and compliance management can help
Integration with existing Tivoli applications helps correct errors and support compliance
Introduction
A fault, error or misconfiguration in the network can be the proverbial needle in a haystack. With the number of hubs, routers, switches and other network devices in some organiza-tions now reaching into the hundreds of thousands—and even the smallest networks experiencing ongoing change as tech-nology and business needs evolve—preventing configuration mistakes and then locating and eliminating the source once problems occur require solutions beyond those that even the best-equipped companies typically employ.
To combat change-induced problems—and the performance degradation that can follow—organizations of all sizes have implemented policies aimed at ensuring that changes occur in a consistent, systematic and accountable manner. They have implemented management solutions designed to discover devices and information about them, provide visibility into how the network is constructed and organized, monitor con-nectivity and device use, and reduce the time required for troubleshooting.
But policies are only as good as the organization’s adherence to them. And network management solutions often were designed—and implemented—to address other needs. Meanwhile, configuration problems continue. Noncompliant ad hoc changes, inconsistent on-the-fly changes and simple human error that can occur even when staff members are working within a policy all can introduce changes that can impact the network and damage business productivity. So how do you manage change? How do you ensure that changes are made efficiently and correctly? How do you track improper changes back to their source so you can correct them now and prevent more errors in the future?
An effective way to manage network change—and the config-uration challenges that come with it—is to integrate
IBM Tivoli® Netcool® Configuration Manager with the industry-leading Tivoli solutions you already use. Tivoli Netcool solutions add capabilities that have been specifically designed to enhance network and device visibility, discover change, deliver real-time configuration status reports, ensure compliant configuration, and provide roll-back functions when necessary. Tivoli Netcool Configuration Manager enables you to integrate data and capabilities from multiple tools to get the most from your Tivoli management implementation.
The advantages of Tivoli Netcool
Configuration Manager
Unique advantages of Tivoli Netcool Configuration Manager include:
● A network database of record (DBoR) that provides a persistent store of physical and logical network resources and policies.
● SmartModel automation, which enables standardized repre-sentation of native device configuration.
● A unified platform that provides a single point of access for all changes and policies.
● Always-accurate configuration capabilities with non disruptive rollback and reusable templates.
● Deep visibility into security, with access control based on roles, devices and commands.
● Always-on compliance to enforce regulatory, security and operational policies.
● Support for approval and scheduling of unit-of-work workflows.
A configuration management solution is valuable in itself, especially best-of-breed solutions like those provided by Tivoli Netcool software. But organizations can extend the value of Tivoli Netcool Configuration Manager even further by deploying them as part of the larger Tivoli network manage-ment portfolio, integrating with other key functional areas such as fault management, network management, and per-formance management.
Configuration management is essential in
today’s complex networks
Change is constant, whether within an individual network or reaching across the entire instrumented, interconnected and intelligent world. And managing change, especially when it comes to device configuration, is essential. Without configuration management, errors introduced during change can damage a host of critical operations from provisioning to performance, and from availability to security. Consider the following questions:
● How do you control who can touch what network device and what commands they are allowed to use on each device? ● Do you maintain a complete log of all changes made to each
device and by whom?
● How do you make sure that only correct commands to be sent to a device?
● How do you enable network engineers to instantly see what changed on a device and why?
● How do you know when a device has changed and requires an incremental backup?
● Can you roll back a device without losing service?
● How do you prevent configuration mistakes from happening in your network?
● How do you enforce your network configuration policies? ● Do you have a common scorecard for compliance across the
entire network?
● Is your score card updated after every change and in real time?
● How can you do simple, yet comprehensive ad hoc report-ing to find today’s problem without manually touchreport-ing devices?
The organization can now meet these challenges and take its network management capabilities to a new level. Configuration management solutions can extend management reach into devices and network areas that need greater atten-tion, for increased network reliability and reduced chance of performance degradation due to error.
Whether the need is to repair a problem that was introduced during an official or unofficial change, to thoroughly investi-gate the impact of a new configuration before making a change, to confirm the configurations already in place in a network, to automate changes to ensure they are made in a standardized and timely manner, or to roll back a change that has resulted in a problem, configuration management is an important component of the management solution stack. Network and configuration management solutions bring together data on topology, connectivity, performance and other aspects of the network, adding value across the organiza-tion’s entire management portfolio by increasing insight and enhancing management capabilities.
