[c-nsp] 12.2SXH 'archive' / Configuration Management

Christian christian at visr.org
Sun Jun 8 16:03:16 EDT 2008


if you're looking for an inexpensive solution -  check out
http://manageengine.adventnet.com/index.html
as well as looking into using rancid and cvs

you might want to also check out
http://www.ziptie.org/

ive never used it, but the project is sponsored by alterpoint , which makes
a really good commerical change/config management software

hp opsware is another - expensive though



On Sun, Jun 8, 2008 at 11:14 AM, Alex Howells <alex at bytemark.co.uk> wrote:

> Aloha :)
>
> What is the collective opinion on the best way to do change monitoring /
> management with router and switch configurations?
>
>   http://www.cymru.com/Documents/secure-ios-template.html
>
> That template makes fairly extensive use of the 'archive' command but some
> older IOS doesn't include that functionality; I've also seen/heard RANCID
> being deployed and would like something which "Just works".
>
> We're a small ISP in the United Kingdom who're just transitioning from
> having one network engineer to a few people being involved - it therefore
> seems worthwhile to try and track changes for later fault diagnosis if
> someone is off on holiday, and for security/sanity reasons.  Ideally it'd be
> able to cope with most/all of the follow devices:
>
>    18xx and 28xx ISRs
>    26xx (Console Servers)
>    7600s (Core / Edge)
>    2950/2960 Switches
>    3550/3560 Switches
>    837/857/877 ADSL (Home Equipment)
>    ..random other stuff.. (Network Lab)
>
> Real-world battle stories appreciated, custom hacks also considered ;)
> Something capable of stripping out sensitive information like passwords from
> the downloaded configurations would be nice, integration with a half-decent
> system like Subversion too... Perhaps something which pulls the
> configuration(s) via SNMP - is that going to be easy to secure? Definitely
> something which doesn't put undue load on the routers/switches as we've got
> some older kit deployed :)
>
> What's the collective opinion on how often you should poll devices?
> Obviously if not often enough you lose granularity for lots of small changes
> being implemented, if too often, things go boom?
>
> Thanks, as always,
> Alex
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list