Best Network Configuration Management Tools and NCM Software

Network configuration is establishing a network’s controls, flow, and operation. Network configuration management (NCM) is responsible for the setup and maintenance of your network devices along with the firmware and software they have installed. Changes to the settings on a device can undermine your network security and damage the privacy of your users.

So, keeping track of those settings is very important. The firmware that operates your network devices is also a potential security weakness of your system configuration. Equipment manufacturers constantly revise the firmware and release updates and patches to block newly-discovered exploits. So, keeping that firmware up to date is very important.

Regardless of the size of your network, it inevitably becomes difficult to track the firmware on each device, so installing a network configuration management tool is a must.

Here is our list of the best network configuration management (NCM) tools:

  1. SolarWinds Network Configuration Manager EDITOR’S CHOICE Top-of-the-line configuration manager that runs on Windows Server. It will manage all makes of network devices but has extra functionality for Cisco equipment. Download the 30-day free trial.
  2. FirstWave Open-AudIT (FREE TRIAL) An automated asset discovery tool that creates a hardware, software, and firmware inventory and stores device configurations. Installs on Windows Server and Linux.
  3. ManageEngine Network Configuration Manager (FREE TRIAL) Written to network change, configuration, and compliance management (NCCCM) standards, this tool can run on Windows Server or Linux.
  4. ConfiBack Named as a contraction of “configuration backup,” this tool is free to use and runs on Windows, Linux, and Mac OS.
  5. WeConfig Free configuration manager for industrial networks.
  6. rConfig Free configuration management tool that runs on Linux.
  7. Net LineDancer NetLD runs on Windows Server and Linux. Its services include automatic device discovery and monitoring.
  8. TrueSight Network Automation Compliant with a list of data security standards, this tool installs on Windows Server and Linux.
  9. Device 42 Available for installation or as a Cloud-based service, this tool monitors your network constantly for device errors as well as protecting and updating configurations. Runs on Windows and Mac OS.
  10. Lan-Secure Configuration Center After autodiscovery and device config backups, this monitor will prevent all unauthorized changes to the setup of your equipment.

Network Configuration Manager Criteria

Network configuration managers enable you to keep track of the statuses and operations of your network devices. So a NCM tool needs to:

  • Establish a configuration baseline
  • Backup configuration snapshots
  • Monitor for unauthorized configuration changes
  • Enable settings rollbacks
  • Distribute firmware updates

Those are the basic functions that you need from a network configuration management tool. Some nice extras are:

  • Auditing for standard compliance
  • Bulk configuration updates
  • Firmware patch management
  • Customizable user accounts for teams

The best network configuration management (NCM) tools

The list we created, making sure to cover all the essential requirements of a configuration manager, turned up some star finds. These go above and beyond your basic configuration needs to provide you with a wealth of features

Our methodology for selecting network configuration management tools

We reviewed the market for network configuration management software and analyzed the options based on the following criteria:

  • A service that is able to discover all network devices and log them in an inventory
  • A scanner that reads in all device settings and presents them in a dashboard screen for standardization
  • A utility that takes an image of standard-setting and applies it to all relevant devices
  • A configuration backup service that will restore approved settings on a device after tempering
  • An action log that is available to system security auditors
  • A free trial for a risk-free assessment period or a money-back guarantee
  • Value for money that is represented by useful functions that will improve efficiency

Take a read through the descriptions of each of these suggestions.

1. SolarWinds Network Configuration Manager (FREE TRIAL)

SolarWinds Network Configuration Manager - Config Summary view

SolarWinds offers the industry-leading Network Configuration Management solution. This tool is built on the company’s Orion platform, which is a common platform for a suite of system administration tools. So, the Network Configuration Manager will dovetail with other SolarWinds systems administration tools. If you are in the market for a complete network management system, the Network Automation Manager package would suit you. This includes the Network Performance Monitor and the NetFlow Traffic Analyzer to keep tabs on the availability of your network equipment. The Network Configuration Manager ensures that your network devices don’t get tampered with and that you can roll back from mistakes made when adjusting their settings. Added to those functions are a switch port mapper, an end-user tracker, a WAN performance monitor, and an IP address manager.

