 PM

current and valid configuration data. These ultimately drive
all system planning, operations, and activities, both inside
and outside the scope of NCCM.
Manual change methods simply can’t cope with enterprise

levels of volume, activity, and complexity. Simply put,
automation is the only way to wrestle enterprise configuration
data to the ground and to make it work properly. Thus,
automated NCCM systems offer the only real hope of
implementing and managing change management systems
that comply with governance concepts, best practices, and
all applicable rules and regulations.
06_9781118060049-ch02.indd 23 4/12/11 5:54 PM

06_9781118060049-ch02.indd 24 4/12/11 5:54 PM

Chapter 3
Making Best Use of NCCM

In This Chapter
▶ Automating yourself out of trouble
▶ Finding value in automated NCCM systems
▶ Finding key features in automated NCCM systems
T he only way to get anything out of a network

configuration and change management system is to put
one to work. Start by capturing and storing configuration
data for everything you’ve got, and keep up with changes as
they occur. Then make sure that what’s in the CMDB matches
precisely to what’s on the ground — or in the clouds, as
the case may very well sometimes be on today’s heavily
distributed and virtualized enterprise networks.
Sound like a daunting task? It is — but automation can help.

There is no better way to acquire configuration data for an
NCCM system, nor to handle and document configuration
changes as they occur going forward, than through intelligent
automation of configuration data acquisition and updates. If
there’s one hyper-critical attribute of a workable and usable
NCCM system, effective automation has to be it.
Without effective automation, human intervention of some

kind is needed to create and maintain the CMDB. Given the
tens of thousands of sets of configuration data in a typical
CMDB, with elements and associated values for all sets in the
millions of items, this isn’t the kind of chore anyone would or
should tackle manually. This chapter shows why the right way
to handle configuration data is to turn that responsibility over
to the NCCM system, and let it do its job.
07_9781118060049-ch03.indd 25 4/12/11 5:54 PM

Automation Meets
Key Challenges
When properly done, automation can handle all the
challenges associated with running and using NCCM properly
with ease. A well-designed, highly automated NCCM system
can deal with these challenges:
✓ Data acquisition and CMDB population: Even with large

numbers of systems and devices on modern networks
and large software libraries to document, modern NCCM
systems can ferret out and acquire the data they need
from the elements whose configurations need to find
their way into the CMDB. This may involve one-time use
of a special software agent or configuration intake tool,
but it can be scheduled and managed in a reasonable
amount of time. Once the acquisition phase is completed,
there’s no further need for ongoing interrogation and
documentation of configuration data.
✓ Automatic change and update handling: Once the
CMDB has been populated, only confirmed changes
need to find their way into that database. A modern
NCCM communicates with the systems and components
involved to track such changes, and to enter them into
the CMDB without human interaction or intervention.
✓ Centralized management and data for all hardware
and software components: The NCCM can interact with
hardware and software from any and all vendors, and
obtain any needed information. Thanks to automated
change tracking and recording, configuration updates
can be applied automatically to the CMDB.
✓ Standardized, consistent configuration data
representation: Thanks to standard and canonical ways
of capturing and representing configuration data, usually
based on XML (extensible markup language; which is
self-documenting and self-describing), hardware and
software components can present their configuration
data in a standard and highly readable form to an NCCM.
This makes it easy to get configurations into the CMDB,
and to make sense of its contents as well.
✓ Ability to handle virtualized and real physical
components and elements: Modern NCCMs are as able
07_9781118060049-ch03.indd 26 4/12/11 5:54 PM

