Configuration Manager allows users to manage devices and configurations on their networks. The application can view devices, manage groups of devices, backup devices, compare backup configurations, and more features including Golden Configuration tree management, compliance reporting, and remediation.
Based on the type of entity the user needs to view or manipulate, there are four main pages to the application.
- Device Groups
- Device Backups
- Golden Configurations
Devices are available from any southbound system registered through the Itential Automation Platform (IAP). This includes the option of one or more instances of NSO and Itential Automation Gateway.
On the Devices home page, a grid view of device cards renders multiple details for each device available from southbound systems. The cards can be filtered and sorted by various fields and includes pagination to mitigate slow load times for large collections of devices.
Each device card can also be selected and edited on its own Device Details page.
On the Details page of a device, helpful information is displayed in four cards arranged horizontally at the top and in one larger sized card with tabs displayed beneath. More cards will be made available in the future to provide further quick actions. Additional tabs will also be added to the larger card to allow for the display of more advanced features.
|Device Details||Displays pertinent device information. Allows user to check if device is synced.|
|Device Status||Display the status of a device.|
|Last Backup||Indicates the time since last backup.|
|Configuration (tab)||Allows user to view current configuration on a device.|
|Backups (tab)||Allows user to view a history of backups on a device. For each backup listed, the user can quickly navigate to the respective backup with a linked button.|
|Comparison (tab)||Allows user to view differences between backups, or between a backup and the live configuration of the device.|
Similar to other constructs used for inventory management and orchestration, device groups in the Itential Automation Platform are a collective association of device IDs. Other API calls can use these groups to manage various workflow operations based on a user defined association.
On the Device Groups page, the card view is similar to the Devices page with a layout of cards showing the current groups. Of note, there is an empty Create card that allows you to create a new group with a custom name. Click the Add button (plus sign) to open an inline form. Once a new device group is created, it is added to a list that may be searched. Last, since all device groups are editable, they can be selected for batch actions.
Editing Device Group Details
When editing a device group, the user can update the list of devices available or attached to the group.
The user can also update the description and the name of the device group from the settings menu. To display this menu, click the blue gear icon on the top toolbar.
Device backups are similar to existing backups in other Itential applications. They provide a reference point of a device's configuration at a given point in time. On the Backups home page, the card layout shows all the backups that have been created for various devices on the platform. The details on each backup are unique to each device. Each backup card will show information that further delineates the history of the device's configuration. From this page, filtering, sorting, pagination and batch deletion actions are available also.
Editing a Device Backup
The Details page of a specific device backup shows information on a card located at the top and one larger sized card at the bottom.
|Backup Details||Displays backup information for a device.|
|Configuration (tab)||Allows user to view the raw configuration of a selected backup.|
|Backups (tab)||When the user selects a backup record for comparison, the Backup diff card is populated with a detailed, side-by-side view of differences between the two selected configurations. From this view, changes made over time to a device configuration, or the comparison of devices within a group, are made apparent.|
Details such as description, notes and access control of a device backup can be changed through the settings menu. To display this menu, click the blue gear icon on the top toolbar.
Golden Configurations allow you to specify patterns of configuration data that should be similar across devices on your network, and tools to evaluate compliance with your defined standards and bring devices back into compliance. The configurations are arranged in a tree pattern so that portions of the standard which apply to multiple devices can be stated in one place, and requirements which are more specialized can build on these base standards. Trees may have multiple versions to support migrations from one set of standards to another.
The Golden Configurations home page shows all Configuration Trees that have been created for various specifications. From this page, you may delete trees, or open them to view or edit.
Configuration Trees have a single root node, and each node may have any number of children. Trees also support versioning.
The tree area of the page allows you to see the relationships of nodes in the tree, as well as add, remove, and rename nodes, or choose a selected node. You may also select among versions of the tree, and create a new version based on the current state of the selected version.
The Node Compliance bar shows the compliance percentage for all devices in the node combined. Hovering over the bar displays a list of devices that failed or succeeded in meeting compliance.
The Node Issues section displays all configurations that are not present in the devices on which a compliance report was run.
The Configuration tab allows you to edit the Golden Configuration associated with a selected node, as well as the Configuration Variables for the tree.
The Golden Configuration is a configuration pattern which the device should conform to. It is comprised of configuration lines and rules which must be matched in order for the device to be considered compliant.
When you create a new node in the Configuration Tree, its configuration will be inherited from the parent node. You may specialize this node from the parent by adding or overriding lines in the parent configuration.
The lines of Golden Configuration are designed to mimic the device's native configuration structure, and will have parent-child relationships as they do on the device, usually shown by indentation or block delimiters.
Some lines of Golden Configuration are "literal", meaning they must match exactly. Other lines may be called "rules", because they use Regular Expression patterns or Configuration Variables to match device configuration which may vary, and even match multiple sections of configuration on a device (e.g., all interface blocks should have these children).
Each line of Golden Configuration has an evaluation type that determines whether the line must be present, not present, or should be ignored. The severity determines whether rule failures are considered errors, warnings, or information-only issues in the Compliance Report.
To add lines to a node configuration:
- Click the dotted insert line at the end of an existing configuration.
- Supply the native configuration that should be present on the devices for the node.
- It will be merged with the parent node's configuration, and matching lines will override the parent's corresponding lines.
To edit a line:
- Click the line to open the line editor panel.
- From the line editor, you can delete the line (along with its children), select its evaluation type and severity, add the child configuration, and edit terms for the line.
- Each term may be a literal term, a Regular Expression pattern, or a Tree Variable whose value may be substituted at a later time.
Define New Tree Variables
To define new tree variables:
- Select the "Show Variables" checkbox to access the variables panel.
- To hide literal-only lines, select the "Rules Only" checkbox.
- To hide a configuration which is not defined on the current node directly, deselect the "Show inherited config" checkbox.
The Manage Devices tab allows you to associate network devices with the selected Configuration Node.
When you run a compliance report for a device, it will be checked against the Golden Configuration of the device's associated configuration node. Likewise, when you run a compliance report for a node, each associated device will be checked. A device can only be associated with one configuration node.
From this tab, you can see a list of associated devices, and a small graph that shows the compliance status for each device. You may add or remove devices from the selected node.
Click the stacked dots icon to open the Compliance dialog, which presents a menu to run and view compliance for a selected device. From the compliance report view, you can see overall statistics for a selected device. You can also select any issue that is found and view the details that will enable you to troubleshoot and fix the error. You may address one or more issues before applying changes to a device.
Click the 3-bar graph icon near the top right to display the compliance history graph. This graph shows how many warnings, issues, errors and passes were computed in the compliance report. The blue line represents the score for each compliance report.
You can navigate between compliance reports by clicking on the bar-chart.
Clicking on an issue in the Configuration Errors section will expand it, thereby allowing you to view additional detail that will enable you to choose how to proceed with the issue.
When you select Add as an action, the issue will minimize with a green check mark to represent that the issue has been marked for resolution.
Click Apply to compile a list of changes that have been marked for resolution to be added to the device.
You can also view Golden Configuration details by clicking the blue gear icon in the top toolbar. A menu will display details of the tree and allow you to update the Name or modify read/write access for Groups.