Unimus review: Network Automation and Configuration Management

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on telegram
Unimus review

Table of Contents

Unimus is a network automation and configuration management tool, which claims to make those operations painless and easy!

In this review, we’ll go through the main features of the app, including the setup phase and some real-life examples.

Unimus Setup

Unimus is an on-premise application that can be pretty easily set up in a few clicks. First, it’s required to create a username and password pair to use for the login to the app.

As a second step, you need to provide the credentials to access the network devices. It’s possible to add multiple items in the credentials list, and Unimus will take care of trying each of them sequentially in the device discovery phase.

Step 2 Unimus create credentials

All users and devices credentials can be retrieved and amended later in the app, hence there is no pressure in providing them all during the setup phase. 

The next step is configuring the SSH, Telnet and HTTP/HTTPS ports used in the network.

Usually, devices use the standard ports indicated in the picture, so generally speaking, these ports only need to be changed in case there are some non-standard configurations in place in the network.

To complete the setup, Unimus needs to know how often you want to perform a backup of your device configurations.

Each device can have a different backup schedule assigned, or use the default system wide one. To start, it’s just easier to provide this latter, and maybe later tune the schedule based on the specific device needs.

Unimus backup configuration

Network Discovery

With most other network management products, you have to specify information such as vendor and model for each device. Unimus aims to automate as much as possible to make processes fast.

In Unimus there is a section called global credentials.

Here you can store all credentials like usernames, passwords, etc. used in your network. Then, you move to the Add Devices section and all that is needed is the list of IP addresses to reach.

Unimus will test which credentials work against each device. It discovers which credentials are valid.

This is a default behavior to make the process fast and easy from the user point of view. But it is also possible to specify specific credentials for each device, in order to increase the security of the access phase.

The credential discovery can also be used to search for old or unsecure passwords, in some way doing a security audit.

Now that the credentials have been added, the next step is looking up for the devices in the network.

This is done in the “import” section of the app, where it is possible to specify the IP addresses of each device to be added. The list can be added manually, copied & pasted, or inputted via a CSV file formatted specifically to satisfy the Unimus format.

Adding IP addresses on Unimus

Another option is using the “NSM sync” feature. Unimus supports the import of devices from many external NMS / RMM systems.

This approach allows you to automate even more the device addition process.

After configuring NMS sync, you only need to add devices into your NMS, and Unimus will import them from the NMS automatically. NMS sync can also be scheduled, it’s just enough selecting the poll interval. 

Unimus allows the creation of multiple sync presets, so to have all of them available and possibly running in background at the configured scheduled time.

Regardless of the method, after the import is done, the devices will show up in the relevant page of the app.

A nice feature is the tagging of devices, that helps in partitioning the equipment for later use in the config search functions. Here we can see that 3 tag groups were created, for vendors: Cisco, Juniper and HP.

Unimus – Network and Configuration management made easy

Unimus has 3 major features that we will cover with details in the next sections:

  1. Network Automation.
  2. Backup & Change Management.
  3. Auditing.

As mentioned earlier, the main goal of Unimus is providing automation and ease of use when it comes to configure and manage the network.

Any network engineer is familiar with the challenges of dealing with thousands of devices when it comes to change or audit the configurations. Unimus claims to solve the problem in a one stop shop product, so let’s get to it!

Network Automation

The most sophisticated feature of Unimus is the Network Automation.

This feature can be used for automating pretty much all the most common network workflows. In this regard, Unimus is different from automation such as Ansible.

With this latter, there is a steep learning curve, which requires getting familiar with the language, templates, syntax and several other aspects.

For programmers that can be easy but the reality is that most network engineers and administrators don’t know programming very well.

There is a big entry barrier, so Unimus decided to solve the problem by offering a simple tool for automation, which does NOT require any programming skill!

Before diving into the product, let’s just notice a couple of really important points:

  • Unimus supports 240+ hardware vendors in the networking space, which means that any new or old device that you have in your network should be covered.
  • Unimus uses a SSH connection to communicate to any device, avoiding any proprietary and/or convoluted mechanisms (yes, also talking about SNMP!).