Chapter 3: Making Best Use of NCCM 27
to acquire and manage configuration data for virtual
devices and components as they are real ones. That’s
because modern NCCMs use software that interacts
with individual elements directly, and inquires to obtain
configuration data or change information.
✓ Accommodate cloud services and components: Modern
NCCMs can work with remote devices, systems, and
programs via the Internet in much the same way that
they work with local networked elements. Combined
with support for virtualized items, this lets these systems
interact with cloud services and components to acquire
necessary configuration and change data.
✓ Support rapid, on-the-fly configuration changes and
updates: Particularly in virtualized environments, entire
virtual networks, hosts, and clients can move around
frequently and rapidly. Modern NCCM systems maintain
ongoing communications with such elements, and update
their configuration databases to keep pace with changes
automatically. Automated discovery across converged
Ethernet and IP network infrastructures lets the NCCM
detect as and when changes occur, and tune into them
immediately.
✓ Support powerful data model integration: This is
the foundation for NCCM, and is what permits such
systems to interact with hardware and software from a
multitude of vendors. Thanks to standard configuration
representations and ready network communications, the
configuration data on individual devices, systems, and
programs makes its way easily and automatically into the
CMDB via the NCCM.
✓ Support workflow integration: Workflow integration
enables the NCCM to interact with other management
systems in a transparent and tightly controlled way.
Information and approvals follow the work from system
to system, and updates propagate as and where they’re
needed.
✓ Offer extensibility, flexibility, and capacity to handle
future growth and expansion: Because the XML used
to capture and represent configuration data is easily
extended, new devices, systems, and software can be
added to the NCCM. Distributed, highly available consoles
and database management for the CMDB enable the NCCM
to adapt to just about any situation, and to accommodate
07_9781118060049-ch03.indd 27 4/12/11 5:54 PM

various models for operation and control. Modern server

clusters (or virtualized consoles and servers) make adding
capacity a simple matter of licensing and configuration
control — this time, for the NCCM itself! Such systems
can grow and change quickly, to keep pace with changing
situations and circumstances in the enterprise.
For an NCCM system to really do its job properly, it must be

ready and able to interact with complex, far-flung virtual and
physical devices, systems, and software across virtual and
physical networks of all kinds. Automation is the key to keeping
up with an ever-changing and evolving managed environment.
How Automated NCCM

Creates Value
Making a business case for a technology investment requires
you to understand whether — and how quickly — such an
investment can pay for itself. Traditional cost justification
models concentrate on key elements related to putting some
technology to work. These include outright cost reductions
that reduce capital outlays or lower costs of service,
subscription, or use. These models also estimate increases in
efficiency and productivity, and put a dollar value on those
additions to offset up-front and ongoing costs related to
the technology investment. In the same vein, a value is put
on any improvements to service levels that the technology
can deliver. And finally, a value is assigned for compliance
with applicable rules and regulations that the technology
investment can help to ensure.
In the sections that follow, you learn how NCCM systems can
deliver such value, and how they can be cost-justified for
acquisition, deployment, and use.
Reduced costs of operation

In general, network automation reduces staffing levels required
when such systems are in use. Because automated network
management may be centrally managed and staffed, constant
or regular presence in branch offices and smaller sites is
invariably reduced and sometimes becomes unnecessary.
07_9781118060049-ch03.indd 28 4/12/11 5:54 PM

Because NCCM systems rely on automated discovery and
updates to manage everyday changes and updates, IT staff
members are freed to concentrate on other higher-value tasks
and projects.
NCCM also helps to improve reliability and availability of

networks and systems. In addition to increases in efficiency and
improved service levels discussed in the following sections,
this also pays a nice dividend in requiring less staff time and
effort to detect, diagnose, and repair faults and problems.
When things don’t break as much, it’s not necessary to spend
as much time and effort to fix them, either.
A lower level of human involvement also helps to reduce

operator errors, and removes a major cause of inconsistencies
between the CMDB and the various networks, systems, and
software it represents. Industry analysts estimate that 50 to
80 percent of all network outages may be attributed directly
to errors introduced during manual change processes. When
automation is at work, such errors no longer occur, thereby
saving the costs of the outages themselves along with the time
and effort no longer required to set things right.
Increased efficiency
NCCM systems permit an enterprise to control the full
process of network design and modification on a continuing
basis. You don’t have to schedule such activity, or to allocate
extra resources to undertake it. The change management
process flows naturally into design, and tracks all
modifications as a natural consequence of its operation.
A formal change management process model also permits the

change process itself to be measured and monitored. This
results in more reliable networks and improved enterprise
productivity. Though more time is spent on planning and
working through the change process, the total effort involved
pales beside the effort required to troubleshoot problems
when they’re allowed to occur — not to mention the
urgency, the stress, and the unpredictability that outages can
introduce into productivity, output, and revenue forecasts.
A more reliable and predictable network means that workers

can be more productive, that users and customers will
obtain a better online experience, and that overall resources
07_9781118060049-ch03.indd 29 4/12/11 5:54 PM

and information can be used more quickly and effectively

to get the job done. Net overall increases in productivity of
10 percent are common, with higher numbers sometimes
measured as a result of formal change management.
Improved service levels

