The Definitive Guide to Enterprise Network Configuration and Change Management

by Don Jones


A revealing look at the importance of network configuration and change management, The Definitive Guide to Enterprise Network Configuration and Change Management appeals to IT professionals and company executives who need to keep data secure and networks available. It is a comprehensive look at how to formulate and implement change management best practices and processes as well as which tools are available to help.


Chapter 1: Introduction to Network Configuration and Change Management

How does your company handle change management in the network? Do you worry about it at all? My own experience is that 90% of small- to medium-sized companies—those with fewer than about 8000 IT users—rarely practice any serious change management when making changes to their network configurations. I used to work for one of the East coast’s larger network integration firms, who handled outsourced network operations for some of the region’s largest companies. They didn’t do any change management, either, beyond keeping some informal Post- It notes of what changes they planned to make. Don’t be embarrassed if your organization doesn’t practice change management, either; you’re in good company.

But businesses are getting smarter. Today’s ethos of “do more with less” doesn’t allow critical IT resources to become unavailable through a simple manual configuration error. The idea that network management—in some companies, at least—is about as rigorous and scientific as a séance is starting to scare top executives, and they’re asking their network managers to do something about it. That something is change management, a set of processes and tools designed to ensure that network configuration changes never take the network down, and that provide rapid recovery in the event that they do.

In this chapter, I’ll introduce change management as a concept, discuss the very real business reasons for having it, and provide an overview of how you can begin adopting solid change management practices into your environment.

Chapter 2: Network Configuration and Change Management and Stability

What can change management do for the stability of your environment? Wonderful things, to be sure, but what does that mean in specific terms? What kind of return on investment (ROI) can you expect from a change-management implementation? How will it affect the total cost of ownership (TCO) for your network? How will a change-management implementation affect downtime? How much training will it require? The answers to these questions are important for making a business case for implementing change management. Interestingly, all of the numbers come down to stability—how change management will decrease downtime. After all, downtime costs money; reducing it saves money and creates a ROI. Reducing downtime can in many ways reduce the need for highly trained network administrators because the change-management process helps protect junior administrators from making mistakes. In addition, companies with solid change-management practices can implement changes quickly and reliably, improving their business agility and their ability to capitalize on new opportunities.

In this chapter, I’ll focus on how change management can affect the stability of your environment. I’ll discuss the impact of changes on business performance and start you down the path of creating a formal process to manage change. I’ll concentrate on key areas such as reviewing and approving changes, prioritizing changes, working with risk, and archiving changes. No process is perfect, so we’ll explore how the process needs to accommodate imperfection by providing a means of restoring stability in the event of an error.

Chapter 3: Network Change Management and Security

How can change management—essentially a set of processes and procedures—improve security in your environment? Managed devices such as routers, switches, and firewalls play an obvious role in the overall security of your network. An improperly configured device can, for example, allow unwanted traffic into the private network from the Internet, transmit internal traffic to the Internet, and unexpectedly drop traffic and impact productivity. Therefore, controlling the configuration of each device on your network is critical to maintaining a high level of security. Change management provides that control.

Chapter 4: The Scope of Change Management

Where can change and configuration management be applied in your environment? Given the broad range of devices and computers on the typical network, the ability to manage them all more effectively would be useful. However, various devices have differing levels of manageability. Thus, systems and network administrators must face the realities of change and configuration management. To help you do so, we’ll explore several types of devices and computers, looking at how their configuration information is stored and managed and how change and configuration management can help you better administer each type of device.

Chapter 5: Network Configuration Management Technologies

Network configuration management relies heavily on several open-standard technologies. These technologies—such as TFTP and SSH—were designed with entirely different purposes in mind, but serve the needs of network configuration management quite well. However, before implementing any network configuration management solution, you should thoroughly understand the underlying technologies, how they work, and any implications—particularly from a security standpoint—that they bring to your environment.

Chapter 6: Network Configuration Management Tools

By now, you should have the idea that although proper network configuration management is possible without any tools, it is much easier when you have tools to help. In this chapter, I’ll describe the various functions you’ll want to look for in network configuration management tools and provide some evaluation criteria for selecting those tools. The functionality you’ll want to look for includes:

  • Project design and staging
  • Change request acceptance and tracking
  • Environment inventory and review
  • Change modeling and risk analysis
  • Change implementation and deployment
  • Change archival and tracking
  • Change rollback and recovery
  • Management reporting
  • Knowledge bases
  • Problem tracking
  • Enforcement and compliance

At first glance, you might be worried that I’m going to recommend that you go out and buy 10 software packages, which isn’t the case. This list isn’t a list of tools; it’s a list of major functionality. You’ll find that most available tools implement several of these functions. For example, a good Help desk ticket-tracking product will also

Chapter 7: Network Configuration Management Best Practices

In the previous six chapters, I’ve spent a lot of time discussing what works and what doesn’t when it comes to network configuration management. I’ve shown you various processes that you might adopt or modify and begin using in your environment. I’ve explained some of the underlying technologies that support automated configuration management, and I’ve discussed different categories of tools that you might be interested in to help automate configuration management in your environment. In this chapter, I’ll introduce you to the IT industry’s best practices for change and configuration management, and help you understand how they apply more specifically to change and configuration management in network devices.

Chapter 8: Sample Change Management Processes

Chapter 7 introduced some concepts that might be intimidating for smaller organizations: Who has the time or personnel for a CAB or executive committee in a small shop? In this chapter, I’ll show you that change and configuration management can be adapted to organizations of any size and tweaked to meet specific business concerns such as speed of response and security control. This chapter will serve as a resource for example change and configuration management processes, which you can adopt outright or (more likely) modify to suit your specific needs.

You’ll notice that all of these processes have some common elements, such as a review process to help catch changes that will cause problems, documentation, and disaster recovery procedures. These elements have been covered in nearly every chapter of this guide, and they are the underlying parts that make change and configuration management worthwhile. Even if you decide to create your own process entirely from scratch, be sure that the common elements are included so that your process will offer the value that change and configuration management promises.