A library of automation presets can also be built, so to keep all your favorite actions list at hand any time you need.

The “trick” that Unimus embeds is actually using the meta-syntax of each vendor that is automating.

For instance if the automation is targeting Cisco equipment, the scripted commands are going to be using the Cisco command line language and syntax.

In the following screenshot we show a ‘vlan’ search limiting the scope to the Cisco devices, using the tags that we explained in the previous section. I could also do a search on all devices, but since I am looking for a Cisco command, it makes sense to limit the scope.

Cisco device

The powerful side is that network administrators already know the inside-out of the equipment they use, whether it be Cisco/Juniper/HP/etc.., so the transition to Unimus is pretty completely painless and nothing compared to switching to a tool like Ansible.

Let’s see a practical example of “mass config push”. Config Push in Unimus can be useful in two ways:

  • sending a configuration command to reconfigure multiple devices.
  • comparing the command output from multiple devices.

Now as an example, let’s say we need to deploy “vlan 333” on several devices. The following screenshot illustrates the procedure: 

  • Add the list of commands.
  • Select the devices on which to apply the configuration.
  • Press the RUN button.

The first step is creating the preset with the commands that we wish to run later. The preset will be saved, so can be used immediately or at any time later.

New config push Unimus

Now we run the scripted commands on the selected devices, and checking the outputs we find out that one of the devices does not support the VLAN command, while the other has correctly taken it.

We can see that with a few clicks we managed to distribute the configuration to multiple devices, at the same time and without any limitation on the amount of them. In addition, grouping the responses allows to work at scale and the number of devices to configure has little impact on the time needed to complete the task.

The real power of this automation is that it is basically possible to script any configuration, from routing to AAA/TACACS setup or even firmware upgrades.

The SSH connection created towards the device allows the use of any supported command by the vendor, identically if we were manually connected to each of the devices.

Another typical example of time consuming task is when you need to check the compliance requirements for SSH, or checking the IOS version of the software running on each device: it would be enough to issue a ‘show run’ command to all devices, and use the pipe feature as follow:

  • show run | include version

Think how time consuming it would be to do this manually in case of 100+ devices, while with Unimus it takes 3 clicks and you get a grouped visual of the outputs from all the devices!

visual outputs on Unimus

Another example would be checking for the available free space on the flash memory of each device. Few clicks and it’s done, just issuing the show flash command to multiple devices vs. to the traditional way that would be opening each SSH connection and manually issuing the commands.

Show flash command

It’s worth noting that every time we run a config push, all the commands in the automation preset get executed within a single SSH connection, so there won’t be multiple ones created – which could lead to issues with the maximum allowed SSH terminals.

To conclude this section, let’s have a look at the Mass Config Push home page. We can see that all the scripts got saved in the library, and will be there to be reused when needed.

Config push home

Backup & Change Management

Unimus can be configured to automatically and periodically backup the configuration of the entire network, which means pulling it from each device and storing as backup. We all know how important it is to have backups, but to be fully useful they need to be constantly updated to the latest live version.

The backup interval can be chosen as monthly, weekly, hourly or even by the minute! There is complete freedom in the configuration of how often you prefer to run a backup action.

Unimus relieves the network administrator of this duty, fully automating the process of saving and storing the configurations. 

Again, this is all done via SSH and being Unimus an on-premise application, the configuration files are stored in a SQL database on the Unimus server. Hence, the information never leaves your network and that’s very important from the security point of view.

There is no cloud involved, what happens in your network stays in your network!

On the backup side, one thing that Unimus does not do is restore the backup on the devices.

This is definitely by design because we all know how difficult it is to reinitialize a device from scratch, and all the caveats that can arise. The restore is left to the network administrator to be performed manually because automation in this case could be more harmful than helpful.

Besides periodically backing up all your device configurations, Unimus does much more: It keeps a version history of the network configuration. Unimus analyses the backups and is able to flag any configuration change that was applied.

Changes configuration backup

Unimus can also be used to check unique configuration points, for instance how the device was configured on a specific date, or what differences there are between two specific dates configurations.