Fewer outages, plus more reliability and availability translate
into higher service levels across the entire enterprise. These
higher levels mean that individual work items are handled
more quickly, and users enjoy a more positive experience in
working with systems and networks. Putting a hard and fast
value on the benefits of improved employee morale can be
difficult, but no such problems attach to the value of the work
they produce as a consequence. A 10 percent improvement
in output with little or no increases in cost makes a very nice
contribution to the bottom line.
Similar improvements in remote or Web access can also pay

extra dividends. When their user experience is uniformly
positive, employees are more inclined to put in extra
hours on the road or at home, when they’re off the clock.
Likewise, enterprises with substantial customer-facing online
operations can achieve round-the-clock improvements in
sales and service delivery when users are glad to interact with
information assets online. They’ll be more eager to log on, and
less likely to log off quickly, when service levels encourage
their appetites for online interaction.
In situations where service levels come with guarantees,

or so-called service level agreements (SLAs), improved
service levels will translate more directly into bottom-line
improvements. If an organization needs to devote less time
and effort to handling service-level reports and complaints,
they’ll save on the staff costs always involved in working
such things through. And because many SLAs assess financial
penalties when they’re not met, organizations can avoid those
losses if service levels remain at or above guaranteed levels
more of the time.
Ensuring compliance
In many industries, information services must meet regulatory
requirements for specific kinds of data, especially financial
07_9781118060049-ch03.indd 30 4/12/11 5:54 PM

transactions, credit-card processing, and handling of customer
medical records and information. Maintaining compliance
normally includes providing proof in the form of auditing and
related reports. When faults, data breaches, or other incidents
occur, various reports and notifications are required, and can
come with substantial penalties when compliance isn’t achieved.
Formal change management systems help to document

compliance as a natural consequence of the data they
manage, monitor, and report on. This information can also
speed audit processing and reduce the time, effort, and cost
involved in meeting related reporting requirements.
And because formal change management enables changes

to be checked for compliance requirements as part of the
management process, unintended breaches or violations are
far less likely to occur. Compliance efforts and activities are a
regular part of the overall process, rather than an exceptional,
every-now-and-then effort. This makes problems far less likely
to occur, and associated costs and reputation damage far less
likely to be assessed.
Key Attributes and Features of

an Automated NCCM System
When choosing an automated NCCM system, enterprises need
to be aware of lots of features and functions. In particular,
choosy buyers should look for certain key attributes and
features like these:
✓ Network configuration version management. Automatic

numbering and tracking of configuration data (and
even data elements) is important for keeping track of
configurations over time, but also essential to successful
rollbacks or change reversals. Version information also
permits history to be fully reconstructed for after-the-fact
problem analysis and process-improvement purposes.
✓ Network document generation. Automatic generation
of network documents ensures that IT staff members are
always working from current and correct information
as they handle incidents or problems, or plan for future
change and growth. Because so many errors that occur
07_9781118060049-ch03.indd 31 4/12/11 5:54 PM

in manual systems come from outdated or incorrect

documentation, it’s hard to overstate the importance
of this capability.
✓ Network change job scheduling. Managing change
requires formal scheduling of change jobs (when
changes get executed). Time slots have to match the
job requirements, and there has to be sufficient time for
rollback or reversal if any problems occur as changes
are applied.
✓ Change process management. The ITIL model described in
Chapter 1 takes continual service improvement as a central
principle in creating a formal and effective discipline for
service delivery. Where change is concerned, this means
monitoring and managing the change process itself, just
like any other process. This is the only way to improve
the change process, and to achieve higher efficiencies and
fewer faults in how that process operates.
✓ Distributed device communication and control. Today’s
networks are far-flung, highly distributed, and virtualized.
A capable NCCM must be able to reach out and interact
with devices, systems, and software no matter where
they’re located, or whether they’re real or virtual, with
nary a hiccup nor an access issue. This capability is an
absolute must for today’s complex enterprise networks.
✓ Change auditing and reporting. To capture information
about the change process, to track configurations over
time, and to ensure compliance, NCCM systems must
incorporate automatic auditing and reporting facilities.
This makes producing necessary and valuable reports easy
and timely, and helps ensure that NCCM is doing its job.
✓ Extensible, flexible data modeling and capture. Today’s
enterprise networks include all kinds of devices, systems,
and software. NCCM systems must be able to capture and
represent all those configurations, and to accommodate
new devices — and entirely new technologies — as
systems change and evolve going forward.
All in all, NCCM systems represent a formidable collection of

