CiscoWorks LAN Management Solution 3.2 and earlier

Cost Analysis Using CiscoWorks LAN Management Solution

White Paper

Cost Analysis Using CiscoWorks LAN Management Solution


As networks grow in both size and complexity, the need for network management increases greatly. Many organizations, however, continue to rely on costly, repetitive, and error-prone processes in which operators resort to the primitive technique of manually managing the devices in the network. In today's business environment, the Cisco network management products—which automate these procedures—make both financial and practical sense. But without bottom-line evidence, network managers and decision makers may be reluctant to invest in network management products.

As with any capital expenditure, the benefits provided by CiscoWorks network management products must outweigh the investment required. One way to provide evidence of these benefits is to compare the cost savings of using Cisco network management products to a traditional, manual approach.

It is difficult to provide a hard and fast algorithm to calculate exact savings, because there are many variables involved, ranging from expertise of existing staff, current policies and procedures, and the level of management desired. However, it is possible to calculate an approximate value based on commonly performed network management tasks and assumptions about some fixed variables.

The online Cisco Cost Analysis Tool attempts to bridge this gap by estimating cost savings based on a set of assumed parameters and variables determined by the user. This paper is a companion piece to the online Cost Analysis calculator and explains the rationale and methodology used by the tool to produce the analysis.

Note that the calculations do not take into account the "soft" costs, such as the cost of having an individual spend time on routine manual tasks, the savings achieved by not requiring additional staff, or the impact of poor network performance on brand image.

Cost Analysis Using CiscoWorks LAN Management Solution

Although small networks can be effectively managed by manually accessing each device and meticulously documenting the results, the same methodology is often impractical and cost-prohibitive when applied to larger networks. The CiscoWorks family of network management applications provides the following benefits to large networks:

  • Manual labor reduction

  • Network availability enhancement, through mitigation of network downtime and/or degradation due to device failure

The following sections describe each benefit in detail.

Manual Labor Reduction

Basic network infrastructure management requires the performance of many tasks, such as initial configuration, monitoring of inventory, software upgrades, and preventive maintenance of devices. There are three principal benefits of using CiscoWorks LAN Management Solution (LMS) for configuration management:

  • Significantly reduced preparation time for a given task

  • Automated distribution of tasks to allow multiple jobs to be run simultaneously

  • Automated change audit records and inventory tracking

Note that Cisco network management products do not affect the planning time or the time required to process each job by a given device. Logically planning for an audit, software upgrade, or configuration update is identical whether performed manually or with CiscoWorks. Further, there is a physical limit to the speed at which a given device can process a job, whether the request was generated from CiscoWorks or if it were generated through a manual process via command-line interface (CLI). In other words, once the "What shall we do?" is defined, the differences between manual configuration and automated configuration are demonstrated in the "How shall we do it?" phase.

While every network requires a different mix of management activity (depending on network criticality, design, use, and so on), there are several tasks common to all managed networks: configuring password changes, distributing software upgrades; and gathering inventory and change audit information.

Configuring Password Changes

It is a common administrative task to change and enable secret passwords, which allow users to enter the enable mode on devices. For security purposes, many administrators change device passwords quarterly.

Whether this is done manually or through CiscoWorks, advance planning—such as what to change the password to, when the devices should be configured, who needs to approve the changes, and so on—must be performed. The advance time required is identical for both the manual and automated processes, so this has not been factored into the cost savings calculation.

To perform the password changes, the system administrator must Telnet into each applicable device, make the requisite password change, logout, and then document the change information—a fairly straightforward process which should require no more than a few minutes to complete.

For a small number of devices, changing passwords manually via CLI is effective and practical. However, as the number of devices increases, the opportunity for human error increases dramatically. A study conducted by the American Management Association has shown that on average, one of 300 characters is mis-typed. The risk for error is further increased with multiple, simultaneous Telnet sessions to configure a number of devices at one time. Given these parameters, it is reasonable to expect anywhere from one- to eight-percent error rate for manual configurations.

CiscoWorks provides automatic and simultaneous distribution of multiple jobs, while automatically updating a Change Audit database. Automation of activities such as changing passwords on all devices dramatically reduces the time spent: Manual configuration of password changes for 800 devices may take as much as 93 hours annually. With CiscoWorks, the same process requires only 24 minutes.

See Appendix A: Configuring Password Changes for a step-by-step walkthrough of this calculation.

