Configuration Change Management

Contents Overview How to setup Change Management Managing Change Management Rules Associating devices to Change Management Rules

Overview

Monitoring the changes done to the configuration is a crucial function in Configuration Management. Network Configuration Manager provides convenient change management options. Once the configuration change in a device is detected, it is important that notifications are sent to those responsible for change management. It also provides option to roll-back the changes.

Network Configuration Manager helps in sending notifications in four ways:

1. Sending Email
2. Sending SNMP Traps
3. Sending Syslog Message
4. Generating trouble Tickets
5. Rolling back to the previous version or the baseline version

And these notifications can be sent whenever there happens a change in

1. Startup or Running Configuration
2. Startup Configuration alone
3. Running Configuration alone

 

How to set up Change Management?

Setting up Change Management is a simple, three-step process:

1. Provide a name for the Change Management Rule
2. Choose Change Management condition
3. Specify the action

 

Providing a name for the Change Management Rule

This step deals with just providing a name and description for the intended change management rule. 'Change Management Rule' here refers to the condition based on which you would like to get the notification. As stated above, notification could be triggered when startup and/or running configuration of a device undergoes a change. You may provide names such as "Startup Config Changed', "Running Config Changed". This would be of help in identifying the rule and for reusing it for other devices later.

To provide a name,

1. Go to "Config Automation" >> "Change Notifications" >> "Add Notification (+)".

2. Enter "Notification Name' and 'Description" in the respective text fields

 

Choosing Change Management Condition

Click any one of the radio buttons -

• Startup or Running Configuration is changed - to send notification when either Startup or Running configuration of a device is changed

• Running Configuration is changed - to send notification when the Running configuration of a device is changed

• Startup Configuration is changed - to send notification when the Startup configuration of a device is changed

 

Specifying the action

After defining the condition in the previous step, you can specify any of the following three actions:

1. Sending Email - sending Email notifications to the desired recipients

2. Sending SNMP Traps - sending an SNMP v2 trap to specific host

3. Sending Syslog Message - sending Syslog Message to specific Syslog Server

4. Generating Trouble Tickets - generate a trouble ticket to help desk

5. Rollback Configuration - to revert to the previous configuration version or to the baseline version

 

Sending Email Notifications

To send email notifications to the desired recipients (based on the change management condition specified earlier),

1. Click the checkbox " Email" 

2. Enter the Email ids of the intended recipients. If you want to send the notification to multiple recipients, enter the ids separated by a comma. By default, the Email ids configured through Settings >> Mail server Settings page are displayed here. You may add new Email ids if required

3. Provide a subject for the notification and the actual message in the respective fields. Here, in the subject and message fields, you have the option to provide details such as Device Name, IP, type of configuration that underwent change (startup/running), and who changed the configuration

4. For this purpose, Network Configuration Manager provides replaceable tags  - $DEVICENAME, $DEVICEIP, $CONFIGTYPE and $CHANGEDBY. You may use these tags to provide exact details in the subject and message fields of the notification.
   
   Example: $CONFIGTYPE of $DEVICENAME changed
   
   Explanation: If the $CONFIGTYPE is "Running Configuration" and $DEVICENAME is "Primary Router", the actual message in the notification would be "Running Configuration of Primary Router changed". These tags get replaced with the actual values at runtime.

5. You have the option to append the configuration diff in the message. The difference with the previous version would be pasted in the message field. To enable this option, click "Append Configuration Difference in Message". Click "Save".

 

Sending SNMP Trap

SNMP v2 traps could be sent to specific host upon detecting a configuration change. To send SNMP trap to the desired host (based on the change management condition specified earlier),

1. Click the checkbox "SNMP Trap"

2. Enter hostname or ip address of the recipient. Also, enter SNMP port and community. Default values 162 for port and public for community

3. Click "Save"

 

Note The SnmpTrapOid will be .1.3.6.1.4.1.2162.100.4.1.2.1 Varbinds will include the display name of the device whose configuration has been changed, its IP address, the type of configuration that underwent change - startup or running and the login name of the user who changed the configuration. Refer ADVENTNET-DEVICEEXPERT-MIB present under /protocol/mibs directory

 

Sending Syslog Messages

A Syslog Message will be sent to the specified Syslog Server if the configuration is changed. Syslog Message will include the config type (CONFIG_TYPE), change type (CHANGE_TYPE), ipaddress (IP_ADDRESS) and changed by (CHANGEDBY).

