Final Deployment Strategy

When the pilot phase has been completed within the limited-production network, begin the full NAC implementation phase. The implementation phase includes several steps to ensure software/hardware upgrade and configuration success, including these:

Step 1 Slow-start implementation

Step 2 Final software certification

Step 3 Upgrade preparation

Step 4 Upgrade and client software automation

Step 5 Final validation

The slow-start NAC implementation process ensures that the new technologies have full exposure to the production environment before final validation and full-scale conversion. It is recommended to start configuring only some devices (NADs) within the production network and allow at least one day of exposure within the NAC environment before moving on to the rest of the network. In some cases, continuing in monitor mode during the initial deployment is recommended. This way, you can continue to do more reconnaissance and measure the impact more effectively. Upon final validation, the organization can more rapidly deploy the NAC solution with a much higher confidence level. Some organizations do this right after the limited-production pilot; however, in large environments, it is recommended to carefully use the slow-start strategy.

When starting the full-scale deployment, all devices identified for upgrade should be reviewed and validated using the device inventory that was collected during the readiness assessment, along with a matrix of the minimum Cisco IOS, CATOS, and other software standards, to ensure that the minimum requirements are met.

TIP If a large number of similar devices (such as Cisco IOS routers or switches) need to be upgraded, it is strongly recommended that you use an automated method or tool. Automation has been shown to improve upgrade efficiency and to improve the percentage of device upgrade successes on large deployments. You can use the Cisco's SoftWare Image Manager (SWIM) tool of CiscoWorks Interface Configuration Manager (ICM), Resource Manager Essentials (RME), or any other partner tools, such as Great Bay Software.

During the deployment phase, it is recommended to create standards with configuration templates and maintain a configuration version-control system. A configuration version-control system upholds the running configurations of all the network-access devices. This information is useful for troubleshooting and change audits. When troubleshooting, you can compare the current running configuration to previous working versions to help understand if a configuration is linked to the problem in any way.

Was this article helpful?

0 0

Post a comment