Gold Standard Configuration for Network Devices

Looking to define the Gold Standard Configuration for your network devices? indeni contains a layer that translates the output of queries into structured data

Last updated: September 15, 2025

An avatar of the author
Matt Faraclas

Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.

The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog

Key Takeaways
  • Enterprises define a Gold Standard Configuration for network devices covering both operational parameters (such as software versions and hotfixes) and compliance items (such as defined users).
  • Maintaining alignment with the Gold Standard is difficult when relying on static documents, ad hoc scripts, or heavily customized tools like traditional NCM solutions.
  • Key configuration areas include standardized OS versions, OS-level settings (users, SNMP, syslog, authentication, NTP), and hardening controls (open ports and services).
  • Indeni normalizes device configuration data into structured, vendor-agnostic measurements that abstract away device-specific config file representations.
  • By specifying desired configuration values once (for example, an NTP server), Indeni can continuously validate live device configurations against the Gold Standard across heterogeneous vendors and platforms.
  • Non-compliant configurations trigger alerts and are summarized in periodic reports, enabling continuous enforcement of configuration standards with reduced manual effort.

Network and security teams in large enterprises spend quite a bit of time defining their “Gold Standard Configuration” for network devices – a checklist of how all of their devices should be configured. Some of the items on the checklist are operational (what hotfix you have installed) while some are for compliance (which users are defined). Either way, it’s apparently very difficult to stay on top of this checklist without indeni, as we’ve discovered from our customers. Items on the list include things like:

  • Software version in use – enterprises try to standardize on certain versions to reduce unexpected events and increase usability (if all of the devices made by a given manufacturer behave the same, it’s easier to manage them). In some cases, they even standardize on certain hotfixes.
  • OS-level settings: users defined, SNMP monitoring and syslog servers, authentication settings, NTP, etc.
  • Hardening: what ports and services are open/accessible.

So, how do we see organizations enforce their Gold Standard Configuration for their network devices?

  1. They write a long Word or Excel document and share it within the team hoping someone will use it.
  2. They write scripts that test some aspects of the gold config. Usually these scripts are written as a hobby and so aren’t maintained very well.
  3. They use tools like SolarWinds’s Orion NCM or TripWire, spending years of their life tuning those tools to look for certain configurations only to need to re-do all that once the product manufacturer decides to release the next major version.

indeni is here to make your life better:

Our software contains a layer that translates the output of queries into structured data. We call this “measurements” internally, but essentially each setting for each device is represented in a database in a manner that is completely agnostic to how it’s represented in the device’s own config files. So, for example, the settings for which NTP server to use appear similar to this for Cisco, Check Point Firewalls, F5 Load Balancers and Palo Alto Network Firewalls alike:
{measurement: ntp_server, host: pool.ntp.org version: 3}

So, that means that all you need to do is tell indeni what the NTP server needs to be, and indeni will regularly check the configuration 24/7/365 of all of your devices (or a group of them) irrespective of the manufacturer of those devices or the software they’re running. When the configuration doesn’t match your gold config, you’ll get an alert as well as see it on a weekly or monthly report. Saving you weeks of your life, every, single, year.

Achieve 99.9999% 45 minutes.

[button size=”medium” style=”primary” text=”Try indeni” link=”/create-a-smarter-network-in-just-45-minutes-no-agents/””]

Published on: April 13, 2015

An avatar of the author

Related content

Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more
Stacked colorful wooden directional arrows on a post by a calm seaside with distant hills and blue sky
Blog

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)

Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.

Read more
Row of orange industrial robotic arms positioned along an automated conveyor belt in a factory setting
Blog

Automate it all in Integrity with REST v2 API-first DDI management

Discover API-first DDI with Integrity X by using REST v2 to automate DNS, DHCP, and IPAM for scalable, secure network operations.

Read more
Three colleagues at monitors collaborating, overlaid with network, analytics, cloud, and gear icons.
Blog

Agentic AI adoption in network observability propels NetOps teams

Network observability is crucial for today’s networks and even more capable with agentic AI, according to new Omdia and BlueCat research.

Read more

⏳ Cisco Live is almost here. Put BlueCat on your agenda for smarter, more secure networks.

Get the details