Configuration Manager allows users to manage devices and configurations on their networks. The application can view devices, manage groups of devices, backup devices, compare backup configurations, and more features including Golden Configuration tree management, compliance reporting, and remediation.
Based on the type of entity the user needs to view or manipulate, there are four main pages to the application.
- Device Groups
- Device Backups
- Golden Configurations
Devices are available from any southbound system registered through the Itential Automation Platform (IAP). This includes the option of one or more instances of NSO and Itential Automation Gateway. At this time, Configuration Manager reads and analyzes the devices; however, in future integrations, device turn-up and device remediation will be possible.
On the Devices home page, a grid view of device cards renders multiple details for each device available from southbound systems. The cards can be filtered and sorted by various fields and includes pagination to mitigate slow load times for large collections of devices.
Each device card can also be selected and edited on its own Device Details page.
On the Details page of a device, helpful information is displayed in four cards arranged horizontally at the top and in one larger sized card with tabs displayed beneath. More cards will be made available in the future to provide further quick actions. Additional tabs will also be added to the larger card to allow for the display of more advanced features.
|Details||Displays pertinent device information.|
|Status||Display the status of a device.|
|Last Backup||Indicates the time since last backup.|
|Actions||Allows user to create a backup, check device status and sync a device.|
|Configuration (tab)||Allows user to view current configuration on a device.|
|Backup (tab)||Allows user to view a history of backups on a device. For each backup listed, the user can quickly navigate to the respective backup with a linked button.|
|Comparison (tab)||Allows user to view differences between backups, or between a backup and the live configuration of the device.|
Similar to other constructs used for inventory management and orchestration, device groups in the Itential Automation Platform are a collective association of device IDs. Other API calls can use these groups to manage various workflow operations based on a user defined association.
On the Device Groups page, the card view is similar to the Devices page with a layout of cards showing the current groups. Of note, there is an empty Create Group card that allows you to create a new group with a custom name. Click the Add button to open an inline form. Once a new device group is created, it is added to a list that may be searched. Last, since all device groups are editable, they can be selected for batch actions.
Note: Currently, the only batch action available is deletion.
Editing Device Group Details
When editing a device group, the user can update not only the name, but the description and a filterable list of devices available or attached to the group.
Device backups are similar to existing backups in other Itential applications. They provide a reference point of a device's configuration at a given point in time. On the Backups home page, the card layout shows all the backups that have been created for various devices on the platform. The details on each backup are unique to each device. Each backup card will show information that further delineates the history of the device's configuration. From this page, filtering, sorting, pagination and batch deletion actions are available also.
Editing a Device Backup
The Details page of a specific device backup shows information in two cards arranged at the top and one larger sized card at the bottom.
|Details||Displays backup information for a device. Also allows user to edit the notes and description.|
|Compare Backups||Allows user to select another backup record to compare. Upon selection, user can immediately view the details of the comparison record, including the time, description and other pertinent details.|
|Configuration (tab)||Allows user to view the raw configuration of a selected backup.|
|Backup Diff (tab)||When the user selects a backup record for comparison, the Backup diff card is populated with a detailed, side-by-side view of differences between the two selected configurations. From this view, changes in a device's configuration over time, or the comparison of devices within a group, are made very obvious.|
Golden Configurations allow you to specify patterns of configuration data that should be similar across devices on your network, and tools to evaluate compliance with your defined standards and bring devices back into compliance. The configurations are arranged in a tree pattern so that portions of the standard which apply to multiple devices can be stated in one place, and requirements which are more specialized can build on these base standards. Trees may have multiple versions to support migrations from one set of standards to another.
The Golden Configurations home page shows all Configuration Trees that have been created for various specifications. From this page, you may delete trees, or open them to view or edit.
Configuration Trees have a single root node, and each node may have any number of children. Trees also support versioning.
The tree area of the page allows you to see the relationships of nodes in the tree, as well as add, remove, and rename nodes, or choose a selected node. You may also select among versions of the tree, and create a new version based on the current state of the selected version.
The upper portion of the content area shows compliance statistics for the tree as a whole, and for a selected node. You may also view and edit node details.
The lower portion allows you to edit the Golden Configuration of a selected node, check devices, and view compliance history and errors for individual devices, as well as apply targeted changes to resolve any issues that are found.
The Configuration Spec tab allows you to edit the Golden Configuration associated with a selected node, as well as the Configuration Variables for the tree.
The Golden Configuration is a configuration pattern which the device should conform to. It is comprised of configuration lines and rules which must be matched in order for the device to be considered compliant.
When you create a new node in the Configuration Tree, its configuration will be inherited from the parent node. You may specialize this node from the parent by adding or overriding lines in the parent configuration.
The lines of Golden Configuration are designed to mimic the device's native configuration structure, and will have parent-child relationships as they do on the device, usually shown by indentation or block delimiters.
Some lines of Golden Configuration are "literal", meaning they must match exactly. Other lines may be called "rules", because they use Regular Expression patterns or Configuration Variables to match device configuration which may vary, and even match multiple sections of configuration on a device (e.g., all interface blocks should have these children).
Each line of Golden Configuration has an evaluation type that determines whether the line must be present, not present, or should be ignored. The severity determines whether rule failures are considered errors, warnings, or information-only issues in the Compliance Report.
To add lines to a node configuration:
- Click the dotted insert line at the end of an existing configuration.
- Supply the native configuration that should be present on the devices for the node.
- It will be merged with the parent node's configuration, and matching lines will override the parent's corresponding lines.
To edit a line:
- Click the line to open the line editor panel.
- From the line editor, you can delete the line (along with its children), select its evaluation type and severity, add the child configuration, and edit terms for the line.
- Each term may be a literal term, a Regular Expression pattern, or a Tree Variable whose value may be substituted at a later time.
Define New Tree Variables
To define new tree variables:
- Select the "Show Variables" checkbox to access the variables panel.
- To hide literal-only lines, select the "Rules Only" checkbox.
- To hide a configuration which is not defined on the current node directly, deselect the "Show inherited config" checkbox.
The Device Management tab allows you to associate network devices with the selected Configuration Node.
When you run a Compliance Report for a device, it will be checked against the Golden Configuration of the device's associated Configuration Node. Likewise, when you run a compliance report for a node, each associated device will be checked. A device can only be associated with one Configuration Node.
From this tab, you can see a list of associated devices, and a small graph that shows the compliance status for each device. You may add or remove devices from the selected node.
The Compliance tab presents the compliance history of a selected device.
From the Compliance tab, you can see overall statistics for each compliance report for the selected device. Selecting a report will allow you to see details of the issues on the report.
The Report tab will show you the detailed errors on a selected Compliance report.
Once you select an error, provide the details needed to fix the error. You may address one or more issues before applying changes to the device.