CiscoWorks Network Compliance Manager (NCM) tracks and regulates configuration and software changes throughout a multivendor network infrastructure. It provides superior visibility into network changes and can track compliance with a broad variety of regulatory, IT, corporate governance, and technology requirements. CiscoWorks NCM helps IT staff identify and correct trends that could lead to problems such as network instability and service interruption. Table 1 lists the primary features of CiscoWorks NCM.
Table 1. CiscoWorks NCM Features
Configuration and change management
• Increases uptime
• Eases audit of configuration changes
• Improves control of network resources
Audit and compliance management
• Includes expansive modeling of regulatory, corporate, IT, and technology policies
• Provides visibility into network's compliance with policies
• Identifies critical risks and violations
• Prioritizes triage of compliance violations
Integration with CiscoWorks applications
• Includes cross-launch capabilities between CiscoWorks NCM and other CiscoWorks applications such as CiscoWorks LAN Management Solution (LMS), Home Page, Device Center, and CiscoView
• Allows user to run scripts to register with CiscoWorks servers
• Helps ensure consistency of network inventory database using CiscoWorks Device Credential Repository (DCR)-for example, device inventories may be imported into CiscoWorks NCM
• Enables combination of network configuration, change, compliance, and Cisco IOS® Software and Cisco® Catalyst® OS image management
• Allows role-based access control and lock down
• Includes centralized access control list (ACL) management
Advanced workflow and approvals
Helps enable real-time process enforcement
• Supports thousands of device models or versions from Cisco Systems® and 35 other vendors
• Frequent and easy-to-deploy device driver releases
CiscoWorks NCM is a new Cisco network management product. It helps users meet regulatory compliance goals and enforce internal IT best practices in many ways:
• It tracks all changes to the network-configuration, software, and hardware changes-in real time and captures them in a detailed audit trail.
• It immediately screens all changes against authorized policies to help ensure that changes comply with regulatory requirements or IT best practices.
• It automatically validates new changes against appropriate policies before they are pushed to the network. If the changes are not compliant, CiscoWorks NCM does not allow them to be deployed.
• It automates the change-review process, closing the gap between the approval of a change and the actual configuration change that is pushed to the network.
• It allows managers to enforce the approval of a change through a flexible, integrated approval model, using the exact configuration code that will be pushed to the network. Approvers of a change can review the change in the context of the entire device configuration and the business units it will affect. Event notifications are sent to interested parties, giving network staff immediate visibility into unplanned and unauthorized changes.
• It limits network configuration information to users on a need-to-know basis. CiscoWorks NCM uses highly customizable role-based permissions to control what information a user can view, what actions a user can perform on devices, and to which devices a user can gain direct access.
• It ships with regulatory reports for SOX, VISA CISP, HIPAA, GLBA, ITIL, CobiT, and COSO enabled, providing the detailed metrics required by each of these regulations and providing the network information necessary to prove compliance. Included by default are reports on users, systems, network status, configurations, devices, software vulnerabilities, tasks or jobs, Telnet/SSH sessions, and compliance centers. Customizable reports can include information such as:
– All Cisco devices running a given version of Cisco IOS Software
– All devices using insecure protocols for configuration management
– All devices with a faulty module
– All configuration changes made over a period of time for a set of devices
– All Telnet/SSH sessions initiated by a specific user
– All device changes that result from an approval override
– All ACLs that deny traffic on specific ports
CiscoWorks Network Compliance Manager begins shipping in June 2006.
Table 2. Ordering Information for CiscoWorks NCM 1.0
CiscoWorks NCM for up to 100 managed nodes
CiscoWorks NCM for up to 300 managed nodes
CiscoWorks NCM for up to 500 managed nodes
CiscoWorks NCM for up to 1000 managed nodes
CiscoWorks NCM for up to 2500 managed nodes
CiscoWorks NCM for up to 5000 managed nodes
CiscoWorks NCM for up to 10,000 managed nodes
CiscoWorks NCM for up to 25,000 managed nodes
CiscoWorks NCM high-availability option for up to 1000 managed nodes
CiscoWorks NCM high-availability option for up to 5000 managed nodes
CiscoWorks NCM high-availability option for up to 25,000 managed nodes
CiscoWorks NCM satellite single instance proxy for remote distribution