Configuration Backup
- Network Device Discovery
- Baseline Configuration
- Network Backup Software
- Automated configuration backup
- Scheduling Configuration Backup
- Encrypted Storage of Configuration & Centralized Control
- Network Disaster Recovery Plan
Change Management
- Configuration Change Management
- Role Based Access Control (RBAC)
- Configuration Versioning & labelling
- Real time Change Detection
- Change Management Rules & Notifications
- Restore Device Configurations
- Config Compare Tool
Configlets
- Network Automation Tool
- Network Configuration Automation
- Command Execution Tasks
- Cisco Access Control List (ACL)
- What is VLAN
- SNMPv3 Configuration
- Enable SNMP in Cisco Router
- What is NAT?
- Configure static NAT Cisco
- Configure dynamic NAT Cisco
- Configuring PAT Cisco
- Juniper Software Upgrade
- Configure Cisco Banner
- Configure Cisco DHCP server
- Configure Cisco interface speed
REST Configlets
- REST API based config management
- Fortigate REST API config management
- Palo Alto REST API config management
Vulnerability Management
- Firmware Vulnerability
- Vulnerability Sync
- Firmware Vulnerability Insights
Firmware Upgrade
- Firmware Upgrade
- Cisco IOS Firmware Upgrade
Compliance
- Compliance Monitoring
- Compliance Reporting
- CIS Benchmark Compliance
- PCI Compliance
- SOX Compliance
- HIPAA Compliance
Configuration Management
- Simplified device templates
- Configuration Drift Management
- Syslog Configuration
- 3Com Device Configuration
- 3Com Switch Configuration
- Manage Device Configuration
- Router Configuration Management
- Network Configuration Analysis
- HP switch management software
- Huawei Router Configuration
- Cisco Device Configuration Management
- Backup Cisco switch config
- Cisco router configuration backup
- Juniper Device Configuration Management
- Brocade Device Configuration Management
- Brocade Router Config Management
- Brocade Switch Configuration Management
- NETGEAR Configuration Manager
- Aruba Device Configuration Management
- Siemens Configuration Tool
- Firewall Configuration Management
- What is Network Configuration Management (NCM)
- Network Configuration and Change Management
- Configuration Automation
- Network Device Management
- Multi-vendor device configuration support
- Searching Configurations
- Network Inventory Management
- Hardware Inventory
- Configuration File Management
- Terminal
Distributed Management
- NCM Enterprise Edition
- Enterprise Edition Smart Upgrade
- Centralized user management
- Tags
Reports
- Network Reports
- Configuration Reports
- Vulnerability Reports
- Network User Reports
- Compliance Report
- EOL/EOS Reports
- Other Reports
Ebooks
- Network disaster recovery plan
- Best practices in configuration Management
- The top 4 best practices for effective compliance management
- The top 4 best practices for effective firmware vulnerability management
Tech Topics
- Staying Ahead of Firmware Breaches
- Startup vs. Running Configuration
- Copy Running-Startup Configs
- Network Validation
White Papers
- Network Validation
- Conquering NCCM Challenges through Automation
Knowledge Base
- FAQ
- How-to
Enterprise Edition Knowledge Base
- FAQ (Enterprise Edition)
- How-to (Enterprise Edition)
Web Comic
- Network Administrators & Device Configuration Blues
Case Studies
- Automation for World's Leading News Agency
- Central Management and Control for UK's Top ITSO
- Business Continuity for Telecom Service Provider
- Total Control of Network Devices of Leading University
- Unified NCCM for IT service provider
Configuration Management Basics
- What is network automation
- Configuration change management best practices
- Top 5 advantages of network backup software
- How to choose the right network automation tool
- Top six benefits of configuration automation
- Network Audit
- Network Audit Tool
- Need for network backup software
- How to choose the right network backup software
- Network Configuration Change Management Tools
- Five challenges in managing configuration changes
- Brocade Switch Configuration Backup
- Network automation
- Network Vulnerabilities
- Configuring Cisco Switch
- Configure Cisco Router
- Configuration Backup
- SOX compliance requirements
Network Access Control
- SAML authentication
Integrations
- Integrate Password Manager Pro
- Integrate ServiceDesk Plus
- Integrate ServiceDesk Plus On-Demand
- Integrate ServiceNow
- Integrate PagerDuty

ManageEngine Device Expert - Best Practices

Overview

This document describes the best practices in setting up and using Network Configuration Manager in an enterprise network environment. It is intended to offer guidance to IT administrators when they set up the software for use in their production environment.

Best practices in setting up Network Configuration Manager

Mandatory Settings

Immediately on installing the Network Configuration Manager, launch Network Configuration Manager web interface and ensure that the following settings are configured.

Configure Mail Server Settings - A valid mail server setting is required for Network Configuration Manager to send various notifications to users. To configure this, navigate to Admin >> General Settings >> Mail Settings page and provide values corresponding to the SMTP server running in your network. For more details refer to the section on Mail Settings in Help Documentation.
Configure Email address of 'admin' user - The fresh installation of Network Configuration Manager has a default user account named 'admin'. The 'admin' is a 'root' user for Network Configuration Manager. The default email id for this user is support@manageengine.com. You need to change it to reflect your admin id. To change this, navigate to Admin -> User Management page, click the 'Edit User' icon in the RHS and provide a suitable email address.