In the following screenshot, we can see in red a line that was removed, while in green the one that was added. This is the typical DIFF tool that we see on Linux, so again nothing new to learn in order to fully use Unimus!

DIFF tool

In summary the backups are also used for keeping track of configuration versions, like a history log. We use those for change management, and change notification. Anytime there is a change in the network, you can easily see what happened, what has changed and also configure notifications about the changes. 

You can use this notification feature in your change management processes, for compliance for example, every single change on the network could generate a notification, which in turn creates a ticket that somebody has to review. At the same time, if you have multiple people accessing your network devices, you definitely want to keep track of who is modifying the configuration fro accountability purposes.

Configuration change notifications can be delivered by email, Slack or multiple other ways via webhooks. Unimus can also easily be integrated with external ticketing systems such as Asana or Atlassian JIRA.

Another nice feature is that Unimus allows users to leave notes as comments to each configuration change. This could be a reminder for yourself or the other network administrators, in fact creating proper documentation for any applied change.

How often the backup runs can be selected in the setup panel, so you can tune it based on the rate of changes in your network. Also, Cron expressions can be used to configure the backup interval, so it’s pretty flexible in this regard.

Auditing

Unimus gives you a very fast way to audit the configuration of the entire network. It offers a search tool with which you can easily look for the same string of configuration on multiple devices.

For example, let’s say you want to look for “VLAN 2” on all the devices in the network, within the time range “October 3rd to October 26th” . This is very easy and accomplishable as usual in a couple of clicks.

Unimus audit configuration

The historic lookup is pretty nice to use when looking for when a particular configuration was introduced on the devices, or when it was modified on a specific set of devices.

The search tool is implemented to look into the backup files, and this gives multiple options. For instance, I can look for routers that have “OSPF enabled but router-id is not 55.23.1.21”.

Sometimes there are fairly complex searches that would take a very long time if they were to be performed manually on each of the devices in the network. But using regular expressions, they could actually be pretty fast and easy to perform. In the following one we look for “router-id not starting with 10.0.0.” on all devices.

Unimus search tool

Unimus additional features

Unimus has a fully featured API, so it’s possible to trigger pretty much any action through that. For instance you can set up an alert in case of configuration change, and this alert is used to trigger a backup action via API. In this way, as soon as the configuration changes, a backup is made.

Generally speaking, the API can be used in an event-driven way, or in a more time scheduled way.

This is the flexibility that Unimus offers. 

The integration with third-party tools such as Asana, Atlassian JIRA, etc. is pretty easy. 

The API also allows external scripts to interface with Unimus, basically making it a programmable tool.

Unimus documentation

Unimus documentation is pretty comprehensive and covers all the aspects of the tool, from the installation phase to the usage.

In addition, there is a very functional contextual help which basically is a button present in each section of the app, linking to the relevant page of the documentation

Documentation of Unimus

Conclusions + Bonus Free Unlimited trial

Unimus has proven to be an extremely useful tool to automate the network management at scale. It does not matter if your network is a small LAN or a global infrastructure, Unimus can easily manage the scale and provide a pretty much immediate solution for your management, audit and backup tasks.

The list of supported vendors is very comprehensive, and we loved the fact that Unimus allows the use of the original devices syntax, without requiring any additional learning such as with Ansible or similar tools.

For trying it yourself and finding out all features that make Unimus the perfect automation network management tool, you can get a free, no-obligation Unlimited License trial at https://unimus.net, or schedule a short technical demo call.

For more details and getting in touch with Unimus you can also reach them on their Social Media platforms:

Linkedin
Telegram
Facebook
Twitter

5/5 - (5 votes)
Daniele Besana

Daniele Besana

Daniele is a freelancer consultant with 15 years of experience in network security, customer support, Linux and Salsa. He worked for Juniper Networks in Netherlands, providing support and consultancy on security projects across Europe and Middle-East.

What do you think about this article?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About us

RouterFreak is a blog dedicated to professional network engineers. We
focus on network fundamentals, product/service reviews, and career advancements.