Product: Network Configuration Manager Version 7.7
Learn more/Product Homepage: click here
Download a Free Trial: click here
Over the years, I have had the opportunity to review most SolarWinds products. As far as I can remember, however, I have not previously had the opportunity to check out SolarWinds® Network Configuration Manager (NCM). That being the case, I thought that it might be fun to check out the newly released version 7.7.
For those who might not be familiar with Network Configuration Manager, it can best be described as a network automation, change management, and compliance tool. It is designed to help you to perform vulnerability assessments, use automated tools to deploy standardized configurations to your network devices and more.
One of the reasons why I decided to review Network Configuration Manager is because it has been specifically designed to work with another SolarWinds product called Network Performance Monitor (NPM). Network Performance Monitor is a tool for monitoring networks, analyzing performance, and generating intelligent alerts.
A few weeks ago, I reviewed the latest version of Network Performance Monitor (version 12.2). The primary new feature in this version NPM was Network Insight™ for Cisco® ASA. Since NPM now includes native Cisco ASA Support, I wanted to see if the latest version of NCM also included Cisco ASA-specific features.
An Overview of Network Configuration Manager
Even though I want to focus this review primarily on ASA related functionality, I realize that I have never reviewed Network Configuration Manager before, so I want to take a moment to talk about what it is and what it does.
Based on my own experiences, Network Configuration Manager seems to be one of the lesser-known SolarWinds products. Even so, I think that NCM definitely has its place, and is a must-have companion to SolarWinds NPM.
While NPM is designed to help IT pros to resolve network problems and meet network-related SLAs, NCM is designed to help ensure consistency in a complex, multi-vendor network environment. In the case of an ASA firewall, for example, NCM can make sure that all of your ASA devices are configured in an identical manner.
Of course, consistency is important for compliance and avoiding problems that can stem from incorrect configuration settings. The other big thing that NCM brings to the table is network automation. When configuration changes or firmware updates are required for network resources, NCM can push those changes to all required devices. This frees the IT staff from having to make the changes manually, potentially resulting in substantial time savings. With automatic config backups and the ability to restore or roll back configs directly from Network Configuration Manager, the risk of a network outage caused by human error is greatly reduced.
Admittedly, SolarWinds is not the only vendor to offer a network management solution, but there are three things that Network Configuration Manager has going for it. First, it’s easy to use. Second, it plugs into the SolarWinds Orion® console, which means it can be used alongside any other SolarWinds tools that you happen to own. Third, NCM is designed to work in multi-vendor environments.
The Deployment Process
Like other SolarWinds products that I have set up, the deployment process for Network Configuration Manager was simple and straightforward. The only unique aspect of my deployment was that I chose to install both Network Configuration Manager 7.7 and Network Performance Monitor 12.2, as shown in Figure A.
When you log into the Orion console and open the Config Summary dashboard, you can see a summary of the new features that are found in Network Configuration Manager, as shown in Figure B. Most of the new capabilities center around access control lists, but there are also some other new capabilities that are worth mentioning.
One of the new capabilities that really caught my attention is the ability to upgrade the firmware on a Cisco ASA device. At first, this capability might not seem all that important, because there are other ways of updating the ASA firmware. Keep in mind, however, that Network Configuration Manager is a network automation and compliance tool. As such, having built-in firmware update capabilities will no doubt prove to be useful to organizations that own several ASA appliances and want to ensure that all of them are running the same firmware version.
Support for Security Contexts
Another new capability that caught my attention was the software’s support for Cisco ASA security contexts, which provide a way of sub-dividing an ASA firewall’s capabilities. Just as a hypervisor allows a physical server to be partitioned into multiple virtual machines, security contexts allow a Cisco ASA firewall appliance to be partitioned into a series of virtual, standalone firewalls. Each of these virtual firewalls maintains its own independent configuration.
Because Cisco ASA appliances can be sub-divided in this way, it would not be enough for a network monitoring utility to simply detect the existence of a physical ASA device and report basic device-level configuration, because doing so might not provide a realistic picture of how the firewall is actually being used. Thankfully, SolarWinds has designed Network Configuration Manager to automatically detect any existing contexts within an ASA appliance. Furthermore, NCM is able to back up and restore the configuration files for each individual security context.
Access Control Lists
As previously mentioned, much of the Cisco ASA-related work that SolarWinds has done in Network Configuration Manager pertains to Access Control Lists. Not surprisingly, SolarWinds has implemented automatic detection capabilities for access control lists. This is extremely helpful considering that even a modestly sized organization could potentially end up with a large collection of access control lists.
As NCM detects each access control list, it determines how that access control list fits into the overall security configuration. For example, the software can help you to determine if there are Access Control Lists that have been created, but that are not being used. For Access Control Lists that are in use, you can easily determine which zones the Access Control Lists have been assigned to, and which interfaces are linked to those zones.
Another thing that is really nice about NCM’s support for Access Control Lists is that the software includes a firewall rules browser, which you can see in Figure C.
While it is true that there are ways that you can review your firewall rules without using NCM, SolarWinds has gone the extra mile to make the administrator’s life easier by providing a single-pane-of-glass interface that can be used to manage Cisco ASA appliances, as well as a variety of other network resources.
As useful as I find the rule browser, the software is not limited to merely displaying firewall rules. If you look back at the previous figure, you will notice a link in the upper left corner labeled Compare ACL. NCM allows you to compare a known good set of firewall rules against the rules that currently exist on the ASA appliance, or even the rules that exist on a different appliance. Doing so allows you to check to see if changes have been made to the rules, and you can also ensure that rules are consistent across appliances.
One more incredibly useful function that I want to talk about is the ability to actually assess the rule set to detect rules that are problematic. This might include redundant rules, or rules that are rendered ineffective by another rule. Organizations may be able to improve their overall security by evaluating ASA rules to make sure that those rules are actually doing what they are supposed to be doing, and that contradictory rules are not creating security holes.
When I review products for this site, it has become customary for me to assign the product a star rating ranging from zero to five stars, with five stars being the highest possible rating. I can honestly say that Network Configuration Manager exceeded my expectations, and I am giving it a score of 4.7, which is a gold award.
As I mentioned at the very beginning of this review, I have had the opportunity to review a variety of SolarWinds products over the last few years. In doing so, I have found that SolarWinds consistently produces software that is both useful and of high quality, and Network Configuration Manager is no exception.
Although this review has focused almost solely on the features that were introduced in the latest release, Network Configuration Manager contains a plethora of other features that network administrators are sure to find useful. Perhaps even more importantly, the user interface is very intuitive and easy to use, which is quite an accomplishment for a network management product (although most SolarWinds products do tend to be intuitive).
In summary, I like what I see, and look forward to spending some additional time exploring Network Configuration Monitor in the coming weeks.
TechGenix.com Rating 4.7/5
Learn more about SolarWinds Network Configuration Manager or download a free trial.
The author received compensation for their honest review. All thoughts and opinions expressed herein are their own and not influenced by the developing company, and/or its affiliates, in any way.
1 thought on “Review of SolarWinds Network Configuration Manager Version 7.7”
As a matter of fact, I believe that serial collecting numbers should be part of what SolarWinds NCM pulls right out of the box, regardless of the vendor or model. After all, NCM can login onto the devices via SSH and run all kinds of commands to pull any info. If you also would like for NCM to provide serial numbers for all of your devices, regardless of vendor or model, please vote for this idea. Many thanks and have a great day (or evening) everyone.