1. Click the checkbox "Syslog Message"

2. Enter hostname or ip address of the Syslog Server. Also, enter Syslog Server port. Default values for port is 514

3. Click "Save"

 

Note: Syslog Message will include the config type (CONFIG_TYPE), change type (CHANGE_TYPE), ipaddress (IP_ADDRESS) and changed by (CHANGEDBY).

 

Generating Trouble Tickets

Upon detecting changes in configuration, you have the option to generate trouble tickets to your Help Desk. To generate trouble tickets,

1. Click the checkbox "Ticket"

2. Enter the Email id of the help desk. By default, the  Help Desk id configured through settings>> Mail server Settings page are displayed here. You may add new Email ids if required

3. Provide a subject for the notification and the actual message in the respective fields. Here, in the subject and message fields, you have the option to provide details such as Device Name, IP, type of configuration that underwent change (startup/running), and who changed the configuration

4. For this purpose, Network Configuration Manager provides replaceable tags  - $DEVICENAME, $DEVICEIP, $CONFIGTYPE and $CHANGEDBY. You may use these tags to provide exact details in the subject and message fields of the notification.
   
   Example: $CONFIGTYPE of $DEVICENAME changed
   
   Explanation: If the $CONFIGTYPE is "Running Configuration" and $DEVICENAME is "Primary Router", the actual message in the notification would be "Running Configuration of Primary Router changed". These tags get replaced with the actual values at runtime.

5. You have the option to append the configuration diff in the message. The difference with the previous version would be pasted in the message field. To enable this option, click "Append Configuration Difference in Message". Click "Save"

 

Rollingback Configuration

Upon detecting changes in configuration, you have the option to revert to the previous version or to the baseline version. To revert to a configuration version,

1. Click the checkbox "Rollback"

2. If you want to rollback to the previous version - that is, the version immediately preceding the current version (the changed version), choose "Rollback to previous version". When you choose this option, whenever a configuration change is detected, it will immediately be rolled back to the previous version. For example, if a change is detected in the running configuration of a device, and the new version number (changed one) is 7, it will be automatically rolled back to version 6

3. If you want to rollback to the baseline version - that is, the version labeled as the best one, choose "Rollback to version labeled baseline". When you choose this option, whenever a configuration change is detected, it will immediately be rolled back to the baseline version

Note:   The rollback feature is for preventing unauthorized configuration changes. So, when you have enabled this feature for a particular device, even a well intended configuration change will also be rolled back. So, if you want to do a genuine configuration change, you need to disable the change management rule.

 

Managing Change Management Rules

 

Disabling, Enabling & Removing a Rule

All the change management rules created in the application can be viewed and managed from the "Settings" tab. You can do actions such as temporarily disabling the execution of a rule, enabling it again later or removing the rule altogether.

To manage rules,

1. Go to "Config Automation" >> "Change Notifications" >> "Notifications" from the UI 

2. To disable a Notification, click on the "Toggle button" near the Notification name in the "Status" column.

3. If you wish to modify rules, select the rule(s) to be disabled/enabled/removed from the list of rules and click the appropriate button
    

Warning: When you click "Remove", it removes the rule permanently from the database.

 

Associating devices to Change Management Rules

 

1. Go to "Config Automation" >> "Change Notifications" >> "Notifications".
2. Click on the Associate button "" under Associate column for the particular notification.
3. Select/Deselect the device(s)/device groups(s) you want to associate/disassociate to/from the selected change notification.
4. Click Save.

 

 

---