Key Features:

  • Standardizes settings
  • Stores an image
  • Monitors for tampering
  • Restores settings
  • Automates onboarding

Why do we recommend it?

SolarWinds Network Configuration Manager is a vulnerability scanner and a device settings protector. The tool guides on how to tighten security in the configurations of each device type. You set up one device perfectly and then take an image of that setup. That image gets stored and can then be applied to all devices of that type.

So, SolarWinds is able to offer you a complete solution. This is a suite of monitoring programs that are suitable for a large network. If you already have network monitoring software on-site and you only want to get a configuration manager, then the SolarWinds offering is still a very good system. The SolarWinds Network Configuration Manager covers all of the priorities that you need to keep control of your network devices.

SolarWinds Network Configuration Management

The installation process includes a system scan that discovers all of your devices and stores snapshots of their current configurations. From then on, when you want to alter the configurations of your devices, or just want to update one, you make those changes through the manager tool. The configuration manager is able to interact with a long list of device brands, so you don’t have to worry about restricting your equipment purchases to one vendor in order to keep your configuration management simple. That said, the tool does have a few more features that work with Cisco equipment than it can provide for the products of other manufacturers.

The Cisco enhancements include the integration of checks with the Cisco National Vulnerability Database into audit sweeps. This gives you very powerful alerts to shortfalls in security that can be obliterated quickly with a patch, an update, or an adjustment in the settings of a network device. If you have a Cisco Adaptive Security Appliance, the SolarWinds Network Configuration Manager gives you insights into the device’s settings and helps you manage and audit access control lists. The configuration manager will check for updates and patches to your ASA’s firmware and install them automatically. You get a similar service if you have a Cisco Nexus. The Network Configuration Manager is also a network software updater that will help you update and audit its access control lists and give you virtual defense context support for parent/child relationships.

The automation of network configuration tasks means that you don’t need to take equipment offline or work overnight when you need to alter the settings of your network devices.

SolarWinds NCM - Baseline Diff view

The auditing module of the Network Configuration Manager lets you demonstrate compliance with security standards. You will be able to spot unauthorized configuration changes and roll them back instantly with this tool. You can even automate the correction of those changes as well as a lot of other routine device management tasks.

The Network Configuration Manager maintains a database of configurations for each device. This well-organized, indexed, and searchable archive makes it really easy for you to manually locate a config file should you need to replace a piece of equipment and get all of the settings of the old device uploaded onto the new one. The tool can even monitor the lifecycle of a device and notify you when it is nearing the end of its service life.

The dashboard for the Network Configuration Manager has access control and you decide which user accounts get access to which information in the console. You can also choose not to give access to this tool to certain members of your team.

SolarWinds Network Configuration Manager - Add New Upgrade Operation view

The description of this tool here covers all of the bullet points in the introduction that list the basic and exceptional configuration management features that you should look for. You will notice that there is one feature that the tool doesn’t cover: patch management.

Strictly speaking, patch management is usually the responsibility of a separate tool. This is the case with the SolarWinds division of responsibilities. However, there is a fully-compatible Patch Manager module available from SolarWinds that will keep the firmware of your network devices up-to-date.

Who is it recommended for?

This is a particularly useful tool for large networks that have many switches and routers. You can standardize the settings of each drive and also use stored images to onboard new devices. The tool constantly scans all devices; if it spots unauthorized changes, it restores the saved configuration.


  • Built for medium to enterprise-size networks, with features designed to streamline troubleshooting and revert config settings quickly
  • Can automatically discover new devices on the network and provide templated health reports for immediate insights upon installation
  • Offers configuration management, allowing teams to quickly backup and restore changes that may have impacted performance
  • Can monitor settings for unauthorized changes and specific teams or managers


  • Not designed for home networks, this is an enterprise tool built for system administrators and network technicians

SolarWinds offers you a 30-day free trial of the Network Configuration Manager and the Patch Manager, which installs on the Windows Server environment. The same free 30-day trial offer is available for the Network Automation Manager deal.


