CiscoWorks Network Compliance Manager

CiscoWorks Network Compliance Manager 1.7

  • Viewing Options

  • PDF (153.1 KB)
  • Feedback

CiscoWorks Network Compliance Manager (NCM) tracks and regulates configuration and software changes throughout a multivendor network infrastructure. It provides superior visibility into network changes and can track compliance with a broad variety of regulatory, IT, corporate governance, and technology requirements. NCM helps IT staff identify and correct trends that could lead to problems such as network instability and service interruption.

Product Overview

Enterprises seeking to facilitate high performance business applications increasingly rely on sophisticated networking infrastructure and the power of new technologies. Network operations and security managers rely on systems that can automate network deployments, handle large and complex topologies, and track and audit how actual network deployments comply with design requirements and best practices. Enterprise networks must comply with regulatory policies, corporate IT methodologies, and technology best practices - independently of scale, networking technologies deployed, and the combination of vendors providing networking equipment. NCM helps users meet regulatory compliance goals and enforce internal IT best practices.

Network Lifecycle Automation

NCM automates the complete operational lifecycle of network devices, which includes:

• Discover and track: Includes discovering and cataloging the network, visualizing the Layer 2 and Layer 3 network topology, initial device turn-up, and creating initial snapshots of device configurations

• Change and configure: Includes creating and deploying configuration changes in a structured manner, such as using configuration templates or scripts, peer reviewing and approving proposed changes, and maintaining an archive of previous configurations

• Audit and enforce: Includes defining compliance policies for your network devices, detecting violations in real time, and autoremediating problems

• Maintain and support: Includes providing reports on device inventory, change activity, and compliance

Enforce Policies, Standardize Operations, and Meet Compliance

Bringing networks into compliance with corporate or regulatory standards is a nontrivial, labor-intensive,
error-prone, and difficult task. NCM helps you meet compliance standards through a network compliance model that maps device information, including configurations and run-time diagnostics, as well as policies and user roles, into a normalized structure to prevent compliance violations before they occur.
Built-in best practices immediately measure network compliance against industry-accepted best practices. NCM incorporates policies such as the National Security Agency (NSA) router configuration guidelines.
Predefined reports for Information Technology Infrastructure Library (ITIL), the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry (PCI) standard, and other regulations offer immediate insight into network compliance. These reports provide the metrics that each of these regulations or processes requires, increasing visibility and saving auditors and network engineers time.

Prevent Network Downtime and Increase Stability

Peer reviews can reduce the number of configuration defects in a network. NCM automates peer reviews, ticketing, and approval processes to reduce the time between approving a configuration change and implementing it on your network.

New Features in NCM 1.7

NCM 1.7 includes the following new features:

Allow full policy management from the API: A rich set of new API commands is now available to define, provision, edit, and list NCM policies. These new APIs can be issued in various combinations to externally create and edit policies for use to help ensure network device compliance.

Network device detection using Simple Network Management Protocol Version 3 (SNMPv3) configuration: Network devices using SNMPv3 for device discovery are now detectable using NCM. Using less secure network device detection methods is avoided when SNMPv3 is used with NCM 1.7, facilitating the use of the most up-to-date SNMP security mechanisms.

Device group user interface display enhancements: The display of device groups has been enhanced to facilitate hierarchical structure viewing of device groups. High performance rendering of user-selected device groups while preserving the "parent - child" relationship of groups and subgroups is reintroduced in NCM 1.7.

Custom notifications to logged-on users: Administrators of the NCM solution can create customized messages that can serve as notification messages to all logged-in users. Administrators of the NCM solution can now see the email address of all logged in user IDs and send emails to selected users. This helps administrators better manage users accessing the NCM application.

HP Network Node Manager (NNMi) integration enhancements: Single sign-on between NCM and NNMi, embedded interfacing between NCM and NNMi, and SNMP community string forwarding between NCM and NNMi.

Table 1 provides a summary of the key CiscoWorks NCM features, along with a description of each feature and its benefits.

Table 1. CiscoWorks NCM Features and Descriptions



Network lifecycle management

NCM delivers a complete management and automation solution to support the full lifecycle of your network.

Process-powered automation

Using integrated, single-source software, automate IT workflows for otherwise manual processes, accomplished primarily through complex scripting.

Real-time configuration and asset tracking

In real time, detect configuration and asset information changes made across a multivendor device network, regardless of how each change is made.

Compliance control

Perform rapid troubleshooting and manage network compliance by comparing devices to well-defined, best-practice standards. Control noncompliance with automatic remediation of devices that violate standards. Speed internal and external audit processes with predefined network compliance reports for ITIL, SOX, HIPAA, PCI Data Security Standard (DSS), and more. Validate device operating states in real time to stay in compliance.

