When a customer adopted Forward Networks, one of their primary goals was to replace legacy configuration compliance tools with something more scalable, maintainable, and integrated. Their existing setup had evolved into a complex framework of golden configuration policies—valuable but difficult to manage at scale.

To meet this challenge, I designed a modular, layered system using the Network Query Engine (NQE). At the core of this approach is the structured separation of individual compliance rules, logical rule groups, and policy-level aggregations, enabling reusable building blocks that map cleanly to organizational needs. This architecture allowed us to preserve the integrity of the legacy policies while making them easier to extend and maintain.

By classifying devices by region and aligning policy groups with business units, we created a flexible solution that delivers detailed operational insights for engineers and high-level summaries for executives—all within a single, platform-native dashboard.

Why I Created this Solution

There was a tight deadline and a lot of complexity to get this customer off their legacy systems in a short amount of time. The goal was to deliver a flexible, scalable, and as close to “plug-and-play” as possible for both engineers and executives.

• I needed to translate years of legacy compliance logic into Forward’s NQE framework
   
• The solution had to work across hundreds of checks and multiple regions
   

What Problem Does It Solve?

When this customer adopted Forward Networks, one of their primary goals was to replace legacy tools like HPNA and NetBrain, which they had relied on for years to manage configuration compliance. One in particular had a deeply entrenched set of policies and rules, and the customer needed a way to preserve that logic while improving how results were delivered—especially with regional accountability and executive visibility in mind.

• They needed to replicate ~65 policies and 300 rules from the legacy platform to Forward
   
• Compliance had to be measured by region so local teams could take responsibility for remediation
   
• Executives wanted a centralized dashboard to track compliance and drive accountability
   

How It Works

The architecture is built on a modular system of NQE queries. Each rule is a separate NQE file, and those are grouped into policies. Policies then reference device groups, which define the scope of the checks. I created roll-up queries to output both device-level summaries and detailed noncompliance info. To support regional dashboards, I filtered devices by location and built region-specific NQEs that feed into a clean, exec-friendly dashboard.

• Modular design: rule → policy → group → region-based filter
   
• Generates both a global summary and detailed condition-level reports
   
• Regional filtering powers dashboards that show compliance by geography

Value It Provided to the Customer

This was a significant upgrade over what they had with their legacy compliance tools. Previously, compliance data had to be exported and processed manually. Now, they have an in-platform dashboard that delivers real-time visibility. I’ve even heard that a few users set it as their homepage in Forward, which tells me it’s become a daily tool for them.

• Provided instant, centralized visibility—no more manual exports or Excel work
   
• Delivered a daily-use dashboard that execs and engineers rely on
   
• Helped streamline remediation workflows by showing detailed noncompliance causes
   

Suggestions for Innovating

Looking back, there are improvements I’d make. Because of the way it’s structured, it doesn’t run in parallel—so it can tie up the compute workers while running

• I’d refactor it for parallel execution to improve performance
   
• I’d modularize and refactor further to make adding new policies or regions much simpler

Conclusion

The location-specific dashboard for configuration compliance has become an essential tool for the customer, helping them visualize their network health at both the global and regional levels. Engineers can quickly pinpoint misconfigurations, while leaders track compliance trends across different parts of the organization.

Looking back, there are definitely enhancements I’d like to make—particularly around performance optimization and maintainability—but the current architecture delivers meaningful value every day. It's a powerful example of how flexible NQE design can transform a time-consuming reporting process into a dynamic, role-specific experience for stakeholders across the enterprise.