Overview of network management tasks and best practices

1. Network configuration and provisioning

One of the most fundamentals elements of network management is network provisioning. This process includes the following tasks:

• Setting up network devices, such as routers and firewalls.
• Assigning IP addresses manually or via Dynamic Host Configuration Protocol.
• Configuring virtual LANs and VPNs.

Network administrators can design networks using configuration templates -- sometimes referred to as boilerplates -- and update them as needed. The purpose of these templates is twofold. First, they help administrators more quickly configure new devices for deployment. Second, templates help ensure configurations are uniform from one device to the other.

Network automation platforms help administrators manage network configuration. For example, the platforms can store device information, validate configuration changes and deploy configurations simultaneously. Software-defined networking technologies also centralize all network configurations within the control plane.

2. Network monitoring and alerting

Network admins must closely watch the operational health of an enterprise network to ensure uptime and optimal performance. Network monitoring tools help track network activity, packet loss and downtime. Network teams can use protocols and health monitoring services, such as Simple Network Management Protocol, syslog, NetFlow, telemetry and deep packet inspection, to help monitor and automatically trigger alerts when issues arise.

Important metrics for network monitoring include the following:

• Latency.
• Jitter.
• Throughput.
• Bandwidth usage.

3. Troubleshooting and root cause analysis

When a network failure, outage or performance problem arises, the network admin is responsible for identifying and remediating the problem as quickly as possible. As part of the fault management process, admins should perform a thorough root cause analysis to identify and fix the cause of failure. Admins should also document what they did to eliminate the threat or, at least, reduce the event's effect on the organization.

Common network disruptions include bottlenecks, connectivity issues, DNS problems and virtual LAN misconfigurations. Network analyzer tools, such as Wireshark and tcpdump, provide information about network data packets and can aid the troubleshooting process. Meanwhile, modern AIOps tools use AI and machine learning to help automate troubleshooting and root cause analysis processes.

4. Change control management

When admins need to make network changes to a production network, they must closely control the entire process from start to finish. This includes establishing access controls to dictate who can make changes, in what time frame the changes should occur, how the changes should be announced and a peer review of the proposed changes.

While network-centric change control management tools are available, most enterprise IT shops opt for a centralized change control platform that all teams can use. These tools are typically part of -- or directly integrated with -- the IT department's service ticketing platform.

5. Firmware bug and vulnerability patching

Patching and vulnerability scanning are integral to both network security and network management. Admins should ensure they patch network device firmware, server OSes and software frequently. Frequent patching is necessary due to the sheer number of operation bugs and, more importantly, security vulnerabilities.

Admins should put processes in place that enable them to review firmware update notes to verify whether a known bug or vulnerability can significantly affect the business. Based on this research, they should handle firmware patching like any other network change that goes through a thorough change control process.

6. Configuration management

Regular backups and secure storage are essential to track configurations of network devices. Many legacy network devices still use command-line interfaces for configuration and management purposes, but backups help ensure a faster recovery in the event of a catastrophic hardware failure or data loss. It's critical to have a text copy of these configurations that admins can paste into spare or replacement equipment. These on-premises policies and recovery plans should include processes for file encryption and limited access to the backup file repository.

In cloud-managed network architectures, the service provider is often responsible for maintaining and protecting configuration backups. However, some cloud network service providers permit customers to copy and store their configurations wherever they choose. In these cases, it's important that enterprises store backups outside the provider's cloud in the event of a major service provider outage.

7. Policy and compliance validation

Admins must regularly review all network policies to ensure the network is not only optimized from a performance standpoint but also from a security, compliance and regulation perspective. Depending on the type of business an organization operates, teams must enforce and regularly review the following compliance standards, among others:

• Sarbanes-Oxley Act.
• Payment Card Industry.
• HIPAA.
• General Data Protection Regulation.

Network audits and updated documentation help network teams ensure network tools and policies meet compliance requirements and maintain accurate information. Network automation tools that include automated security and compliance verifications can help speed the validation process.

8. Network documentation

Network documentation tracks information about network topology, device configurations, IP address records, network diagrams, cabling, security policies and other network resources.

As networks grow in complexity, it's more important than ever to maintain detailed and accurate physical and logical network diagrams. While seasoned network engineers might prefer drawing and updating their own manually created diagrams using tools like Microsoft Visio, many have concluded that their networks are too complex -- and change too frequently -- to keep up. Thus, tools that automatically scan and map the network topology are becoming a popular alternative. While these automated diagrams might not be as visually appealing or include all necessary information, admins can at least be assured they are up to date.

9. Network resiliency

Mission-critical networks are designed and built with high availability in mind. This includes factors such as physical cabling redundancy, dynamic routing protocols and spare equipment maintenance in the event of a production hardware failure. Network resilience tasks also include steps to regularly test and evaluate network resiliency response times in the event of a failure.

Another crucial part of verifying network resiliency is to ensure that production hardware and software are properly licensed and are under appropriate levels of support contracts. This includes understanding hardware replacement times, vendor support hours and methods, and detailed steps required to resolve common problems from start to finish.

10. Short- and long-term roadmapping

Lastly, network admins should have processes in place to create short- and long-term network architecture roadmaps. These exercises help to understand where the network is today, what it's capable of in the near term and what the catalyst will be that dictates major upgrades in the future.

This step involves capacity planning to ensure the network can handle existing and future demands. It also requires administrators to read up on, study and receive demonstrations on new and emerging network technologies. Doing so helps admins plan next steps and avoid architecting the network into a corner.

Editor's note: This article was originally written by Andrew Froehlich and updated by TechTarget editors to reflect industry changes and improve the reader experience.

Andrew Froehlich is founder of InfraMomentum, an enterprise IT research and analyst firm, and president of West Gate Networks, an IT consulting company. He has been involved in enterprise IT for more than 20 years.