Steps for Setting Up Configuration Management
Many Configuration Management features are disabled by default so that you do not encounter unexpected processing loads on your server—for example, how often CCM checks devices and backs up their configurations to the archive. The following steps explain what you must do to set up Configuration Management. All of these items are configured from the Configuration Management Settings page (Configurations > Settings). Many of these settings can be overridden when you create specific jobs.
1. Configure the transport protocol that Prime Network will use between the device and the gateway. These are controlled from the Transport Protocol area. The options are TFTP, SFTP/SCP, and FTP (TFTP is the default). To use FTP as the transfer protocol, you must install FTP on the gateway and the unit servers that manage the VNEs. Note the following:
Note FTP is not a secure mode of transfer. Use SCP/SFTP instead, for secure config and image transfers.
– The TFTP source interface on the devices must be able to reach the unit. Otherwise, the configuration management jobs that require TFTP may fail.
– To use SFTP/SCP for configuration file transfers from a device to a unit, ensure that an SSH server is configured and running on the device (so that during the transfer, the device acts as a server and the unit as a client).
– For Cisco IOS, Cisco IOS XR, and Cisco IOS-XE devices, configure the device with K9-security-enabled images so that the SSH server is up and running on the device.
– To use SCP as the protocol to retrieve configuration files, execute the following command on the device:
# ip scp server enable
2. Enable the initial synchronization of the archive files with the configurations that are running on the network devices. Whenever the gateway is restarted, CCM will perform this synchronization. By default, synchronization is disabled. To enable it, activate Enable Initial Config Syncup.
3. Configure the policies that control how often CCM retrieves information from devices and copies (backs up) configuration files to the archive. By default, all of these settings are disabled. Consider these questions when configuring your settings:
a. How much disk space is available? Smaller space may require more frequent purging.
b. Should new configuration files be copied (backed up) to the archive on a periodic basis or on an event-driven basis?
If configurations are changing frequently and the changes are not of immediate importance, use periodic backups by selecting Enable Period Config Backup. This will minimize server workload.
Note The periodic setting is recommended.
If every change is considered significant, use event-driven backups (Enable Event-Triggered Config Archive).
c. For event-driven archiving, should information be copied to the archive immediately upon receiving a change (Sync archive on each configuration change)? Or should changes be queued and then copied at a certain interval (Sync archives with changed configurations every ___ hours and ___ minutes)? If information needs to be copied to the archive immediately, synchronize the archive on each configuration change. Otherwise, you can synchronize the archive at regular intervals (every 1-24 hours).
While scheduling automatic backup operations, you might be prompted to enter your device access credentials. The device credentials are taken from the Configuration Settings. (See Setting Up Prime Network to Work With CCM.)
4. Configure CCM to perform periodic synchronization of out-of-sync devices by selecting Enable Periodic Sync for Out of Sync Devices (24Hours). The configmgmt-synchronize-sysjob system job is scheduled. You can view the scheduled job in the Configuration Management Jobs (Configurations > Jobs) page.
5. Configure CCM to export archived configuration to an export server on a periodic basis by selecting Enable Periodic Config Export and Export Settings. This allows you to free up disk space while keeping a permanent record of historical archives.
6. Configure when files should be purged from the archive using the Archive Purge Settings. Consider these questions when configuring the purge settings:
– How big are the configuration files?
– How often are changes made to devices?
7. Specify the default mode of restoring configuration files to the devices using Restore Mode.
8. Configure the SMTP server and e-mail IDs so that regular configuration management job status e-mails are sent. (You can also specify e-mail settings when you create a job.)
9. Specify the commands that should be excluded when CCM compares device configuration files. A set of common exclude commands is provided by default (for example, ntp-clock-period). These are controlled in the Exclude Commands area (see Notes on Exclude Commands).
Note Configuring exclude commands is especially important if you are using event-driven archiving. Doing so avoids unnecessary file backups to the archive.
Notes on Exclude Commands
Exclude commands are inherited; in other words, if three exclude commands are specified for Cisco routers, all devices is any of the Cisco router families will exclude those three commands when comparing configuration files.
Exclude commands configured for a device family (such as Cisco 7200 Routers) will be applied to all device types in that family (Cisco 7201, Cisco 7204, Cisco 7204VXR, and so forth).
When you are working in the Exclude Commands page, your current selection will be highlighted in green. All exclude commands applied to that selection will be listed below the device selector. When Prime Network compares the router configuration files, it will exclude all of the commands listed in the Device Commands field. If a series is selected (example, Cisco 7200 Series), the commands listed in the Series Commands field will be excluded and so on.
The following procedure describes how to configure exclude commands.
Step 1 Choose Configurations > Settings.
Step 2 In the Exclude Commands area, navigate and choose one of the following (your selection is highlighted in green):
- A device category
- A device series
- A device type
Step 3 Enter a comma-separated list of commands you want to exclude when comparing configuration files for that device category, series, or type. You can also edit an existing list of commands.
Your entries change to red until they are saved, and all affected device types, series, or categories are indicated in bold font.
Step 4 If you want a device type to ignore the parent commands (that is, the series and category commands), check the Ignore Above check box.
Step 5 Click Save to save your changes.