SolarWinds Network Configuration Manager (NCM) is a deep term which encompasses several different concepts. NCM has to do with any network equipment. Instead, It mostly refers to network switches and routers but it can also apply to other types of equipment such as firewalls or load balances. Typically, any device which is not a computer or a server can be considered a piece of networking equipment.
Network Configuration management entails a few different tasks. First, there is inventory management. The point here is to keep all the information about networking equipment in a centralized place. Another important aspect—if not the most important one—of configuration management is the actual configuration of the devices. If you’ve ever worked on huge corporate networks with dozens of access switches, you know how configuring them can be tedious and error-prone. Configuration management can make it easier.
Automatic Configuration Backup
- Schedule network configuration backups
- Record network configurations for archival history
- Easily view network configuration backups and history
- Perform configuration changes based on logical groups such as location, department, manufacturer, or any custom property.
One of the most popular features in SolarWinds Network Configuration Manager (NCM) is the ability to automatically backup network device configurations. Configuration backups can be scheduled to run whenever you would like them to – whether that’s everyday, every other Monday, or every two hours.
Save time with network automation.
NCM’s network configuration management system is designed to manage rapid change across complex and multi-vendor networks, reduce time needed to complete repetitive tasks, and maintain standards and service levels for uninterrupted IT with its wide range of network automation features.
Simplify and improve network compliance.
Simplify network compliance using NCM’s automated network configuration tools to deploy standardized configs, detect out-of-process changes, audit configurations, and even correct violations.
Fast disaster recovery.
Rest easy knowing you can locate the most current configuration and quickly apply it to a replacement spare, or to roll back a blown configuration.
Protect your network from malware.
Take the hassle out of vulnerability detection using NCM’s integration with the National Vulnerability Database and access to the most current CVE’s to identify vulnerabilities in your Cisco devices.
Know more about your Palo Alto Networks firewall.
Be able to use deeper visibility to your Palo Alto Networks firewall for more effective troubleshooting and network management.
Automate firewall activities to improve operational efficiency.
Discover security contexts, backup and restore config files; discover, visualize, and audit Access Control Lists (ACLs); and easily manage firmware upgrades for Cisco ASAs.
Get help with deeper visibility into critical data center switches.
Be able to filter, search, and identify config changes for access control lists (ACLs). View interface config snippets and get Virtual Device Context (VDC) support for parent/child detection with Network Insight for Cisco Nexus switch monitoring.
See and fix problems faster.
NCM’s network change management tool can work even better when used with SolarWinds® Network Performance Monitor network monitoring software to detect more faults, as well as identifying and correcting configuration errors
Network discovery, inventory, and EOL reporting.
Be able to know what devices are connected to your network, their hardware and software configurations, and when they approach end-of-service and end-of-life, with NCM device configuration management tool.
Improve awareness and control.
Use NCM’s integrated console to lock down devices from unauthorized access, delegate who can view device details and make configuration changes, and determine when network changes can occur.
View baseline and config change with diff view.
IT professionals can get a more comprehensive view by using a network configuration management tool that can leverage baselines across multiple nodes. Diff view in NCM is designed to highlight only those lines that changed.
Improve team communication and planning.
NCM includes 53 reports to keep stakeholders informed with the current state of your network inventory, configuration changes, policy compliance, security, and planning requirements.
Help ensure 24/7 availability for your Orion servers and pollers across subnets with Orion Platform High Availability (HA).
Protect your monitoring environment against O/S crashes, application failures, network connectivity problems, and database availability issues with SolarWinds High Availability.
Get a single consolidated command center of multiple SolarWinds servers with Enterprise Operations Console (EOC).
SolarWinds Enterprise Operations Console collects performance data from an installed base of multiple SolarWinds servers, and summarizes this data into a composite, centralized view.
Scheduled configuration backups
Schedule configuration downloads, configuration uploads, device reboots, command script execution, and more. In addition, configuration backups are stored in a relational database for archival history and as flat files in an intuitive folder structure for easy viewing.
Help ensure device compliance with federal regulations, as well as corporate standards. The Policy Reporting manager includes policy reports, such as SOX, HIPAA, CISP, and Cisco® Security.
Role-based access control
Integrate your Windows® Active Directory® or local system user accounts with SolarWinds NCM. You can manage users based on their role, and establish individual device login credentials per user. SolarWinds NCM logs all user activity, allowing you to keep an archive of changes.
Multiple vendor support
Monitor network devices from multiple hardware vendors in a hybrid network environment.
Make changes to community strings, passwords, and black lists across many devices. Execute bulk changes either in real time or within a scheduled change window. Uploads, changes, and global command scripting can be scheduled by device type, physical location, owner, or custom property.