SolarWinds Network Configuration Manager is our first choice. An astounding tool for improving the reliability of your network. Ready to deploy out of the box support for an impressive list of network devices and vendors. It’s hard to beat the Config-to-Config Diff View and the Configuration Change Automation features.

Get 30-day Free Trial:

OS: Windows Server

2. FirstWave Open-AudIT (FREE TRIAL)

FirstWave Open-AudIT Dashboard

FirstWave Open-AudIT is an IT asset management and auditing tool that includes strong configuration management services.

Key Features:

  • Device discovery
  • Configuration snapshots
  • Asset locator
  • Compliance auditing

Why do we recommend it?

FirstWave Open-AudIT is an IT asset inventory management system. It provides asset discovery and automatically generates hardware and software inventories. Details of each asset include configuration information, which can be used for vulnerability auditing. The system provides maps to locate each asset and also generates compliance documentation.

A key feature of the FirstWave system is the auto-discovery service. Open-AudIT scans a network and logs every connected device in an asset inventory. The inventory is stored in a database and includes details about each piece of equipment such as the make, model and operating system. When a device is discovered, the system runs audit scripts to document the operating system and identify all of the installed software. This creates a software inventory that supports license management.

The configuration management section of Open-AudIT visits each discovered device and takes a snapshot of its settings. These settings are stored in a database, called Baselines. Once a baseline has been established for each device type, it is possible to compare the settings for all devices of that type and highlight any discrepancies.

The discovery process can be scheduled to suit any requirement, further making it possible to compare the settings on the same device over time. This illustrates any unexpected changes that have been made. The Baselines system can also be used to reimpose standard settings if a device experiences a disaster or is replaced.

FirstWave Open-AudIT Queries

The asset inventory is made available in the system dashboard as a list of devices with click-through details available. Discovery processes can reach out to the Cloud, identifying company resources there, and they are also able to identify assets on remote sites. The tool can plot asset locations on a real-world map. This system is based on Google maps and is zoomable. Each location is indicated by a marker that can be queried to see how many devices are on the site.

FirstWave Open-AudIT Maps

The service is able to identify assets that are housed together in a rack. Each element is documented individually and then the rack itself is also scanned for its services. The Open-AudIT service is able to produce a rack visualization that indicates the relative positions of assets held in each rack. It is also possible to group assets by room and by floor.

FirstWave Open-AudIT Racks

The Open-AudIT system is delivered as on-premises software and is available for Windows Server and Linux or it can be used online through a cloud service. It can also be installed over a hypervisor to create a virtual appliance.

The package is charged for on an annual license with a rate set in bands of devices to be monitored. There are three editions of Open-AudIT, which are Community, Professional, and Enterprise. The Community edition doesn’t have many features but it is free to use. The Professional edition is also free to use to monitor up to 20 devices – great for evaluation purposes.

Who is it recommended for?

The most important feature of this system is that it enables you to locate assets. If you run a very small network and don’t need to move from your desk to see all your equipment, you won’t need this system. Open-AudIT is a necessary assistant to large businesses with more assets than they can track.


  • Offers autodiscovery to immediately map and discover new devices
  • Has a free version, great for smaller networks or more in-depth trials
  • Offers automated device discovery and config recovery
  • Detailed filtering options for historical data analysis
  • Capacity tracking helps sysadmin track inventory and makes networks changes based on usage


  • Can take time to fully learn and utilize all features in the platform

The full complement of utilities is only available in the Enterprise edition. This is the only bundle that includes the configuration management service. Cloud discovery and rack visualization are also reserved for the Enterprise edition. However, automatic device discovery is included in every package.

FirstWave Open-AudIT Download FREE Trial

3. ManageEngine Network Configuration Manager (FREE TRIAL)

ManageEngine Network Configuration Manager - Inventory view

ManageEngine is a contender for SolarWinds’ crown as the leader in the network admin software industry. The company sells a series of separate modules that can also fit together and interact to create a unified infrastructure and IT service quality monitoring system. The company’s Network Configuration Manager is a very comprehensive solution to help you ensure the integrity of your network devices. The tool is compatible with multi-vendor environments. It is able to manage configurations for switches, routers, and firewalls plus any other network device type that you have on your system. The tool is designed in compliance with the network change, configuration, and compliance management (NCCCM) standards.

