Guest

CiscoWorks Network Compliance Manager

CiscoWorks Network Compliance Manager 1.2

  • Viewing Options

  • PDF (215.9 KB)
  • Feedback

CiscoWorks Network Compliance Manager (NCM) tracks and regulates configuration and software changes throughout a multivendor network infrastructure. It provides superior visibility into network changes and can track compliance with a broad variety of regulatory, IT, corporate governance, and technology requirements. CiscoWorks NCM helps IT staff identify and correct trends that could lead to problems such as network instability and service interruption.

Product Overview

Enterprises seeking to enable high-performance business applications increasingly rely on sophisticated networking infrastructure and the power of new technologies. Network operations and security managers rely on systems that can automate network deployments, handle large and complex topologies, and track and audit how actual network deployments comply with design requirements and best practices. Enterprise networks must comply with regulatory policies, corporate IT methodologies, and technology best practices-independently of scale, networking technologies deployed, and the combination of vendors providing networking equipment.
CiscoWorks NCM helps users meet regulatory compliance goals and enforce internal IT best practices in many ways:

• It tracks all changes to the network-configuration, software, and hardware changes-in real time and captures them in a detailed audit trail.

• It screens all changes against authorized policies immediately to verify whether they comply with regulatory requirements or IT best practices.

• It automatically validates new changes against appropriate policies before they are pushed to the network. If the changes are not compliant, CiscoWorks NCM does not allow them to be deployed.

• It automates the change review process, closing the gap between the approval of a change and the actual configuration change that is pushed to the network.

• It allows managers to enforce the approval of a change through a flexible, integrated approval model, using the exact configuration code that will be pushed to the network. Approvers of a change can review the change in the context of the entire device configuration and the business units it will affect. Event notifications are sent to interested parties, giving network staff immediate visibility into unplanned and unauthorized changes.

• It limits network configuration information to users on a need-to-know basis. CiscoWorks NCM uses highly customizable role-based permissions to control what information a user can view, what actions a user can perform on devices, and which devices a user can gain direct access to.

• It ships with regulatory reports enabled for the Sarbanes-Oxley (SOX) Act, Visa Cardholder Information Security Program (CISP), Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act of 1999 (GLBA), Information Technology Infrastructure Library (ITIL), Control Objectives for Information and related Technology (COBIT), and Committee of Sponsoring Organizations of the Treadway Commission (COSO), and it provides the detailed metrics required by each of these regulations and the network information necessary to prove compliance. Included by default are reports on users, systems, network status, configurations, devices, software vulnerabilities, tasks or jobs, Telnet/Secure Shell (SSH) Protocol sessions, and compliance centers. Reports can be customized to include information such as:

– All Cisco® devices running a given version of Cisco IOS® Software

– All devices using insecure protocols for configuration management

– All devices with a faulty module

– All configuration changes made over a period of time for a set of devices

– All Telnet/SSH sessions initiated by a specific user

– All device changes that result from an approval override

– All access control lists (ACLs) that deny traffic on specific ports

Key Features and Benefits

Table 1 lists the primary features of CiscoWorks NCM.

Table 1. CiscoWorks NCM Features and Benefits

Feature

Benefits

Network autodiscovery

Eliminates manual administration of devices

Network diagram

Eases troubleshooting

Configuration and change management

• Increases uptime
• Eases audit of configuration changes
• Improves control of network resources

Audit and compliance management

• Includes expansive modeling of regulatory, corporate, IT, and technology policies
• Provides visibility into network's compliance with policies
• Identifies critical risks and violations
• Prioritizes triage of compliance violations

Integration with CiscoWorks applications

• Includes cross-launch capabilities between CiscoWorks NCM and other CiscoWorks applications such as CiscoWorks LAN Management Solution (LMS), Home Page, Device Center, and CiscoView
• Allows user to run scripts to register with CiscoWorks servers
• Ensures consistency of network inventory database using CiscoWorks Device Credential Repository (DCR)-for example, device list and credentials may be imported into CiscoWorks NCM

Software image management

Enables combination of network configuration, change, compliance, and Cisco IOS® Software and Cisco Catalyst® OS image management