Distributing Software Upgrades

Cisco devices contain software that may need periodic updating for optimum performance. Generally, network administrators search the Web site for updated or upgraded software, and then download the software to the applicable devices.

Both manual and automated upgrades require several preparatory steps. System administrators should ask the following questions before attempting an upgrade:

  • Have the appropriate images containing the minimum required device configurations been located in

  • Have all of the prerequisites for loading the software on the device been met?

  • Has the effect of the upgrade on the network and the network users been considered? (When should the upgrade occur? In what order should the devices be upgraded?)

The cost savings of using CiscoWorks LMS on software upgrades is difficult to calculate, as it is heavily dependant on factors such as the network administrator's familiarity with, the availability of current configuration information, and the number and variety of devices in the network. However, CiscoWorks LMS provides Change Audit databases, which contain data pertaining to all changes made to devices (hardware and software), and automatically compare the information to the recommendations from, drastically reducing preparation time for a software upgrade.

In addition, jobs can be scheduled simultaneously, decreasing the time required for the entire network to be upgraded. It is important to note that Cisco recommends no more than 12 simultaneous upgrade sessions be scheduled (as opposed to 300+ for password changes). Further, note that the time required for a device to receive the download and reboot is identical for both CiscoWorks and CLI manual procedures.

Another key benefit of using CiscoWorks for software distribution is the ability to create scheduled jobs. System administrators can set up the job request during normal working hours, and have LMS automatically run the requests during non-business hours. While the actual time the devices are down may not change, the administrator no longer has to be constantly available while the upgrades are commencing, conserving valuable workday time.

See Appendix B: Distributing Software Images for a walk-through of the CiscoWorks and manual software upgrade processes.

Gathering Inventory and Change Audit Information

Adequately documenting the physical devices in a network is a time-consuming task. The complexity of the task is further compounded by the fact that a single device may contain several different blades or configurations, as well as many different versions of installed software. There are no short-cuts to conducting a thorough manual documentation of inventory: Each device, with its components and software, must be examined individually. Further, there is no easy way to determine whether the inventory has changed without conducting an audit to compare existing records to that of the actual network—another daunting and time-consuming task.

The sudden, inexplicable failure of a device can be costly to a company. System administrators must analyze the device in order to discover the cause of the failure. After hardware failure, the most common cause of such failures is a change in configuration. Perhaps an inexperienced administrator entered the wrong commands, or made typographical errors. While solving the problem may be simple as returning the device to its original configuration, unless meticulous records exist that detail who made what changes to which device, arriving at this conclusion and rectifying the error could take many hours. Because manually maintaining records of every physical and logical change applied to a given device is both impractical and time-consuming, system administrators rarely have this kind of documentation on hand.

CiscoWorks LMS, however, automatically records every change applied to a device—whether by CiscoWorks applications or via CLI—in the Change Audit database. This process is transparent to the administrator, and requires no additional time or effort on his or her behalf.

Gathering inventory data using LMS is equally simple and fast. CiscoWorks LMS has the ability to simultaneously access each managed device and obtain both hardware and software information, providing far more efficient and accurate records than can be manually maintained or created.

For further information on the Change Audit function, see Appendix C: Gathering Inventory and Change Audit Information.

Network Availability Enhancement

In order to determine the level of fault management necessary, system administrators must ask how much does network downtime or network degradation cost their company?

When determining cost of downtime or degradation, lost productivity and lost revenue must be taken into account. A study conducted by Infonetics, Inc., an international market research company, showed that network degradations result in an approximate 16 percent loss of networked worker productivity and a 10 percent loss in revenue, as a result of the decreased productivity of revenue-producing employees. If the network were to be down completely, these figures increase to 24 percent lost productivity from networked employees and revenue loss of as much as 60 percent. A company with 1000 employees and annual revenues of $200 million, as an example, could suffer losses that easily surpass $8000 per hour. (See Appendix D: Availability Enhancement using LMS+DFM).

Fault management is a crucial component of any network management scheme to minimize or eliminate such losses. CiscoWorks LMS (with Device Fault Manager as an add-on) can serve as a key element in such an environment.

