Network devices control how traffic can travel across the network and have security monitoring features. Refine and preserve your settings by managing network device configurations.
Network devices connect your network together. They are sophisticated pieces of equipment and contain computer chips. Essentially, a switch or a router is a computer without a screen and a keyboard. You wouldn’t keep a computer in your office without putting it to multiple important tasks, such as running different types of software. The capabilities of your network devices are far more than just passing traffic through.
Once you master the capabilities of your network devices, you need to prevent the scripts and settings that you spend time creating from getting damaged. Network config tools help you create powerful device settings, coordinate the settings of all devices so that they work together, and then store a backup of the configuration to ensure that those settings are not wiped.
Here is our list of the best network config tools:
- Auvik - EDITOR'S CHOICE: This SaaS package provides network discovery, mapping, device monitoring, traffic analysis, and network configuration management. The package can monitor multiple networks from one location, so it is suitable for MSPs or corporate IT support centers. Start a 14-day free trial.
- SolarWinds Network Configuration Manager (FREE TRIAL): Top-of-the-line configuration manager that runs on Windows Server. It will manage all makes of network devices but has extra functionality for Cisco equipment. Download the 30-day free trial.
- ManageEngine Network Configuration Manager (FREE TRIAL): This on-premises software package includes device discovery, a configuration editor, config backup, and device security scanning. Run on Windows Server, Linux, or AWS. Download a 30-day free trial.
- Site24x7 Network Configuration Management (FREE TRIAL): Get this feature as part of a cloud-hosted SaaS package of system monitoring and management modules. Start a 30-day free trial.
- Domotz: This SaaS package provides network monitoring and management tools, including configuration management.
- rConfig: This on-premises package is available in free and paid editions. Runs on Linux.
Network managers have long been aware of all the capabilities that network devices have through their extensive command sets. The settings of a switch have to be entered manually, line by line. This is a time-consuming task that has to be implemented with caution. A mistyped line or a hastily entered command can end up shutting out the administrator and then the switch can’t be altered. So, it takes a lot of time and effort to get network configurations set up correctly, and you wouldn’t have to type all that in again if a problem causes the configuration to be lost.
Network configuration management
The category of software that is known as network configuration managers is broad. The most comprehensive of these systems provides a graphical user interface that will interface to the command line of your devices. These systems interpret your requirements into firmware commands and then generate out commands and run them line by line on your network device.
The most basic function of a network configuration manager is to take a backup of the device’s settings and store it somewhere. The tool should also be able to take that configuration image and reapply it to the device. If you have taken a network management course, you already know that every switch and router has commands that perform configuration backup. So, the basic network config management system just provides a method to enter that backup command into a screen and get the tool to fix typos before asserting the command in the firmware.
The next step up from a tool that ensures you don’t type in the backup command incorrectly is a system that will periodically back up all of your dives on a schedule. There wouldn’t be much point in just creating a copy of your device configurations every hour if nothing has changed. It can also be a disaster if an error occurs in your device settings and the automated config manager wipes out the correct settings stored in the backup. So, there is a level of sophistication that you need from an automated network config tool.
At this point, it can be said that network config tools are important security systems. An automated scan compares the current configuration to the stored image and raises an alert if they are different. The network administrator can choose whether to automatically apply the stored image and wipe out the detected changes or wait for a command to do so.
Sometimes, changes are not unexpected but the administrator implementing a new security strategy. In this instance, the network manager would suspend a device from the scanning system while changes are being tested.
Network security
While network configuration backups have been around for almost as long as switches and routers, the importance of these services has increased very recently. Paths through the network can be facilitated or blocked by access control lists (ACLs). This technique effectively divides up the network conditionally, enabling access to some resources from some devices for specific traffic types.
Logically created network segmentation is now a hot topic because this is the way that Zero Trust Access’s technique of micro-segmentation is implemented at the network level. Other features of a switch and a router that enforce security include activity logging. These logs can be automatically extracted and sent to SIEM tools for threat hunting.
