What is Network Configuration Management?

Network configuration management is one of the most far-reaching, impactful aspects of our ITSM provision. In fact, this supports just about everything else that our IT team does to deliver services for users across the organization.

However, our network infrastructure is also one of the IT team’s biggest cost centers. In addition to this, our infrastructure estate is closely related to a huge range of threats and risk factors, making effective management mission-critical.

Our core challenge here is maintaining accurate, up-to-date records of what devices make up our networks, how they relate to one another, and how each one contributes to our wider environment.

In turn, this enables us to maximize the cost-effectiveness and organizational value that we can deliver with our infrastructure.

In this guide, we’re covering everything you need to know. Let’s start with the basics.

What is network configuration management?

Network configuration management is the sum of everything we do to collect, organize, and manage information about the components that make up our network. This is handled within our wider configuration management and platform and infrastructure management practices in ITIL.

Any component that contributes to our networks can be thought of as a network configuration item (CI), including servers, switches, or other hardware. We’ll explore what these can be in more detail in a moment.

As with other types of configuration management, a core principle is that the information we store should be proportionate to the value that we derive from it. However, in the case of network CIs, this is slightly more complicated.

This is because the information that underpins our networks is uniquely complex, technical, and fast-changing.

The most common attributes we’ll store about network CIs include their IP addresses, locations, default settings, statuses, programs, versions, and recent updates.

As we said a second ago, network configuration management is concerned with how we gather and maintain the information we need to support our wider needs across technical, financial, and operational initiatives.

The majority of our data collection for network configuration management will rely on automation tools. So, we may utilize software installed on devices to provide information at specific intervals, or we might periodically scan the entire network to retrieve information.

This information is then stored in a centralized record. This might be within a singular CMDB that’s used across our entire configuration management practice, or we might opt for a dedicated solution for storing network information.

Our core challenge is keeping this information accurate, up-to-date, and accessible for the people who need it. This could include a range of auditing, validation, and maintenance workflows with a goal to ensure our CI data matches the real-world state of our networks.

This also means mapping the relationships and dependencies across various tools that contribute to our environment.

Of course, network configuration management also plays a direct role in how we maintain our network environment. Many modern network configuration management solutions enable us to directly alter aspects of our network configuration and edit device configurations remotely.

Network tools in our CMDB

Now that we have a strong grasp of what network configuration management is, we can flesh out our understanding by thinking in more detail about the kinds of network CIs we’re likely to be dealing with.

Modern IT environments are highly complex, comprising a range of hardware, software, and cloud assets. We alluded to some of the most common examples earlier.

Our network CIs can include a huge range of items, including:

• Servers,
• Storage,
• Data center infrastructure,
• Telephony,
• VPNs,
• Routers and hubs,
• Switches, cabling, and other hardware,
• Power supplies,
• Cloud environments, clusters, and containers,
• Security tools,
• Network software,
• End-user devices,
• Peripherals and IoT devices,
• Subnets,
• Gateways and access points,
• DNS configurations and other settings, policies, or protocols.

Each of these has distinct information needs. A key challenge of our configuration management practice is determining which attributes we need to store about various CIs.

There are certain general attributes that we’ll store about almost all network CIs, such as their location, address, or status. However, some network CIs will require more in-depth data schemas than others in proportion to their usage.

For instance, we’ll likely need a range of technical details relating to our servers and other core network hardware, including capacity, power requirements, compatibility, usage, security settings, and more.

By contrast, we may need to know relatively little about end-user devices for the sole purpose of network configuration management.

Why do we need network configuration management?

Next, we can start to think about why this is so critical to our wider ITSM provision. In other words, what does network configuration management achieve?

We can divide this into a few key strands.

The first is that a huge range of tasks rely on accurate, detailed records of how our networks operate. This includes almost all day-to-day infrastructure management work, as well as all kinds of capacity planning, cost management, incident responses, and much more.

As we said earlier, the core task here is furnishing the teams who are responsible for these tasks with the information that they need to be effective.

For example, it’s almost impossible to respond to a security breach or calculate the ROI of our infrastructure estate without accurate configuration data.

Of course, network configuration management also has a more direct role to play in our day-to-day infrastructure and environment management processes.

In fact, effective CI data is a prerequisite for just about all aspects of network management, including managing licenses, versions, patches, and updates, as well as any tasks that require up-to-date information about our assets’ statuses, usage, or deployments.

