FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 01-23-2009, 04:16 PM
Les Mikesell
 
Default OT: Managing change control in servers, LDAP, firewalls and switches question

Erick Perez wrote:
> Hi, being an off-topic questions with so many vendors involved I had
> no definitive place to go to ask but here. So maybe some of the list
> members have ideas in mind.
>
> Currently we manage several switches,firewalls and MS LDAP and Centos
> OpenLDAP installations.
> We are looking for a "man in the middle" or "framework" to manage
> change on our network devices and LDAP-based servers.
> So far, using Quest ActiveRoles/Intrust has filled the part of LDAP,
> where administrators log into ActiveRoles/Intrust system, generate
> changes (delete OU, users, change passwords, etc) then the request has
> to be approved by a staff member in Activeroles/intrust. When the
> approval is sent to the system, the ActiveRoles/Intrust (and not the
> sysadmin) logs into the LDAP systems and perform the changes. This has
> proven useful in tracking changes (who did what, when, who approved
> it).
> We are looking into a similar solution (Quest Software does not have
> that for devices) to perform change and control on the routers,
> switches and firewalls.

There was a tool called pancho (http://www.pancho.org/) that claimed to
to do automated router and switch management, but it seems to no longer
be supported, and personally, I'd trust a person more than a script with
that sort of job. On the other hand, maintaining backup copies of
configurations before/after changes is something very worthwhile and not
difficult for anything that has text based configurations. Just make
sure that changes are copied back and committed to a central version
control system like cvs or svn (which you can wrap with viewvc for easy
display of history and changes). A tool called rancid
(http://www.shrubbery.net/rancid/) will automate this for many routers,
switches and firewalls, and will also pick up any unexpected changes.

--
Les Mikesell
lesmikesell@gmail.com



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-23-2009, 04:26 PM
Michael Grinnell
 
Default OT: Managing change control in servers, LDAP, firewalls and switches question

Les Mikesell wrote:
> Erick Perez wrote:
>> Currently we manage several switches,firewalls and MS LDAP and Centos
>> OpenLDAP installations.
>> We are looking for a "man in the middle" or "framework" to manage
>> change on our network devices and LDAP-based servers.

>> We are looking into a similar solution (Quest Software does not have
>> that for devices) to perform change and control on the routers,
>> switches and firewalls.
>
> There was a tool called pancho (http://www.pancho.org/) that claimed to
> to do automated router and switch management, but it seems to no longer
> be supported, and personally, I'd trust a person more than a script with
> that sort of job. On the other hand, maintaining backup copies of
> configurations before/after changes is something very worthwhile and not
> difficult for anything that has text based configurations. Just make
> sure that changes are copied back and committed to a central version
> control system like cvs or svn (which you can wrap with viewvc for easy
> display of history and changes). A tool called rancid
> (http://www.shrubbery.net/rancid/) will automate this for many routers,
> switches and firewalls, and will also pick up any unexpected changes.
>

Rancid is a great tool, and has worked well for us as a configuration
monitor and config repository. Another new alternative that is similar
is ZipTie, now called NetworkAuthority Inventory
(http://inventory.alterpoint.com/). For a pay solution, I believe
SolarWinds has some products.

Michael Grinnell
Information Security Engineer
The American University

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-23-2009, 05:40 PM
Les Mikesell
 
Default OT: Managing change control in servers, LDAP, firewalls and switches question

Michael Grinnell wrote:
> Les Mikesell wrote:
>> Erick Perez wrote:
>>> Currently we manage several switches,firewalls and MS LDAP and Centos
>>> OpenLDAP installations.
>>> We are looking for a "man in the middle" or "framework" to manage
>>> change on our network devices and LDAP-based servers.
>
>>> We are looking into a similar solution (Quest Software does not have
>>> that for devices) to perform change and control on the routers,
>>> switches and firewalls.
>> There was a tool called pancho (http://www.pancho.org/) that claimed to
>> to do automated router and switch management, but it seems to no longer
>> be supported, and personally, I'd trust a person more than a script with
>> that sort of job. On the other hand, maintaining backup copies of
>> configurations before/after changes is something very worthwhile and not
>> difficult for anything that has text based configurations. Just make
>> sure that changes are copied back and committed to a central version
>> control system like cvs or svn (which you can wrap with viewvc for easy
>> display of history and changes). A tool called rancid
>> (http://www.shrubbery.net/rancid/) will automate this for many routers,
>> switches and firewalls, and will also pick up any unexpected changes.
>>
>
> Rancid is a great tool, and has worked well for us as a configuration
> monitor and config repository. Another new alternative that is similar
> is ZipTie, now called NetworkAuthority Inventory
> (http://inventory.alterpoint.com/). For a pay solution, I believe
> SolarWinds has some products.

If you are also doing SNMP monitoring of these resources, I believe
OpenNMS has some degree of integration with ziptie and some is currently
being added for rancid.

--
Les Mikesell
lesmikesell@gmail.com



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 04:36 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org