Key Features:

  • Device backup
  • Security scanning
  • Automatic configuration restoration

Why do we recommend it?

ManageEngine Network Configuration Manager is a close competitor to SolarWinds Network Configuration Manager. This system performs all of the functions that the SolarWinds tool offers and additionally, it also updates the firmware of network devices. Like the SolarWinds system, this tool protects network devices against tampering.

Start off by backing up the configuration of all of your network devices into storage in the Network Configuration Manager. This process is automated for you. The ManageEngine tool includes a lot of automated processes that will relieve the burden of maintaining the configurations of your network devices. The next phase of operation is a constant sweep of devices to look out for any unauthorized configuration changes. You can set up actions to be performed automatically when configuration variance is detected.

ManageEngine Network

You can get reports on the differences between the configurations of similar devices and decide on a set of configuration policies, applying different policies to different device types. Once you have standardized the configurations of your equipment, you can update your config backups, giving you a set of standard settings that you can automatically apply to new devices. The update service of the Network Configuration Manager can also be applied in bulk.

The backup store is also useful when you need to roll back from accidental changes or configuration changes that impair performance and need to be reversed.

ManageEngine Network Configuration Manager - Settings view

The configuration management system includes a logging function, which records the users who make changes to the settings of network devices. Those accounts can be suspended automatically, and the information you get out of the logs will show you if a user account has been compromised.

The dashboard for the ManageEngine Network Configuration Manager is very attractive and includes a number of visualization devices to help you spot changes quickly. The console can be adapted for user roles, which makes this a good system for teams supporting a network.

ManageEngine Network Configuration Manager - Tools view

The final benefit of the configuration manager is its ability to poll for patches and updates for the firmware of your network devices. When new software is available, the manager will roll it out and update all appropriate devices. So, you get an integrated patch manager with this tool.

Who is it recommended for?

This system is suitable for businesses of all sizes. Very small businesses with only two network devices to manage can use the Free edition. The base price for the lowest-paid edition covers 10 devices, which is also suitable for SMBs. Very large businesses with more upto 50,000 devices can use this tool.


  • Offers firmware vulnerability management alongside configuration monitoring
  • Can immediately alert when changes occur inventory or configuration changes are made
  • Can neatly organize networks, devices, and infrastructure to support multi-site use
  • Offers access control to help enforce compliance standards
  • Available for Windows, Mac, and Linux systems


  • Is a full-service monitoring platform that can take time to fully explore all options available

This system is better suited to middle-sized and large networks. The software installs on Windows and Linux. There is a free version of the Network Configuration Manager, which is limited to two devices. There probably aren’t many networks out there that only have two devices on them, but this offer would be suitable for a test environment. If you decide to buy, you can try out the system first for free on a 30-day trial.

ManageEngine Network Configuration Manager Download 30-day FREE Trial

Related: Best Linux Patch Manager

4. OnWorks ConfiBack

OnWorks ConfiBack

OnWorks ConfiBack is also known as Configuration Backup. This software is free of charge and you can install it on Windows, Linux, and Mac OS. This is a configuration manager that would fit a small business to protect its network devices. This tool is not nearly as sophisticated as the previous three options on this list. However, if you have no money for a configuration manager, getting ConfiBack is a much better option than going without.

Key Features:

  • Free to use
  • Back-up device configurations
  • Good for small networks

Why do we recommend it?

OnWorks ConfiBack provides a free backup storage service on cloud servers. The system requires the download of an agent onto one of the endpoints on your network to back up the configurations of all of your devices. You can use the stored image to check for changes manually and then restore if necessary.

You need to prompt the system to back up configurations for devices. However, you can schedule the backup process to take place regularly. Change detection is an interface-supported manual process. You need to back up the current version of a device and then compare it to the original backup with a diff command. This process synchronizes the lines in two files and outputs those lines that are different. The results of this utility are saved to a text file.

