Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco Proactive Automation of Change Execution

Cisco Proactive Automation of Change Execution Solution

Downloads

Solution Overview

The Cisco® Proactive Automation of Change Execution (PACE) solution combines products and services that accelerate operational success by helping IT organizations to securely automate and control changes and configurations in their networks. The solution allows medium-sized and large enterprises to meet compliance requirements, accelerate growth, ensure business continuity, and increase user productivity.

CHALLENGE

Enterprises today are required by law, industry regulations, and corporate policies to control access to customer and corporate financial data. These enterprise networks must quickly adapt to market changes while at the same time remain in control, in compliance, and auditable. The challenges are:

Compliance - Adapting quickly to changing regulations: Sarbanes Oxley (SOX), Control Objectives for Information and related Technology (COBIT), IT Infrastructure Library (ITIL), Gramm-Leach-Bliley Financial Modernization Act (GLBA), Visa Card Holder Information Security Program (Visa CISP), Payment Card Industry (PCI) Data Security Standards, Health Insurance Portability and Accountability Act (HIPAA), Committee of Sponsoring Organizations (COSO) of the Treadway Commission and custom regulations.

Growth - Increased demand for new services, applications, and network bandwidth

Complexity - Avoiding human error while configuring complex global networks managed by multiple administrators

Expertise - Shortage of specialized skills needed to validate network consistencies between devices

Security of changes - Authenticating, authorizing, and auditing valid administrators while preventing conflicting changes

SOLUTION

The Cisco PACE solution accelerates and controls change operations using secure proactive automation of change, configuration, and analysis tasks.
The complete Cisco PACE solution is comprised of:

• Cisco Secure Access Control Server (ACS)

• CiscoWorks Network Compliance Manager (NCM)

• CiscoWorks LAN Management Solution (LMS)

• Cisco Configuration Assurance Solution (CAS)

• Cisco Advanced Services

The Cisco PACE solution is highly scalable, allowing network administrators to implement as few or as many of these products and services as needed by their specific network; however, large global networks with multiple administrators will want to take advantage of the scalability and rich features of the full solution suite.

Cisco Secure Access Control Server

Cisco Secure Access Control Server (ACS) is a highly scalable, high-performance access control server that protects the network from unauthenticated access while authorizing the right administrators to automatically make the right changes at the right time. The primary Cisco PACE control capabilities offered by Cisco Secure ACS are:

• Centrally catalogs all valid devices on the network to help prevent rogue devices

• Centrally controls each CiscoWorks LMS administrator's role to make changes within LMS and controls access to CiscoWorks NCM and CAS

• Supports TACACS+ on supported devices to control and audit activity on each device

CiscoWorks Network Compliance Manager

CiscoWorks Network Compliance Manager (NCM) is a highly scalable change, compliance, and configuration manager with a configurable workflow engine allowing the enterprise to design specialized workflow-approval processes. The powerful capabilities of CiscoWorks NCM allow it to apply policy changes to a device model and audit its compliance with regulations (SOX, GLBA, PCI/VISA CISP, COBIT, ITIL, and tailored corporate policies) prior to deployment of the configuration changes. The primary Cisco PACE capabilities that CiscoWorks NCM contributes to the solution are:

• Delivers secure role-based change and configuration controls for administrators

• Automatically applies configuration changes to large groups of devices at scheduled times

• Provides regulation-specific reports for compliance with SOX, GLBA, PCI/VISA CISP, COBIT, ITIL, HIPPA, and COSO

• Offers pre-deployment validation of configuration changes to a network device

• Performs real-time detection of changes to device parameters

CiscoWorks LAN Management Solution

CiscoWorks LAN Management Solution (LMS) performs network mapping, monitoring, diagnosis, device configuration, and deployment of Cisco IOS® Software images. The primary Cisco PACE features that CiscoWorks LMS delivers are:

• Discovery of network devices and their relationship to one another. This network discovery is also used by the other components in the Cisco PACE solution.