There are now a lot of security features that you can set up on your network devices and hackers know all about them. An advanced persistent threat involves a hacker getting access to a network and its endpoints over a long term without detection. Network device activity logging gets in the way of that secrecy and ACLs block lateral movement. What the APT hacker needs to do is delete all of those features.
The best time to tamper with network devices is overnight when that network manager is asleep at home. Thus, the alerting mechanism of network config tools registers that an unauthorized change has been made. The network manager can see that something happened overnight. However, by that point, the hacker could have already overwritten the stored configuration image, so reapplying the backup won’t change anything. This is why it is important to get a network config tool that will automatically apply a backup as soon as a change is detected.
The best network config tools
Our methodology for selecting a network configuration management tool
We reviewed the market for network config tools and analyzed the options based on the following criteria:
- A network scanning feature that populates a list of network devices
- An interface to the operating systems of network devices
- A command editor that lets you trial a command before asserting it
- A system that creates a file structure for storing device configurations
- A scheduled comparison service that examines current settings against stored configs, and alerts, and optionally reapplies the image
- A free tool or a free trial for a paid tool so you can test the service for suitability before paying anything
- Value for money that is represented by a tool that does the job it is advertised for
With these criteria in mind, we looked for a range of network configuration management tools, providing examples that are suitable for different sizes and types of enterprises.
You can read more about these options in the following sections.
1. Auvik (FREE TRIAL)
Auvik provides network configuration management as part of its Network Management package. This plan is delivered from the cloud as a SaaS platform. It also includes network device monitoring and traffic analysis services with alerts for performance problems and device failure.
Key features:
- Network discovery: The platform creates a hardware inventory, which is shared among monitoring units
- Network mapping: The system generates maps that show routes through the network as a hierarchy
- Configuration backup: A scheduled scan runs every 60 minutes
- Configuration archiving: Changes in a device’s configuration causes a new copy to be stored
- Configuration version management: A new image is stored as a new version instead of overwriting an older stored image
Why do we recommend it?
Auvik automates configuration backup and change protection. The exact function of the network configuration manager is up to the buyer because several settings influence how it behaves. For example, a change can trigger a new image to be stored or it can cause a stored image to be reapplied to the device.
Once the network administrator has set up the network configuration manager, there isn’t much that needs to be done. The service can be commanded to restore a previous configuration if changes are detected or it can be set up to raise an alert and store a new version of the config image alongside the older copy.
So, the network visibility and configuration protection that this package provides is the ideal combination of features to implement system security through network device settings.
Who is it recommended for?
This package is suitable for large multi-site businesses that want to run a central IT support office because a single subscription will cover unlimited sites. The remote monitoring and management service will also appeal to managed service providers who look after the networks of clients.
Pros:
- Configuration security: Can be set up to automatically wipe out discovered changes
- Privileged access management: The service’s access accounts can be maintained in Active Directory
- Configuration comparison: A comparison function shows the differences between two configuration versions
- SNMP-based device health checks: Constant scanning for device statuses
- Traffic analysis: Extracts traffic data from network devices with flow protocols
Cons:
- No price list: Auvik states that an account will cover an unlimited number of networks but doesn’t say how much that costs
The Auvik system is hosted in the cloud and the console can be accessed through any standard website. You can assess the package with a 14-day free trial.
2. SolarWinds Network Configuration Manager (FREE TRIAL)
SolarWinds Network Configuration Manager provides network configuration backups and also a range of assessments for network device settings. These checks include compliance auditing and vulnerability assessments. The entire service starts with a network scan that assembles a network inventory.
Key features:
- Creates a network inventory: Repeatedly scans a network to assemble and update an inventory
- Compliance auditing and reporting: For HIPAA, SOX, DISA, FISMA, PCI, and STIG
- Firmware checks: Examines firmware versions and updates it when necessary
Why do we recommend it?
SolarWinds Network Configuration Manager is a comprehensive protection system for network devices. Its services don’t just give you configuration backup but also look for vulnerabilities on a device, such as out-of-date firmware. The tool can repair those problems and also confirm that security is tight enough to meet data protection standards requirements.
The basic function of this tool is to lock down network device settings by storing an image of the configuration and then periodically comparing that stored version with current settings. If the service detects a change, it raises an alert and generates a diff view of the two versions, highlighting differences. Network administrators can set up the system to restore stored configurations automatically.
Who is it recommended for?
This package is suitable for all businesses but will particularly attract large businesses with a lot of network devices to manage. The SolarWinds brand generally appeals to larger organizations, and the biggest market for this package will be companies that have already bought the star product of the SolarWinds stables, which is the Network Performance Monitor.
Pros:
- Switch status summaries: The network inventory shows details on the attributes and settings of each device
- Replacement management: Quickly install a replacement device by applying the configuration from the retired piece of equipment
- Error recovery: Trial changes out of office hours and roll back to the original settings if testing reveals a problem
Cons:
- No cloud version: This software is only available for hosting on Windows Server
SolarWinds offers a 30-day free trial of the Network Configuration Manager.
3. ManageEngine Network Configuration Manager (FREE TRIAL)
ManageEngine Network Configuration Manager is a software package that you can install on your site or an AWS cloud account. The package scans a network and creates a list of discovered devices. This list provides an index for network administrators to access the settings of each device, make changes, and set up a backup strategy.
Key features:
- Device discovery: A network scan that repeats periodically
- An up-to-date inventory: The list of devices gets updated with each network scan
- Configuration backups: An initial backup followed by periodic sweeps for change
- Backup versioning: A device change gets a copy of the configuration stored as a new version without wiping out the original backup
Why do we recommend it?
ManageEngine Network Configuration Manager stores a copy of the configuration of each network device in a database and maintains versions of each device configuration if changes are discovered. The system can be set up to automatically wipe out discovered changes by reapplying the latest stored config image.
The ManageEngine system gives network administrators the ability to set up an ideal configuration and store it then apply that to a new device, saving time for onboarding. The tool stores different versions of configurations for each device and the administrator has the option of comparing versions to discover the recent changes and take the decision to restore an older configuration.
Who is it recommended for?
This package is suitable for businesses of all sizes. There is a Free edition available to protect two devices. The lowest of the paid editions will cover from 10 to 10,000 devices. The top edition will cover from 250 devices up to 50,000 devices.
Pros:
- Protected backup storage: The repository is encrypted
- Role-based access control: General access or elevated privileges for network devices
- A version comparison facility: A Diff View facility that highlights the differences between two configuration versions
- Change alerts: Alerts for detected changes in device configurations
Cons:
- No SaaS platform: You can install the software on the cloud, but it’s your job to maintain it
ManageEngine Network Configuration Manager can be downloaded onto Windows Server or Linux or you can find it as a service on the AWS Marketplace. You can assess the package with a 30-day free trial.
4. Site24x7 Network Configuration Management (FREE TRIAL)
Site24x7 Network Configuration Management is one of the modules on the Site24x7 cloud platform. Site24x7 provides SaaS packages that include all of their tools, so all customers get the Network Configuration Management service. All the Site24x7 systems reach out to the monitored network by installing a local agent.
Key features:
- Builds on the network device monitoring unit: Network scans and inventory creation are already provided
- Firmware vulnerability detection: Firmware patching when necessary
- Configuration export: Secure cloud storage for configuration images
Why do we recommend it?
The Site24x7 Network Configuration Management service builds on the network device and traffic monitoring services that are included in all Site247 plans. The combination of these three services means that network administrators have all the tools necessary to ensure that network devices are operational, secure, and not overloaded.
