Configuration Manager

On this page:

User Guide

Configuration Manager allows users to manage devices and configurations on their networks. The application is essentially a multi-functional interface to view devices, manage groups of devices, backup devices, and compare backup configurations, along with features for Golden Configuration tree management, compliance reporting, and remediation.

Configuration Manager Card

Based on the type of entity the user needs to view or manipulate, there are four main page views in the application.

  • Devices
  • Device Groups
  • Device Backups
  • Golden Configurations

About Button

To identify the release version that is running in your environmnent, click the white vertical dots next to the application name in the top header to open the About dialog.

About Dialog

Quick Access Shortcuts

Configuration Manager allows you to 'pin' elements from all pages by clicking the pin icon that corresponds to each item. These pinned elements can be found on the Home page.

Configuration Manager also features a Quick-Access Toolbar in the navigation panel on the left-hand side.

From this toolbar you can perform various functions such as:

  • Create a collection by clicking the Create icon button in the top toolbar. The Create dialog will open.

    Create Button

    Create Dialog

  • Navigate to the Home page by clicking the Home button. This returns you to main landing page for Configuration Manager.

    Home Button

    Home Page

  • Search collections using the Search icon (magnifying glass) to search for items in a collection based on filter settings.

    Search Button

    Search Dialog

  • View product documentation by clicking the Documentation icon to open a dialog that links you to the Itential product guides.

    Docs Button

Devices

Devices are available from any southbound system registered through the Itential Automation Platform (IAP). This includes the option of one or more instances of Cisco NSO and Itential Automation Gateway.

On the Devices page, a grid view of device cards renders multiple details for each device available from southbound systems. The cards can be filtered and sorted by various fields and includes pagination to mitigate slow load times for large collections of devices.

Each device card can also be selected and edited on its own Device Details page.

Devices View

Device Details

On the Device Details page, helpful information is displayed in three cards arranged horizontally at the top and in one larger sized card with tabs displayed beneath.

Card Name Description
Device Details Displays pertinent device information. Allows user to check if device is synced.
Device Status Display the status of a device.
Last Backup Indicates the time since last backup.

Device Configuration

Tab Name Description
Configuration Allows user to view the current configuration on a device.
Backups Allows user to view a history of backups on a device. For each backup listed, the user can quickly navigate to the respective backup with a linked button.
Comparison Allows user to view differences between backups, or between a backup and the live configuration of the device.

Configuration Tab

Backups Tab

Configuration Comparison Tab

Device Groups

Similar to other constructs used for inventory management and orchestration, device groups in the Itential Automation Platform are a collective association of device ids. Other API calls can use these groups to manage various workflow operations based on a user defined association.

On the Device Groups page, the card view is similar to the Devices page with a layout of cards showing the current groups. Of note, there is an empty Create card that allows you to create a new group with a custom name. Click the plus (+) sign to open an inline form. Once a new device group is created, it is added to a searchable list. Last, since all device groups can be edited, they can be selected for batch actions.

Device Groups View

Editing Device Group Details

When editing a Device Group, the user can update the list of devices that are available, or edit devices attached to a group.

Edit Device Group

The user can also update the description and name of the Device Group from the settings menu. To display this menu, click the blue vertical dots (icon) on the top toolbar.

Edit Device Group Details

Device Backups

Device backups are similar to existing backups in other Itential applications. They provide a reference point of a device's configuration at a given point in time. On the Backups page, the card layout shows all the backups that have been created for various devices on the platform. The details on each backup are unique to each device. Each backup card will show information that further delineates the history of the device's configuration. From this page, filtering, sorting, pagination and batch deletion actions are available.

Device Backups View

Editing a Device Backup

The Backup Details page of a specific device backup shows information on a card located at the top and one larger sized card with two tabs at the bottom.

Edit Device Backup

UI Element Description
Backup Details (card) Displays backup information for a device.
Configuration (tab) Allows user to view the raw configuration of a selected backup.
Backups (tab) When the user selects a backup record for comparison, the Backup diff card is populated with a detailed, side-by-side view of differences between the two selected configurations. From this view, changes made over time to a device configuration, or the comparison of devices within a group, are made apparent.

Details such as description, notes and access control of a device backup can be changed through the settings menu. To display this menu, click the blue vertical dots (icon) on the top toolbar.

Edit Device Backup Details

Golden Configurations (Device)

Golden Configurations allow you to specify patterns of configuration data that should be similar across devices on your network, and tools to evaluate compliance with a set of defined standards and to bring devices back into compliance. The configurations are arranged in a tree pattern so that portions of the standard which apply to multiple devices can be stated in one place, and requirements which are more specialized can build on the baseline standards. Trees may have multiple versions to support migrations from one set of standards to another.

The Golden Configurations page shows all the Configuration Trees that have been created for various specifications. From this page, you can delete trees, or open a tree to view or edit.

Golden Configurations View

Configuration Trees

Configuration Trees have a single root node, and each node may have any number of children. Trees also support versioning.

The tree area of the page allows you to see the relationships of nodes in the tree, as well as add, remove, and rename nodes, or choose a selected node. You may also select among versions of the tree, and create a new version based on the current state of the selected version.

Configuration Tree

Node Details

The Node Compliance bar in the Node Details tab shows the compliance percentage for all devices in the node combined. Hovering over the bar displays a list of devices that failed or succeeded in meeting compliance.

The Node Issues section displays all configurations that are not present in the devices on which a compliance report was run.

Configuration

The Configuration tab allows you to edit the Golden Configuration associated with a selected node, as well as the Configuration Variables for the tree.

