According to Gartner Insights, a staggering 80% of all incidents stem from planned and unplanned configuration changes. <\/p>\n\n\n\n
\u201cThrough 2015, 80% of outages impacting mission-critical services will be caused by people and process issues, and more than 50% of those outages will be caused by change\/configuration\/release integration and hand-off issues.\u201d<\/p>\n\n\n\n
– Gartner RAS Core Research Note, Ronni J. Colville, George Spafford<\/em><\/p>\n\n\n\n Despite that, most approaches to troubleshooting and handling incidents are reliant on alerts and performance monitoring rather than asking quite literally, any recent changes in configuration.<\/p>\n\n\n\n In other words, no matter what, the majority of outages almost always have something to do with configuration changes. But that fact is often ignored, understandably due to a lack of actionable configuration data.<\/p>\n\n\n\n Enter SIFF,<\/a> a network configuration management system that manages rapid changes in DevOps, network, and IT operations offering visibility into IT environment changes by providing an audit trail for all configuration changes. The SIFF platform scrutinizes data from a diverse range of sources and then distinguishes between planned and unplanned configuration changes, aiding in the isolation and identification of complex incident root cases.<\/p>\n\n\n\n Below, we outline the best uses of configuration data and why harnessing the power of SIFF will help minimize outages, accelerate troubleshooting faster, and automate policy compliance.<\/p>\n\n\n\n In most scenarios, L2 \/ L3 support is confronted with outages or disruptions and struggles with limited visibility into the configuration changes that have transpired across their network infrastructure. They\u2019re forced to diagnose outages without the ability to access valuable information siloed within the various departments.<\/p>\n\n\n\n Think about it another way: Imagine a doctor attempting to diagnose a patient without permission to ask questions about what has recently changed for the patient \u2013 their living conditions, what they\u2019ve been eating, and other pertinent questions. There\u2019s no structure or logical decision-making to narrow the scope of the problem.<\/p>\n\n\n\n By understanding that the majority of outages are attributed to configuration changes, it\u2019s quite obvious that change data can help support teams identify the problem. Still, the information you need is most likely fragmented across various tools and silos within the organization.\u00a0<\/p>\n\n\n\n Even if support teams start asking questions about recent configuration data, it\u2019s still a bit of a needle-in-a-haystack approach. It requires bridge calls across departments and teams \u2013 increasing resource waste and taking up valuable time to inevitably find resolution.<\/p>\n\n\n\n SIFF does this by collecting all configuration changes<\/a> and making the data easily accessible through a change activity stream where users can correlate service-impacting changes <\/strong>with actual change details and DIFF comparisons. The synergy between real-time visibility and configuration data in a solution like SIFF contributes to faster resolution of Level 2 and 3 support in a few ways:<\/p>\n\n\n\n Security and network engineering teams often implement a configuration strategy called the Golden Template<\/a>. This approach aims to enforce configuration policies by comparing configuration elements from a device against the Golden Template. In practice, the device-centric template approach quickly becomes difficult to manage and maintain due to the numerous yet valid exceptions that must be catered for e.g. location, function, customer, or service.\u00a0\u00a0<\/p>\n\n\n\n An alternative approach implemented by SIFF is to align compliance rules directly with the configuration or security requirements rather than by device or vendor. Additionally, SIFF collects and monitors configuration data from all sources regardless of how they are configured and managed (EMS, scripts, automation, UI). Having a single place where you implement and verify configuration policies allows you to manage and scale your configuration governance.<\/p>\n\n\n\n SIFF offers a solution by automati<\/a>n<\/a>g configuration policies<\/a>. This ensures alignment with security guidelines and policies, creating a unified configuration monitoring approach for network integrity \u2013 which is essential to ensure consistent process and centralized integration.\u00a0<\/p>\n\n\n\n It achieves this through the following approach: <\/p>\n\n\n\n Traditionally, the change management and review process helps provide a check-and-balance to prevent incidents and outages from occurring. Simply put, a change request describes the intention of the change and then outlines how the changes will be made.\u00a0<\/p>\n\n\n\n However, when a change is carried out, inadvertent errors frequently happen \u2013 caused by both human action and automation. That\u2019s because the conventional approach overlooks something critical: permission is given to make <\/em>the change, but how <\/em>the change is implemented is not monitored or reviewed. In other words, imagine a coach of a sports team calling an offensive play, but then not watching the execution. <\/p>\n\n\n\n If there\u2019s an error in the implementation, it is extremely difficult to review and identify the fault since the config changes were not captured. Requiring the technician to manually capture the changes made is prohibitively time-consuming when changes are often applied to many devices and services.\u00a0<\/p>\n\n\n\n The significance of this challenge is amplified by the inherent resiliency within networking environments. Problems from a change might not appear immediately but rather accumulate and pop up later, causing disruptions days or even weeks after implementation.<\/p>\n\n\n\n The SIFF platform takes an innovative approach<\/a> to the change and implementation review process. SIFF automatically records all configuration changes and correlates them with change requests to identify planned vs. unauthorized changes. This practice not only bolsters security but also assists in compliance and regulatory requirements.\u00a0<\/p>\n\n\n\n SIFF also gives you these benefits:<\/p>\n\n\n\n Conventional tools have primarily catered to backup and restore functionalities, with limited accessibility to configuration data. Some NCM tools offer the capability to detect devices susceptible to known vulnerabilities or common vulnerabilities and exposures (CVE) \u2013 but they fall short in other crucial areas. <\/p>\n\n\n\n Many cases demand the identification of devices with non-optimal security configurations that don\u2019t qualify as CVEs, such as using HTTP instead of HTTPS or employing default passwords. Given that, the necessity to search, analyze, and report on configuration specifics occurs frequently, yet most NCM tools lack this functionality. <\/p>\n\n\n\n SIFF addresses these limitations with detailed reporting of configuration details, providing the following:<\/p>\n\n\n\n Achieving IT and security compliance should be a priority for all teams \u2013 and it encompasses a variety of processes. Many security standards emphasize the need for visibility into all configuration changes, resulting in a myriad of configuration backup tools. <\/p>\n\n\n\n Data is essential for driving automation, so in order to ensure compliance, teams are stuck dealing with an inefficient process to perform reviews and audits. Managing multiple systems prevents the establishment of automated policies and best practice enforcement. <\/p>\n\n\n\n As a solution, SIFF provides a unified repository of your configuration data, helping you and your team streamline and perform regular audits and security reviews. Think of it as a one-stop shop for all your compliance needs.<\/p>\n\n\n\n1. Utilize Configuration Data for Faster L2\/L3 Support Resolution<\/h2>\n\n\n\n
2. Enforce Configuration Policy and Security Practices<\/h2>\n\n\n\n
3. Track Changes: Planned vs. Unauthorized<\/h2>\n\n\n\n
4. Identify Devices with Vulnerable Configuration<\/h2>\n\n\n\n
5. Ensure IT Audit, Reporting, and Compliance<\/h2>\n\n\n\n
6. Use Post-Incident Analysis and Security Forensics<\/h2>\n\n\n\n