- 18 Oct 2024
-
DarkLight
-
PDF
Golden Configuration Overview
- Updated on 18 Oct 2024
-
DarkLight
-
PDF
To ensure the smooth operation of your network, it's important to quickly identify and remedy situations in which your devices are not configured as intended. This can happen in any number of ways: mistakes can be made during initial deployment, and any network can fall victim to configuration drift when left unchecked.
Golden Configurations, which are available in the IAP Configuration Manager application, can help you take proactive measures against such vulnerabilities. They are the "master" configuration to evaluate a network's running configurations, providing valuable information that can be used to drive maintenance and remediation efforts.
In this guide, you will learn foundational knowledge about Golden Configurations, including:
- How Golden Configurations work.
- How to create Golden Configurations.
- How to navigate the Golden Configuration user interface (UI).
- How to manage a Golden Configuration tree.
How Golden Configurations Work
Golden Configurations are organized as a hierarchical, tree-like structure of nodes, each associated with a baseline configuration pattern. Child nodes inherit the configuration of their parent by default, though they can be specialized after creation. Devices or adapter instances are then linked (added) to these nodes, allowing their current state to be graded against the related configuration.
Two types of Golden Configurations exist:
- CLI Golden Configurations, which measure device compliance.
- JSON Golden Configurations, which measure the compliance of services that communicate with IAP via adapters.
For specific information about each type of Golden Configuration, refer to the linked documentation.
How to Create Golden Configurations
Golden Configurations can be created from the Configuration Manager homepage:
- Click the Create (+) button located at the top of the side navigation menu. The Create modal will open.
- Select Golden Configuration from the drop-down. The modal will finish populating.
- Type a name for the Golden Configuration into the Name field.
- Select which type of Golden Configuration to create.
- If you are creating a CLI Golden Configuration, select an appropriate configuration parser from the drop-down. This determines the syntax that will be used in your node configurations. For example, if you are using the Golden Configuration to manage Cisco IOS devices, select cisco-ios. More information is available in Configuration Parsers.
- Click Create. The newly created Golden Configuration will display.
How to Open Golden Configurations
To open a Golden Configuration that already exists, select the Golden Configurations drop-down from the side navigation menu and click the Golden Configuration you would like to open.
Figure 1: Configuration Manager Homepage
You can also browse Golden Configurations using the card-based Collection modal:
- Click the Search (🔍) button located at the top of the side navigation menu. The Collection modal will open.
- Click the Golden Configurations tab. Collection card elements are referenced in the table below.
Figure 2: Collection Modal
Label | UI Element | Description |
---|---|---|
1 | Toolbar | An assortment of buttons used to perform collection management actions. From left to right, they are: Refresh, Import, Select All, Delete, and Export. |
2 | Search Bar | Searches the collection by Golden Configuration name. |
3 | Sort By | Determines what order the Golden Configurations are displayed in. |
4 | Pin | Pins the Golden Configuration to the Configuration Manager homepage. |
5 | Selection Box | Selects the Golden Configuration for bulk actions, such as deletion or export. |
6 | Menu Button | Opens a menu that allows you to Edit, Delete, or Export the Golden Configuration. |
Navigating the Golden Configuration UI
Upon creating or opening a Golden Configuration, you will be presented with the following interface. In general, actions that affect the Golden Configuration tree are performed on the left side of the UI, while actions that affect the selected node are performed on the right.
Figure 3: Golden Configuration UI
Label | UI Element | Description |
---|---|---|
1 | Menu | Opens a menu that allows you to view the metadata of, delete the current version of, or delete all versions of the Golden Configuration. |
2 | Golden Configuration Tree | Provides an interface for managing the Golden Configuration's tree and the individual nodes within it. |
3 | Tabs | • The Node Details tab displays information about the current state of the selected node. • The Configuration tab allows you to define the node's baseline configuration. • The Devices & Groups/Manage tabs allow you to associate devices or adapter instances with the selected node, respectively. Tab availability is dependent on the Golden Configuration's OS type. |
Golden Configuration Tree
Newly-created Golden Configurations have a one-node tree, consisting only of the base node (of which any additional nodes will be children). From the tree structure visualization, you can:
- Select a node for editing by clicking it.
- Add nodes to, or delete nodes from, the tree.
- View compliance statistics for the entire tree or a selected node.
- Create new versions of the tree.
Adding and Deleting Child Nodes
To add a child node to the tree:
- Hover over an existing node's menu (⋮) button. A menu of node management actions will appear.
- Select Add Child from the menu. A new node will be created, inheriting its configuration from the parent.
The process for deleting a child node is nearly identical; just select Delete from the menu instead.
Figure 4: Creating Child Nodes
Running Compliance Against a Node
To run a compliance check against all devices or adapter instances assigned to a node:
- Hover over the node's menu (⋮) button. A menu of node management actions will appear.
- Select Run Compliance from the menu. A compliance report will be generated for each device or adapter instance.
You can also view compliance details for:
- The entire tree by clicking the Tree Statistics () button located at the upper-left of the tree visualization.
- The selected node via the Node Details tab.
Tree Versioning
A Golden Configuration can maintain multiple versions of its tree, allowing you to track changes to the Golden Configuration and revert to previous versions if necessary. The name of the selected tree version is displayed directly above the base node -- by default, it is initial.
To create a new version:
- Select the Change Version () button located to the left of the active version name. A drop-down menu will appear.
- Click the Create New Version (+) button located next to the drop-down. The drop-down will be replaced by a text input field.
- Enter the name of the new version into the text input field.
- Click the Save (✔) button. The new version will be created and made active.
If multiple versions of the tree exist, you can switch between them at any time via the aforementioned Change Version () button.
Related Reading
Now that you're acquainted with the basics, proceed to one of the following linked documents for specific detail on: