Product: Network Configuration Manager version 7.7
Learn more / Product home page: click here
Download a free trial: click here
Over the years, I have had the opportunity to review most SolarWinds products. As far as I can remember, however, I have never had the opportunity to review SolarWinds® Network Configuration Manager (NCM). That being the case, I thought it might be fun to check out the new version 7.7.
For those who may not be familiar with Network Configuration Manager, it can best be described as a tool for network automation, change management, and compliance. It is designed to help you perform vulnerability assessments, use automated tools to deploy standardized configurations to your network devices, and more.
One of the reasons I decided to review Network Configuration Manager is because it was specifically designed to work with another SolarWinds product called Network Performance Monitor (NPM). Network Performance Monitor is a tool for monitoring networks, analyzing performance and generating intelligent alerts.
A few weeks ago, I reviewed the latest version of Network Performance Monitor (version 12.2). The main new feature in this NPM release was Network Insight ™ for Cisco® ASA. Since NPM now includes native support for Cisco ASA, I wanted to see if the latest version of NCM also included features specific to Cisco ASA.
Overview of Network Configuration Manager
While I want to focus this review primarily on ASA-related features, I realize that I’ve never reviewed Network Configuration Manager before, so I want to take a moment to talk about what it is and what it is. he does.
From my own experiences, Network Configuration Manager seems to be one of the lesser known SolarWinds products. Regardless, I think NCM definitely has its place and is an indispensable companion to SolarWinds NPM.
While NPM is designed to help IT professionals troubleshoot network issues and meet network-related SLAs, NCM is designed to help ensure consistency in a complex, multi-vendor network environment. In the case of an ASA firewall, for example, NCM can ensure that all of your ASA devices are configured identically.
Of course, consistency is important for compliance and to avoid problems that can arise from incorrect configuration settings. The other big thing NCM brings to the table is network automation. When configuration changes or firmware updates are required for network resources, NCM can push those changes to all required devices. This saves IT staff from making the changes manually, which can save a lot of time. With automatic configuration backups and the ability to restore or roll back configurations directly from Network Configuration Manager, the risk of network failure caused by human error is greatly reduced.
Certainly, SolarWinds is not the only vendor offering a network management solution, but Network Configuration Manager has three advantages. First of all, it is easy to use. Second, it plugs into the SolarWinds Orion® console, which means it can be used with any other SolarWinds tools you own. Third, NCM is designed to work in multi-vendor environments.
The deployment process
Like other SolarWinds products that I have configured, the Network Configuration Manager deployment process was simple and straightforward. The only unique aspect of my deployment was that I chose to install both Network Configuration Manager 7.7 and Network Performance Monitor 12.2, as shown in Figure A.
When you log into the Orion console and open the Configuration Summary dashboard, you can see a summary of the new features found in Network Configuration Manager, as shown in Figure B. Most of the new features focus on lists access control, but there are also other new capabilities that are worth mentioning.
One of the new features that really caught my eye is the ability to upgrade the firmware on a Cisco ASA device. At first, this ability may not seem so important, as there are other ways to update ASA firmware. Keep in mind, however, that Network Configuration Manager is a network automation and compliance tool. As such, having built-in firmware update capabilities will undoubtedly prove useful for organizations that have multiple ASA appliances and want to ensure that all of them are running the same version of firmware.
Support for security contexts
Another new feature that caught my attention is software support for Cisco ASA Security Contexts, which allows the capabilities of an ASA firewall to be subdivided. Just as a hypervisor allows a physical server to be partitioned into multiple virtual machines, security contexts allow a Cisco ASA firewall appliance to be partitioned into a series of stand-alone virtual firewalls. Each of these virtual firewalls maintains its own independent configuration.
Since Cisco ASA appliances can be subdivided in this way, it would not be enough for a network monitoring utility to simply detect the existence of a physical ASA device and report the basic configuration at the device level, because it might not provide a realistic picture of how the firewall is actually being used. Fortunately, SolarWinds has designed Network Configuration Manager to automatically detect any context that exists within an ASA appliance. Additionally, NCM is able to back up and restore configuration files for each individual security context.
Access control lists
As mentioned earlier, much of the Cisco ASA-related work SolarWinds has done in Network Configuration Manager relates to ACLs. Unsurprisingly, SolarWinds has implemented auto-discovery capabilities for ACLs. This is extremely useful since even a small organization could potentially end up with a large collection of ACLs.
As NCM detects each ACL, it determines how that ACL fits into the overall security configuration. For example, the software can help you determine if there are any ACLs that have been created, but are not in use. For ACLs in use, you can easily determine which zones the ACLs have been assigned to and which interfaces are bound to those zones.
Another really cool thing about NCM’s support for ACLs is that the software includes a firewall rules browser, which you can see in Figure C.
While it is true that there are ways to review your firewall rules without using NCM, SolarWinds has gone the extra mile to make the administrator’s life easier by providing a single pane interface that can be used to manage Cisco ASA devices, as well as a variety of other network resources.
As useful as I find the Rules Browser, there is more to the software than just showing firewall rules. If you go back to the previous figure, you will notice a link in the upper left corner titled Compare ACL. NCM allows you to compare a known good set of firewall rules against the rules that currently exist on the ASA appliance, or even the rules that exist on another appliance. This allows you to check if any changes have been made to the rules, and you can also make sure that the rules are consistent across appliances.
Another incredibly useful feature I want to talk about is the ability to actually evaluate the rule set for problematic rules. This can include redundant rules or rules made ineffective by another rule. Organizations may be able to improve their overall security by evaluating ASA rules to ensure that these rules are actually doing what they are supposed to do and that conflicting rules do not create security holes.
When I review products for this site, it has become common for me to give the product a rating from zero to five stars, with five stars being the highest possible rating. I can honestly say that Network Configuration Manager exceeded my expectations and give it a rating of 4.7 which is a gold medal.
As I mentioned at the very beginning of this review, I have had the opportunity to review a variety of SolarWinds products over the past few years. In doing so, I have found that SolarWinds consistently produces software that is both useful and of high quality, and Network Configuration Manager is no exception.
While this review has focused almost solely on the features introduced in the latest version, Network Configuration Manager contains a plethora of other features that network administrators are sure to find useful. Perhaps more importantly, the user interface is very intuitive and easy to use, which is quite a feat for a network management product (although most SolarWinds products tend to be intuitive).
In summary, I love what I see and look forward to spending some more time exploring Network Configuration Monitor in the coming weeks.
TechGenix.com Rating 4.7 / 5
Learn more about SolarWinds Network Configuration Manager or download a free trial.
The author received compensation for his honest review. All thoughts and opinions expressed in this material are theirs and are in no way influenced by the developing company and / or its affiliates.