This need for enhanced management capabilities is particu-larly important in today’s environment of rapid growth in network size, complexity and criticality. Many organizations find that managing configuration is more difficult than ever. Although the number of hardware devices that require config-uration is increasing, IT resources often remain limited and IT budgets can be flat or declining. Meanwhile, the network is more important than ever to the everyday functions and the continued success of the business.
Especially in areas such as the service provider industry, where the network does more than support the business, it provides the business’ core functionality, a problem in the network can be devastating. Yet with effective configuration management, problems that are related to change can be difficult to diagnose and fix.
Configuration management extends event
and network management capabilities
Configuration changes in the network are invariably the cause of many network, service and user problems. But com-bining configuration data with the data from fault, network, performance, and activation management systems helps pro-vide deeper visibility into network problems to minimize the impact of issues and reduce problem management costs.
An effective configuration management solution complements other management tools to create a unified system that makes full use of device visibility. It increases understanding of how network changes may affect service, provides real-time moni-toring and analysis of quality issues, finds and corrects errors, and automates routine configuration management tasks to reduce the chance of error.
It improves adherence to corporate and regulatory standards through ongoing policy enforcement. It provides platform-agnostic, cross-vendor capabilities that span existing hardware, software and services. It is a scalable solution, even to the tens of thousands of devices that a large, multisite, multivendor enterprise or service provider network can have.
A comprehensive configuration management solution enhances existing event management capabilities such as the discovery of network devices and the collection, consolidation and display of events and alarms in a centralized graphical console. It improves existing performance management capabilities such as network-wide performance analysis, the monitoring and predicting of trends to help improve network utilization, and the ability to utilize network health informa-tion to reduce the likelihood and durainforma-tion of service degrada-tion, disruptions and time-consuming troubleshooting.
Service quality, SLA and customer experience management
IBM Tivoli Netcool Network Management Solutions
Discovery and data collection Tivoli Integrated Portal
Fault event management Performance management Configuration and compliance management Enrichment and automation IT resources and applications Value added solutions Core telecom Wired access Radio access
Configuration management solutions make a valuable connection in the network management stack, working with fault management, performance man-agement and automation tools to help ensure performance and service quality.
It proactively alerts users to policy violations before they are applied to the network, reducing erroneous configurations and potential security breaches. And it sets the stage for future enhanced capabilities such as:
● Correlation of fault, performance and change events to identify and resolve root causes of problems.
● Greater service orchestration and automation of tasks such as device configuration.
● Greater network and device visibility, with a “single pane of glass” view into policy-based compliance and the context of change provided by other applications.
Configuration management solutions can join other solutions in the management portfolio to enhance the use of informa-tion on where, when, how and by whom network changes have been made, to help facilitate correction, enforce compli-ance and prevent similar errors from occurring again.
Configuration management solutions
integrate with existing products
Many network management portfolios already have in place solutions for fault management, event management and per-formance management. Fault and event management solutions provide the network administrator with information about devices, connections, use, and the impact of errors. Performance management solutions provide information about network performance—for example, the number of dropped calls in a wireless service provider’s network.
Performance management is a particular area of growing interest. As the dependence of business on network infrastruc-ture continues to grow, performance has joined application and infrastructure availability as an area that demands attention. The correlation of performance issues—for exam-ple, quality of service queues, traffic marketing and shaping, and traffic engineered paths—to network change and configu-ration management is a direct result of increasingly complex network configurations.
Fault, event and performance management solutions can pro-vide valuable insights into how the network is working and a historical view into trends. All manage areas that can be signif-icantly affected by errors in device and network configuration.
IBM Tivoli Netcool/OMNIbus
With its real-time network discovery, network monitoring, and event management capabilities, Tivoli Netcool/OMNIbus is a consolidated operations management tool designed to increase the availability and performance of services and infra-structure. Scalable to millions of events a day, Tivoli
OMNIbus supports the efficient and effective management of complex networks with capabilities including:
● Real-time, web-based, customizable dashboard views for events, service views and operational indicators.