Security management

• Enables role-based access control and lock down
• Includes centralized access control list (ACL) management

Advanced workflow and approvals

Enables real-time process enforcement

Multivendor support

• Supports thousands of device models or versions from Cisco and 35 other vendors
• Frequent and easy-to-deploy device driver releases

Connectors with third-party software

Includes connectors with HP OpenView NNM and with Remedy AR

Alert Center

Subscription service that complements the NCM software offering. CiscoWorks NCM Alert Center content, such as security compliance policies in NCM format and product extensions, is uploaded into CiscoWorks NCM Alert Center and is hosted at a Cisco.com URL for subscribers to download into CiscoWorks NCM.

CiscoWorks Integration

As a CiscoWorks application, CiscoWorks NCM integrates with the extensive features and capabilities of other CiscoWorks products. It also provides cross-launch of various features across CiscoWorks NCM and other CiscoWorks applications such as the CiscoWorks LAN Management Solution (LMS) bundle.
Integration features include:

• Import of detailed device credential data from CiscoWorks DCR, providing data consistency between the two CiscoWorks products

• Launching CiscoWorks NCM from CiscoWorks Home Page, enabling a centralized dashboard for network operations tasks

• Accessing other CiscoWorks applications from CiscoWorks NCM menus, including CiscoWorks Device Center and CiscoView

• Same-server coexistence-CiscoWorks NCM software, CiscoWorks NCM database (Oracle or MySQL), and CiscoWorks LMS can be configured to run on the same host. CiscoWorks NCM and LMS can share the TFTP server, and LMS can receive all syslog messages forwarded by NCM.

High-Availability Deployment Options

CiscoWorks NCM is designed for fairly large network deployments of up to tens of thousands of managed nodes, thanks to robust features such as data redundancy and high availability. For network managers concerned about high availability due to the critical nature of network compliance, configuration, and change management, CiscoWorks NCM can be deployed in (optional) high-availability server configurations. The High Availability and Satellite deployment options provide a robust deployment architecture:

• High Availability enables visibility and control across the entire globally distributed network environment, automatically replicating information to multiple locations and dramatically reducing time to recover by enabling immediate re-creation of the environment in a new location. It also allows IT organizations to extend best practices and knowledge across multiple locations and help achieve operational consistency across the enterprise.

• Satellite enables central management of network devices in remote locations across Network Address Translation (NAT) boundaries.

Device Support

CiscoWorks NCM supports an extensive range of Cisco equipment plus devices from 35 other vendors. Categories include routers, switches, firewalls, wireless access points, VPN devices, network accelerators, network load balancers, and other appliances that serve dedicated functions such as terminal and proxy servers. CiscoWorks NCM can be easily upgraded to support new devices as they become available or to meet market demand.

Alert Center

CiscoWorks NCM Alert Center is a subscription service that complements the Cisco NCM software offering. Alert Center content, such as security compliance policies in NCM format and product extensions, is uploaded into CiscoWorks NCM Alert Center biweekly and is hosted at a Cisco.com URL for subscribers to download into CiscoWorks NCM.

Licensing

CiscoWorks NCM is licensed on the basis of the number of nodes to be managed and whether the High Availability and Satellite features are enabled. Customers must purchase a software license for the core server, software licenses for the High Availability and Satellite features (if required), software licenses for the connectors with third-party software (if required), and the appropriate core and high-availability node count increments for the desired count of managed nodes.
A managed node is a management IP address and the configuration details for the system accessed by the management IP address. In most cases, a single device is equivalent to a single node. In more complex cases, such as a Cisco Catalyst Switch in hybrid mode, where the device is running as two separate configurations, each configuration is counted as a managed node. This is because in hybrid mode the switch has two management IP addresses and two configuration files. For licensing purposes, unmanaged nodes are not counted toward the licensed total node count. See the Ordering Guide for more details.

