Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Network Configuration Manager Training - [Season 4] Part 1 - Configuration backup & disaster recovery

271 views

Published on

In this session, you'll learn how to discover devices into Network Configuration Manager using device templates, proper ways of adding credentials, configuration backup's and its importance, and disaster recovery.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Network Configuration Manager Training - [Season 4] Part 1 - Configuration backup & disaster recovery

  1. 1. Welcome to Network Configuration Manager training – Part 1
  2. 2. Configuration backup & Disaster recovery Free Network Configuration Manager Training – Part 1
  3. 3. Can you hear me? Can you see the presentation? Please confirm by commenting on the chat panel.
  4. 4. Trainer Renuka Govindarajan Network Configuration Manager
  5. 5. • Manual Configuration changes • Faulty configuration changes. • Unplanned, unauthorized configuration changes to their network devices • Business needs demand frequent, quick configuration changes. Task becomes complex when multiple administrators manage devices from multi-vendors. • Keeping track of configuration changes Why is a tool needed for configuration management?
  6. 6. NCM offers a perfect solution for all the above issues: • Designed to automate the entire lifecycle of device configuration management. • Process of changing configurations, managing changes, ensuring compliance and security are all automated. • Helps in ensuring high levels of security in the network What does NCM do?
  7. 7. Minimum system requirements 2.4 GHz dual-core processor, or equivalent 12GB RAM 50GB storage PostgreSQL/MSSQL Windows/Linux The above given specifications are for an environment with 1000 devices. Refer: System requirements
  8. 8. Agenda • Initial setup • Device discovery & templates • Credentials • Configuration backups & upload • Real-time change detection & change management • Disaster recovery
  9. 9. Initial setup -Ports & protocols SNMP Profile Device discovery and Device template Backup credential
  10. 10. Pre-requisites: Ports & Protocols Protocols: SSH, SCP, TFTP Ports: 69 – TFTP | 22 – SSH/SCP | 514 – Syslog 13306 – Postgres database
  11. 11. Device discovery SNMP Request SysOID SNMP Profile V1, V2, V3 NCM Discovery Add device & associate with corresponding device template Match received SysOID with default/custom SysOIDS Match found Match not founddevice not added
  12. 12. Device discovery Single device: -IP Address Bulk discovery: - IP range - CSV file import
  13. 13. ‘Device is not responding for SNMP requests’ Common causes: The device is reachable yet not responding: - Incorrect SNMP read community - Disabled SNMP in the device Possible error:
  14. 14. Device not added Common causes: Device reachable & SNMP community is correct but still device is not getting added: 1. Device SysOID not mapped with any device template Fix: Add sysOID to device template at SysOID finder in settings. Possible error: 2. No default device template is available in NCM for the particular device type Fix: Add/clone new device template. or Contact NCM support
  15. 15. Device template What are device templates and what are they used for? Device specific configuration commands : • Configuration backup • Configuration upload • Enable/disable syslog change detection • Fetching hardware information
  16. 16. Built-in device templates for 4000 device models Customizable device templates Share with network admins around the world.
  17. 17. Manual device addition Single device - IP Address/Hostname - Vendor - Device template Bulk addition -CSV File import Format: <Hostname/ IP Address>,<Device Template Name>,<Series>,<Model>
  18. 18. Inventory list
  19. 19. Backup credential Possible combinations of protocol for backup: • SSH/TELNET • SSH - TFTP / TELNET - TFTP • SSH - SCP • SNMP - TFTP
  20. 20. SSH / TELNET SSH / TELNET Device configuration Encrypted configuration stored in database Config backup commandsNCM
  21. 21. SSH/TELNET - TFTP Inbuilt TFTP Server Config backup commands Config file transfer using TFTP Encrypted configuration file stored in DB NCM SSH/TELNET - TFTP
  22. 22. SSH - SCP SCP Server Config backup commands Config file transfer using SCP Encrypted configuration file stored in DB NCM SSH - SCP
  23. 23. SNMP - TFTP SNMP Request for config backup Configuration file transfer using TFTP TFTP Server Encrypted configuration file stored in DB NCM
  24. 24. How to provide credentials? Refer: https://download.manageengine.com/network-configuration-manager/Device-Expert-Credentials-Tutorial.pdf
  25. 25. When password & enable password is configured:
  26. 26. No enable mode configured: admin #
  27. 27. Password & enable password configured: enable
  28. 28. Directly going to enable mode enable admin
