Gold Standard Configuration for Network Devices

Looking to define the Gold Standard Configuration for your network devices? indeni contains a layer that translates the output of queries into structured data

Last updated: September 15, 2025

An avatar of the author
Matt Faraclas

Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.

The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog

Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.

The article describes how large enterprise network and security teams struggle to enforce a "Gold Standard Configuration" for network devices across diverse vendors and software versions, causing operational and compliance headaches. It explains that traditional approaches—manual documents, brittle scripts, or complex tuning of tools like SolarWinds NCM or TripWire—are time-consuming and hard to maintain as vendors change versions. indeni offers a solution by converting device query output into vendor-agnostic structured measurements, continuously checking device settings against the gold standard and alerting teams when configurations drift, saving significant time and reducing risk.

What problem does indeni solve for network teams trying to enforce a Gold Standard Configuration?

indeni addresses the difficulty of maintaining and enforcing a Gold Standard Configuration across heterogeneous network devices and software versions. Instead of relying on Word/Excel checklists, ad-hoc scripts, or heavy tuning of tools that break with vendor updates, indeni translates device query output into structured, vendor-agnostic measurements. This allows teams to declare desired settings once and have indeni continuously validate device configurations, producing alerts and regular reports when devices deviate from the defined standard.

How does indeni represent and compare device configuration settings across different vendors?

indeni uses a layer that converts the raw output from device queries into structured data called measurements. Each device setting is stored in a database in a standardized, vendor-agnostic format so equivalent settings (for example, NTP server configuration) appear the same across Cisco, Check Point, F5, and Palo Alto devices. By normalizing configuration items this way, indeni can compare actual device state against the declared Gold Standard and detect mismatches regardless of how the manufacturer represents that setting in its native config files.

What operational outcomes and reporting does indeni provide when configurations drift from the gold standard?

When a device configuration does not match the declared Gold Standard, indeni generates an alert and includes the discrepancy in weekly or monthly reports. The platform continuously checks devices 24/7/365 or for selected groups, so teams receive timely notifications of drift rather than discovering issues during audits or incidents. This continual validation reduces manual effort, limits time spent troubleshooting configuration inconsistencies, and helps maintain standardized, compliant device configurations across the estate.

Network and security teams in large enterprises spend quite a bit of time defining their “Gold Standard Configuration” for network devices – a checklist of how all of their devices should be configured. Some of the items on the checklist are operational (what hotfix you have installed) while some are for compliance (which users are defined). Either way, it’s apparently very difficult to stay on top of this checklist without indeni, as we’ve discovered from our customers. Items on the list include things like:

  • Software version in use – enterprises try to standardize on certain versions to reduce unexpected events and increase usability (if all of the devices made by a given manufacturer behave the same, it’s easier to manage them). In some cases, they even standardize on certain hotfixes.
  • OS-level settings: users defined, SNMP monitoring and syslog servers, authentication settings, NTP, etc.
  • Hardening: what ports and services are open/accessible.

So, how do we see organizations enforce their Gold Standard Configuration for their network devices?

  1. They write a long Word or Excel document and share it within the team hoping someone will use it.
  2. They write scripts that test some aspects of the gold config. Usually these scripts are written as a hobby and so aren’t maintained very well.
  3. They use tools like SolarWinds’s Orion NCM or TripWire, spending years of their life tuning those tools to look for certain configurations only to need to re-do all that once the product manufacturer decides to release the next major version.

indeni is here to make your life better:

Our software contains a layer that translates the output of queries into structured data. We call this “measurements” internally, but essentially each setting for each device is represented in a database in a manner that is completely agnostic to how it’s represented in the device’s own config files. So, for example, the settings for which NTP server to use appear similar to this for Cisco, Check Point Firewalls, F5 Load Balancers and Palo Alto Network Firewalls alike:
{measurement: ntp_server, host: pool.ntp.org version: 3}

So, that means that all you need to do is tell indeni what the NTP server needs to be, and indeni will regularly check the configuration 24/7/365 of all of your devices (or a group of them) irrespective of the manufacturer of those devices or the software they’re running. When the configuration doesn’t match your gold config, you’ll get an alert as well as see it on a weekly or monthly report. Saving you weeks of your life, every, single, year.

Achieve 99.9999% 45 minutes.

[button size=”medium” style=”primary” text=”Try indeni” link=”/create-a-smarter-network-in-just-45-minutes-no-agents/””]

Published on: April 13, 2015

An avatar of the author

Related content

Close-up of interlocked metal chain links symbolizing connected network objects and relationships in IPAM
Blog

How to map your network with user-defined links in Integrity X

Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.

Read more
Flock of geese flying in formation across a blue sky, framed by a pink graphic border, symbolizing coordinated network migrat
Blog

Automate your DDI modernization path by migrating with Micetro

Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.

Read more
Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more
Stacked colorful wooden directional arrows on a post by a calm seaside with distant hills and blue sky
Blog

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)

Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.

Read more