I am going to show you how to discover one of the best kept secrets within Cisco’s portfolio. A service that when our customers become aware of it, it becomes a must-have for their environments!
There is no man behind the curtain, pulling strings, making various noises and effects like the famous movie inferred by the title of this blog. This blog is about CMCS– Compliance Management and Configuration Service. What’s that you ask? CMCS is a service that utilizes the head end management system to the collector Cisco uses in its Network Optimization Service (NOS). CMCS is a powerful compliance, management and configuration service.
For example, what would it feel like if you could say with certainty, on any given day, that your network was in compliance with the chosen security standard for your company or industry?
NOS is a highly successful service that takes collected network statistics and sends them back to Cisco where engineers perform many valuable analyses and report their findings and recommendations to the customer. This helps Cisco customers optimize and run their networks much more efficiently. Yet there is another aspect to this collection and architecture that has laid somewhat dormant when compared to the success of NOS, and that is CMCS.
CMCS allows not only allows the NOS recommendations and changes to be rapidly implemented while maintaining compliance to industry or company standards, CMCS is a capable of delivering configuration, compliance, workflow, and software management capabilities independent of NOS.
CMCS can be deployed in a hosted, on premise or hybrid model as shown below:
Both the head-end (NCCM) and the collector (CSPC) were part of the Pari acquisition in early 2011. CMCS has 4 main functional components and I will walk each in a separate blog and in the order the title of the service implies. This blog will be about CMCS Compliance capabilities.
CMCS Compliance Capabilities
When I hear the word compliance- I hear audit- and lots of them. It throws me back to the days when I was a nuclear officer in the Navy running 2 large reactors. There were the occasional dreaded times of “Audits”, and we had audits for our audits, given the sensitive environment we were operating. I was an operations guy in an engine room, along with 80 or so other folks, trying keep the ship running . We had a certain Senior Chief QA lead who ran the ships audits and he made my life almost unbearable about once a month conducting audits. Yet I knew that these intensive audits insured we were operating safely.
In today’s networks, where there can be thousands of network devices and connections, ensuring and maintaining security compliance can be a daunting task. Yet audits are essential, given the current security threat environment.
CMCS has amazing audit/compliance capabilities. Right out of the box you get the standard industry audits- PCI, HIPAA, NSA, NERC and many more. Need a custom company audit based off of say…..SOX- no problem- copy the SOX audit – modify and save as your custom audit and schedule. Awesome right? That is just the beginning.
- Audit your environment (Cisco and many non-Cisco network gear)
- Easily customize out of the box industry audits to suit your company’s specific requirements
- Flag and auto-fix non compliant devices in your network
- Maintain compliance by stopping configuration changes that violate compliance standards
In a recent blog, CMCS saved the day for a company with immediate compliance concerns.
“We recently saw a situation at a large financial institution where the customer was facing a security audit that they were most likely going to fail. They called us for help. In just two-and-a-half weeks following service activation we had updated nearly 2,000 configurations and the company passed their security audit. They were so pleased with our performance they gave us 23,000 devices to manage for policy, configuration, and change.”
CMCS is a subscription service with comprehensive capabilities. Below is a quick video overview of CMCS and in the next blog we will talk about CMCS’s management capabilities.