● Discovery of deployed assets and their configuration, identi-fication of unused ports, and assistance in recovering lost capacity.
● Discovery of physical port-to-port connectivity and the logi-cal topology of the network.
IBM Tivoli Network Manager
This automatic, topology-based solution provides real-time network discovery, topology visualization and root-cause analysis to help improve network visibility and drive reliability and performance. Used to help build and maintain knowledge about physical and logical network connectivity, Tivoli Network Manager supports visibility and management of complex networks—and the services delivered across them— with capabilities that include:
● Isolating the root cause of network downtime to identify the source of network faults and speed resolution.
● Providing port-to-port connectivity between devices and capturing logical connectivity information for virtual private networks, virtual local area networks, asynchronous transfer mode networks, and frame relay and multiprotocol label switching services.
● Locating unused ports, excess capacity and lost physical assets.
IBM Tivoli Netcool Performance Manager
Designed to give communications service providers and large enterprises the ability to address the challenges of fixed and mobile networks, Tivoli Netcool Performance Manager pro-vides performance metrics that help minimize service degrada-tions, disruptions and the time required for troubleshooting. Real-time views of critical performance metrics give adminis-trators the information they need to manage multivendor, multitechnology networks using capabilities that include: ● Seamlessly aggregating and correlating data from
multiven-dor, multitechnology networks.
● Optimizing, forecasting, and identifying trends in network use, investment and capacity.
● Managing ongoing changes in the network, including automating time-consuming management tasks.
● Providing powerful root-cause analysis to isolate, analyze and resolve network problems.
IBM Tivoli Provisioning Manager and
IBM Tivoli Service Automation Manager
Tivoli Provisioning Manager enables organizations to auto-mate best practices for common data center provisioning activities in support of change and release management processes. Tivoli Service Automation Manager provides the capability to request, fulfill and manage complete software stacks for the data center including the definition, offering request, and automated provisioning and integrated manage-ment of the environmanage-ment.
IBM Tivoli Application Dependency
Discovery Manager and CCMDB
Tivoli Application Dependency Discovery Manager
discovers application dependencies and configurations to help organizations understand configurations, map applications and changes, and address compliance measures. Tivoli Change and Configuration Management Database (CCMDB) auto-mates data, workflows and policies to align IT infrastructure management with business priorities.
Tivoli solutions complement each other in the management workflow
To the capabilities provided by other solutions in the Tivoli portfolio, Tivoli Netcool Configuration Manager adds the ability to monitor multiple types of changes—and ensure that any change made is functionally correct and complies with policy requirements.
Tivoli Integrated Portal Tivoli Common Reporting Tivoli Netcool/OMNIbus Tivoli Network Manager Tivoli Netcool Configuration Manager Trap probes Service configuration database Event consolidation/ correlation Event consolidation/ classification
• Devices, connectivity and network discovery • Active monitoring
• Configuration detection • Device configuration retrieval and setting • Compliance policies application
Tivoli Netcool Configuration Manager works hand-in-hand with Tivoli Netcool/OMNIbus and Tivoli Network Manager to satisfy a full range of roles and responsibilities in ensuring proper operation and compliance for the network.
The workflow in the solution begins with discovery of devices and existing configurations; adds fine-grained control that defines authorized users and the commands permitted to make changes; establishes processes and procedures for accurate, state-aware configuration and change management; and estab-lishes an environment of “always-on” compliance in which configurations are constantly monitored, error alerts are sent immediately, and procedures are provided for correcting the error.
The solutions support resource reconciliation and device data normalization. And they enable network provisioning—move, add, change, delete—with no scripting required, even in a multivendor environment.
Scenario: Using configuration information
to isolate a problem
The following scenario illustrates a simple case in which an error occurs and is corrected as a network engineer works within policies.
An Internet service provider (ISP) expanding its operations needs to reconfigure the gateway protocol of their routers. However, the engineer assigned the task makes a configuration error on one routers—he assigns an incorrect neighbor IP address, impacting a number of virtual private networks used by the ISP’s customers. As a result, routers in the network generate alarms into Tivoli Netcool/OMNIbus identifying that the gateway session is down.