Installation

In CiscoWorks NCM 1.0, users were restricted to installing NCM on a dedicated server to avoid port access conflict for HTTP, HTTPS, Telnet, syslog, and other functions. This restriction has been removed since CiscoWorks NCM 1.1. Users can install NCM and LMS on the same server (Windows version only). Please refer to the recommended configurations given in Tables 2 through 7 for detailed information on preparing your network for CiscoWorks NCM deployment.

Table 2. Recommended Configuration, Dual Windows Server

Application Server

OS

Windows Server 2000 or 2003 Enterprise Edition

CPU

Intel Xeon, 3.0+ GHz

Memory

2 GB RAM

Disk Space

10 GB - Fast SCSI

Network

100 Mbps Fast Ethernet full duplex

Database Server

Supported Databases

• Oracle 9 or 10
• Microsoft SQL Server 2000 SP 2 or SQL 2005
• MySQL Max 3.23 (included)

CPU

Intel Xeon, 3.0+ GHz

Memory

2 GB RAM

Disk Space

18 GB - Single Channel RAID/Fast SCSI

Network

100 Mbps Fast Ethernet full duplex

Table 3. Recommended Configuration, Single Windows Server

Application and Database Server

OS

Windows Server 2000 or 2003 Enterprise Edition

Database

MySQL Max 3.23 (included)

CPU

Dual Processor Intel Xeon, 3.0+ GHz

Memory

4 GB RAM

Disk Space

28 GB - Dual Channel RAID/Fast SCSI

Network

100 Mbps Fast Ethernet full duplex

Table 4. Recommended Configuration, Dual Solaris Server

Application Server

OS

Solaris 9 or 10

CPU

Dual UltraSPAC IIIi+, 1.3+ GHz (SunFire V240)

Memory

2 GB RAM

Swap Space

4 GB Swap

Disk Space

14 GB - Fast SCSI

Network

100 Mbps Fast Ethernet full duplex

Database Server

Supported Databases

• Oracle 9 or 10
• MySQL Max 3.23 (included)

CPU

Dual UltraSPAC IIIi+, 1.3+ GHz (SunFire V240)

Memory

2 GB RAM

Swap Space

4 GB Swap

Disk Space

22 GB - Single Channel RAID/Fast SCSI

Network

100 Mbps Fast Ethernet full duplex

Table 5. Recommended Configuration, Single Solaris Server

Application and Database Server

OS

Solaris 9 or 10

Database

MySQL Max 3.23 (included)

CPU

Dual UltraSPAC IIIi+, 1.3+ GHz (SunFire V240)

Memory

4 GB RAM

Swap Space

8 GB Swap

Disk Space

36 GB - Dual Channel RAID/Fast SCSI

Network

100 Mbps Fast Ethernet full duplex

Table 6. Recommended Configuration, Dual Linux Server

Application Server

OS

RedHat Linux AS 3.0 Update 2 or AS 4.0 or Suse Linux Enterprise Server 9

CPU

Intel Xeon, 3.0+ GHz

Memory

2 GB RAM

Swap Space

4 GB Swap

Disk Space

14 GB - Fast SCSI

Network

100 Mbps Fast Ethernet full duplex

Database Server

Supported Databases

• Oracle 9 or 10
• MySQL Max 3.23 (included)

CPU

Intel Xeon, 3.0+ GHz

Memory

2 GB RAM

Swap Space

4 GB Swap

Disk Space

22 GB - Single Channel RAID/Fast SCSI

Network

100 Mbps Fast Ethernet full duplex

Table 7. Recommended Configuration, Single Linux Server

Application and Database Server

OS

RedHat Linux AS 3.0 Update 2 or AS 4.0 or Suse Linux Enterprise Server 9

Database

MySQL Max 3.23 (included)

CPU

Dual Processor Intel Xeon, 3.0+ GHz

Memory

4 GB RAM

Swap Space

8 GB Swap

Disk Space

36 GB - Dual Channel RAID/Fast SCSI

Network

100 Mbps Fast Ethernet full duplex

Ordering Information

To place an order, visit the Cisco Ordering Home Page. Table 8 lists ordering information for CiscoWorks NCM.