communication, command and control, data collection and
management, and auditing and reporting capabilities. Buyers
must be careful to ensure that any systems that make it onto
their short lists of final candidates excel in all of these areas.
07_9781118060049-ch03.indd 32 4/12/11 5:54 PM

Chapter 4
Maximizing Automated
NCCM
In This Chapter
▶ Looking at specific companies that put NCCM to work
▶ Examining the benefits of NCCM for real-world companies
▶ Understanding how EMC Ionix Network Configuration Manager works
W ell-run companies look for innovative ways to retain

customers, get new customers, and stand out among
competitors. In the network services industry, switching to
network configuration and change management (NCCM) is a
prime way to meet those goals.
In this chapter, I look at four companies that chose an NCCM

solution, and why. While browsing those case studies, if any
of the scenarios sound familiar (same challenges in your
shop?), keep reading for a description of the benefits the
companies realized after making the switch to NCCM. Finally,
we offer a birds-eye view of EMC Ionix Network Configuration
Manager.
Putting NCCM to Work

Previous chapters described the virtues of NCCM in general
and its value to companies. Now take a look at how four well-
known companies have improved their services, and their
customers’ businesses, by putting NCCM to work.
08_9781118060049-ch04.indd 33 4/12/11 5:54 PM

CompuCom Systems, Inc.

CompuCom Systems, Inc., is an IT outsourcer for Fortune 500
companies in energy, finance, healthcare, pharmaceuticals,
manufacturing, and retail. CompuCom designs, deploys,
and manages IT infrastructures, in addition to developing
applications and providing governance services.
Many of CompuCom’s clients began processing applications

in real time and over wide-area networks. The result was
heavier network loads that slowed performance. On the
support side, large-scale network configuration updates were
time-consuming. CompuCom administrators made many
updates manually, which sometimes required upwards of two
weeks to complete. In addition, it could take CompuCom up
to 15 minutes to poll customer devices and over four hours
to generate network maps for root-cause analysis. Senior
management knew that today’s business climate requires
much faster response and resolution times.
CompuCom needed a real-time monitoring and management

solution that gave them true visibility into their customer’s
networks. Visibility in this sense means to be aware of the
devices, services, and data on a network. The better the
visibility, the easier it is to detect and resolve network faults
quickly.
CompuCom chose two products: EMC Ionix IT Operations

Intelligence (ITOI) and EMC Ionix Network Configuration
Manager (NCM). The combination of products lowered the
number of monthly trouble tickets by 75 percent, dropped the
time needed for root-cause analysis to less than one hour, and
reduced the time for network configuration updates to about 30
minutes. As a boost to the company’s bottom line, CompuCom
saved over $500,000 in the first year the tools were deployed.
Reliance Globalcom
Reliance Globalcom (formerly Vanco) is a leader in global
business communications. This network service provider
offers data, voice, video, security, and remote access services.
Customers around the world rely on Reliance Globalcom to
design, deploy, and manage their global communications
networks.
08_9781118060049-ch04.indd 34 4/12/11 5:54 PM

Chapter 4: Maximizing Automated NCCM 35
Reliance Globalcom has always had high customer
satisfaction rates. However, as customers deployed new
technologies, their needs changed, requiring Reliance
Globalcom to keep pace. Another hurdle was integrating
products from different vendors.
To remain the go-to network service provider for current

customers and attract new customers, Reliance Globalcom
had a laundry list of requirements for a new technology
solution. The tool needed to:
✓ Manage IT service delivery more efficiently