Configuration Spec

The Golden Configuration is a configuration pattern which the device should conform to. It is comprised of configuration lines and rules which must be matched in order for the device to be considered compliant.

When you create a new node in the Configuration Tree, its configuration will be inherited from the parent node. You may specialize this node from the parent by adding or overriding lines in the parent configuration.

The lines of Golden Configuration are designed to mimic the native configuration structure of a device, and will have parent-child relationships as they do on the device. This is usually shown by indentation or block delimiters.

Each line of Golden Configuration has an evaluation type that determines whether the line must be present, not present, or should be ignored. The severity determines whether rule failures are considered errors, warnings, or information-only issues in the Compliance Report.

Add/Edit Configuration Lines

The configuration editor allows configurations to be edited inline through the text editor. Once you have finished defining your configuration, you can save it by clicking the floppy disk icon in the toolbbar just above the editor. You can also import configurations from a device by clicking the import button located to the left side of the save button.

Each line in a configuration can be defined as follows.

Evaluation Mode

Used to indicate if a configuration line if required to exist in a device for compliance.

  • Required - Implies the line must exist in the device config.
  • Disallowed {d/} - Implies the line must not exist in the device config.
  • Ignored {i/} - Completely ignores the line and doesn't generate an issue in the compliance report.
Severity Type

Each severity type has its own weight which determines the grade of a compliance report.

  • Warning
  • Error <e/>
  • Info <i/>
Fix Mode

Used for determining how to handle lines that contain variables when performing auto-remediation

  • Manual - The user must must manually remediate the issue (skips auto-remediation for the line).
  • Append <a/> - Automatically appends the configuration line into the device.
  • Change <c/> - Finds a matching candidate in the device configuration and replaces it with the current line.

To apply these properties to a line, highlight the configuration lines you want to modify and select a property from the toolbar above the editor.

Config Tools

Define New Tree Variables

To define new tree variables:

  • Select the (x) icon button on the right side to access the variables panel.
  • To hide a configuration which is not defined on the current node directly, click the eye icon and select the Inherited Config checkbox.

Variables

Manage Devices

The Manage Devices tab allows you to associate network devices with the selected Configuration Node.

Device Management

When you run a compliance report for a device, it will be checked against the Golden Configuration of the device's associated configuration node. Likewise, when you run a compliance report for a node, each associated device will be checked. A device can only be associated with one configuration node.

From this tab, you can see a list of associated devices, and a small graph that shows the compliance status for each device. You may add or remove devices from the selected node.

Compliance

Click the vertical dots icon to open the Compliance dialog, which presents a menu to run and view compliance for a selected device. From the compliance report view, you can see overall statistics for a selected device. You can also select any issue that is found and view details that will enable you to troubleshoot and fix the error. You may address one or more issues before applying changes to a device.

Compliance Menu

Compliance

Click the 3-bar graph icon near the top right to display the compliance history graph. This graph shows how many warnings, issues, errors and passes were computed in the compliance report. The blue line represents the score for each compliance report.

Compliance Bar Graph

You can navigate between compliance reports by clicking on the bar-chart.

Click the down arrow in the Configuration Errors section to expand an item and view additional detail that will enable you to choose how you would like to proceed with the issue.

Compliance Issue

When you select Add as an action the issue will minimize with a green check mark to represent that the issue has been marked for resolution.

Click Apply to compile a list of changes that have been marked for resolution to be added to the device.

Compliance Issue Added

You can also view Golden Configuration details by clicking the blue vertical dots (icon) on the top toolbar. A menu will display details of the tree and allow you to update the Name or modify read/write access for Groups.

Compliance Details

Golden Configurations (JSON)

Configuration Manager also has integrated support for running compliance on JSON data. This section of the guide will only cover the elements of Golden Config (GC) that are different than those of devices.

Configuration

The Configuration tab of a JSON GC takes JSON data as input. This data will be used to generate a compliance report on task instances.

To utilize variables in a JSON GC:

{
    "vpcName": "$_varName_$"
}

Anything enclosed in $_ _$ will be replaced by the variable value.

Task Instances

Task instances are instances of adapter tasks with their respective parameters which are used for fetching certain data.

You can perform a compliance check on these task instances by hovering over the 3-vertical-dots menu and clicking Run Compliance.

When you run compliance on a task instance, the Adapter Task associated with the instance will execute and fetch certain data. The data fetched from the adapter task is used for generating a compliance report.

Add a Task Instance

Click the Manage tab to view all task instances. To create a task instance, simply click the plus (+) button, which will generate the following view.

Add Task 1

The Add Adapter Task dialog will contain a list of adapters and the tasks which belong to each adapter. You can also search for methods from the search bar at the very top. Once you've located the adapter task you would like to add, click on it to select it. From here you can hover over the blue Add button in the dialog footer and select +Add from the options menu. This will open the parameters dialog.

Add Task 2

From this screen you must select a unique (within the node) Instance Name and define the parameters that are required to execute the Adapter Task you have selected. Once the appropriate information is provided, click the Submit button at the button to save the task instance.

The newly created task instance will appear in the Manage tab along with other existing task instances.

Task Instances

Run Compliance

Running compliance for a task instance is very much the same process as the one for devices. Simple click Run Compliance from the menu options that display when you click the vertical dots.

Run JSON Compliance

Once the compliance process has finished running, select the View Compliance menu option to display the Compliance and Reporting dialog. From here you can view which items in your configuration are out of compliance.

JSON Compliance