Table 8. CiscoWorks NCM Ordering Information

Product Description

Part Number

CiscoWorks NCM core license, includes 100 managed nodes

CWNCM-1.2-CORE-K9

CiscoWorks NCM incremental core license for 100 managed nodes

CWNCM-1X-INC100

CiscoWorks NCM incremental core license for 500 managed nodes

CWNCM-1X-INC500

CiscoWorks NCM incremental core license for 1000 managed nodes

CWNCM-1X-INC1K

CiscoWorks NCM incremental core license for 2500 managed nodes

CWNCM-1X-INC2.5K

CiscoWorks NCM incremental core license for 5000 managed nodes

CWNCM-1X-INC5K

CiscoWorks NCM incremental core license for 10,000 managed nodes

CWNCM-1X-INC10K

CiscoWorks NCM incremental core license for 25,000 managed nodes

CWNCM-1X-INC25K

CiscoWorks NCM high-availability license, includes 100 managed nodes

CWNCM-1.2-HA-K9

CiscoWorks NCM incremental high-availability license for 100 managed nodes

CWNCM-1X-HAINC100

CiscoWorks NCM incremental high-availability license for 500 managed nodes

CWNCM-1X-HAINC500

CiscoWorks NCM incremental high-availability license for 1000 managed nodes

CWNCM-1X-HAINC1K

CiscoWorks NCM incremental high-availability license for 2500 managed nodes

CWNCM-1X-HAINC2.5K

CiscoWorks NCM incremental high-availability license for 5000 managed nodes

CWNCM-1X-HAINC5K

CiscoWorks NCM incremental high-availability license for 10,000 managed nodes

CWNCM-1X-HAINC10K

CiscoWorks NCM incremental high-availability license for 25,000 managed nodes

CWNCM-1X-HAINC25K

CiscoWorks NCM satellite single instance proxy for remote distribution

CWNCM-1.2-SAT-K9

CiscoWorks NCM connector with HP OpenView NNM

CWNCM-1X-CONOV-K9

CiscoWorks NCM connector with Remedy AR

CWNCM-1X-CONAR-K9

CiscoWorks NCM incremental core license for 100 managed nodes

CWNCM-1X-INC100=

CiscoWorks NCM incremental core license for 500 managed nodes

CWNCM-1X-INC500=

CiscoWorks NCM incremental core license for 1000 managed nodes

CWNCM-1X-INC1K=

CiscoWorks NCM incremental core license for 2500 managed nodes

CWNCM-1X-INC2.5K=

CiscoWorks NCM incremental core license for 5000 managed nodes

CWNCM-1X-INC5K=

CiscoWorks NCM incremental core license for 10,000 managed nodes

CWNCM-1X-INC10K=

CiscoWorks NCM incremental core license for 25,000 managed nodes

CWNCM-1X-INC25K=

CiscoWorks NCM incremental high-availability license for 100 managed nodes

CWNCM-1X-HAINC100=

CiscoWorks NCM incremental high-availability license for 500 managed nodes

CWNCM-1X-HAINC500=

CiscoWorks NCM incremental high-availability license for 1000 managed nodes

CWNCM-1X-HAINC1K=

CiscoWorks NCM incremental high-availability license for 2500 managed nodes

CWNCM1X-HAINC2.5K=

CiscoWorks NCM incremental high-availability license for 5000 managed nodes

CWNCM-1X-HAINC5K=

CiscoWorks NCM incremental high-availability license for 10,000 managed nodes

CWNCM-1X-HAINC10K=

CiscoWorks NCM incremental high-availability license for 25,000 managed nodes

CWNCM-1X-HAINC25K=

CiscoWorks NCM satellite single instance proxy for remote distribution

CWNCM-1.2-SAT-K9=

CiscoWorks NCM connector with HP OpenView NNM

CWNCM-1X-CONOV-K9=

CiscoWorks NCM connector with Remedy AR

CWNCM-1X-CONAR-K9=

Service and Support

Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare the network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, see Cisco Technical Support Services or Cisco Advanced Services.

For More Information

For more information about CiscoWorks Network Compliance Manager, visit http://www.cisco.com/go/cwncm or contact your local account representative or ask-ncm-pm@cisco.com.