Chapter 1
The Scope of Change Management
Change management isn't a process or a technology, it's a mental state and company philosophy.
You could probably sit down with a big sheet of paper and a pen and come up with the perfect
change-management process. Unfortunately, implementing that process might be difficult simply
due to the current state of technology. There are only so many change-management tools
available, and, more important, network devices don't always lend themselves to effective
change management. In fact, most change-management tools currently on the market are
amazing primarily for their ability to work around the limitations of the devices they're
managing.
In Chapter 4, I'll discuss the scope that you can expect from a change-management process. I'll
describe integration with systems such as Hewlett-Packard OpenView, and discuss the
management capabilities for routers, switches, firewalls, load balancers, virtual private network
(VPN) concentrators, intrusion detection and prevention devices, and more. I'll also take a brief
look at how servers can be included in your network change-management strategy, including
UNIX- and Linux-based servers, Windows servers, Novell servers, Windows PCs, UNIX- and
Linux-based workstations, and so forth.
Network Change-Management Technologies
Change management is definitely a state of mind, but it is also something you can realistically
implement in your environment, thanks to a bevy of supporting technologies:
· Simple Network Management Protocol (SNMP)
· Syslog
· SSH and SSL
· Trivial File Transfer Protocol (TFTP)
· Telnet
· Remote Authentication Dial-In User Service (RADIUS), and its cousins TACACS and
TACACS+
These technologies are the underlying enablers of many change-management tools, and they
each have caveats and concerns, particularly with regard to security. Although good change-
management tools provide a fairly secure setup, you will benefit from knowing how they might
be used to attack other parts of your network. I'll devote all of Chapter 5 to discussing these
technologies, explaining how they work, and explaining their role in change management.
Many of these technologies, combined with good old fashioned command-line scripts, can be used to
provide rudimentary change-management capabilities until you get proper tools in place. For
example, you can write scripts that utilize TFTP to regularly pull device configuration files, then use
diff or other command-line file-comparison tools to generate a file that contains the differences
between two versions of a configuration file. It's far from automatic, but it's a technique that has
served many organizations until they get proper processes and tools in place.
17