Configuration change history
Receive reports on what devices have had configuration changes over a specified time period. Configuration change
reports can also compare current configurations with a baseline configuration, alerting you whenever a change is
Establishing baseline and understanding config drift
Save time identifying out of compliance configurations using multi-device baselines. Use a single baseline or multiple across your network to monitor the configs critical to you and leverage the baseline diff viewer to quickly identify changes within those configs.
Configuration viewing, tracking, and comparing
Use SolarWinds NCM to remotely view, track, and make changes, and compare network device configurations without logging in to the physical SolarWinds NCM server. The Orion® Web Console offers these functions to the users you select.
New features and improvements in NCM
Release date: November 5, 2019
Policies pushed from Panorama
The Policies and Policy Details views for Palo Alto devices now display information about policies pushed from the Panorama management server.
NCM 2019.4 also identifies the source of a configuration file. Policies pushed from Panorama are classified as either ‘Pre Policy (Panorama)’ or ‘Post Policy (Panorama)’. Policies that are not pushed from Panorama are classified as ‘Local’.
New firmware upgrade template setting
Firmware upgrade templates can now specify a delay between a device rebooting and NCM checking that it is up. If you select the
Reboot device after upgrade option, the following new setting is available:
Wait time between reboot and checking that the node is "Up"
This setting can prevent errors for devices that have multiple up/down sequences after they reboot.
Added support for EtherWAN devices
NCM now provides the following support for EtherWAN devices:
- 1 device template (called EtherWAN)
- 1 firmware upgrade template
- 11 config change templates
The config change templates are described below:
|Change Enable Password – EtherWAN||Changes the enable password on EtherWAN devices.|
|Change NTP Settings – EtherWAN||Changes NTP settings on EtherWAN devices.|
|Change SNMP Community Strings – EtherWAN||Changes SNMP community strings (get/set) on EtherWAN devices.|
|Change System Name – EtherWAN||Changes the system name on EtherWAN devices.|
|Change VLAN membership on ports – EtherWAN||Assigns ports to VLANs on EtherWAN devices.|
|Configure interface IP (manual) – EtherWAN||Changes the IP address of an interface on an EtherWAN device. To specify the interface, the user manually enters the interface name. Use this template to assign the IP address without launching a network inventory job during the process.|
|Configure interface IP – EtherWAN||Changes the IP address of an interface on an EtherWAN device. To specify the interface, the user selects the interface name from a list, which is built with a network inventory job.|
|Configure VLAN – EtherWAN||Configures a VLAN and assigns the VLAN name on EtherWAN devices.|
|Enable/Disable LLDP – EtherWAN||Enables or disables LLDP on EtherWAN devices.|
|Enable/Disable NTP – EtherWAN||Enables or disables NTP on EtherWAN devices.|
|Enable/Disable RSTP – EtherWAN||Enables or disables RSTP on EtherWAN devices.|
Added support for Lenovo Campus NOS devices
NCM now provides the following support for Lenovo Campus NOS devices:
- 1 device template (called Lenovo Campus NOS)
- 1 firmware upgrade template
- 6 config change templates
The config change templates are described below:
|Change Enable Password – Lenovo Campus NOS||Changes the enable password on Lenovo Campus NOS devices.|
|Change SNMP Community Strings – Lenovo Campus NOS||Changes SNMP community strings (Read-Only/Read-Write/Super user) on Lenovo Campus NOS devices.|
|Change System Name – Lenovo Campus NOS||Changes the system name on Lenovo Campus NOS devices.|
|Change VLAN membership on ports – Lenovo Campus NOS||Assigns ports to VLANs on Lenovo Campus NOS devices.|
|Configure interface IP – Lenovo Campus NOS||Changes the IP address of the selected interface on Lenovo Campus NOS devices.|
|Configure VLAN – Lenovo Campus NOS||Configures a VLAN and assigns the VLAN name on Lenovo Campus NOS devices.|
New device template for F5 BIG-IP devices
NCM 2019.4 includes a new device template that supports all F5 BIG-IP devices, including those with an OS of 12.0 and later. The name of the new device template is
F5 Big IP 12 and newer. By default, automatic assignment is enabled for this template.
The previous template, named
F5 Big IP, is still available, but automatic assignment is now disabled by default for this template. When you upgrade:
- F5 BIG-IP devices that are set to use Auto Determine to find a device template will use the new
F5 Big IP 12 and newertemplate.
- F5 BIG-IP devices that are manually assigned to the previous
F5 Big IPtemplate will continue to use that template.
