CiscoWorks Network Compliance Manager (NCM) tracks and regulates configuration and software changes throughout a multivendor network infrastructure. It provides superior visibility into network changes and can track compliance with a broad variety of regulatory, IT, corporate governance, and technology requirements. CiscoWorks NCM helps IT staff identify and correct trends that could lead to problems such as network instability and service interruption.
PRODUCT OVERVIEW
Enterprises seeking to enable high-performance business applications increasingly rely on sophisticated networking infrastructure and the power of new technologies. Network operations and security managers rely on systems that can automate network deployment, handle large and complex topologies, and track and audit how actual network deployments comply with design requirements and best practices. Enterprise networks must ensure compliance with regulatory policies, corporate IT methodologies, and technology best practices-independently of scale, networking technologies deployed, and the combination of vendors providing networking equipment.
CiscoWorks NCM helps users meet regulatory compliance goals and enforce internal IT best practices in many ways:
• It tracks all changes to the network-configuration, software, and hardware changes-in real time and captures them in a detailed audit trail.
• It screens all changes against authorized policies immediately to ensure that they comply with regulatory requirements or IT best practices.
• It automatically validates new changes against appropriate policies before they are pushed to the network. If the changes are not compliant, CiscoWorks NCM does not allow them to be deployed.
• It automates the change review process, closing the gap between the approval of a change and the actual configuration change that is pushed to the network.
• It allows managers to enforce the approval of a change through a flexible, integrated approval model, using the exact configuration code that will be pushed to the network. Approvers of a change can review the change in the context of the entire device configuration and the business units it will affect. Event notifications are sent to interested parties, giving network staff immediate visibility into unplanned and unauthorized changes.
• It limits network configuration information to users on a need-to-know basis. CiscoWorks NCM uses highly customizable role-based permissions to control what information a user can view, what actions a user can perform on devices, and which devices a user can gain direct access to.
• It ships with regulatory reports for SOX, VISA CISP, HIPAA, GLBA, ITIL, CobiT, COSO enabled, providing the detailed metrics required by each of these regulations and providing the network information necessary to prove compliance. Included by default are reports on users, systems, network status, configurations, devices, software vulnerabilities, tasks or jobs, Telnet/SSH sessions, and compliance centers. Ad-hoc reports can be customized to include information such as:
– All Cisco® devices running a given version of Cisco IOS® Software
– All devices using insecure protocols for configuration management
– All devices with a faulty module
– All configuration changes made over a period of time for a set of devices
– All Telnet/SSH sessions initiated by a specific user
– All device changes that result from an approval override
– All access control lists (ACLs) that deny traffic on specific ports
KEY FEATURES AND BENEFITS
CiscoWorks NCM provides the following customer benefits (Table 1):
Table 1. CiscoWorks NCM Features and Benefits
Feature
Benefits
Network auto-discovery
Eliminates manual administration of devices
Network diagram
Eases troubleshooting
Configuration and change management
• Increases uptime
• Eases audit of configuration changes
• Improves control of network resources
Audit and compliance management
• Includes expansive modeling of regulatory, corporate, IT, and technology policies
• Provides visibility into network's compliance with policies
• Identifies critical risks and violations
• Prioritizes triage of compliance violations
Integration with CiscoWorks applications
• Includes cross launch capabilities between CiscoWorks NCM and other CiscoWorks applications such as CiscoWorks LAN Management Solution (LMS), Home Page, Device Center, and CiscoView
• Allows user to run scripts to register with CiscoWorks servers
• Ensures consistency of network inventory database using CiscoWorks Device Credential Repository (DCR)-for example, device inventories may be imported into CiscoWorks NCM
• Enables combination of network configuration, change, compliance, and Cisco IOS Software and Catalyst® OS image management
Security management
• Enables role-based access control and lock down
• Includes centralized ACL management
Advanced workflow and approvals
Enables real-time process enforcement
Multivendor support
• Supports thousands of device models or versions from Cisco Systems® and 35 other vendors
• Frequent and easy-to-deploy device driver releases
CISCOWORKS INTEGRATION
As a CiscoWorks application, CiscoWorks NCM integrates with the extensive features and capabilities of other CiscoWorks products. It also provides cross-launch of various features across CiscoWorks NCM and other CiscoWorks applications such as the LAN Management Solution (LMS) bundle.