IBM Tivoli Network Manager correlates the alarms to the routers, and the Netcool configuration management solution retrieves the change information and the new configuration from the misconfigured router. A network operations center operator sees the alarms, launches reports using Tivoli Common Reporting to view the configuration change history and raises a trouble ticket. An engineer compares the current configuration with the previous one to identify the cause of the problem, then resolves it and clears the alarms.
Configuration management solutions provide a persistent database that stores physical and logical aspects of the network in one location for use in real-time monitoring of changes and for alerting administrators when a change is incorrect— whether it is causing a functional problem or not. The aim is to ensure that configurations are accurate and changes are compliant, and to provide administrators with deep visibility into the network and its devices to help prevent and resolve change-related problems.
Management solutions integrate at a
number of key points
Tivoli solutions provide a number of touch points that inte-grate configuration management solutions into the organiza-tion’s existing management portfolio:
The configuration management solutions are “seeded” with information from Tivoli solutions already in place.
● Seeding enables applications to share device information such as IP addresses.
● Information can be used to limit network management traf-fic and control access to managed devices.
Simple network management protocol (SNMP) and syslog traps are generated.
● Traps correlate network events gathered by Tivoli Netcool/OMNIbus regarding configuration changes and compliance policy changes.
● Traps facilitate tracking the progress and success of configu-ration tasks performed using Tivoli Netcool/OMNIbus. ● Administrators can proactively resolve network issues
associ-ated with device misconfigurations, communicating informa-tion to trouble ticketing systems.
Tivoli Netcool Configuration Manager Tivoli Network Manager Discovery agents Netcool/ OMNIbus probes Service configuration database Tivoli Netcool/OMNIbus ObjectServer Visualization
A changed configuration that adversely affected a customer (1) can be tracked (2,3), reconfigured (4,5) and, with the initiation of a new policy, prevented in the future with the initiation of a new policy (6).
Network operators can examine device characteristics, then drill deeper to discover what changes have taken place.
Configuration and compliance reports are enabled.
● Reporting includes correct configuration information and recent configuration activity for specific devices.
● Reports provide insights into changes that may have caused a network outage, supporting faster identification of problems.
Configuration tasks are orchestrated using Java™ APIs, and can be driven by external applications—either Tivoli or non-Tivoli—as a part of a broader management solution.
policies back into compliance, either automatically or manu-ally (with further approvals if necessary). When the remedial action is complete, a re-evaluation of policies shows the net-work’s compliant status.
Tivoli Netcool configuration management
scenarios
The following section outlines additional scenarios in which Tivoli Netcool Configuration Manager is used with other parts of the Tivoli portfolio to deliver comprehensive business value.
Scenario: Automating policy compliance
The following scenario illustrates a case in which configuration set-tings are automatically corrected to ensure compliance with policies.
A company’s multiple interdependent network protocols result in complex configurations and significant configuration varia-tions from one network to another. Regulavaria-tions, however, require the company to implement measured configurations. To meet these requirements, the company has deployed Tivoli Netcool Configuration Manager, which captures general and company-specific configuration requirements to enable the continued tracking of policy compliance as network changes are made.
When a breach in compliance policy occurs, the configuration management solution generates alarms in Tivoli Netcool/ OMNIbus and correlations in Tivoli Network Manager that notify staff. Auditing of configuration changes and compliance history reveal whether, when and how the network has been policy-compliant. If necessary, the Netcool configuration management solution triggers remedial action to bring
Scenario: Accessing a planned change to
determine business impact
The following scenario illustrates a case in which a user wishes to understand whether a configuration change will have any adverse affects before making the change.
A network engineer for a service provider wishes to make a configuration change to a switch port on a customer’s net-work, but before making the change, he needs to understand the port’s dependencies. From the Tivoli Netcool
Configuration Manager, he uses Tivoli Network Manager to learn which services have a dependency. He uses IBM Tivoli Business Service Manager and Tivoli Application Dependency Discovery Manager to learn which applications are dependant. The analyses reveal that the changes would impact the cus-tomer’s virtual private network connecting two key sites. The engineer arranges with the customer a timeline that will mini-mize the business impact of the change, then schedules the change within the Netcool configuration management solu-tion. Tivoli Netcool/OMNIbus raises a work order as an event so the operator is aware a change is planned; when the config-uration change occurs, Tivoli Netcool/OMNIbus receives another event so the operator will know the change has been completed.
