In many enterprise networks scripting still forms a key part of the management strategy for making backups and performing change management, where scripting is not done many engineers are using multiple vendor’s solutions to do these tasks.

In a multi-vendor network setup this results in a lot of “context switching”, manual effort and a trove of scripts that may have been written by many different engineers, and for older versions of device firmware.

We’ve collated some of the top reasons that this approach will result in increased risk of downtime and exposure to cyberattacks and why we believe centralized automation can eliminate these risks and give time back to teams to focus on higher value activities.

Decentralized control relies on the unique knowledge of many network engineers

Most companies have lots of equipment from a variety of different vendors, often managed by multiple team members across different groups. Even the most experienced network engineer will have trouble remembering everything they need to script accurate backups for the entire fleet of network devices.

This is especially true if engineers use scripts sourced from the internet instead of following manufacturer guidelines themselves.

Recovery testing is extremely hard and error prone

We all know you can’t trust a backup unless you’ve tested it and verified that it restored correctly. Unless your company has the budget to buy a test lab with all the same network devices, your first restore test might be during a real outage. Scripts don’t make it easy to test your backup and restore procedures without a separate test setup.

Simple human error can result in catastrophic consequences

Network configuration files often use fragile, text-based formats that are prone to human error. Simply misplacing a comma, line break or any number of typos or file format corruption can cause a backup to fail – or worse – restore with an incorrect setup. You might not know that your backups have errors until you try to restore them in a real disaster scenario, when timing is critical.

Scripts make error handling a chore

With a script-based backup solution, network engineers must write error handling themselves, often this is not done at all. Even when those error handling functions are in place the errors may need to be dealt with one by one in the console, or you will need to configure a customized place to post those errors to handle them.

Writing scripts is time-consuming

With a scripting methodology you must deal with all the challenges associated with maintaining a program over time – responding to changing requirements, adding support for more network devices, and changing backup techniques when manufacturers deprecate old methods all add effort and affect confidence in the restoration of configurations.

Backup storage is unlikely to be secure

Many companies put their network backups on a network share or other generic file storage solution for convenient access by engineers.

This approach makes access control difficult – leaving doubt about who may have changed what – and device configurations often contain sensitive data that is valuable to cyber attackers (even your internal private IP range is useful to them to learn about your network). Role-based identity and access management combined with secure encryption is a must, but these security requirements create another manual implementation task for teams.

Script-based backups aren’t smart enough to save space

Backup systems are usually smart enough to provide ways to save space, such as delta backups, where they only store changes from the last backup. While many network device backups are much smaller than computer files, when it comes to network device configurations, manually taken delta backups cannot be restored without more manual effort.

Therefore, teams often keep many months’ worth of backups so they can be sure to keep a full history and maintain traceability. But some vendors – including f5, Check Point and Cisco FirePower – can produce large quantities of backups daily, the storage usage from lots of devices backed up daily adds up fast.

How ScienceLogic can help

A way of centrally and intelligently managing backup and configuration management is needed.

Restorepoint is a multi-vendor network backup configuration management solution that allows customers to automatically perform network backups across their entire network without manual scripts, as well as monitor for changes and provide assurance of compliance status to other teams.

You can read more about Restorepoint or contact us to discuss the solution with one of our experts.

X