Secure Provisioning always applies device configuration in its entirety and does not support applying config patches or deltas to a provisioned device (e.g. adding a few lines to running config, to enable a specific feature).
Stateless file management
Secure Provisioning supports a DevOps-style approach which collapses initial provisioning, disaster recovery and ongoing maintenance workflows into the one workflow:
Using this approach, the config patch is applied in Lighthouse to the central configuration template via git, which renders the configuration file in its entirety and pushes to the OM node. The device is factory reset and pulls the new configuration as if it were being provisioned for the first time.
Pros:
- Eliminates config drift
- Enforces config reproducibility
- Central audit trail of all configuration changes
- Disaster recovery becomes as simple as resetting all devices to reprovision
Cons:
- Requires a longer maintenance window as the device is reset and reboots
- Patches cannot be applied to running configuration
Stateful device management gateway
The NetOps Automation platform provides a management fabric from remote devices to your central management network via Lighthouse VPN and/or the cellular WWAN.
There are many tools and protocols purpose-built for stateful configuration management, such as Cisco NSO and SolarWinds NCM, and NETCONF and gRPC (OpenConfig).
The NetOps Automation fabric can be leveraged by these tools as a secure, resilient management path – both extending their reach to the out-of-band management network, and ensuring reachability during outages.
Comments
0 comments
Article is closed for comments.