About network spans
This topic describes various types of network spans in TrueSight Network Automation.
Types of network spans
TrueSight Network Automation refers to network spans that can include:
- One device
- A static group of devices
- An auto group or a combo group of devices
- A realm
- All devices in the entire network
Network spans are used to improve efficiency when performing network change and configuration management (NCCM) operations across multiple devices. Network spans can be used in the following operations:
- Job actions: Submit an action (for example, snapshot) for all devices in a network span.
- Policies: Policies are applied to specific devices in a network span. For example, open an Incident ticket in BMC Remedy ITSM for any compliance violation detected on devices supporting the
- Rule sets: Audit a set of configuration standards for a network span.
- Reports: Generate a report for all devices in a network span.
- Vulnerability mitigation: From the Dashboard, monitor discrepancies and compliance violations by devices and groups.
- User security: Restrict a user to one or more realms.
Devices and realms
Each device belongs to a single realm. When you initially install TrueSight Network Automation, all devices belong to a single realm called Default. Realms are not exposed on the user interface until more than one realm is defined by the administrator. Realms are managed under Network > Realms in the TrueSight Network Automation user interface.
Realms, if used, enable a single TrueSight Network Automation instance to securely manage networks that belong to multiple tenants.
For example, a realm could represent:
- A customer's network managed by a service provider
- A network managed by a specific IT group
- A set of devices (for example, firewalls) managed by a specific IT group
- A production and lab network managed by different teams
Users are granted access to one or more realms based on their assigned roles. For more information, see Securing access through user roles.
You can use groups to manage operations across a common set of devices. TrueSight Network Automation supports the following types of groups:
- Static group: A logical grouping of devices as specified by the user. All devices in a static group belong to the same realm.
Auto group: Logical grouping of devices based on a device attribute defined as a dynamic field (for example,
Customer) or a device attribute that was manually assigned or automatically discovered by TrueSight Network Automation (for example,
OS Image Name,
Model). Auto grouping means that TrueSight Network Automation manages the group members based on assigned values to fixed and dynamic fields. Auto groups can be used in policy conditions, span actions, compliance auditing and reports. TrueSight Network Automation manages the groups when devices or attributes are added, changed, or deleted from the system. All devices in an auto group belong to the same realm. For example, you could have
Switches.Location.ATLrepresenting device groups in Atlanta belonging to three realms:
Auto grouping by fixed fields is defined under Admin > System Parameters.
Fixed Field Examples
Vendor.Cisco, Vendor.Extreme, Vendor.Foundry
DeviceType.Cisco IOS Switch/Router, DeviceType.= BigIP
Device Category Category.Router, Category.Firewall, Category.Other
OS Image Name
OS_Cisco.IOS 12.1(22)EA5, C2940-I6Q4L2-M
OS Major/Minor Release
In the following example, the administrator elected not to auto group by Device Type, Device Category, and OS Major or Minor Release.
When adding or editing a device dynamic field, you can set the field for auto grouping. For example, you may want to auto group devices by defined access control lists (ACL) in the running configuration. This allows engineers to identify which devices use the common ACL when updating the ACL.
- Combo group: Logical AND, OR, NOT of static groups and/or auto groups to define a resultant group. For example, all Cisco 1760 routers in Miami could be specified as the logical AND of two auto groups,