Golden Template Rule-Based Policy Execution
Golden Template Rule-Based Policy Execution enables NCCM to automatically validate device configurations against approved Golden Templates using Rules, Rule Groups, and scheduled Policies. This mechanism ensures continuous compliance monitoring and enables alerting and remediation when deviations are detected.
This use case demonstrates how to configure and execute a Golden Template–based compliance policy end to end.
Purpose
Enforce standardized device configurations using Golden Templates
Automatically detect configuration deviations
Trigger alerts and remediation actions on violations
Maintain auditability for compliance operations
Expected Outcome
After successful execution:
Devices are validated against Golden Template rules
Each device is marked as Complied or Violated
Violation severity is applied as configured
Notifications are sent to selected users
Optional remediation jobs are created
All actions are logged in the audit trail
Prerequisites
Golden Templates are created and available
User has required privileges to manage Rules, Rule Groups, and Policies
Devices are onboarded, and configuration backups are available
Use Case Workflow
This use case consists of three mandatory steps:
Create a Golden Template Rule
Create a Rule Group
Create and schedule a Policy
Step 1: Create a Golden Template Rule
Navigate to Network Configuration → Rules
A Golden Template Rule defines what configuration must be validated, how violations are identified, and what action should be taken when a violation occurs.
When Golden Template is selected as the Rule Type:
The Configuration field is disabled
Only Golden Templates matching the selected Vendor, OS Type, and user visibility are listed.
Rule Information | Add Rule
Rule Name
Enter value
Enter a unique name to identify the Golden Template rule. Example: Golden Template – Interface Compliance
Description
Enter value
Provide a short description explaining the purpose of the rule. Example: Validates interface configuration using a golden template.
Vendor
Select
Select the device vendor. This value controls the list of eligible Golden Templates. Example: Cisco.
OS Name
Select
Select the operating system of the devices. Only templates matching this OS are displayed. Example: IOS.
OS Version
Optional
Specify the OS version if the rule must apply only to a specific version. If left empty, all versions are considered.
Rule Type
Select
Select Golden Template. When selected, the Configuration field is automatically disabled as per system design.
Configuration
System disabled
Select the configuration source against which the Golden Template validation must be performed. This field remains enabled for Golden Template rules and allows you to choose between device configuration types. Available options:
Running – Validates the current running configuration on the device.
Startup – Validates the startup configuration stored on the device.
Example: Select Running to validate the live device configuration against the Golden Template.
Status
Enable / Disable
Enable to allow rule execution. Disabled rules are ignored during policy execution.
Match Criteria | Add Rule
Select and Load Template
Select
Displays only Golden Templates that match the selected Vendor, OS Name, and are visible to the logged-in user (Public or Private).
Golden Template Pattern
Auto-populated / Edit
Displays the configuration pattern loaded from the selected Golden Template. Patterns define the expected configuration structure using regex.
Ignore Patterns
Enter regex
Specify regex patterns to exclude matching configuration lines before validation. Example: ^ntp clock-period.*
Regex Validation
System validation
Both Golden Template Pattern and Ignore Pattern fields accept only valid regex. Invalid patterns block navigation and display an error message.
Validation Rules:
Only valid regular expressions are allowed
Invalid regex patterns block rule creation
Validation is case-insensitive
Remedy Action | Add Rule
Violation Severity
Select
Define the severity level raised when the rule violates. Values: Critical, Major, Minor
Rule Violation Message
Enter value
Message displayed when a violation occurs. Example: Golden Template Rule Violates
Notifier
Select
Select one or more users or entities to receive violation notifications.
On Violation Perform
Select
Define the remediation action to execute on a violation. Options: Script Execution, Rollback to Baseline, Rollback to Previous
Remediation Comments
Optional
Enter notes describing the remediation logic or expected corrective action.
Step 2: Create a Rule Group
Navigate to Network Configuration → Rule Group
A Rule Group associates one or more Golden Template rules with a specific set of devices.
Rule Group information | Add Rule Group
Name
Enter value
Enter a name for the Rule Group that logically groups Golden Template rules. Example: Golden Template Check Devices
Description
Optional
Provide a brief description of the rule group's purpose.
Status
Enable / Disable
Enabled rule groups are eligible for policy execution.
Visibility
Select
Choose who can view and use this rule group. Values: Public, Private
Vendor
Select
Select the vendor of devices to which the rule group applies. Example: Cisco
OS Name
Select
Select the OS of the devices to be validated. Example: IOS
Asset Tags
Optional
Filter devices using asset tags if tagging is configured.
IP Address Range
Enter value
Define the IP range of target devices.Example: 10.0.4.*
Exclude IP Address
Optional
Exclude specific IPs or hostnames from rule execution. Example: 10.0.4.5
Rule Selection | Add Rule Group
Associated Rules
Add
Add one or more Golden Template rules to the rule group. Only the rules of the Golden Template are selectable.
Actions
Edit / Delete
Modify or remove the group's associated rules.
Step 3: Create and Schedule a Policy
Navigate to Network Configuration → Policies
A Policy defines when and how often Golden Template rules are executed.
Add Policy | Basic Details
Policy Name
Enter value
Enter a name to identify the policy. Example: Golden Template Policy
Description
Enter value
Describe the objective of the policy execution.
Status
Enable / Disable
Enabled policies execute based on the configured schedule.
Rule Group
Select
Associate one or more Golden Template rule groups with the policy.
Summary
This use case demonstrates how to enforce configuration compliance across network devices using a Golden Template–based rule execution workflow. In this process, a Golden Template rule is created to validate device configurations against a predefined standard, grouped with relevant devices using a rule group, and executed through a scheduled policy.
Once the policy runs, device configurations are automatically evaluated for compliance. Devices that match the Golden Template are marked as compliant, while deviations are flagged as violations, triggering alerts and optional remediation actions such as script execution or rollback.
Last updated