The console for this tool provides a view of a device’s current configurations and allows those settings to be changed. The configuration protection system will hold off on its change alerts for adjustments to settings that are made through the dashboard. Once the refined settings are saved to the device, the Network Configuration Management service exports an image to storage and then repeatedly compares the device to that backup. If changes are detected, the management tool will raise an alert and optionally automatically restore the approved configuration.
Who is it recommended for?
Site24x7 sizes and prices its base plans for small businesses. There are capacity expansion packages available for larger companies. Thus, the Network Configuration Management unit and all of its companion modules are suitable for businesses of all sizes. Plans also include network monitoring, server and application performance tracking, website monitoring, and log management services.
Pros:
- Configuration comparison utility: Shows two config versions side by side, highlighting differences
- Manual actions possible: Set the tool to just compare and alert and leave the launch of a backup restore to a manual decision
- Multi-vendor environments: The tool can detect and adapt to 75 device brands
Cons:
- No on-premises version: The Site24x7 brand is the SaaS counterpart of the ManageEngine range
Try out any Site24x7 package with a 30-day free trial.
5. DomotZ
Domotz is a network monitoring and management package that is cloud-hosted. The SaaS package installs an agent on each monitored network and performs network discovery, inventory documentation, topology mapping, and network monitoring. The package also includes a Configuration Monitoring unit.
Key features:
- Network discovery: The scan repeats periodically
- Network inventory: Constantly updated
- Configuration scanning: For firewalls, wireless access points, and switches
Why do we recommend it?
Domotz is a full network monitoring and management package. Its frequent network scans include a device configuration change checker. The assessment relies on a backup and differences provoke an alert. The tool shows the two configuration versions in the console and offers the administrator the option to restore the original settings.
The service can interface directly with the firmware of devices from the major providers. These include Cisco, Juniper, HP Aruba, and Fortinet. The complete list isn’t as long as that of other configuration management systems on this list, such as Site24x7. The package can be set up to automatically restore the stored configuration if a change is detected.
Who is it recommended for?
The two editions of Domotz have vastly different prices. The Pro plan is very affordable even for the smallest businesses and is one of the cheapest packages on this list – it also includes an automated network monitoring service. The Enterprise plan is over 30 times more expensive than the Pro edition and will only be affordable for large companies.
Pros:
- Multi-tenanted architecture: For managed service providers
- Configuration backups: Stored on the cloud
- Change alerts: Can trigger an automated response to wipe our changes
Cons:
- The top plan is very expensive: There is a big gap in the pricing of the two editions
Examine the Domotz platform with a 14-day free trial.
6. rConfig
rConfig is periodically updated with a new version and the previous version is made available for free. So, if you like the current version of the tool but don’t want to pay, you just have to wait for an update, and then that version you like will shift into the free edition.
Key features:
- Free and paid options: Pay for the latest version or get the last version before for free
- Stores a configuration image: Backs up device configurations
- Role-based access: Create general and privileged accounts for the interface
Why do we recommend it?
The free version of rConfig provides a backup service and scans for configurations. You need to step up to the paid version to get automation features, such as automatic rollback and compliance auditing. The paid version also provides a side-by-side comparison display for administrator review of a new configuration version against the stored copy.
The compliance management feature of rConfig is fairly unique on this list and has no rival other than the SolarWinds Network Configuration Manager. The package includes a compliance library with off-the-shelf security policy rules to comply with SOX, PCI DSS, GDPR, and other standards.
Who is it recommended for?
The free version of rConfig is suitable for small businesses. This version lacks the automated services that the busy network administrator of a large company needs. There is also a multi-tenanted edition for managed service providers. The client list of rConfig includes the Council of the European Union, Chevron, and Bacardi.
Pros:
- Compliance management: Apply a security policy that implements the requirements of a specific standard
- Fast onboarding: Apply a stored configuration to a new device
- Automated rollback: Only available in the paid versions
Cons:
- No free trial: Get a demo and then pay for the tool with a 30-day refund period
You can get a demo of the latest version or download the free edition.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now