While it is important to quickly pinpoint trouble areas, it is equally important to prevent such problems from occurring in the first place. Device Fault Manager (DFM), a component of LMS, actively monitors Cisco devices and reports on any problems it detects. Depending on the type of device, DFM actively monitors different conditions via Internet Control Message Protocol (ICMP) polling, Simple Network Management Protocol (SNMP) management information base (MIB) interrogation, and SNMP trap reception. The DFM then tracks only those conditions known to contribute to higher-level problems in that particular device. When used with Real-Time Monitor (RTM)—another LMS component which provides both real-time and historical RMON and RMON2 reports—the DFM can spot problems before they become critical and bring down the network. Given the above cost of network degradation, this proactive fault notification feature alone can easily pay for the cost of LMS. (See Appendix D: Availability Enhancement using LMS+DFM for more information on DFM and RTM).

Although LMS is a component of a comprehensive fault management system, it does not provide complete, system-wide functionality by themselves. For example, a complete fault management scheme would monitor servers, users, applications, links, as well as the network devices. LMS can be integrated with such comprehensive systems by providing in-depth information on the network devices to the system management platform (such as HP OpenView Network Node Manager).


The CiscoWorks product family can provide a quantifiable financial and IT benefit to an organization, through the automation of routine labor, as well as helping to mitigate network degradation due to device failures. While it is difficult to derive an exact figure of the true and potential cost savings for every customer situation, the Cost Analysis Tool can provide an understanding of the scale of savings involved. At this point, the question that needs to be asked is not "What is the cost of the product?" but "What is the cost of NOT using CiscoWorks?"

Appendix A: Configuring Password Changes

Assuming 800 devices that require quarterly password changes and a manual configuration error rate of 5 percent, the time spent per quarter on password changes is calculated as:

800 devices x 5 min x 1.05 = 4200 min (70 hours)/qtr

= 280 hours/year

Assuming that the system administrator can open up three simultaneous Telnet sessions and configure these devices simultaneously, the process will still take 23 hours per quarter (or 93 hours per year) to complete. Although it is possible to open up more than three simultaneous Telnet sessions, the rate of error will consequently rise as well.

Simultaneous configuration of three devices with multiple Telnet sessions

= 280 hours/year / 3 = 93.3 hours/year

Compare the time required to conduct the same procedure using CiscoWorks LAN Management Solution (LMS). The following steps were taken in setting up LMS to conduct simultaneous password changes in batches of 300 configured devices: (Note that the product has been tested for up to 700 simultaneous batches.)

1. Log into the CiscoWorks management console.

2. Click on Resource Manager Essentials/Configuration Management/NetConfig.

3. Select "New Jobs" from the Jobs Menu.

4. Select Device Category from the pull-down menu (Cisco IOS® software, FastSwitch, or Catalyst®), click Next.

5. Select the devices that require password changes.

6. Apply the "Enable Password" system-defined template from the pulldown menu.

7. Select devices from the pull-down menu, click Next.

8. Set job properties (such as schedule, notification, failure policy, and parallel/serial configuration jobs).

9. Review job content, then click Finish.

The above steps in the netconfig wizard should take an experienced operator approximately five minutes to complete. Although an additional three minutes is required for LMS to Telnet into each device make the requisite changes, then logout, this time is immaterial to the administrator. (Note, however, that CiscoWorks processes the device changes simultaneously, so the three-minute-per-device configuration time is not cumulative). In other words, once the job setup is complete and the Finish button is clicked, the operator's work is done (unless an error message is generated as configured in the Job Properties step).

Given these figures, using LMS to configure quarterly password changes on a 800-device network in which 300 devices are configured simultaneously, the amount of time required per year can be calculated as follows:

(800 devices/ 300 devices at once) x 5 minutes to configure = 13.3 min (0.22 hrs)/qtr

= 0.89 hrs/yr

When an password is enabled or disabled, the change information is automatically sent as an update to the CiscoWorks inventory database. As a result, there is no need for a manual documentation to track how/when/who concerning the password change, which saves additional system administration time.

Given the above assumptions, using CiscoWorks LMS for password changes saves:

Manual process:

93.3hours/ year

Using LMS:

0.9 hours/ year

Saved time:

92.4 hours/ year

Appendix B: Distributing Software Images

The manual process for distributing software upgrades is extremely time-consuming, especially in the preparation and initial research phases. A typical manual procedure for a software upgrade is outlined below:

1. Determine current device image revisions. If the administrator kept meticulous records, this step should be fairly simple. Without these records, it is impossible to proceed with a software image upgrade. Although obtaining device information is a simple procedure, it is still no small task to obtain a current and accurate report if a large number of devices, or multiple device types (for example, a mix of Catalyst 6500 switches, 3600 routers, and 7200 routers) are involved, It may only take three minutes per device to get the required data, but recording the information is a serial task when done manually.