✓ Automate problem and fault tasks, and configuration and
management tasks
✓ Provide complete integration with other vendor’s
products
✓ Enhance security and demonstrate compliance with
customers’ corporate and regulatory requirements
✓ Allow absolute control over the IT environment to
maintain quality and ensure accuracy of compliance,
change, and configuration processes
✓ Reduce overall costs
Like CompuCom, Reliance Globalcom chose EMC Ionix for

IT Operations Intelligence (ITOI) and EMC Ionix Network
Configuration Manager (NCM). The combined solution
allowed Reliance Globalcom to meet its goals. Among other
benefits, the company’s operations became much more
efficient, reducing the time to push an update to all systems
from hours to minutes, with no errors. NCM also allows
the company to control who may see and make updates,
and consistently monitor compliance across devices and
networks.
CUNA Mutual Group

From its offices in Wisconsin, the CUNA Mutual Group
provides insurance, loans, and other financial services to
credit unions and their members. As a financial company,
it must protect its customers’ data and privacy, so IT
infrastructure security is a top priority.
08_9781118060049-ch04.indd 35 4/12/11 5:54 PM

With more and more viruses, worms, and other threats hitting
companies daily, CUNA Mutual took a hard look at the level
of security across its business units. The company found that
manual IT configuration changes to its more than 500 network
devices created security vulnerabilities, mainly because
different staff made changes in different ways. Standardization
was needed to make network updates consistent, regardless
of who performed them. And the company needed a way to
audit those changes to ensure they were done according to
regulatory requirements and internal security policies.
CUNA Mutual chose EMC Ionix Network Configuration Manager

(NCM) to streamline its configuration change process —
eliminating errors and providing an automated way to prove
security compliance. Another big plus was the return on
investment. Because the change process was automated, IT
staff had much more time to focus on mission-critical tasks
rather than routine maintenance.
NEC Unified Solutions

NEC Unified Solutions provides unified communications
systems to Fortune 1,000 customers. The products include
networks and network security, Internet Protocol (IP) and
wireless communications, video solutions, and much more.
As many of NEC Unified Solutions’ customers migrated

to new technologies, such as voice over IP (VoIP), the
company looked for new ways to meet customer demands.
One way was to expand from basic remote monitoring to
full remote management. To give remote customers the
best possible support and minimize downtime, NEC Unified
Solutions needed a highly reliable configuration and change
management solution.
The company selected EMC Ionix Network Configuration

Manager (NMC). The tool let NEC Unified Solutions “see”
customer networks completely, which made problem
resolution much faster. Manual configuration changes, and
even new deployments, became automated. The solution also
let NEC Unified Solutions more easily provide backup and
audit trails of configuration changes.
08_9781118060049-ch04.indd 36 4/12/11 5:54 PM

Here’s the Beef: Value Resulting

from Automated NCCM
The four companies in our case studies realized a string of
common benefits:
✓ Comprehensive network management: The companies

gained a single, comprehensive management view of
their network environments. Reliance Globalcom, for
example, had full visibility from one interface when
managing a multi-vendor network.
✓ Compliance auditing: The companies were able to
track and audit configuration changes automatically.
Doing so allowed them to maintain compliance with
internal policies in addition to industry and regulatory
requirements.
Compliance is like a spectrum. In addition to things like
regulations, IT teams increasingly want to align with best
practices, such as those outlined in Information
Technology Infrastructure Library (ITIL). Even having a
mechanism to ensure consistency among workgroup
teams can be key to an organization. No executive wants
to unnecessarily take on the business risk associated
with all individuals on a network team handling change-
related processes inconsistently.
✓ High return on investment: Because the EMC NCM
solution automates tedious manual tasks, and eliminates
errors, the companies saved significant money on
personnel costs. NEC Unified Solutions, for example, was
able to eliminate onsite installation services and manual
activations. Automation decreased the time needed for
customer deployments, and slashed the cost of providing
those services.
✓ Ongoing network operational efficiency: Although
return on investment (ROI) and payback period
associated with NCCM is compelling and quick, the real
value comes from the ongoing operational application of
automated NCCM. Saving time, avoiding problems, and
ensuring compliance results in more efficient operations
day in and day out. That increased efficiency reduces
costs, and lower costs mean higher profitability.
08_9781118060049-ch04.indd 37 4/12/11 5:54 PM

