Golden Configuration Overview
  • 22 Jul 2024
  • Dark
  • PDF

Golden Configuration Overview

  • Dark
  • PDF

Article summary

To ensure the smooth operation of your network, it's important to quickly identify and remedy situations in which your devices are not configured as intended. This can happen in any number of ways: mistakes can be made during initial deployment, and any network can fall victim to configuration drift when left unchecked.

Golden Configurations, which are available in the IAP Configuration Manager application, can help you take proactive measures against such vulnerabilities. They are the "master" configuration to evaluate a network's running configurations, providing valuable information that can be used to drive maintenance and remediation efforts.

In this guide, you will learn foundational knowledge about Golden Configurations, including:

  • How Golden Configurations work.
  • How to create Golden Configurations.
  • How to navigate the Golden Configuration user interface (UI).
  • How to manage a Golden Configuration tree.

How Golden Configurations Work

Golden Configurations are organized as a hierarchical, tree-like structure of nodes, each associated with a baseline configuration pattern. Child nodes inherit the configuration of their parent by default, though they can be specialized after creation. Devices or adapter instances are then linked (added) to these nodes, allowing their current state to be graded against the related configuration.

Two types of Golden Configurations exist:

For specific information about each type of Golden Configuration, refer to the linked documentation.

How to Create Golden Configurations

Golden Configurations can be created from the Configuration Manager homepage:

  1. Click the Create (+) button located at the top of the side navigation menu. The Create modal will open.
  2. Select Golden Configuration from the drop-down. The modal will finish populating.
  3. Type a name for the Golden Configuration into the Name field.
  4. Select which type of Golden Configuration to create.
  5. If you are creating a CLI Golden Configuration, select an appropriate configuration parser from the drop-down. This determines the syntax that will be used in your node configurations. For example, if you are using the Golden Configuration to manage Cisco IOS devices, select cisco-ios. More information is available in the Configuration Parsers documentation.
  6. Click Create. The newly created Golden Configuration will display.

How to Open Golden Configurations

To open a Golden Configuration that already exists, select the Golden Configurations drop-down from the side navigation menu and click the Golden Configuration you would like to open.

Figure 1: Configuration Manager Homepage
Configuration Manager Homepage

You can also browse Golden Configurations using the card-based Collection modal:

  1. Click the Search (🔍) button located at the top of the side navigation menu. The Collection modal will open.
  2. Click the Golden Configurations tab. Collection card elements are referenced in the table below.

Figure 2: Collection Modal
Collection Modal

Label UI Element Description
1 Toolbar An assortment of buttons used to perform collection management actions. From left to right, they are: Refresh, Import, Select All, Delete, and Export.
2 Search Bar Searches the collection by Golden Configuration name.
3 Sort By Determines what order the Golden Configurations are displayed in.
4 Pin Pins the Golden Configuration to the Configuration Manager homepage.
5 Selection Box Selects the Golden Configuration for bulk actions, such as deletion or export.
6 Menu Button Opens a menu that allows you to Edit, Delete, or Export the Golden Configuration.

Upon creating or opening a Golden Configuration, you will be presented with the following interface. In general, actions that affect the Golden Configuration tree are performed on the left side of the UI, while actions that affect the selected node are performed on the right.

Figure 3: Golden Configuration UI
Golden Configuration UI

Label UI Element Description
1 Menu Opens a menu that allows you to view the metadata of, delete the current version of, or delete all versions of the Golden Configuration.
2 Golden Configuration Tree Provides an interface for managing the Golden Configuration's tree and the individual nodes within it.
3 Tabs The Node Details tab displays information about the current state of the selected node.

The Configuration tab allows you to define the node's baseline configuration. For more information, refer to the CLI Golden Configurations and JSON Golden Configurations documentation.

The Devices & Groups/Manage tabs allow you to associate devices or adapter instances with the selected node, respectively. Tab availability is dependent on the Golden Configuration's OS type. For more information, refer to the CLI Golden Configurations and JSON Golden Configurations documentation.

Golden Configuration Tree

Newly-created Golden Configurations have a one-node tree, consisting only of the base node (of which any additional nodes will be children). From the tree structure visualization, you can:

  • Select a node for editing by clicking it.
  • Add nodes to, or delete nodes from, the tree.
  • View compliance statistics for the entire tree or a selected node.
  • Create new versions of the tree.

Adding and Deleting Child Nodes

To add a child node to the tree:

  1. Hover over an existing node's menu (⋮) button. A menu of node management actions will appear.
  2. Select Add Child from the menu. A new node will be created, inheriting its configuration from the parent.

The process for deleting a child node is nearly identical; just select Delete from the menu instead.

Figure 4: Creating Child Nodes
Creating Child Nodes

Running Compliance Against a Node

To run a compliance check against all devices or adapter instances assigned to a node:

  1. Hover over the node's menu (⋮) button. A menu of node management actions will appear.
  2. Select Run Compliance from the menu. A compliance report will be generated for each device or adapter instance.

For more information about compliance checks and reporting, refer to the CLI Golden Configurations and JSON Golden Configurations documentation.

ⓘ Note:

You can also view compliance details for:

  • The entire tree by clicking the Tree Statistics (Tree Statistics Button) button located at the upper-left of the tree visualization.
  • The selected node via the Node Details tab.

Tree Versioning

A Golden Configuration can maintain multiple versions of its tree, allowing you to track changes to the Golden Configuration and revert to previous versions if necessary. The name of the selected tree version is displayed directly above the base node -- by default, it is initial.

To create a new version:

  1. Select the Change Version (Change Version Button) button located to the left of the active version name. A drop-down menu will appear.
  2. Click the Create New Version (+) button located next to the drop-down. The drop-down will be replaced by a text input field.
  3. Enter the name of the new version into the text input field.
  4. Click the Save (✔) button. The new version will be created and made active.

If multiple versions of the tree exist, you can switch between them at any time via the aforementioned Change Version (Change Version Button) button.

Further Reading

Now that you're acquainted with the basics, proceed to one of the following linked documents for specific detail on:

Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.