Q: Does the Network Auto-Discovery only use SNMP? Or what other ways to discover?
A: The network auto-discovery uses SNMP, CLI and/or syslog as way to discover and collect information from the network devices. The platform also uses network data like ARP to understand the relationship between devices.
Q: If the device doesn’t have SNMP, how does Network Automation identify these or are they just identified as an “unknown device”?
A: The platform uses a range of data including, but not limited to SNMP. The routing and ARP tables also help identify a new device on the network and attempt to determine the type of device. If not enough information is available at time of discovery, users will receive an alert of the new device.
Q: On slide 21 you mentioned track who made a change, but we still use a 3 level user change policy so you can only see at which level the violation was made, not who made the change, how does that work?
A: If users leverage the change automation component within NetMRI, there are unique user names and access rights associated with each person. If the changes occur through CLI or another platform, NetMRI will collect the information from that change. However, if there is one “name” or “account” (such as everyone uses Admin), the user will be the same, but will still track what changed in each configuration.
Q: As an existing Infoblox customer what are all the licensing options / modules for the features discussed today?
A: For existing Network Automation customers (including Switch Port Manager and Automation Change Manager), there is an upgrade license based on the number of managed devices to enable the NetMRI/compliance functionality. Typically, the same appliance can handle the new functionality, but please check with your account rep to ensure proper sizing. If you’re a customer of Triznic DDI (our DNS, DHCP and/or IP address management solution), you need to purchase a new appliance and device licenses.
Q: When will you support Allied Telesyn devices?
A: We currently support the Allied Telesyn 8200 switches.
Q: How do you get info from devices that are not in control of the network team, such as laptops?
A: NetMRI manages layer 2 and 3 network devices and has the ability to detect end-points (but not manage laptops and servers). The system detects them once they connect to the network.
Q: Are the templates configured to implement (and interpret) different compliance standards – e.g. PCI DSS?
A: Yes, there are different embedded templates including PCI DSS, SANS, DISA STIG and NSA that can be leveraged as is, or customized based on your needs.
Q: How does this automation in Infoblox differ from the blueprints created in VMware vFabric Application Director?
A: This is a comprehensive solution that includes not only discovery, but change automation and compliance.
Q: Is NetMRI IPv6 ready?
A: Yes.
Q: Are tracked network changes classified into compliant changes and non-compliant changes?
A: All changes are detected and archived. If a new change goes against a defined rule or policy, you will receive an alert notification of the policy violation with drill down details.
Q: Does NetMRI have the ability to add users with READ ONLY access?
A: Yes, NetMRI has multiple user-based access controls including ability to make no changes, request but not improve changes, full admin rights and a number of other options.
Q: Are these policy templates downloadable from somewhere?
A: The policy templates are continually updated and are available during our normal release cycle. For example, our 6.6 release updated over 100 rules for the current DISA STIG standard.
Q: Can the reporting of changes be tied to a change management system?
A: Yes, NetMRI has both and in-bound and out-bound API that allows integration into change management systems as well as other platforms.