Orion Platform 2019.4 Release Notes
Release Date: November 5, 2019
New features and improvements in Orion Platform
Native SolarWinds Service Desk Integration
Organizations of all sizes have complex IT environments which makes managing IT challenging. With the latest release of the Orion ® Platform 2019.4 and products, we are continuing to build on the story of unexpected simplicity by introducing features for IT pros who need a single, integrated experience
Integrating Orion alerts with SolarWinds Service Desk (SWSD) is another tool in the IT Pros’ arsenal. Powerful features such as Advanced Ticket Routing & Automated Workflows improve your operational efficiency by ensuring the critical events within your monitored infrastructure are automatically routed to the correct team. Fast, reliable two-way communication between Orion and SolarWinds Service Desk (SWSD) ensures changes such as alert acknowledgments or changes in incident state are always in sync.
The benefits of integrating your Orion alerting with SolarWinds Service Desk (SWSD):
- Increase operational efficiency by automating the creation of Incidents from Orion alerts, thus giving more visibility to operational teams.
- Gain insight into Incident trends and measure your organizations capacity with reports such as incident throughput and incident heatmaps
Orion Maps enhancements
Entity Library enhancements
- Filter and refine your entity list based on any property.
- Bulk-select entities to add them to the canvas.
- Quickly identify contextual relationships through the entity library without leaving the editor.
- Multi-select from the canvas to move or delete multiple objects in groups.
- Undo and redo options within the Editor.
- Add custom images and backgrounds to enhance the map.
Manual Topology Connections
- Define topology between any two entities directly from the Map Editor.
Customizable map refresh rate
- From the Advanced Configuration Settings, specify the map refresh rate – in minutes – for the Orion Maps Viewer and Widgets.
Add or evaluate additional Orion Platform products from within the Orion Web Console.
Install new products for evaluation even if you are not ready to upgrade your existing Orion Platform products to the latest version. Compatible versions of the new products are installed.
- Deploy the Orion Platform in the cloud using Azure SQL Database managed instance as an alternative to MS SQL.
- Deploy the Orion Platform directly from Azure Marketplace
NET 4.8 support
- All Orion Platform products now use .NET 4.8.
- .NET 4.8 is deployed automatically to all Orion Agents for Windows after the upgrade.
All Windows Agent plugins for supported operating systems were migrated.
Make sure that the operating system of your Orion Platform supports .NET 4.8.
If your Orion Platform runs on an operating system that does not support .NET 4.8, consider upgrading your environment to be able to use the new features provided by Orion Platform 2019.4.
Requirements vary based on:
- The number of nodes
- The frequency of configuration downloads
- The length of time that configurations are maintained in the database
The following ports might be needed for the Orion Web Console, depending on how SolarWinds NCM is set up to download and upload configurations:
|22||SSH/SCP||SCP server||Bidirectional||SSH/SCP default port for NCM to transfer configs|
|23||Telnet||NCM Business Layer Plugin, NCM Jobs (collector)||Outbound||Telnet default port for NCM to transfer configs|
|25||TCP||SolarWinds Alerting Service V2||Outbound||SMTP email default that NCM uses for notification (If SSL/TLS encryption is set up on SMTP server, default port is 465)|
|69||UDP||TFTP Server||Inbound||TFTP server listens on this port|
|80||TCP||IIS||Inbound||HTTP default for the Orion Web Console|
|137||UDP||File and Printer Sharing (NB-Name-In)||Bidirectional||Used to store firmware updates and configuration files remotely|
|138||UDP||File and Printer Sharing (NB-Datagram-In)||Bidirectional||Used to store firmware updates and configuration files remotely|
|139||TCP||File and Printer Sharing (NB-Session-In)||Bidirectional||Used to store firmware updates and configuration files remotely|
|161||UDP||SolarWinds Job Engine v2||Outbound||SNMP statistics collection, the default for polling in NCM|
|162||UDP||SolarWinds Trap Service||Inbound||Trap messages listened for and received by the Trap Server|
|443||TCP||IIS||Inbound||Default port for HTTPS binding|
|445||TCP||File and Printer Sharing (SMB-In)||Bidirectional||Used to store firmware updates and configuration files remotely|
|465||TCP||SolarWinds Alerting Service V2||Outbound||The port used for SSL-enabled email alert actions|
|514||UDP||SolarWinds Syslog Service||Inbound||Syslog Service listens for incoming messages|
|587||TCP||SolarWinds Alerting Service V2||Outbound||The port used for TLS-enabled email alert actions|
|1801||TCP||MSMQ||Bidirectional||MSMQ WCF binding|
|5671||TCP||RabbitMQ||Bidirectional||For encrypted RabbitMQ messaging (AMQP/TLS) into the main polling engine from all Orion servers|
|17777||TCP||SolarWinds Orion Module Engine
SolarWinds Information Service
SolarWinds Information Service V3
|Bidirectional||Orion module traffic. Open the port to enable communication from your poller to the Orion Web Console, and from the Orion Web Console to your poller. The port used for communication between the Orion Web Console and the poller.|
|17778||HTTPS||SolarWinds Agent||Inbound to the Orion server||Required for access to the SWIS API and agent communication|
|17779||HTTP||SolarWinds Toolset||Inbound to the Orion server||SolarWinds Toolset Integration over HTTP|
Ports 4369, 5672, and 25672 are opened by default. These ports can be blocked by the firewall.
