Important This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

About network spans

This topic describes various types of network spans in TrueSight Network Automation.

Types of network spans

TrueSight Network Automation refers to network spans that can include:

  • One device
  • A static group of devices
  • An auto group or a combo group of devices
  • A realm
  • All devices in the entire network

Network spans are used to improve efficiency when performing network change and configuration management (NCCM) operations across multiple devices. Network spans can be used in the following operations:

  • Job actions: Submit an action (for example, snapshot) for all devices in a network span.
  • Policies: Policies are applied to specific devices in a network span. For example, open an Incident ticket in BMC Remedy ITSM for any compliance violation detected on devices supporting the Business Services.Corporate_Email policy.
  • Rule sets: Audit a set of configuration standards for a network span.
  • Reports: Generate a report for all devices in a network span.
  • Vulnerability mitigation: From the Dashboard, monitor discrepancies and compliance violations by devices and groups.
  • User security: Restrict a user to one or more realms.

Devices and realms

Each device belongs to a single realm. When you initially install TrueSight Network Automation, all devices belong to a single realm called Default. Realms are not exposed on the user interface until more than one realm is defined by the administrator. Realms are managed under Network > Realms in the TrueSight Network Automation user interface.

Realms, if used, enable a single TrueSight Network Automation instance to securely manage networks that belong to multiple tenants.

For example, a realm could represent:

  • A customer's network managed by a service provider
  • A network managed by a specific IT group
  • A set of devices (for example, firewalls) managed by a specific IT group
  • A production and lab network managed by different teams

Users are granted access to one or more realms based on their assigned roles. For more information, see Securing-access-through-user-roles.

Groups

You can use groups to manage operations across a common set of devices. TrueSight Network Automation supports the following types of groups:

  • Static group: A logical grouping of devices as specified by the user. All devices in a static group belong to the same realm.

  • Auto group: Logical grouping of devices based on a device attribute defined as a dynamic field (for example, Location, Customer) or a device attribute that was manually assigned or automatically discovered by TrueSight Network Automation (for example, Vendor, Device Type, Category, OS Image Name, Model). Auto grouping means that TrueSight Network Automation manages the group members based on assigned values to fixed and dynamic fields. Auto groups can be used in policy conditions, span actions, compliance auditing and reports. TrueSight Network Automation manages the groups when devices or attributes are added, changed, or deleted from the system. All devices in an auto group belong to the same realm. For example, you could have Firewalls.Location.ATL, Routers.Location.ATL, and Switches.Location.ATL representing device groups in Atlanta belonging to three realms: Firewalls, Routers, and Switches.

    Auto grouping by fixed fields is defined under Admin > System Parameters.

    Fixed Field

    Examples

    Vendor

    Vendor.Cisco, Vendor.Extreme, Vendor.Foundry

    Device Type

    DeviceType.Cisco IOS Switch/Router, DeviceType.= BigIP

    Device Category

    Category.Router, Category.Firewall, Category.Other

    Model

    Model_Cisco.1720, Model_Dell.3348

    OS Image Name

    OS_Cisco.IOS 12.1(22)EA5, C2940-I6Q4L2-M

    OS Major/Minor Release

    Release_Cisco.IOS 12.3

    In the following example, the administrator elected not to auto group by Device Type, Device Category, and OS Major or Minor Release.

    AutoGrouping.png

    When adding or editing a device dynamic field, you can set the field for auto grouping. For example, you may want to auto group devices by defined access control lists (ACL) in the running configuration. This allows engineers to identify which devices use the common ACL when updating the ACL.

  • Combo group: Logical AND, OR, NOT of static groups and/or auto groups to define a resultant group. For example, all Cisco 1760 routers in Miami could be specified as the logical AND of two auto groups, Model_Cisco.1760 and Location.Miami

Related topic

Managing-network-spans

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*