Optional Settings
In addition to the above mandatory settings, it is good to carry out the following optional settings:

Configure Proxy Settings - In case, you wish to report any issues encountered with the product to Network Configuration Manager Support, internet access is required to upload debug logs. If your enterprise network setup is such that you have to go through a proxy server to access the internet, you need to provide the username and password required for internet access. To do this, navigate to Admin -> Proxy Settings page and configure the settings appropriately. For more details refer to the section on Proxy Settings in Help Documentation.
Configure options for Disaster Recovery - In the rare event of something going wrong with Network Configuration Manager, it is important to have a backup of device configuration to recover from the disaster. Network Configuration Manager provides two utilities to achieve this - backing up the device configuration files or backing up the entire database. Once you have the backup, it is easy to achieve a quick disaster recovery. For more details, refer to the disaster recovery section in Help Documentation.

Best practices in using Network Configuration Manager

After setting up Network Configuration Manager, you can carry out the following:

Use 'Discovery' to add your Devices

If your devices are SNMP-enabled, use 'Discover Devices' option to discover and your devices to the inventory. This option has several advantages including the following:

You can discover and add many devices at one go
Very simple way of device addition - all the you need to provide is the hostname or IP or IP range of devices to be discovered

For more details, refer to the "Discover Devices" section in Help Documentation.

Group your devices

When you have lot of devices in your environment, grouping the devices based on some logical criteria will come in handy for carrying out operations in bulk. For example, you may create a group containing all cisco routers, or a group containing all cisco switches etc., This would help in carrying out certain common operations with ease.

A group can be created based on some criteria or it could be just a random collection of devices. Refer to the "Grouping Devices" section in the Help Documentation for details.

Create credential-profiles

In practical applications, you may find that the same set of credentials could well be applied 'as they are' to many devices. In such cases, to avoid the cumbersome task of entering the credentials for each device separately, Network Configuration Manager offers the flexibility of creating common credentials and sharing the common credentials among multiple devices. This is called as 'Credential Profile'. For more details, refer to the "Credential-Profiles" section in Help Documentation.

Enable real-time configuration change detection

Unauthorized configuration changes often wreak havoc to the business continuity and hence detecting changes is a crucial task. Detection should be real-time to set things right. Network Configuration Manager enables you to detect configuration changes in real-time.

Many devices generate syslog messages whenever their configuration undergoes a change. By listening to these messages, it is possible to detect any configuration change in the device. Network Configuration Manager leverages this change notification feature of devices to provide real-time change detection and tracking. Refer to the "Real-time Configuration Change Detection" section in Help Documentation.

Define change management rules

Monitoring the changes done to the configuration is a crucial function in Configuration Management. Network Configuration Manager provides convenient change management options. Once the configuration change in a device is detected, it is important that notifications are sent to those responsible for change management. It also provides option to roll-back the changes.

Network Configuration Manager helps in sending notifications in the following ways:

Sending Email
Sending SNMP Traps
Generating trouble tickets

And these notifications can be sent whenever there happens a change in

Startup or running configuration
Startup configuration alone
Running configuration alone

You can define change management rules to suit your needs. Refer to the "Change Management & Notification" section in Help Documentation.

Enforce standards by defining compliance policies

Government and industry regulations require IT organizations conform to some standard practices. To become compliant with the regulations such as SOX, HIPAA, CISP, PCI, Sarbanes-Oxley and others, device configurations should conform to the standards specified.

The standards could be anything - ensuring the presence or absence of certain strings, commands or values. Network Configuration Manager helps in automatically checking for compliance to the rules defined. Reports on policy compliance and violations are generated. Refer to the "Compliance Policies" section in Help Documentation..

Create scheduled tasks

If you have a large number of devices, carrying out operations such as backup, upload etc., become monotonous, if they are to be done manually. You might also require to perform certain operations at regular intervals. Execution of these operations can be automated - that is they can be scheduled for execution at the required time automatically.

Tasks such as configuration backup, report generation and compliance check for a specific device or group of devices could be scheduled for execution at a future point of time. These tasks can be scheduled for automatic execution at periodic intervals or for one-time execution. Refer to the section on "Schedules" for more details.

Automate configuration tasks

Quite often, there arises a need to carry out changes to the running configuration of devices and at times, same set of changes need to be applied to multiple devices. Though network administrators can very well edit the configuration manually, the task can prove to be arduous due to the volume of changes and the repetitive nature of the work. Network Configuration Manager provides a simple solution for this by way of 'Configuration Templates' and 'Scripts'. Refer to the "Automation using Configlets & Scripts" section in Help Documentation.

Label configurations

Network Configuration Manager helps in backing up device configurations. The backedup configurations are properly versioned and stored in the Network Configuration Manager database. For any version of configuration, you can associate a label - that is, a unique tag. As configuration versions keep on changing, you will have difficulty in remembering the version number of a particular good configuration. To avoid that, you can associate the version with a label for easy identification. For details, refer to the "Viewing Device Details" section in Help Documentation.

Impose role-based access control

Network Configuration Manager deals with the sensitive configuration files of devices and in a multi-member work environment, it becomes necessary to restrict access to sensitive information. Fine-grained access restrictions are critical for the secure usage of the product. Network Configuration Manager provides role-based access control to achieve this. By default, you can define any of the following three roles – Administrator, Power User and Operator and define access rules. Refer to the section on "Role-based Access Control" of our Help Documentation for details.