Diagramming and visualization, including Layer 2 and Layer 3 modeling

Generate a graphical representation of your network. Identify which devices are inactive or out of compliance. Use filters to immediately view isolated specific network segments. Capture a snapshot of the current state of the network, including topology and virtual LAN (VLAN) information. Identify the hosts connected to specific switches or interfaces by MAC address.

Automated software image management

Update device images and feature sets quickly, reliably, and easily.

Real-time audit trail

In real time, store a complete audit trail of configuration changes (hardware and software) made to network devices, including critical change information.

Role-based access control

Configure granular, customizable user roles to control permissions on device views, device actions, and system actions. Support common authentication systems, such as TACACS+, RADIUS, SecurID, Active Directory, and Lightweight Directory Access Protocol (LDAP).

Template-based device provisioning

Automate routine configuration tasks for updates, such as password or community string changes. Reduce the time needed to build automation scripts and increase accuracy with autogenerated scripts derived from device sessions.

Automated software synchronization and image management

Create a repository, and synchronize all device software images across your enterprise network. Use image management to automatically identify, download, and install the recommended software image for your network devices.

Automation engine

Create complex automation flows, integrating internal and third-party systems. Make use of more than 200 system triggers to drive automation.

Workflow and approvals

Enforce change processes in real time. Model complex approval processes with flexible rules. Force approvals for changes, including changes made by a direct command-line interface session. Combine multiple tasks into a project workflow to determine whether the system should proceed to the next step.

High availability and satellite deployments

Implement high availability and disaster-recovery solutions with the high availability and satellite deployments. Administrators can effectively manage geographically dispersed networks without a single point of failure. Satellites help deal with devices located behind a firewall or handle overlapping IP address situations.

Horizontal scalability

The horizontal scalability feature offers you added flexibility in how you can grow capacity while controlling software and hardware costs.

Browser-based GUI

NCM uses a browser-based GUI and as such does not require any dedicated client software. The GUI is highly intuitive and responsive, so you can accomplish tasks quickly and efficiently.

Table 2 lists the minimum server and technical requirements for NCM. Refer to the CiscoWorks NCM 1.7 Installation Guide for detailed requirements at

Table 2. NCM Server Requirements and Technical Specifications



Server operating system

One of the following:

• Microsoft Windows Server 2008 R2 (64-bit)
• Microsoft Windows Server 2003 with Service Pack 2 (32-bit)
• Oracle Solaris 10 SPARC (64-bit)
• Red Hat Enterprise Linux 4 (32-bit)
• Red Hat Enterprise Linux 5 (64-bit)
• SuSE Enterprise Linux Server 10 (64-bit)


One of the following:

• Oracle 10g ( and Standard Edition and Enterprise Edition (64-bit is supported; if running in a distributed system environment you will need Enterprise Edition)
• Oracle 11g ( Standard Edition and Enterprise Edition (64-bit is supported; if running in a distributed system environment you will need Enterprise Edition)
• Microsoft SQL Server 2005 and 2008 Standard and Enterprise Edition (64-bit is supported.)
• MySQL 5.0.58 (included with NCM)

Application server hardware requirements

Memory: 4 GB RAM

Swap space: 4 GB

Disk: 40 GB, Fast SCSI

Network: 100 Mbps Fast Ethernet, full duplex

Database server

Memory: 4 GB RAM

Swap space: 4 GB

Disk: 60 to 100 GB, Single Channel RAID, Fast SCSI

Network: 100 Mbps Fast Ethernet, full duplex

Virtual environments (optional)

• VMware ESX 3.5 or 4.0 or
• Solaris 10 LDOM

For more information on NCM 1.7 hardware and software requirements, refer to the CiscoWorks Network Compliance Manager 1.7 Installation and Upgrade Guide at

NCM Alert Center

CiscoWorks NCM Alert Center is an optional subscription service that provides your NCM application with the latest set of the compliance policies based on device-vendor announced security vulnerabilities. As new security vulnerabilities are found, Alert Center will deliver these vulnerabilities to the NCM server in the form of actionable compliance policies to allow you to quickly identify all vulnerable devices on your network and rapidly remediate them before hackers can compromise their security.

NCM Collaboration Portal

An NCM collaboration portal is available for the NCM user community at This portal provides a wealth of information about NCM such as detailed training material, archived videos on demand (VODs), discussion forums, NCM virtual machines, and other useful information.

Evaluation and Ordering Information

NCM 1.7 can be ordered through regular sales channels. NCM 1.7 is also available for evaluation at

Service and Support

Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare the network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, see Cisco Technical Support Services or Cisco Advanced Services.

For More Information

For more information about NCM, please visit, contact your local account representative, or send an email to