The ConfiBack software is an open-source project, so you can comb through the programming code if you want. This openness is a common method of ensuring users that there are no hidden security weaknesses in programs and that they do not contain hacker code.

Who is it recommended for?

If you don’t think you have the budget for a network configuration manager, sign up for this service – it’s free. OnWorks offers lots of free stuff, including cloud servers and Web hosting, so if you are a penniless startup or a hobbyist looking for a launchpad, take a look at their site.


  • Very lightweight tool – can run on practically any machine
  • Easy installation and setup – access via a simple web interface
  • Highly customizable through Python scripting


  • No CLI management is available
  • Not ideal for large environments
  • Lacks support for team logins with access control

The free ConfiBack software doesn’t include any user authentication procedures and it doesn’t have a patch manager module.

See also: Best Network Configuration Backup Software

5. WeConfig


WeConfig is billed as a configuration manager for industrial networks. The tool is a product of Westermo, which makes durable network equipment for shop-floor environments. The configuration manager is really only meant for Westermo devices. However, it also works with the network equipment of other manufacturers because it relies on the universal SNMP system.

Key Features:

  • Designed for shop floor equipment
  • Network scanning and logging
  • Backup and restore configurations

Why do we recommend it?

Westermo WeConfig is another free configuration manager. However, the Westermo system is designed for use with industrial equipment. This tool provides network device firmware management and network settings controls. The system also provides an on-demand network scan that compiles a network inventory and topology map.

Anyone can download the WeConfig software for free from the Westermo website. The tool installs on Windows environments. After installing the software, you need to tell it to scan the network. This will compile a network map and log all network devices in the WeConfig database. You can reorganize the network map manually if the display of icons is a little cluttered. Once you are happy with the layout, you can lock it to prevent anyone from accidentally moving or deleting elements. Each icon is a link to details about the device that it represents and an Analysis view shows graphs on the operation of the network equipment on your network. The device database won’t update automatically; you have to issue a scan command again whenever you want the inventory updated.

The configuration manager allows you to command the storage of the configuration of a device to a file and load a configuration file onto a device. You can delete or edit configurations on a device.

The WeConfig system requires a lot of manual intervention. However, this service management enables you to store copies of configurations. In order to check for alterations to device configurations, you would have to task a copy of the current configuration and do a file comparison with the store of the original settings. In order to introduce your own automated procedures, you could set up the collection and comparison of configuration file versions in a batch job.

The features of WeConfig include some useful basic network monitoring functions. However, data gathering is only performed on-demand, so you won’t get alerts on unexpected conditions. The interface doesn’t include any user authentication and you can’t adapt the dashboard, so this is not a tool that you would distribute to a team of administrators. This tool is suitable for small networks.

Who is it recommended for?

We Config is meant for use with factory networks to check on the configurations of shop-floor equipment and network devices. The need for manual intervention to command network sweeps, compare configurations and transfer image files means that it is more suitable for small networks. Administrators of larger networks could use workload automation software for these tasks.


  • Sleek and simple interface – easy to navigate
  • Focused heavily on config automation and provisioning
  • Uses simple yet intuitive visualizations to map device relationships and dependencies


  • Designed for industrial environments – some features may not be applicable for smaller networks
  • Can have a steeper learning curve when it comes to automating tasks

6. rConfig


Another free configuration manager that you could try is called rConfig. This open-source tool is available from the GitHub website. GitHub makes the code of the tool available so you can check through it for security weaknesses or even adapt it to write your own version. The software runs on CentOS and RHEL Linux.

Key Features:

  • Free to use
  • Autodetection
  • Configuration storage to file

Why do we recommend it?

The rConfig package is another free configuration manager. This tool provides more task automation than ConfiBack and you can integrate it into workload automation and network monitoring tools. The tool can also be run at the command line for easier use in batch files. Unfortunately, the latest version is not free to use.

