Config Drift and Audit

Watch an overview video demonstration to understand more about the Config Drift capability in the Gluware Config Drift and Audit App.

Config Drift and Audit Overview

The Gluware Config Drift and Audit app enables organizations to achieve control over their network devices and the “wild west” approach to change management taking place in most networks today.

The Config Drift capability provides :

  • Take a network wide or specific set of nodes “Snapshot” to establish a known good configuration baseline
  • Schedule periodic snapshots of devices to detect change
  • Automated comparison to determine if any changes have occurred
  • If changes (drift) have been detected,  notify and provide line by line comparisons
  • Either promote the current snapshot to default or point out needed remediation for the device

The Config Audit capability provides:

  • Execute multi-vendor, multi-platform audits
  • Easily define company policy, ad-hoc policy and standards based policies
  • Define policies that are made up of multiple rules made of up required or forbidden configuration statements
  • Native vendor CLI along with RegEx supported for configuration policy
  • Manually trigger audits or use the integrated scheduler
  • Audits can be run network wide, on a specified set or a filtered group of network nodes
  • Details of the audit are presented in the results view and are available as a CSV-detailed download

Config Drift and Audit works hand-in-hand with the network configuration solutions providing the necessary feedback loop to monitor the current network config state and notify users of possible unauthorized changes that may need remediation.

Closed Loop Functionality

Config Modeling and Advanced Modeling can be used to automate existing networks or for deploying new networks. Once configured, the intended/default config for each device can be captured with Config Drift and Audit. Over the lifecycle of the network, periodic snapshots of all the network devices can be captured and compared to the default config, and any changes can be identified and analyzed. Gluware can then remediate those changes by re-syncing the node – and since it is declarative, it will only add/change/remove what is necessary for remediation.

Benefits

  • Avoid outages caused by manual mis-configurations in the network
  • Proactively detect configuration changes and quickly identify what has changed
  • Detect and remediate unauthorized configuration changes across all network devices
  • Reduce the risk and security vulnerability caused by out of policy configurations
  • Eliminate holes in the network caused by potentially malicious configurations
  • Ensure consistency of configurations across the network (QoS policy, ACL policy)
  • Provide network-wide configuration audits in minutes with reporting capabilities

Features

  • Detect and remediate unauthorized configuration changes across all multi-vendor network devices
  • Once verified, “Snapshot” an existing configuration as the default configuration to compare all others against
  • Take periodic snapshots and compare any two snapshots, to quickly identify configuration changes
  • When configuration drift is detected, the exact lines of configuration that have been changed are quickly identified
  • Activity logs to determine all actions – including editable user notes
  • Export Configuration Drift results which can be used for compliance reporting.

The Config Drift and Audit Solution

The Gluware Config Drift and Audit solution enables organizations to achieve control over their multi-vendor network device configurations.  Config Drift provides the ability to “snapshot” a desired configuration state, and then quickly compare current configuration against that snapshot and identify any changes. In addition, Config Audit provides the ability to quickly and easily define a custom policy or leverage a standard policy to perform an audit for compliance network wide.

Config Drift and Audit has been designed for simplicity.  The Drift capability allows users to quickly compare two historical device configuration snapshots against each other. When changes are detected, network operators can review the changes, and if appropriate, promote the new snapshot to default with one click. The Audit capability enables a search across all or a selected set of network devices to determine if there are policy violations either company policy, ad-hoc, or standards based.

Results can be exported to share with audit and compliance departments.

Config Drift and Audit currently supports 15 vendors and 19 operating systems and growing based on demand. It is scalable to thousands of devices allowing network operators to always have a near real-time config view across all their vendors and domains.

Request Demo