Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Network Configuration Manager Training - [Season 7] Part 1 - Configuration backup & disaster recovery

97 views

Published on

In this session, you'll learn how to discover devices into Network Configuration Manager using device templates, proper ways of adding credentials, configuration backup's and its importance, and disaster recovery.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Network Configuration Manager Training - [Season 7] Part 1 - Configuration backup & disaster recovery

  1. 1. Welcome to free Network Configuration Manager training session
  2. 2. Trainer Hemalakshmi Product Expert ITOM - Network Configuration Manager
  3. 3. Training schedule Week Module Date Schedule Status 1st Configuration backup and Disaster recovery Mar 12th 11.30 am EDT In progress 2nd Configlets, compliance, RBAC, and reports Mar 19th 11:30am EDT Upcoming https://www.manageengine.com/itom/free-training/network-configuration- manager.html
  4. 4. Configuration backup & Disaster recovery Part 1
  5. 5. Why is a tool needed for configuration management? Minimize configuration errors Detect changes in real time Roll back to trusted configuration Stay compliant to your policies and standards Streamline the maintenance process
  6. 6. What does NCM do? Network Configuratio n Manager Configuration rollback Configuration comparison Real time change detection Change review and approval mechanism Remote firmware upgrade Job scheduling User based access Policy compliance verification
  7. 7. Agenda • Requirements for installing Network Configuration Manager • Device discovery & templates • Credentials • Configuration backups & upload • Real-time change detection & change management • Disaster recovery
  8. 8. 2 GHz dual-core processor 4 GB RAM 10 GB storage • PostgreSQL • MSSQL Windows/Linux The above given specifications are for an environment with 50 devices. Refer: System requirements Prerequisites - Minimum System requirement
  9. 9. Pre-requisites - Ports & Protocols Protocols: SSH, SCP, TFTP Ports: 69 – TFTP | 22 – SSH/SCP | 514 – Syslog 13306 – Postgres database | HTTP-(80)
  10. 10. Device discovery SNMP Request SysOID SNMP Profile V1, V2, V3 NCM Discovery Add device & associate with corresponding device template Match received SysOID with default/custom SysOID Match found Match not foundDevice not added
  11. 11. Device discovery SNMP Discovery -IP Address - IP range - CSV file import Manual Addition - IP Address/Hostname - Vendor - Device template - CSV File import Format: <Hostname/ IP Address>,<Device Template>, <Name>,<Series>,<Model>
  12. 12. ‘Device is not responding for SNMP requests’ Common causes: The device is reachable yet not responding: - Incorrect SNMP read community - Disabled SNMP in the device Possible error :
  13. 13. ‘Device not added’ Common causes : Device reachable & SNMP community is correct but still device is not getting added: 1. Device SysOID not mapped with any device template Fix : Add sysOID to device template at SysOID finder in settings. Possible error : 2. No default device template is available in NCM for the particular device type Fix : Add/clone new device template. or Contact NCM support
  14. 14. Device template What are device templates and what are they used for? Device specific configuration commands : • Configuration backup • Configuration upload • Enable/disable syslog change detection • Fetching hardware information
  15. 15. Backup credential Possible combinations of protocol for backup : • SSH • TELNET • SSH - TFTP • TELNET - TFTP • SSH - SCP • SNMP - TFTP
  16. 16. SSH / TELNET SSH / TELNET Device configuration Encrypted configuration stored in database Config backup commandsNCM
  17. 17. SSH - SCP SCP Server Config backup commands Config file transfer using SCP Encrypted configuration file stored in DB NCM SSH - SCP
  18. 18. SSH/TELNET - TFTP TFTP Server Config backup commands Config file transfer using TFTP Encrypted configuration file stored in DB NCM SSH/TELNET - TFTP
  19. 19. SNMP - TFTP SNMP Request for config backup Configuration file transfer using TFTP TFTP Server Encrypted configuration file stored in DB NCM
  20. 20. How to provide credentials? Refer: https://download.manageengine.com/network-configuration-manager/Device-Expert-Credentials-Tutorial.pdf
  21. 21. When password & enable password is configured :
