Chapter 1
4
Change Management with Vendor-Specific Tools
Vendor-specific tools, such as Cisco's CiscoWorks package are well written and provide useful
functionality; however, I have yet to encounter an environment that is truly standardized on one vendor for
infrastructure devices; there is always an odd device out: a firewall, load-balancing device, switch, and so
on. In fact, most companies with perimeter networks (or demilitarized zones, as they're called) often
select firewalls from different manufacturers to provide an extra layer of security. The necessary myriad
vendor-specific change-management solutions required for such environments defeats the point of
change management entirely; you'll spend too much time in too many different tools to effectively manage
change.
Fortunately, there are plenty of vendor-neutral tools that provide support for devices from several
manufacturers. These tools offer the advantage of a single user interface (which is often less complicated
than the devices' command-line or graphical interfaces), integrated functionality, and enterprise-wide
management capability.
The best of these tools have a modular or scriptable architecture, meaning they can support a wide
variety of devices and are easily extended to support additional devices in the future--often without
requiring the installation of an updated release of the tool. If your organization regularly adopts new
technologies, make easy extensibility part of your tool selection criteria.
Why Bother with Change Management?
A recent industry-wide survey of network managers revealed that half of those surveyed had
experienced unauthorized changes to their network. Half of those surveyed also attributed human
error--manual configuration changes--to at least 50 percent of their non-carrier related outages
(those caused by a downed T1, for example). Those are frightening statistics, and they reflect a
very real-world situation: few organizations bother incorporating a formal change-management
process into their network management.
Excuses for a Lack of Change Management
In my consulting practice, I hear many reasons that companies give for not having a solid
change-management process in place. Some of them are pretty funny:
· We don't have the money. Of course you do! Change management doesn't mean you
must buy a suite of expensive tools, although there are some tools that make it easier.
Change management can be as simple as flowcharts and notebooks used to track changes
and maintain a valid process.
· We don't have time to train staff in change-management techniques. Good change-
management process and the right tools can actually reduce the need for training. Many
change-management tools replace the vendor-specific command-line interfaces and
graphical tools, creating a single point of management that requires less training. In
addition, many tools offer template capabilities so that junior administrators can manage
the network by filling in blanks on a form and selecting valid values from list boxes. If
you don't have time to train, change management can offer a solution, not a hurdle!
· It won't happen to us. This excuse barely deserves comment. I have yet to meet a
network manager who can actually say this with a straight face. And if a change-related
outage hasn't happened to you yet--it will, eventually.