Integration features include:
• Import of detailed network inventory and configuration data from CiscoWorks DCR, ensuring data consistency between the two CiscoWorks products
• Launching CiscoWorks NCM from the CiscoWorks Home Page, enabling a centralized dashboard for network operations tasks
• Accessing other CiscoWorks applications from CiscoWorks NCM menus, including CiscoWorks Device Center and CiscoView
HIGH-AVAILABILITY DEPLOYMENT OPTIONS
CiscoWorks NCM is architected for fairly large network deployments of up to tens of thousands of managed nodes, thanks to robust features such as data redundancy and high availability. For network managers concerned about high availability due to the critical nature of network compliance, configuration, and change management, CiscoWorks NCM can be deployed in (optional) high-availability server configurations. The High Availability and Satellite deployment options provide a robust deployment architecture:
• High Availability enables visibility and control across the entire globally distributed network environment, automatically replicating information to multiple locations and dramatically reducing time to recover by enabling immediate recreation of the environment in a new location. It also allows IT organizations to extend best practices and knowledge across multiple locations and ensure operational consistency across the enterprise.
• Satellite enables central management of network devices in remote locations and enables failover due to network instability across Network Address Translations.
DEVICE SUPPORT
CiscoWorks NCM supports an extensive range of Cisco equipment plus devices from 35 other vendors. Categories include routers, switches, firewalls, wireless access points, VPN devices, network accelerators, network load balancers, and other appliances that serve dedicated functions such as terminal and proxy servers. CiscoWorks NCM can be easily upgraded to support new devices as they become available or to meet market demand.
LICENSING
CiscoWorks NCM is licensed on the basis of the number of nodes to be managed and whether the High Availability and Satellite features are enabled. Customers must purchase a software license for the core server for the desired count of managed nodes plus a license for the High Availability and Satellite features.
A managed node is a management IP address and the configuration details for the system accessed by the management IP address. In most cases, a single device is equivalent to a single node. In more complex cases, such as a Cisco Catalyst switch in hybrid mode, where the device is running as two separate configurations, each configuration is counted as a managed node. This is because in hybrid mode the switch has two management IP addresses and two configuration files. For licensing purposes, unmanaged nodes are not counted toward the licensed total node count. See the Ordering Guide for more details.
INSTALLATION
CiscoWorks NCM should be installed on a dedicated server to avoid port access conflict for HTTP, HTTPS, Telnet, Syslog, and other functions. Please refer to the following checklist for detailed information on preparing your network for CiscoWorks NCM deployment. Tables 2 through 7 list recommended configurations.
