Performing and Updating Audits
A single configuration audit run when a service is deployed is good, but does not necessarily add to your network high availability. As changes are made to the network, you must go back and ensure that those changes have not had unexpected consequences. Also, as technology advances, you need to update configurations and, in turn, update the configuration templates and audits that are used to build the network. Just as with the initial planning for configuration templates and audits, it is better to divide the tasks into functional areas. You must also determine how often each functional area needs to be updated and the processes by which ad hoc changes are to be made.
Auditing Intervals
Setting up auditing intervals makes the difference between being overloaded by an avalanche of information and not having the information necessary to make all the proper decisions. In planning the interval for configuration audits, take into account internal organization requirements as well as laws and regulations under which the company may fall, such as Sarbanes-Oxley. For functional areas with glacial or static changes, such as interface physical attributes, an audit every six months may suffice, but for areas where technology and threats change rapidly, it may be necessary to conduct an audit every week, or even more often. Table 21-3 is an example of an audit schedule for configurations.
Table 21-3. Auditing intervals
Configuration module | Audit interval | Comments |
|---|---|---|
Chassis ... |
Get JUNOS High Availability now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