The tool is able to detect all of your network devices and you can command it to copy off the configurations of each into files. The recording of configurations can be scheduled, giving you a regular view of statuses. All actions can be performed on all devices, on categories of devices, or on individual devices.

The checks on changes in configurations require some manual intervention and are based on a file comparison model. You can distribute configurations from the file store out to devices. Again, this can be broadcast to all devices, an update of just one category of device, or to an individual device. You can set policies in the rConfig system and use the Configuration Compliance Manager to check that all the configurations on your network comply with those specifications.

A shortfall of rConfig in comparison with other tools on this list is that it doesn’t include any user authentication, so it should only be installed on one secured computer. This means that the tool is only suitable for small networks and not those that are managed by a team.

Who is it recommended for?

The recent update to the rConfig system makes this a superior tool. However, it isn’t free and in fact, it’s quite pricey. This version is suitable for large networks, while smaller businesses could opt for the free older version, which has a less sophisticated interface and not so much automation.


  • Completely free and open source for Linux systems
  • Offers continuous monitoring and autodiscovery of new devices and hosts
  • Can push new configurations as well as take backups of each device’s settings


  • Lacks paid support, bugs and issues may go unresolved for long periods of time
  • Would like to see better visualization options for device relationships

7. Net LineDancer

Net LineDancer

Net LineDancer, which is also known as NetLD, is not free to use, but you can try it on a 30-day free trial. Net LineDancer has all of the features that you need from a configuration manager. It automatically logs all devices and takes a snapshot of their configurations to establish a stored baseline. Subsequent configuration sweeps can identify changes to each device. Those comparisons can also be made on-demand.

Key Features:

  • Autodiscovery
  • Stores an image of each configuration
  • Free version available

Why do we recommend it?

Net LineDancer is designed for use by large networks. The system provides device discovery and inventory creation. It can be used to update multiple devices with the same OS versions simultaneously and then lock configurations and protect the devices from tampering. The service offers a distributed device management option.

The stored configuration files can be re-loaded onto equipment in bulk, by device type, or individually. The software can manage thousands of devices and the monitoring processes can be automated through the tool.

Reporting features of the tool log the users that make changes to the settings of devices. An addition to the software can help you monitor VLANs and VMs. Net LineDancer installs on Windows Server versions and also on CentOS and RHEL Linux. A second product from LogicVein is called Net StreetDancer. This is a cut-down version of Net LineDancer, which covers 80 percent of the capabilities of Net LineDancer. Net StreetDancer, which is also called NSD and netSD, is free to use.

Net LineDancer and Net StreetDancer cover all of the essential functionality that you need from a configuration manager. However, it doesn’t include the higher features that you would need for a team-maintained complex system – it doesn’t have access controls. These two systems also don’t include any patch management functions. Net LineDancer and Net StreetDancer would be ideal for small networks.

Who is it recommended for?

As well as large networks, this tool is designed for use by managed service providers. The software is multi-tenanted and you can create a local collector – or “Smart Bridge” in each client network. The tool provides automated change detection for security management and automated restoration of authorized settings.


  • Available for both Windows and nix operating systems
  • Supports many integrations to centralize config management
  • Supports Cisco PnP devices


  • The interface can feel crowded, especially in larger environments

8. TrueSight Network Automation

TrueSight Network Automation

BMC Software recently changed the name of its network monitoring tool from BladeLogic Network Automation to TrueSight Network Automation. This newly-revamped package is worth a look if you are in the market for a configuration manager.

Key Features:

  • Standards compliance policies
  • Autodiscovery
  • Automatic configuration correction

Why do we recommend it?

BMC TrueSight Network Automation is a vulnerability manager for network devices. The package checks on configurations, highlights security weaknesses, and supports improvements. It stores configuration images and then checks all devices for unauthorized changes, restoring the stored original where necessary. The package also includes a patch manager for firmware.

BMC has done a very nice job with its new configuration system because it has paid attention to the standard requirements with which many data-driven businesses have to comply in order to win contracts and keep to service level agreements (SLAs). Configuration standards are dictated by “policies.” The system ships with pre-written policies that guarantee regulatory compliance with a range of system integrity requirements: NIST, HIPAA, PCI, CIS, DISA, SOX, and SCAP. There doesn’t seem to be a pre-written policy for GDPR yet.