Introducing the EMC Ionix

Network Configuration Manager
EMC Ionix Network Configuration Manager is an automated
network compliance, change, and configuration management
tool that works seamlessly in physical and virtual
environments.
One of the characteristics that makes it unique is its scalable

and flexible model (shown in Figure 4-1). This model means
customers can use the tool to custom-configure their networks,
rather than having to adjust their processes to fit the tool.
EMC’S Network Change and Configuration Manager (NCM)

Automated Change, Configuration, and Compliance Management
Report Manager DB Server Application Server Device Server

• Executive level views
• Compliance reports
• Inventory reports
• Change reports
Change and Configuration

Management
Multi-Vendor Network Infrastructure
Switches Access Points

Broadband
VPN Routers
Concentrators Firewalls Routers
Wireless
Optical Switches Routers
Multi-vendor network infrastructure discovery
Figure 4-1: The Network Configuration Manager model includes a

multi-tiered architecture.
Network Configuration Manager integrates three important

network management processes: design, change, and
compliance.
Design
Before rolling out changes or new configurations, Network
Configuration Manager helps you create an implementation
08_9781118060049-ch04.indd 38 4/12/11 5:54 PM

design. In this phase, you plan for and set up change automa-
tion using templates — called Golden Configs in EMC-speak.
The tool’s interface, shown in Figure 4-2, is intuitive and easy

to use, even when supporting large networks. It displays the
information you need or makes it available with only a click or
two of your mouse.
VoyenceControl was the precursor to Network Configuration

Manager. Some of the Network Configuration Manager screens
still carry the VoyenceControl logo and branding.
Figure 4-2: The Network Configuration Manager interface lets you easily
design, and then implement, change management tasks.
Change
After you design a change, you’re ready to push it to your
network devices automatically. This automation is what
replaces manual change processes and reduces or eliminates
human errors. You don’t need to log in to devices individually
to change configs, spending days or weeks to update large
networks. No more bare-metal provisioning, no more site
08_9781118060049-ch04.indd 39 4/12/11 5:54 PM

visits. The system performs discovery on a per-device basis

(see Figure 4-3), providing flexibility for the customer.
Figure 4-3: An example of the Auto Discovery feature for Network

Configuration Manager.
The management system runs on an application server,

which can manage one or thousands of devices from different
vendors. That design allows the environment to easily scale
to meet needs of network environments — large, midsize, and
small.
Pre- and Post-Compliance

Stepping back a bit, Network Configuration Manager’s audit
design feature helps ensure your automated change will
be in compliance with regulations and policies before you
implement changes.
Network Configuration Manager provides built-in policy tem-

plates for regulations including Payment Card Industry (PCI),
Sarbanes-Oxley Act of 2002 (SOX), Gramm-Leach-Bliley Act
(GLB), Statement on Auditing Standards No. 70 (SAS 70), and
Health Insurance Portability and Accountability Act (HIPAA).
Once changes are made, the software tracks all changes

individually. You can check settings and generate reports
through the management interface on demand.
08_9781118060049-ch04.indd 40 4/12/11 5:54 PM

Chapter 5
Ten Top Reasons to Pick

Automated NCCM
In This Chapter
▶ Saving time, money, and human resources
▶ Meeting best practices, governance, and compliance requirements
▶ Reducing outages and downtime
▶ Eliminating risk of costly human errors
▶ Keeping configuration changes in sync
T raditionally, every For Dummies book ends with a Part

of Tens.
Why is this? Think about it, then answer these puzzlers:
✓ How many commandments did Moses bring down from

the mount?
✓ How many fingers do most people have on both hands?
✓ Solve the unknown in this phrase: “Top X List”
So here are ten benefits of network configuration and change

control.
Save Money and Time

Automated NCCM makes managing change faster, but also
easier to plan for, implement, validate, and document. By
adopting formal change control processes and procedures,
09_9781118060049-ch05.indd 41 4/12/11 5:54 PM

and using automated NCCM, organizations reduce the amount

of time it takes to implement changes, thereby reducing needs
for staff time, problem-solving, and rollbacks.
Automated NCCM users save money on IT staff costs and time

spent dealing with configuration changes.
Refocus IT Efforts
Automated NCCM users can refocus IT efforts on planning and
proactive efforts to create new IT services and innovate for
the business, rather than spending those efforts on manual
change activity.
Meet IT Governance and Service