Do not install Orion Platform products on the same server as SolarWinds Access Rights Manager (ARM).
For evaluation purposes only:
Installing SolarWinds Orion on Windows Server 2012 R2 Essentials or Windows Server Core is not supported.
|Operating System Language||
|NCM Server Hardware||CPU Speed||3 GHz dual core dual processor|
|Hard Drive Space||30 GB|
|Installing Windows Account||Requires administrator permission on the target server.|
|File System Access Permissions||Ensure the Network Service account has modify access to the system temp directory:
|SolarWinds Orion Syslog Server||If you want real time change detection triggered through devices sending Syslog messages, the executable must have read and write access to the Orion Platform database.|
|SolarWinds Orion Trap Service||If you want real time change detection triggered through devices sending SNMP traps, the executable must have read and write access to the Orion Platform database.|
|Microsoft SNMP Trap Service||Must be installed if you want real time change detection triggered through devices sending SNMP traps.|
|Microsoft IIS||Version 8.0 or later. DNS specifications require hostnames to be composed of alphanumeric characters (A-Z, 0-9), the minus sign (-), and periods (.). Underscore characters (_) are not allowed.
SolarWinds does not support installing NCM on the same server or using the same database server as a Research in Motion (RIM) Blackberry server.
|Microsoft ASP .NET 2.0 Ajax Extension||Version 1 or later
If this is not found on the target computer, the setup program downloads and installs the component.
|Microsoft .NET Framework||.NET 4.8
If the required version is not found on the target computer, the installer downloads and installs it. Ensure that .NET is turned on in Windows Features.
The Orion server and the SolarWinds Orion database must use separate servers.
If you install on a virtual machine, you must maintain your SQL Server database on a separate, physical drive.
As of Orion Platform 2018.2, you can use Amazon RDS as your database server.
SolarWinds supports using NCM with database servers set up in the following languages, but only supports storing characters in the UTF-8 character set.
|SQL Server versions||
NCM supports the latest service pack unless otherwise noted.
If you select the Lightweight Installation option, SQL Server Express 2017 is installed locally. This option should be used only for evaluating NCM.
|SQL server collations||
The following SQL server collations are supported:
|Authentication||Either mixed-mode or Windows authentication. If you require SQL authentication, you must enable mixed mode on your SQL server.|
|Protocols||Your database server must support mixed-mode authentication or SQL authentication and have the following protocols enabled:
|x86 components||The following x86 components must be installed:
If the components are not found on the target computer, the setup program downloads and installs the components.
Supported Web Console browsers
- Microsoft Internet Explorer 11 (standard and mobile views)
- Microsoft Edge
- Mozilla Firefox 49.0, or latest supported versions
- Google Chrome 54.0, or latest supported versions
- The SolarWinds NCM Information Service requires that the Net.TCP Port Sharing service be enabled and port 17777 open for TCP traffic to the NCM server. By default, this service is disabled. The setup program sets the service to manual. Resetting the service setting to disabled is not recommended.
- To take advantage of the numerous integration points in NCM, install the SolarWinds Engineer’s Toolset on the same server. You can also take advantage of integration points built into the Web Console by installing the Toolset on computers used to access the Web Console.
NCM 2019.4 was tested for scalability in a standalone deployment of three servers: one server hosts the main server and the other two servers each host an additional polling engine. The main server manages up to 10,000 nodes, as does each additional polling engine. Therefore, the deployment supports up to 30,000 nodes total.
The standard Orion Web Console deployment has the Orion Platform on the main server, polling for node status at the default rate. This deployment supports two NCM operations, inventory update and configuration download, performed per day on all 30,000 nodes.
Though the main server and each additional polling engine can manage up to 10,000 nodes, the actual total depends on the system hardware of the server hosts, the types of devices being monitored, and the number of jobs being run concurrently. Should you need to manage more devices, and you decide to add servers, consider consolidating your views of multiple servers with the SolarWinds Enterprise Operations Console (EOC).
Factors that affect scalability
The server requirements table above lists the minimum CPU and RAM requirements for the NCM server. CPU and RAM requirements depend on the number of nodes being managed in your NCM deployment.
If scalability issues arise, you can adjust the following:
- Increase the server CPU speed and the amount of RAM
- Decrease the number of simultaneous transfers
- Decrease the frequency of uploads, downloads, and inventory jobs
- Increase the node polling interval for up/down monitoring
Inventory jobs may run longer than expected in larger environments. To remedy this situation, break large inventory jobs into smaller jobs that do not include as many nodes, and space these jobs over a longer period of time. Adjusting server CPU and memory will enhance user interface performance and job execution speed.