  22. 22. Directly going to enable mode : admin #
  23. 23. 3Com router : manager
  24. 24. Credentials are valid but file transfer is failed Common cause : 1. TFTP or SCP servers have not been started. Fix : Check running status of TFTP or SCP servers in NCM server settings. (69 & 22) 2. Timeout due to config file size Fix : Increase backup timeout value in the corresponding device template. Possible error :
  25. 25. Configuration backup • Instant (Single & Bulk) • Real-time change detection • Scheduled
  26. 26. Real-time change detection Configuration change made Configuration backup
  27. 27. How does it work?
  28. 28. We don’t support Enable Change Detection for this device. Common cause: NCM doesn’t support syslog for the particular model. Fix : Enable syslog by connecting to the device and executing the enable syslog commands manually. or Contact NCM support. Possible error:
  29. 29. Change detection is enabled but change is not detected Common cause : When the device & NCM support syslog, - Mismatched ports - Check NCM syslog server running status in NCM server settings Possible error:
  30. 30. Scheduled backup • Routine everyday backups • Monthly / Weekly / Daily / Hourly / Once
  31. 31. Schedule failure Common causes: Particular device credentials incorrect.
  32. 32. Backup failure Common causes: 1. Credentials are changed or invalid. 2. Ports blocked or TFTP/SCP server not started • Check port 69 & 22 (TFTP & SCP) in NCM server settings 3. Huge config file • Fix: Change the timeout settings in the corresponding device template. 4. Unsupported backup commands • Edit the commands in device template or create a new device template by cloning the closest template.
  33. 33. Change management • Change tracking, versioning & history • Compare configurations
  34. 34. Change tracking, versioning, & history • View all changes made in a device • Automatic configuration versioning • Know the who, when & what of each change • Know the historical change trend of a device • View the number of modified, deleted & added config lines
  35. 35. Compare configurations • Compare different versions of same device • Compare different devices configurations • View colour coded differences: added, modified & deleted
  36. 36. Disaster recovery What’s a disaster in networks? • A network outage • A security breach • Performance degradation of business critical services and applications
  37. 37. How to be prepared? • Baseline configuration • Startup/running sync • Change notification & rollback • Export configuration | Upload draft
  38. 38. Baseline configuration • What is it? • Why is it important? • How to use it in times of disaster?
  39. 39. ‘We don’t support upload feature for this device’ Common causes: • TELNET/SSH protocol doesn’t support upload • Fix: Edit the credential and Change the protocol from SSH, TELNET to SSH - TFTP, SSH - SCP , TELNET -TFTP depending the devices. • When SCP/TFTP protocol is used: • Device vendor supports but NCM device template doesn’t have upload commands for the specific device. • Fix: Clone/create a new device template with suitable SCP/TFTP commands or Contact NCM support Possible error:
  40. 40. Startup/running sync • Why is it important? • Loss of changes made in running configuration during device reboot • How NCM helps? • Detects conflict • Sync configurations
  41. 41. ‘Upload failure’ Common causes : 1. Command timeout Fix: Change timeout in device template command settings for the device type. 2. Based on the protocol, check the running status of TFTP & SCP servers in Server Settings. Possible error:
  42. 42. ‘Change happens, but startup-running conflict is not detected by NCM in real-time.’ Common cause : Disabled real-time change detection. Fix : - Enable change detection if syslog is supported. - If syslog is not supported, the startup-running conflict will be detected and reported after the next successful schedule backup or manual backup operation. Possible error:
  43. 43. Change notification & roll back Configure change notifications • Email • SNMP Trap for change event • Trouble ticket • Generate syslog message for change event Roll back To previous version To baseline version Associate notification profile to devices/device groups.
  44. 44. Export config • Readable format • Local/shared storage • Schedule
  45. 45. Questions?

×