Table 2. Recommended Configuration, Dual Windows Server
Application Server
OS
Windows Server 2003 Enterprise Edition
CPU
Intel Xeon, 3.0+GHz
Memory
2 GB RAM
Disk
10 GB - Fast SCSI
Network
100 Mbps Fast Ethernet full duplex
Database Server
Supported Databases
• Oracle 9.2
• Microsoft SQL Server 2000 SP 2
• MySQL Max 3.23 (included)
CPU
Intel Xeon, 3.0+GHz
Memory
2 GB RAM
Disk
18 GB - Single Channel RAID / Fast SCSI
Network
100 Mbps Fast Ethernet full duplex
Table 3. Recommended Configuration, Single Windows Server
Application & Database Server
OS
Windows Server 2003 Enterprise Edition
Database
MySQL Max 3.23 (included)
CPU
Dual Processor Intel Xeon, 3.0+GHz
Memory
4 GB RAM
Disk
28 GB - Dual Channel RAID / Fast SCSI
Network
100 Mbps Fast Ethernet full duplex
Table 4. Recommended Configuration, Dual Solaris Server
Application Server
OS
Solaris 9
CPU
Dual UltraSPARC IIIi+, 1.3+ GHz (SunFire V240)
Memory
2 GB RAM
Swap Space
4 GB Swap
Disk
14 GB - Fast SCSI
Network
100 Mbps Fast Ethernet full duplex
Database Server
Supported Databases
• Oracle 9.2
• MySQL Max 3.23 (included)
CPU
Dual UltraSPARC IIIi+, 1.3+ GHz (SunFire V240)
Memory
2 GB RAM
Swap Space
4 GB Swap
Disk
22 GB - Single Channel RAID / Fast SCSI
Network
100 Mbps Fast Ethernet full duplex
Table 5. Recommended Configuration, Single Solaris Server
Application & Database Server
OS
Solaris 9
Database
MySQL Max 3.23 (included)
CPU
Dual UltraSPARC IIIi+, 1.3+ GHz (SunFire V240)
Memory
4 GB RAM
Swap Space
8 GB Swap
Disk
36 GB - Dual Channel RAID / Fast SCSI
Network
100 Mbps Fast Ethernet full duplex
Table 6. Recommended Configuration, Dual Linux Server
Application Server
OS
RedHat Linux AS 3.0 Update 2
CPU
Intel Xeon, 3.0+GHz
Memory
2 GB RAM
Swap Space
4 GB Swap
Disk
14 GB - Fast SCSI
Network
100 Mbps Fast Ethernet full duplex
Database Server
Supported Databases
• Oracle 9.2
• MySQL Max 3.23 (included)
CPU
Intel Xeon, 3.0+GHz
Memory
2 GB RAM
Swap Space
4 GB Swap
Disk
22 GB - Single Channel RAID / Fast SCSI
Network
100 Mbps Fast Ethernet full duplex
Table 7. Recommended Configuration, Single Linux Server
Application & Database Server
OS
RedHat Linux AS 3.0 Update 2
Database
MySQL Max 3.23 (included)
CPU
Dual Processor Intel Xeon, 3.0+GHz
Memory
4 GB RAM
Swap Space
8 GB Swap
Disk
36 GB - Dual Channel RAID / Fast SCSI
Network
100 Mbps Fast Ethernet full duplex
ORDERING INFORMATION
To place an order, visit the Cisco Ordering Home Page. Table 8 lists ordering information for CiscoWorks NCM.
Table 8. CiscoWorks NCM Ordering Information
Product Name
Part Number
CiscoWorks NCM for up to 100 managed nodes
CWNCM-1.0-100-K9
CiscoWorks NCM for up to 300 managed nodes
CWNCM-1.0-300-K9
CiscoWorks NCM for up to 500 managed nodes
CWNCM-1.0-500-K9
CiscoWorks NCM for up to 1000 managed nodes
CWNCM-1.0-1K-K9
CiscoWorks NCM for up to 2500 managed nodes
CWNCM-1.0-2.5K-K9
CiscoWorks NCM for up to 5000 managed nodes
CWNCM-1.0-5K-K9
CiscoWorks NCM for up to 10,000 managed nodes
CWNCM-1.0-10K-K9
CiscoWorks NCM for up to 25,000 managed nodes
CWNCM-1.0-25K-K9
CiscoWorks NCM high-availability option for up to 1000 managed nodes
CWNCM-1.0HA1K-K9
CiscoWorks NCM high-availability option for up to 5000 managed nodes
CWNCM-1.0HA5K-K9
CiscoWorks NCM high-availability option for up to 25,000 managed nodes
CWNCM-1.0HA25K-K9
CiscoWorks NCM satellite single instance proxy for remote distribution
CWNCM-1.0SAT-K9
SERVICE AND SUPPORT
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare the network for new applications to extend network intelligence and the power of your business. For more information about Cisco Services, see Cisco Technical Support Services or Cisco Advanced Services.
