If you were talking to someone whose organization is considering BMC TrueSight Network Automation, what would you say?
How would you rate it and why? Any other tips or advice?
I would rate BMC TrueSight Network Automation a nine out of ten and I would recommend it.
My advice would be to holistically look, at a macro level, at all the tools you're using in your environment. If you're already using some BMC tools, there's a compelling argument to using TrueSight because of the opportunities for integration of those products. The biggest lesson that we've learned using Network Automation is that change is painful. We were using HPNA for a long time, and we had built toolsets around that. Some products have functionality that's better than others, and it's a matter of tracking that and making sure that you understand the toolset prior to deployment. We have deployed TrueSight in our Dev, Staging, and Prod environments but we're not using it fully yet. We're still using BPPM in production at this time. Regarding the solution's capabilities in analyzing and fixing security vulnerabilities through patching or configuration changes, we don't have that tool suite deployed. TrueSight isn't really meant for that from a security perspective. It's really performance-monitoring that we're leveraging at this time. We didn't buy any of the add-on pieces for security monitoring. We're a managed security services shop. Our clientele is mostly government-based. We keep getting contracts. We've got five bids underway right now. As the bids expand and we win more business, we deploy into the environment. As we deploy into the environment, we have a need for more licensing. That's typically how we've handled things in the past. We are growing the service and growing the business based on the number of contracts that we get in-house. The more contracts we win, the more business BMC gets, and everyone's happy at the end of the day. I would rate Network Automation at seven out of ten. It's a good product, it's relatively stable, but we have seen some issues, stability-wise, with the server. We have to stay on top of that, make sure we're monitoring it, to make sure it's doing what it's supposed to do. The interface is a little clunky at times, but it works well for what it does. From a configuration management perspective, it's excellent. It really does a good job there. As I said, I'd like to see tighter integration with Entuity. Because Entuity is doing that monitoring already for the endpoint devices, I'd like to see a little more collaboration between those teams. That would allow me to give higher marks.
I have been implementing the out-of-the-box compliance piece based off CIS, for example. For customized compliance, it takes some effort to implement things. If the device configuration is quite complex, then you have to do quite number of customizations in the DNA tool for out-of-the-box compliance. These regular expressions have to be modified based on the requirements of the compliance. It has been quite helpful for configuration management and provisioning when it comes to projects. If you don't have the backups and it's not in your setup configuration, then you just have to do it manually. It is helpful if you schedule daily or weekly archiving for your config groups. Then, you can go by what are in those configuration groups, before and after, if you make changes. So, configuration management is really helpful in network management. On the dashboard, you can see that there is an X icon in the startup, which is different from the running configuration. So, you can see from the dashboard that there is a difference between two configurations, as well as the events being provided by the device. This can be checked on the dashboard. The tool can show drifts between your compliance from your phase two standard and running config. For that, it can be helpful on a normal configuration. I'm not really exploring the vulnerabilities side of using the tool. If you are looking into this type of solution, you will need to have internal and external networks. I would recommend this solution.
My advice to someone who is looking into using it is that they need to be pretty familiar with regular expressions. That's what's used to write the rules. In terms of configuration, it can be a complicated platform. The learning curve will vary by individual.