Management Goals
In the NCCM world, compliance takes two different forms.
The first form usually deals with meeting IT governance and
service management process models, and helps to ensure
change management is working properly, efficiently, and
reliably. Automated NCCM users can verify and audit that
changes are authorized and correctly implemented. They can
also use change processes to manage the change process
itself!
Achieve Legal and Regulatory

Compliance
The second form deals with legal and regulatory compliance,
and the planning, assessment, auditing, and reporting it
requires. Automated NCCM helps to facilitate both. Automated
NCCM users can integrate regulatory and legal compliance
requirements into their change planning, authorization,
implementation, verification, and audit processes. This makes
compliance issues routine to track, manage, research, and
report.
09_9781118060049-ch05.indd 42 4/12/11 5:54 PM

Chapter 5: Ten Top Reasons to Pick Automated NCCM 43
Bust Downtime
Proper network configuration and change management results
in networks that are more reliable and available, and less
subject to service degradations or outright outages. All these
things contribute to a better end-user experience, and even
to meeting or exceeding service level guarantees. Automating
configuration changes using NCCM reduces downtime, as
compared to manual change control methods.
Improve Productivity
Improved service delivery and a better end-user experience
derived from NCCM systems translate into improved
productivity.
Beat Human Error

Manual change processes and procedures are fraught with
error and create regular problems with applications, services,
and network access. Industry analysts estimate that errors
related to unforeseen or unwanted side effects resulting
from manual changes account for the vast majority — 50 to
80 percent — of service outages. Automated NCCM eliminates
human errors associated with manual change control, and
gives that time and access to those resources back to the
enterprise. Automating change control procedures and
related documentation helps to reduce errors significantly
through proper planning, authorization, execution,
verification, and audit.
Match Real Configurations

Automating change control procedures and related recording
of those changes ensures that configurations referenced in
planning match real configurations in service. This removes a
key source of error in the change management process.
09_9781118060049-ch05.indd 43 4/12/11 5:54 PM

Work from Correct

Configurations
When it comes to understanding and explaining the errors to
which manual change control is subject, the most common
root cause is attributed to incorrect, invalid, missing, or
out-of-date configuration data for the devices, systems, and
software involved. Automated NCCM ties into the change
management database (CMDB), making it easy and automatic
to keep changes to systems — whether real or virtual — in
agreement with each other.
Validating configuration changes ensures that configurations

in the CMDB agree with configurations on the ground.
Attain Complete Coverage

Flexible and far-reaching network communications and
support for devices, systems, and software in NCCM ensures
that systems can capture and manage all configurations for
the whole enterprise. This ensures complete, consistent, and
correct coverage.
09_9781118060049-ch05.indd 44 4/12/11 5:54 PM

About EMC
EMC Corporation (NYSE: EMC) is the world’s leading developer and
provider of information infrastructure technology and solutions that
enable organizations of all sizes to transform the way they compete
and create value from their information.
Helping Customers Accelerate the Journey to the Cloud