Tivoli Netcool Configuration Manager
Changes are made to configuration
Re-evaluation of policy clears the breach
Remedial action corrects policy breach
Breach triggers traps to Netcool/OMNIbus Changes cause a
breach of policy
Configuration management solutions provide a closed-loop solution designed to bring the actual state of network compliance into alignment with the desired state
Scenario: Correlating performance
problems to network change
The following scenario illustrates a case in which configuration data is used in determining the root cause of a performance degradation.
When a customer of a large Internet service provider is found to be using a higher bandwidth than it is paying for, a network engineer applies a rate limit using a command set within the Tivoli Netcool Configuration Manager. The engineer, how-ever, misconfigures parameters so that the customer receives only 25 percent of its bandwidth allocation.
Soon after the rate limit is applied, Tivoli Network Manager raises customer service alarms into Tivoli Netcool/OMNIbus, linking alarms for the loss of availability and the affected cus-tomer service. The network operator notices that the utiliza-tion was significantly less than before the rate limit was applied—and that the volume of data in a scheduled backup is much higher than the limit allows. Tivoli Netcool
Performance Manager also generates an alarm to warn that current interface throughput is outside the norm.
Using an in-context report from Tivoli Netcool/OMNIbus, the network operator determines that recent configuration activities are the cause of the problem and localizes the com-mands that caused it. The network operator then corrects the rate limit, restoring throughput to the paid-for bandwidth.
Scenario: Service activation
The following scenario illustrates a case in which service activation is automated.
A company wishing to implement a new virtualization service selects from the services listed in the Tivoli Service Automation Manager catalog. That action calls workflows in Tivoli Provisioning Manager, which directly configure VMware vCenter solutions for a VMware server. Using the Tivoli Netcool Configuration Manager, it also invokes config-uration of the network devices used to connect to the VMware server.
Tivoli Provisioning Manager invokes command sets within the Tivoli Netcool network configuration solution along with past parameters for the specific request, generating work orders for VLAN and access control settings. Tivoli Provisioning Manager configures the VMware server to make it available for the specific request. Once changes are com-plete, Tivoli Provisioning Manager updates and logs status, creating a paper trail that is important for future audits.
Level 3: Process-controlled provisioning and general change management
Level 2: Orchestrated provisioning and management
Level 1: Technology- and domain-specific management
Service catalog and management process with approvals
Task automation (including orchestrated provisioning)
Digital Certificate Manager Device models and automation packages Tivoli Provisioning Manager Tivoli Service Automation Manager Tivoli Netcool Configuration Manager VMControl Coarse-grained resource existence Operations Data federation CCMDB
Working in concert with other management tools, configura-tion management soluconfigura-tions bring together data on topology, connectivity and performance to increase insight and manage-ment capabilities. They enhance the use of information on where, when, how and by whom network changes have been made to help facilitate correction, enforce compliance and prevent similar errors from occurring again.
For more information
To learn more about IBM Tivoli Netcool network manage-ment solutions, contact your IBM representative or IBM Business Partner, or visit: ibm.com/tivoli
All Rights Reserved
IBM, the IBM logo, ibm.com, Netcool and Tivoli are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml
Java and all Java-based trademarks and logos are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Other company, product and service names may be trademarks or service marks of others.
References in this publication to IBM products and services do not imply that IBM intends to make them available in all countries in which IBM operates.
No part of this document may be reproduced or transmitted in any form without written permission from IBM Corporation.
Product data has been reviewed for accuracy as of the date of initial publication. Product data is subject to change without notice. Any statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
The information provided in this document is distributed “as is” without any warranty, either express or implied. IBM expressly disclaims any warranties of merchantability, fitness for a particular purpose or non-infringement. IBM products are warranted according to the terms and conditions of the agreements (e.g. IBM Customer Agreement, Statement of Limited Warranty, International Program License Agreement, etc.) under which they are provided.
Please Recycle The customer is responsible for ensuring compliance with legal
requirements. It is the customer’s sole responsibility to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law or regulation.
