These aspects are described under documentation, NCM section.
Here more details on that.
Device Configurations are stored in the SSdb as models. By default, a history of the last 25 changes are kept for each device that has NCM configured. The value is configurable. If between 2 consecutive captures, nothing changes on the device configuration, this does not count as a change. There's an attributed that stores last time the verification was completed.
The device configurations are encrypted.
NCM is not a dedicated tool for Network Configuration Management. It cannot provide the functions of a dedicated tool that is doing just Configuration Management. Although it covers most of the day-to-day operations of a NCM tool: capture running config, startup config, firmware upload, policies enforcement (there's not a list of default policies in place, so this would have to be built), workflow for configuration changes (either by Spectrum or by integration with CA Service Desk), it misses some advanced features. I was asked a number of times of verify specific NCM features that are not available in Spectrum NCM. There's no compliance checking or any pre-defined rules that can be used. It all has to be created from scratch.
The effort on creating custom Perl scripts should not be that extensive. Default provided scripts can be manipulated to be conform to each device specific CLI parameters/requirements. There's some effort into testing it out for each specific device type/situation.
The other effort that I see considerable would be in building NCM Policies that would suite each specific case. The tool is quite capable on this side, but it has to be configured. The same effort would be for creating custom Tasks that should perform different operations for devices.
------------------------------
Senior Consultant
SolvIT Networks
------------------------------
Original Message:
Sent: 07-17-2020 02:08 PM
From: Brian Hunter
Subject: Spectrum Network Configuration Manager Specifications
Our organization is exploring the use of Spectrum NCM for collecting/archiving/management of device configurations for devices like Palo Alto firewalls, FireEye, and Gigamon. I have no experience with NCM but have a few questions.
- My understanding is that NCM device configurations are stored in the SpectoServer database. I've been asked, are the device configurations encrypted, and also how many device configurations can be stored (thousands? tens of thousands?)
- How much effort is it to use the NCM extension utility and create the necessary Perl scripts, etc., to collect configs from the above listed devices?
Thanks for any assistance you may be able to provide.