These use cases culminate in several concrete, business-level benefits, including:

• Visibility and oversight - providing a clear record of how our environment operates, including its constituent components.
• Reliability and uptime - CI data provides a basis for better-maintained, more reliable infrastructure.
• Simplified compliance - furnishing compliance teams with the information they need to establish adherence to regulatory requirements.
• Enhanced response times - eliminating delays when responding to issues and incidents.
• Data-driven decision-making - grounding day-to-day decisions in empirical data on the real state of our hardware estate.
• Efficiency, capacity management, and cost controls - enabling us to determine the cost-effectiveness and viability of components across our network.
• Security - facilitating a huge range of security tasks and enabling us to identify and respond to risks and threats.

Each of these can also be used to determine goals for our network configuration management practice.

How does network configuration management work?

Now, we can move on to thinking in more practical terms about how we can collect and manage information concerning our network CIs. Earlier, we said that this is generally a largely automated process.

For the most part, this relies on dedicated, purpose-built solutions. In some cases, these might be specific to vendors of specific network hardware, but the most effective tools are vendor-agnostic.

These can vary somewhat in terms of features, but the core functionality we need to account for includes:

• Discovery - performing automated scans across our network to identify and gather data from connected devices.
• Data storage - either providing internal storage or connecting to existing databases to store and manage configuration data.
• Configuration back-ups - periodically performing back-ups to safeguard our CI data.
• Change management - enabling us to control how and when changes to our network configuration are made.
• Executing complex network operations - some network configuration management tools might facilitate bulk actions such as password changes or other procedures.
• Analytics and reporting - generating reports to draw insights from our hardware estate, including in terms of its usage, performance, cost-effectiveness, and other factors.

While many of these tasks are largely automated, particularly around discovery, certain tasks will nonetheless require manual user interventions.

Two key elements of this relate to day-to-day data management actions and implementing change controls.

For the former, the core challenge is keeping our CI data up-to-date in order to reflect the day-to-day usage of our network. For example, if our infrastructure team needs to update the settings of a piece of hardware they’re working on.

The key here is balancing our needs in terms of controlling data exposure with the importance of providing streamlined, efficient experiences for users who need to interact with this data. We’ll return to this in the final section of this resource.

For change control, the priority is enforcing established business rules in the most efficient way possible. Importantly, though, these must be proportionate to the level of risk and potential benefits associated with the change initiative itself.

Take a look at our guide to ITIL change management to learn more.

Challenges

It’s also important to consider some of the roadblocks and compromises we’re likely to face when implementing network configuration management.

The most basic challenge here is determining what data we actually need. A core principle of configuration management within ITIL is that the data we collect and manage must be proportionate to the organizational value it provides.

That is, while more data can be helpful, it also increases the resources and time that are required to maintain and manage our CI records.

Therefore, we might opt to prioritize certain attributes about our network CIs in order to ensure we can maintain accurate, useful records with the resources we have available.

Take a look at our guide to configuration data management to learn more.

Network configuration management also presents unique challenges relating to security.

Specifically, information about our network configuration is highly sensitive and almost always mission-critical. The consequences of a breach relating to this are, therefore, incredibly sensitive.

We’ll need to account for this in our wider solutions, including determining whether to include network items within our general CMDB or if we should handle these in a dedicated solution, implementing more stringent security controls.

For instance, utilizing on-premises storage or even air-gapped deployments.

Key capabilities and tools

To wrap up, we can consider some of the key capabilities that we’ll need to manage network configuration data effectively.

As we’ve said several times already, a huge portion of this is automated, utilizing dedicated network configuration management tools. At their core, these are used for discovering and recording network items using automated scanning.

Take a look at our guide to IT asset discovery to learn more about how similar techniques can be used across our ITSM provision.

However, end-user tools also play a critical role in our network configuration management efforts.

One important category of these includes CRUD tools and admin apps. These provide users with streamlined, efficient experiences for modifying certain aspects of our configuration data in a controlled manner without undermining security or data exposure rules.

Similarly, we’ll typically rely on a variety of approval applications and other workflow tools in order to support our configuration management efforts, particularly with regard to managing and implementing change controls.

Dashboards and analytics platforms are also crucial for providing real-time, easy access to key insights across the technical, financial, and operational performance of our network estate.