If you are contractually or legally bound to enforce one of these standards, you will be greatly aided in your duties by TrueSight Network Automation. Not only does the system list the settings that network devices need in order to comply with a given standard, it enforces those requirements. This method will save you a lot of time reading through standards documents and trying to work out how to translate the requirements into device settings.

The system starts off by scanning the system, logging all devices, checking for compliance requirements, and adjusting device settings. After that, the monitor will back up all configurations. TrueSight will continue to scan and prevent any changes or alert you when they happen. You can restore standard configurations manually, but the automated option of TrueSight will perform that task for you.

The console of TrueSight Network Automation can be allocated in sections to different user groups. This will allow you to make different dashboards available for different team members.

Changes to configurations and updates to firmware can be rolled out in bulk. The system will detect new patches and updates and alert you to them; these will then be installed automatically on all relevant devices with your approval.

TrueSight Network Automation has a companion module, called TrueSight Vulnerability Management. This optional extra will scan for security threats and block them. It also keeps in touch with vendor sources and the NIST National Vulnerability Database to detect security weaknesses and alert you to the need to patch the system when a relevant solution is made available. This vulnerability monitoring applies to servers as well as to network devices.

The tool can be installed on Windows Server and RHEL and Ubuntu Linux. You have to pay for this network configuration software. Although BMC offers free trials for some of its products, there aren’t free trial periods available for True Sight Network Automation or TrueSight Vulnerability Management.

Who is it recommended for?

BMC provides a suite of cloud-based automation tools and so if you are already a user of BMC Control-M or Helix services, you will be attracted by the TrueSight Network Automation option. The package also provides system documentation and security auditing proof, which is needed for compliance reporting.


  • Comes with numerous pre-configured workflows to start managing configs right away
  • Can set automated standards that help maintain compliance for standards like HIPAA, PCI DSS, NIST, and SOX
  • Can automatically recover devices to their last known “good” state


  • The interface is fairly bare-bones and tougher to navigate than competing products

9. Device42


Device42 is an impressive combination of infrastructure management modules. The tool includes IT asset management, IP network address management, data center infrastructure management, and configuration management. If you operate a data center whether for in-house services or as an external provider, you should pay attention to this configuration management option. The accompanying functions of this tool make it extremely interesting for data centers.

Key Features:

  • SaaS or on-premises
  • Configuration backup
  • Settings protection

Why do we recommend it?

Device42 is an ITIL-based IT asset management package. It provides documentation for all assets, which includes endpoints, network devices, software packages, and cloud services. This tool can identify all of your devices and it will create an asset inventory. This is a good tool for documenting your system and identifying firmware versions.

The Device42 system is available for on-premises installation or as a cloud-based service. Installation begins by logging an inventory of your equipment and backing up the configurations of each. The monitor sweeps the network continuously to look out for changes in the settings of your network devices. The tracker not only logs all device settings, it records the firmware versions of each. It also covers the operating systems of your servers and all of the applications and software loaded onto them.

The Device42 facilities are all locked off by authentication procedures. You can add new accounts for individual team members, so this tool would be great for middle-sized and large networks that are team-supported.

Device42 is paid for by a subscription. There are three plan levels for the tool, and fortunately, the configuration management module is included in the Core plan, which is the cheapest version of the software. You can get a look at the system with a free online demo. If you want to go ahead and buy the system, you get a 30-day trial period, so you can back out in the first month and get all of your money back. The software can be installed on Windows, Mac OS and you can get it on Linux computers through a virtual environment. You can also integrate the service with Azure, and AWS online services.

Who is it recommended for?

The Device 42 system keeps evolving and it configuration controls for physical devices are giving way to expanded cloud management features. This tool is a good option is your main need is to document all of your assets on a hybrid system and identify the physical, virtual, and procedural connections between them.