• Real-time monitoring and alerting of network faults to notify administrators of network events where change may be needed.

• Visualization of the topology of the network to understand network dynamics.

• Deployment of new Cisco IOS Software images with current BootROM version and memory checking.

Cisco Configuration Assurance Solution

Cisco Configuration Assurance Solution (CAS) automatically performs network-level consistency checks that identify misconfigurations, policy violations, inefficiencies, security gaps, and resiliency problems. While the CiscoWorks ACS, NCM, and LMS components prevent unauthorized changes to the network, the Cisco CAS component verifies changes and recognizes that many organizations will allow some uncontrolled access to the devices, requiring the constant vigilance that Cisco CAS brings. The primary Cisco PACE capabilities that Cisco CAS contributes are:

• Extracts configuration data from CiscoWorks NCM and other sources (e.g. traffic) to build a model of the network for high performance analysis.

• Analyzes the device and network consistency with hundreds of rules checking security vulnerabilities, IP addressing, route maps, attributes (e.g. QoS), regulatory compliance, and a wide variety of switching and routing protocols. Specialized rules may be developed for customer-specific needs.

• Reports include security vulnerabilities, network design issues, configuration trends, routing analytics, network resiliency and more. In many cases reported issues include recommendations for corrective actions.

Advanced Services

Cisco Advanced Services provide customer-specific consulting services for the Cisco PACE solution including but not limited to:

• Operations consulting services: Assess, define, and validate your network configuration and change management processes.

• Technical consulting services: Providing integration, analysis, configuration, custom compliance, policy rules development, and report generation.

• Deployment services: Helping you to plan, design, implement, and operate the Cisco PACE solution.

BUSINESS BENEFITS

The Cisco PACE solution provides the following business benefits:

• Scalability of the CiscoWorks NCM software across geographies protects the software investment of high-growth companies.

• Prevents revenue loss by reducing network downtime due to misconfigurations.

• Reduces costs by identifying network inconsistencies that would require labor-intensive diagnosis.

• Configuration automation saves money by allowing fewer administrators to manage large complex networks.

• Helps to prevent the potentially expensive repercussions of noncompliance.

The Cisco PACE architecture (Figure 1) uses Cisco Secure ACS to protect the network from unauthorized users and administrators while CiscoWorks NCM ensures that all changes and configurations are approved using best-practice processes encapsulated in a workflow model. CiscoWorks NCM creates regulatory compliance reports highlighting key issues that must be resolved in each compliance category. The Cisco CAS continuously validates the production network compliance by running network comprehensive rules against the data it gathers from the CiscoWorks NCM data store.

SOLUTION ARCHITECTURE

Figure 1. Cisco PACE Solution Architecture

SUPPORTING SOLUTIONS, PRODUCTS, PARTNERS, AND SERVICE OFFERINGS

• Cisco Network Application Performance Analysis (NAPAS) solution

• Cisco Advanced Services

– Operations consulting services

– Technical consulting services

– Deployment services (Planning, Design, Implementation, and Optimization)

WHY CISCO

• Cisco Systems® offers industry-leading security with Cisco Secure ACS, superior network discovery and visibility with CiscoWorks LMS, highly scalable and available change and configuration management with CiscoWorks NCM and comprehensive compliance and validation checking with CiscoWorks NCM and Cisco CAS.

• The Cisco PACE solution provides unmatched scalability, security and network validation.

• Expert consultants and network engineers within Cisco Advanced Services can help optimize your PACE solution. They are capable of creating CiscoWorks NCM policies and Cisco CAS rules that lower TCO while maximizing network uptime for greater profitability.

• Working closely with Cisco network hardware teams, you can be confident that your Cisco PACE solution will deliver future value-added management benefits.

FOR MORE INFORMATION

For more information about the Cisco PACE solution, visit http://www.cisco.com/go/pace or contact your local account representative or send an e-mail to ask-cisco-pace@cisco.com.