2. Log on to and find the appropriate software image to determine whether an upgrade image is available. This step requires only five to ten minutes per image, provided the system administrator is familiar with the naming conventions of Cisco IOS Software, the Web site, and is familiar with the required version number and feature sets.

3. Determine whether the destination device satisfies the minimum requirements specified on If the administrator has kept meticulous inventory records of the devices on the networks, this information should already be available, but as mentioned above, this is rare. In addition, the amount of time required increases greatly if there are multiple hardware device configurations and device types on the network.

4. Download the image and reboot the device. Often, to prevent downtimes from affecting network users, upgrades are performed after business hours. While administrators may conduct the activities from a remote location (home as opposed to office), it still requires that they be online during off hours.

Compare this to the time required to conduct the same preparation using CiscoWorks LMS. The following steps were taken in setting up LMS to distribute software images to the devices.

1. Log into the CiscoWorks management console.

2. Select Resource Manager Essentials/Software management/Distribution/ Upgrade Analysis and select the filtering criteria. Filters can be selected from one or more of the following:

  • Images newer than running image

  • Same image feature subset as running image

  • General deployment

  • Latest maintenance release (of each major release)

3. Next, select the devices to be analyzed. In this case, we have chosen to analyze Cisco IOS Software versions for Cisco 2600, 3600, and IOS switches. Note that the specific devices in our network that fit the description have automatically been discovered. Click Next.

4. From the drop-down list boxes, select the images to analyze, then click Finish.

5. Depending on the number of devices analyzed, within two to five minutes, the Upgrade Analysis report is generated. This report contains individual, device-specific information indicating whether hardware upgrades are required, and provides notes on Telnet access requirements. CiscoWorks LMS also obtains up-to-date information on the specified device configuration. Because every change made on a device (whether via CiscoWorks or via CLI) is recorded in the Change Audit database, the administrator is assured of obtaining the most current snapshot of the device's hardware and software configurations. Manual performance of this task, performed by Telneting into a device and browsing though, would take substantially longer.

6. To distribute the required image upgrades, select Resource Manager Essentials/Software Management/Distribution/Distribute Images.

7. Select the devices to upgrade. (Note that specific devices that fit the search criteria are also automatically discovered.) Click Next to display a set of upgrade recommendations.

8. Select distribution sequence. Note that LMS does not shorten the time required for each device to process the software upgrade. Further, each upgrade, whether done via CLI or through the LMS graphic user interface (GUI), is performed sequentially.

9. Finally, schedule the upgrade/reboot for a time when impact to network users will be minimal.

Appendix C: Gathering Inventory and Change Audit Information

Any changes implemented on the managed devices, whether by CiscoWorks applications or via CLI are recorded in the Change Audit database. This information is used to generate Change Audit reports (Figure 1).

Figure 1: Generating a Change Audit Report

Appendix D: Availability Enhancement Using CiscoWorks LMS+DFM

Calculate the cost of network degradation as follows:

Productivity Loss Assumptions:

Number of networked employees:


Average salary:


Productivity loss due to network degradation

16 percent (as reported by Infonetics)

Productivity loss cost due to degradation:


Revenue Loss Assumptions:

Annual revenue:

$200 million

Hourly revenue:


($200 million divided by 48, 40-hour weeks)

Percentage of networked employees directly generating revenue:

44% (as reported by Infonetics)

Hourly revenue impacted by network:


Revenue loss due to network degradation:


Revenue loss cost due to degradation:


How Can CiscoWorks LMS Help?

The Device Fault Manager, a component of LMS, provides real-time, detailed fault analysis, designed specifically for Cisco devices. DFM actively monitors a wide range of Cisco devices. Depending on the type of device, DFM actively monitors different conditions via ICMP polling, SNMP MIB interrogation, and SNMP trap reception, and track only those conditions known to result in higher-level problems. When used with RTM, the DFM provides both real-time and historical RMON and RMON2 reports, and can spot problems before they become critical and bring down the network.

Further, once problems are identified, resolution efforts are greatly aided by the detailed and current information stored in the Change Audit database. This database contains information on device software image, hardware configuration, as well as a record of who made what changes at what time. This database is updated regardless of whether a change was made manually or if it was done through a Cisco GUI, so the administrator has the most current information available. Other tools, such as path analysis and topology views, can also help pinpoint a problem locale for a faster recovery.