Network Configuration Management probably isn’t your first priority when building out a network infrastructure.
In fact, because monitoring takes such a precedence over everything else, configuration files are usually an afterthought at best.
Since much of a Network Configuration Managers job can be done manually, this software may not sound all that crucial to our operations.
For those with a small scale environment, that might even be the case.
But as our network starts to expand, reaching dozens, or perhaps even hundreds of devices, it becomes exponentially more difficult to manage these changes by hand.
How much time would it take a single person to backup configurations, push changes, verify compliance standards and perhaps even roll-back in the event of a problem?
There are thousands of possible what-if scenarios where proper Network Configuration Management could save your hide, these are just the most basic use cases.
Before we look at the best options available to us, we’ll cover why we would really want to use this software in the first place.
Is Network Configuration Management Needed?
At the absolute most fundamental level, a Network Configuration Manager is tasked with handling our device configuration data. This much is pretty self explanatory at least, but breaking that down is where it becomes a bit vague.
Above all else, we expect at least three core features from our NCM software. These include:
- Backup device configuration files
- Deploy approved configuration file updates
- Detect and revert unauthorized changes
As a practical example, let’s say a network switch fails and must be replaced immediately. We could be there for hours, typing in the details of each interface by hand.
With Network Configuration Management, we just push a backup to the new device and it’s ready to go.
Modern software however comes with a lot more functionality than just those 3 features, and depending on the requirements of your network, these could be indispensable.
Some of the most popular additions we see in the top picks are:
- Maintain compliance standards for HIPAA, PCI-DSS, etc.
- Role based authentication and approval for changes
- Real-time configuration change notifications
- Configuration audits
We aren’t just protecting ourselves against user error and mistakes, but against hackers as well.
It’s not uncommon for an attacker to modify our device configurations to grant further access, where alerts, access restrictions and backup rollbacks can protect a network’s integrity.
Best Network Configuration Management Software & Tools:
- SolarWinds NCM
- ManageEngine NCM
- TrueSight Network Automation
- WhatsUp Gold NCM
- rConfig Network Management
1. SolarWinds NCM (Best Choice)
SolarWinds offers one of the most sophisticated network management packages on the market.
Aptly named the Engineer’s Toolset, it’s comprised of more than 60 powerful applications, designed with the IT professional in mind.
Having won dozens of prestigious awards, and the trust of companies like Cisco and Apple, there is simply no better choice available.
That brings us to the SolarWinds Network Configuration Manager (NCM), a verbose and well rounded solution that’s rich with features.
In a nutshell, it’s core objective is to manage rapid change across complex, multi-vendor networks.
The automated NCM engine eliminates almost all manual intervention, capable of pushing approved configs to a group of devices, maintains policy compliance via auditing and backs up changes should we need to revert in a crisis.
For Cisco users, notably those with Cisco ASA firewalls or Cisco Nexus switches, there are quite a few added benefits.
Known as “Network Insight”, these tools automates the monitoring and management of the infrastructure in a single unified interface.
It provides an in-depth look at and control over your interfaces, VPN tunnels, ACLs and more.
It even integrates with the National Vulnerability Database to check for potential threats in your Cisco devices.
For existing SolarWinds customers using Network Performance Monitor (NPM), the two applications can be seamlessly integrated in a hybrid environment.
For maximum visibility, the combination of these packages can further detect additional configuration faults and correct errors.
Starts at $2995
Try the full version of SolarWinds Network Configuration Manager Free for 30 Days
2. ManageEngine NCM
While they may not have quite the same accolades and recognition, the ManageEngine suite is still a familiar set of products for IT professionals.
Their most recognizable clients include IBM, Time Warner Cable and NASA just to name a few, placing them firmly in the number 2 spot behind SolarWinds.
Their Network Configuration Manager is a multi vendor network change, configuration and compliance management (NCCM) solution.
A comprehensive package for routers, switches, firewalls and other network connected devices.
This robust set of features simplifies every day tasks, from configuration backups and versioning to user activity tracking and audits.