  • Can produce automatic topology maps as well as dependency mapping.
  • Offers a unique rack-level visualization to help on-site technicians map physical infrastructure to certain services
  • Designed for both config management and application mapping


  • Initial configuration can be complex and time-consuming
  • Would like to see it easier to create custom affinity groups

10. Lan-Secure Configuration Center

Lan-Secure Configuration Center

The Configuration Center from Lan-Secure has a no-frills interface, but it delivers a competent configuration management service. The tool has all of the essential capabilities that you need to control the settings of your network devices.

Key Features:

  • Autodiscovery
  • Configuration alignment to standards
  • Automatic settings rollback

Why do we recommend it?

Lan-Secure Configuration Center has all of the features of the SolarWinds Network Configuration Manager but in a simpler interface. Use this utility as a terminal emulator to connect to a device and alter its configuration. You can then create a backup library and set the tool up to periodically check for deviations from the standard setup.

The Configuration Center will scan your system to register all of your network devices and then make backups of their settings. Once this admin phase has been completed, you can examine the configurations of your devices and decide on the correct policies for your company’s sector and data integrity obligations.

The network management software is able to manage a multi-vendor environment and will enable you to update the settings of all devices, specific device types, or individual devices.

The Configuration Center software will periodically check the settings of each device and compare them to the configuration backups it holds in storage. Depending on how you set up the system, the detection of an unauthorized configuration change will either prompt an alert or an automatic rollback to the approved settings held in the backup for that device. Alerts can be sent by email to a team member who has been allocated responsibility.

The tool can manage remote sites as well as the center where all of your configuration backups are stored. Inter-site communications are covered by SSH security.

Who is it recommended for?

There are two editions for this tool. The first is Configuration Center Workgroup, which will manage up to 10 devices. This is a good fit for SMBs and it is reasonably priced. The other option is Configuration Center Enterprise, which has no limit on the number of devices that it can manage.


  • Can monitor and prevent changes to hardware settings
  • Can discover and backup device configuration automatically
  • Uses SSH, Telnet, and SNMP to locate and communicate with devices


  • The interface is rudimentary – not ideal for larger deployments
  • Very limited mapping and dependency visualizations

The software can be installed on Windows. You have to pay for the Configuration Center, but it is very reasonably priced. You can get a 30-day free trial of the system to assess it before you buy.

Choosing a network configuration management tool

You will find some very comprehensive systems in this list and some worthy contenders that cost little to no money. When you select a configuration management system for your network, you will need to consider the system requirements, particularly the operating systems that the software can run on in order to narrow down your choices.

The size of your network and the availability of funds will be other important considerations that will guide you towards the right NCM tool for your company. The ability to try out a system on a free trial or the offer of a money-back guarantee should help you narrow down your assessment. If you can try before you buy without obligation, you will be more confident to install software. Otherwise, you might discover too late that it is difficult to use or inappropriate for your configuration management needs.

The field of cybersecurity is becoming very hot right now. However, don’t limit your network protection to just internet-facing equipment and measures. Sometimes, firewalls, attack protection services, and intruder detection systems fail. Your second line of defense lies in the control over the settings of your network devices and a policy to keep all firmware and operating systems up-to-date with the latest system updates and patches.

The comprehensive automation offered by many of the tools in this list means that you won’t need to spend too much time covering device configuration management. So, even if you run the network for a small company, there are no excuses for not implementing configuration management and change control on your network.

Have you implemented a configuration management system for your network? Which manager did you choose, and why? Leave a message in the Comments section below to share your experiences with the rest of the community.

Network Configuration Management FAQs

What is configuration management in network security?

Network configuration management involves standardizing the settings of network devices, such as switches, routers, and firewalls to make intrusion more difficult. One tactic that some hackers use to aid their undetected exploration of the network is to alter certain settings on switches. The security aspect of network configuration management requires that any unauthorized changes get rolled back immediately.

How do I check my network configuration?

There are many different aspects to look out for in network configuration. Visit the management console of each switch, check on IP address allocation through an IP address manager, and check on the port statuses of all devices connected to the network. This is a mundane and time-consuming activity that specialist software can achieve more effectively than manual procedures.