  29. 29. 3Com router : manager
  30. 30. Credentials are valid but file transfer is failed Common cause: 1. TFTP or SCP servers have not been started. Fix: Check running status of TFTP or SCP servers in NCM server settings. (69 & 22) 2. Timeout due to config file size Fix: Increase backup timeout value in the corresponding device template. Possible error:
  31. 31. Configuration backup • Why should you backup? • Instant (Single & Bulk) • Real-time change detection • Scheduled
  32. 32. Real-time change detection • What is it? Configuration change made Configuration change made Configuration backup • Why is it important? • How does it work?
  33. 33. Syslog listener How does it work?
  34. 34. We don’t support Enable Change Detection for this device. Common cause: NCM doesn’t support syslog for the particular model. - Fix: Enable syslog by connecting to the device and executing the enable syslog commands manually. or Contact NCM support. Possible error:
  35. 35. Change detection is enabled but change is not detected Common cause: When the device & NCM support syslog, - Mismatched ports - Check NCM syslog server running status in NCM server settings Possible error:
  36. 36. Scheduled backup • Routine everyday backups • Monthly / Weekly / Daily / Hourly / Once
  37. 37. Schedule failure Common causes: Particular device credentials incorrect.
  38. 38. Backup failure Common causes: 1. Credentials are changed or invalid. 2. Ports blocked or TFTP/SCP server not started • Check port 69 & 22 (TFTP & SCP) in NCM server settings 3. Huge config file • Fix: Change the timeout settings in the corresponding device template. 4. Unsupported backup commands • Edit the commands in device template or create a new device template by cloning the closest template.
  39. 39. Change management • Change tracking, versioning & history • Compare configurations
  40. 40. Change tracking, versioning, & history • View all changes made in a device • Automatic configuration versioning • Know the who, when & what of each change • Know the historical change trend of a device • View the number of modified, deleted & added config lines
  41. 41. Compare configurations • Compare different versions of same device • Compare different devices configurations • View colour coded differences: added, modified & deleted
  42. 42. Disaster recovery What’s a disaster in networks? • A network outage • A security breach • Performance degradation of business critical services and applications
  43. 43. How to be prepared? • Baseline configuration • Startup/running sync • Change notification & rollback • Export configuration | Upload draft
  44. 44. Baseline configuration • What is it? • Why is it important? • How to use it in times of disaster?
  45. 45. ‘We don’t support upload feature for this device’ Common causes: • TELNET/SSH protocol doesn’t support upload • Fix: Edit the credential and Change the protocol from SSH, TELNET to SSH - TFTP, SSH - SCP , TELNET -TFTP depending the devices. • When SCP/TFTP protocol is used: • Device vendor supports but NCM device template doesn’t have upload commands for the specific device. • Fix: Clone/create a new device template with suitable SCP/TFTP commands or Contact NCM support Possible error:
  46. 46. Startup/running sync • Why is it important? • Loss of changes made in running configuration during device reboot • How NCM helps? • Detects conflict • Sync configurations
  47. 47. ‘Upload failure’ Common causes: 1. Command timeout Fix: Change timeout in device template command settings for the device type. 2. Based on the protocol, check the running status of TFTP & SCP servers in Server Settings. Possible error:
  48. 48. ‘Change happens, but startup-running conflict is not detected by NCM in real-time.’ Common cause: Disabled real-time change detection. Fix: - Enable change detection if syslog is supported. - If syslog is not supported, the startup-running conflict will be detected and reported after the next successful schedule backup or manual backup operation. Possible error:
  49. 49. Change notification & roll back Configure change notifications • Email • SNMP Trap for change event • Trouble ticket • Generate syslog message for change event Associate notification profile to devices/device groups. • Roll back To previous version To baseline version
  50. 50. Export config • Readable format • Local/shared storage • Schedule
  51. 51. Part 2 on 12.00 PM EDT | 28th august Automation, notification, compliance & reports Agenda: • Scheduling configuration tasks • CLI Configlets • Compliance (PCI and others) • Role based Access control (change approval) • Notification & Alerts • Reports
  52. 52. Let’s keep in touch! hemalakshmi.b@manageengine.com https://www.youtube.com/channel/UCHLusaahd4nS9esD3xBVeUQ https://forums.manageengine.com/network-configuration-manager

×