Exercise More Control over Your Network using NCM Compliance Reporting

NCM Compliance reporting isn’t just for security auditors!  Use it to ensure network devices are compliant with your operational standards and controls.

As a busy network engineer, are you always looking for cool skill hacks to help you work smarter? Well if so, here is new one for you—compliance reporting.  That’s right, NCM compliance reporting.  Compliance is an incredibly powerful tool that helps you ensure all network devices are compliant with your operational standards and controls.

Consider this example, a network engineer queues all planned network changes into a quarterly update and pushes the changes out using a versioned config.  After the push, he audits his configs using the NCM audit feature to make sure all devices are running the right config. By auditing configs for a specific version, he knows if a device is missed, or if a config has been rolled back to a prior version. If you’re looking for other practical uses, consider the following: Make sure public SNMP community strings are never enabled, password changes are synchronized, or you have required QoS settings needed for VoIP.  The NCM Compliance feature isn’t just for security auditors!

To show you how simple this is, let’s step through it together.  But first a little context.  When enabled, NCM Compliance Reports automatically run when the config backup job has completed.  At which time NCM will scour through your configs looking for violations as defined in Compliance Rules.  Compliance Rule use pattern matching to identify configuration commands which should be included in, or excluded from, your config files.  If a rule match is found, then a violation is recorded. In addition, a Compliance Rules also includes an optional remediation script.  A remediation script can be executed automatically or manually against each identified violation.  Compliance Rules are grouped and organized into Policies. A Policy is a container for rules and associated: 1) with one or more devices to audit and 2) a Compliance Report through which violations are reported.  From this quick overview, it should be easy to see how Compliance Auditing is a powerful tool to help you keep your network in sync with required regulatory and operational standards and controls.  Now let’s build a simple compliance report.  We will start with building the Compliance rule, associate with a policy and then associate the policy with a report.  For our example, we want to make sure we never have any devices that allow the use of public SNMP community strings.

1: Create Audit Rules

Follow along with these steps:

1. Log in to the Orion^® Web console website as an administrator.
2. Click CONFIGS > Compliance.
3. Click Manage Policy Reports.

4. SelectManage Rules, and clickAdd New Rule.

5. Enter a name for your new rule.
6. Add a description, if needed.
7. Click the alert level to associate with this rule.
8. If you want to assign this rule to a folder, enter a name in New folder name. Otherwise, select an existing folder from Save in folder.
9. Click the type of alert trigger to associate with this alert.
10. If you want to search the device config for a simple string, click the appropriate option in String Type and enter text in the box. (Note: in this example we will build a remediation script and not use the testing tools.)
11. Click Submit to save

2: Create an Audit Policy

Follow along with these steps:

1. Click Manage Policies and Add New Policy.

2. Enter a name for your new Policy.
3. Enter a Policy description.
4. Specify where to save the Policy
5. Select nodes to use with this Policy (default is all nodes).
6. From the list, select the type of configuration you want to search with this Policy.
7. Select and add Rules to associate with this Policy.
8. Click Submit to save and exit.

3: Create an Audit Report

Follow along with these steps:

1. ClickManage Reports and then Add New Report.

2. Enter a name for your new report.
3. Enter a description of the report.
4. If you want to assign this report to a folder, enter a name in New folder name or select an existing folder from the Save in folder list.
5. If you want to also display rules without violations, select Show rules without violation.
6. Select the policy created from our previous task and associate it with this Report.
7. Click Submit to save and exit.

By default, your report is now enabled.

The next time NCM archives your device configs, this report will automatically run and you will see any violations from the NCM summary screen using the Policy Violations resource.

Are you a Network Control Freak?

Are a Network Control Freak? Try compliance auditing on your network and enter to win a SolarWinds Certified Network Control Freak swag-pack.  Click here for contest rules and to enter.  Then simply take a screen-shot of a policy rule you create using this tutorial and submit it to controlfreak@solarwinds.com to win.  If you create something awesome, be sure to share it on thwack!