Network Compliance Management

Network compliance management (NCM) is an appliance which is used for Device monitoring and management in the customers network. It is little different with the Cisco Works LMS or HP Openview although it can be integrated with HP Openview and Cisco works LMS. HP is also having similar kind of product for monitoring and management call HPNA ( HP network Automation). However the basic functionalities between the HPNA and NCM is same. In Device monitoring and management, NCM meets the below mentioned customer challenges: Multivendor Support: NCM supports multivendor devices and hence not limited to Cisco devices only. For this feature there are multiple drivers available with NCM on its backend to provide such kind of support. Depending upon the IOS or command set feature, whenever a device is been detected by NCM, it looks for the relevant driver and registers with it. Roles Based Access Control: In NCM we can define various roles of people accessing NCM and accordingly. we can provide them the level of access. Automation: In NCM for any kind of configuration changes we can write scripts or define Parameters and hence can automatically make changes as scheduled. Prevents Intrusion and Enforcing Process: NCM has facility of approval workforce, it means for any activity to be completed we can provision it for prior approval of the activity. Also by defining role based access and policies we can stop unauthorized activities happening in the system. Highly Scalable: NCM can support up to 25000 devices. Complete work flow for appliance is available. Changes: Keeps Track of all the changes made into the system It has complete control over changes made into the system by applying required policies We can automate the process of change in the system High Level Availability: NCM has provision for very high level availability for the system We can have multiple NCMs at different geographical locations and they can back up each other. NCM can run in HA mode and replicates database with each other in order to have in sync with each other.

NCM gateway NCM satellite application: It halps in managing IP addresses. By using that we can keep track of duplicate IP addresses in the system, if any. Eg. If a company acquires a smaller company and have similar local IP addressing schema then we can use NCM gateway and all the communications will take place through gateway only. In this scenario gateway can make out the duplicate IP addresses of the devices.

Important consideration: Before deploying NCM you must take bandwidth into
consideration as it requires decent bandwidth for pushing configuration and changes etc.

Hardware, Software and Network requirements:

Software: It can run on : Operating System Requirements: Windows Solaris 9 & 10 Linux Database Requirements: Oracle My SQL Microsoft SQL Server 2000 Oracle and My SQL database is preferred. Hardware: Processor: 2Ghz Pentium IV RAM: Min 1 GB and Recommended 2 GB Disk Space: For application 20 GB of disk space For database 100 GB of disk space Application and Database can be integrated on the same hardware but for Large Scale deployment its recommended to have Application and Database on 2 different physical server.

Network Requirements: Any change that has to be done through NCM will consume bandwidth, so optimum bandwidth consideration is also important.

NCM Alert Centre Differences: NCM can automatically check Vulnerabilities alert to the system and
take required action if defined in the system. This could be

PORTS used For NCM access: SSH( TCP) 22 Telnet (TCP ) 23 SNMP (UDP) 161 Syslog ( UDP) 514 FTP (TCP) 20, 21 SNMP Trap 162 ( for 3rd party integration) JNDI 1099 ( for integration with AAA servers) HTTP/HTPS 80/443 ( for Client access) For accessing NCM, generally SSH is used and then other application ports later on. In NCM we can provision that what ports we want to use for accessing application. It is recommended that if we are not

using some particular port, we should not provision it in NCM. Eg. If SSH in not configured in Customer network then we should unprovision it from NCM in accessing priorities.

Processing
Max Concuurent tasks : 20 Max task in 1 Batch : 15 Maximum Task : 3600 Above parameters can be changed.

Memory Utilization:
NCM management Engine NCM TFTP server NCM Syslog Server NCM works with SYSLOG only. What ever events are sent by Syslog server, NCM captures those events and take required action as defined. NCM also provides End of Life and End of Sale options for every device registered with itself. In upcoming version of NCM they are integration Syslog analysis and port views etc.

Licensing :
There is 90 Days e-val license available for the same. Licensing with NCM is based on per device basis. Below mentioned is the method of Licensing: 1. 2. 3. 4. 5. 6. Core License. Core Incremental License HA license HA incremental License Connector License Connector License

Few More Information about NCM :

There are various connectors available for third party integration like HPOpenview etc. like we have for IPCC and CRM integration. There are various drivers available for third party devices i.e. non Cisco devices. If there is any new release of Cisco device for which there is no driver available then we can select generic IOS driver in NCM for that particular device

 For NCM integration Cisco works is not compulsory. While configuring NCM, be very specific and cautious with Database password as if any upgrade or reinstall is required then in that case database password is used for its synchronization and replication with NCM. It also requires the name you set for database. Be very specific during making policies for any changes in the network as irrelevant policies can take extra time and can consume extra bandwidth. You can also configure or schedule for Routing protocol configurations like BGP, EIGRP etc. along with the access- list. Cisco has provided driver making tool where customer itself can make driver by themselves for a device, as there are certain listed devices in NCM. Anything other than those listed devices will need creation of driver. Drivers are nothing but the codes written in XML language. For Accessing NCM you can define various methods in a particular sequence. For accessing device from NCM like Routers or Switches etc you can set password rules so that NCM can automatically logins in to that device. There can be 1 issue of Port conflict during Installation of NCM, to overcome with that we can stop that particular service on machine and can go ahead with installation. You can upgrade softwares also including IOS of the devices.

YOU CAN FIND MORE INFORMATION ON NCM ON

www.cisco.com/go/cvncm
or you can ask to

ask-ncm-pm@cisco.com