EMC helps customers meet critical business challenges with a comprehensive
set of offerings, including unique capabilities that allow organizations to
gain visibility into their virtualized and cloud environments, standardized
planning processes, change control operational processes, and automate
time consuming tasks using a scalable policy driven approach.
Information about EMC products and services that help to simplify and
automate IT infrastructure management as you move from physical to
virtual to cloud computing can be found at www.EMC.com.
Address
EMC
176 South St
Hopkinton, Massachusetts 01748
United States of America
Compliments of EMC Edition
Understand the basics of
network configuration and Open the book and find:
change management
on f ig u ratio n
Network C
• A list of reasons to pick
If you’ve ever been curious about network NCCM
configuration and change management —
an ag e m en t
& Change M
abbreviated in this book as NCCM — you’ve got • Why managing change on
the right book. Here, you can find out what’s up complex networks is critical
with NCCM, and why acquiring and managing
• How to find value in
such information is so important to so many automated NCCM systems
enterprises and large-scale organizations.
• Information on EMC
• An NCCM primer — with explanations of technology
basic concepts and terms
• Examine the challenges — particularly when
configurations and their changes are handled
in a manual environment
• Automating NCCM — the many and
substantial benefits of automating NCCM
and letting intelligent computer systems
manage changes to configuration data
Making Everything Easier! ™ Learn to:
• Business use cases — that illustrate and
illuminate the business benefits to using • Understand why you need an
automated NCCM systems automated network configuration
and change management system
Go to Dummies.com® • Successfully manage change in a
for videos, step-by-step examples, complex multi-vendor network
how-to articles, or to shop!
environment
• Make a business case for your
NCCM system
978-1-118-06004-9
Not for resale Ed Tittel

Network Configuracion Change Management PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Network Configuracion Change Management PDF

Uploaded by

Copyright:

Available Formats

Compliments of EMC Edition

Understand the basics of

Helping Customers Accelerate the Journey to the Cloud

01_9781118060049-ffirs.indd i 4/12/11 5:53 PM

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE

01_9781118060049-ffirs.indd ii 4/12/11 5:53 PM

Chapter 1: Understanding Network Configuration

Chapter 2: NCCM’s Business Challenges . . . . . . . . . . . .15

Chapter 3: Making Best Use of NCCM . . . . . . . . . . . . . . .25

Chapter 4: Maximizing Automated NCCM . . . . . . . . . . .33

Chapter 5: Ten Top Reasons to

02_9781118060049-ftoc.indd iii 4/12/11 5:53 PM

Acquisitions, Editorial, and Composition Services

Publishing and Editorial for Technology Dummies

03_9781118060049-flast.indd iv 4/12/11 5:53 PM

Although NCCM may sound strange, or perhaps even a bit

Major players in many industries, from network and

About This Book

04_9781118060049-intro.indd 1 4/12/11 5:53 PM

of devices and systems are present, and to identify what

How This Book Is Organized

✓ Chapter 1: Offers an NCCM primer with basic concepts

These chapters are designed to stand alone, so if you’re

Icons Used in This Book

04_9781118060049-intro.indd 2 4/12/11 5:53 PM

Use this on-target info to help maximize your investment in

04_9781118060049-intro.indd 3 4/12/11 5:53 PM

04_9781118060049-intro.indd 4 4/12/11 5:53 PM

N etwork management is deceptively simple-sounding.

In fact, network management is complex enough for the

This chapter briefly explores the components of the FCAPS

05_9781118060049-ch01.indd 5 4/12/11 5:53 PM

The Very Basics of FCAPS

✓ Fault Management: The goal of this activity is detecting,

As you dig more deeply into network configuration and

1. Gather and store configuration data about everything

05_9781118060049-ch01.indd 6 4/12/11 5:53 PM

Given a relentless focus on configuration data, it should come

What is network configuration?

Throw in a typical enterprise software library, which normally

05_9781118060049-ch01.indd 7 4/12/11 5:53 PM

What is change control?

Why is this kind of structure necessary? The simplest

Why planning for change makes sense

Thus, most prudent business managers won’t risk a “try it

What’s a change planning process? Glad you asked:

✓ Design and planning analysis: Change is inevitable, but

05_9781118060049-ch01.indd 8 4/12/11 5:53 PM

These four stages form a management lifecycle, as shown in

Design and Change authorization

Figure 1-1: A typical process lifecycle for network configuration and

Remember the CMDB? As all this “change stuff” is underway,

05_9781118060049-ch01.indd 9 4/12/11 5:53 PM

Why there’s always a rollback or

In such cases, a fallback or failover plan kicks in on its own

How NCCM processes match up

✓ IT Infrastructure Library (ITIL): A key framework for IT

05_9781118060049-ch01.indd 10 4/12/11 5:53 PM

05_9781118060049-ch01.indd 11 4/12/11 5:53 PM

• Define the problem

As network management frameworks go, the ITIL’s service

The Business Case for NCCM

As Figure 1-2 illustrates, configuration change activity can