It’s a comprehensive package that checks all of the important boxes, but also excels in several key areas.
Some of the most unique elements include encrypted configuration storage in a PostGRE database, role based access and approval workflow, and perhaps the most notable, vendor support for more than 200 brands.
This includes the industry standards like Cisco, HP and Dell, as well as plenty more.
ManageEngine Network Configuration Manager (NCM) is compatible with both Windows and Linux server environments.
It’s completely free to use with a 2 device limit, the full version starts at $595 for 10 managed devices with a 30 day trial available.
3. TrueSight Network Automation
TrueSight Network Automation (formerly BladeLogic) from BMC Software is a security first solution.
It relies heavily on third party integrations to automate critical tasks in real-time, including threat detection, patching vulnerabilities, provisioning configuration updates and seamless reporting for compliance audits.
Using the SmartMerge technology, these tools are applied as auto generated scripts, able to deploy or revert system changes on the fly.
No need to reboot the device or plan around peak times, the processes runs quietly in the background without any impact on user experience or causing performance degradation.
For certain industries, their cutting edge compliance engine is another indispensable feature.
With full support for standard compliance policies such as HIPAA, PCI-DSS, NIST, SOX and CIS, it can monitor and detect changes in real-time, ensuring that all processes adhere to the necessary specifications.
Best of all, TrueSight Network Automation is designed to quickly scale on demand.
This lightweight implementation operates on both Windows Server or Linux, comes pre-bundled with all necessary prerequisite software, and manages up to 5,000 devices with just a 3Ghz dual processor, 8GB RAM and 15GB of disk space.
4. WhatsUp Gold NCM
In contrast to the other top picks, the WhatsUp Gold Network Configuration Monitor is not offered as a standalone product.
Instead, it is packaged alongside the IPSwitch monitoring platform, available in certain versions as a paid add-on package.
Although it doesn’t stand out from the rest in any one specific area, it does have the distinct advantage of building upon an existing solution.
For users already utilizing WhatsUp Gold for their network management needs, the add-on will further expand its capabilities with a complete set of configuration tools.
As the core platform already maintains a list of devices via auto discovery, the NCM will just re-scan these and import configuration data.
From that point, we can batch deploy updates, schedule backups, run reference comparisons and of course, audit changes to ensure compliance with approved standards.
Any unwanted actions, malicious or otherwise, can be rolled back to a previous version at any time.
Because it’s fully integrated into the software, it seamlessly opens up new features through out the interface.
We can access anything from device specific configuration data, to setting trap alerts that notify us of events such as configuration changes.
In such cases, these can be routed through Slack, SMS, E-mail or whatever reaches your team for a rapid response.
5. rConfig Network Management
The feature set is somewhat limited by comparison, and it operates a bit different from most, but still remains a capable and customizable tool for small to medium sized networks.
The most limiting factor with rConfig is the lack of automation, which is often a major point of convenience in paid software.
While it does have network auto discovery that can detect and import devices, we have to manually specify the commands that run against each device.
In a nutshell, this means we first assign devices to a category, and build a list of commands available to those devices.
Once these are set, we can then schedule these commands to execute as needed.
On one hand, it takes a bit more work to setup at first, but this also means having a very granular level of control.
Because devices are assigned to categories, we can run backups, push configurations and perform audits either on a single device, a group of devices or all devices with ease.
Otherwise, it’s rather standard network configuration management software.
It has support for all major compliance standards (HIPAA, PCI-DSS, etc), extensive backup and reporting features, and a native PHP implementation with CRON based scheduling.
Network Configuration Management is sometimes a black sheep in the networking community.
Not for its lack of importance, but rather the intended purpose being misunderstood.
Most solutions however include free trials or limited versions that we can experiment with.
For those on the fence as to whether it’s necessary for their individual needs, there’s no reason not to try it out and see what it brings to the table.
If you’re a small business or limited by budget, we also have great free options like rConfig available to us as well.