Automation is a technology or tool that enables a particular task or series of functions to process without human intervention. To consider a process automated it must meet the following criteria:
1. A source of power to perform a function
2. Controls to provide feedback
3. Machine programming
What is Network Automation?
When applied to Networking, automation refers specifically to completing tasks revolving around networking devices, such as firewalls, switches routers, and switches. The functions automated for these devices include the validation of configuration settings, cluster availability, and enabling or disabling features to deploying new services without human intervention. Network Automation is broken down into a scale of separate actions based on complexity and the level of risk involved. For example, running scripts for validating configuration settings contains a relative amount low risk and a low level of complexity. Conversely, automatically implementing changes to your network configurations can be highly sophisticated and involves a high level of risk.
Starting with Network Automation
If you are a business in an industry where your network needs to be up and running, nearly all times of the day, automating configuration changes to your firewalls could result in downtime if the automation scripts are using the incorrect commands or logic. As a result, when starting out with Network Automation, we suggest automating tasks that have a low level of complexity and expanding your automation from that. For example, if there is a process that takes a certain number of steps, and you can quickly automate a fraction of the process, then the section that is automated can become the foundation to build off of, to reduce the risk of automating tasks with higher levels of complexity.
We interviewed a Network Engineer to run through their typical day at work, the obstacles they must overcome on a daily basis, and the solutions they use to make their lives a little bit easier. The full video can be found here. Below is a short summary of the interview.
In the morning, they start by sifting through alerts and reports that have accumulated the prior night. Having Indeni provide valuable alerts is extremely helpful in this process, as when I receive a notification from Indeni, I know its an important issue. They also sift through the alerts of other systems which tend to send out white noise more often than not. After that, their team hosts a scrum meetings, and go through the developments on the different teams (Network and Security teams). After the meeting, the teams go into their large scale projects, where they spend a couple of hours working with the rest of the team. After the noon break, the team goes back to work on more standard items such as answering questions from users. Automating responses to users for questions such as “Is this SPAM?” is a large goal for them.
Starting at around 2:00 in the afternoon, they start to work on maintenance and troubleshooting. If there’s an issue that is not notified by Indeni and I don’t have a solution ready, I’m able to go onto Indeni Crowd and post a question that provides valuable feedback from other users, and typically end up with a solid solution/answer. Questions that receive traction turn into a ticker for Indeni Knowledge Experts (IKEs) where the issue is evaluated whether or not it becomes a new feature request.
Automated Decision Making
Forms of Network Automation have decision-making capabilities, wherein in a given scenario we’ll refer to as scenario A, the automated task will have a different output than in scenario B. In the field of networking there are many reasons to have decision-making capabilities in your automated processes are limitless. The main reasons include:
1. Error detection and troubleshooting
2. Performance Monitoring
3. Device Interactions
4. Process Optimization
What is the history of Network Automation?
The first practical use of automation revolving modern technology outside of switching machines used to transfer phone calls is the local area network.
For the last decade the server industry has leveraged automation to increase the productivity of their teams. DevOps has become the industry standard for how Server Operations meets business needs (source: State of DevOps 2018 by Puppet Labs). While server operations teams were automating server tasks, security and network teams we’re managing devices, such as firewalls, largely one by one. Network admins used CLI to configure devices, and “automate” tasks with TCL scripts, manually checking the health of a device with each command run.
Why weren’t the same DevOps technologies applied to network and security devices? One major hurdle to apply these languages to network and security devices is that the operating systems are not standardized. For example they are proprietary vendor-built operating systems are based on known operating systems like Linux, but the commands and ways to extract data and interact with the operating systems vary. This prohibits the server automation platforms from being able to support network and security devices, and each language has a high learning curve for non-developer IT professionals.
Without proper experience using CLI commands for that device, a well meaning administrator could cause unintended consequences. A simple example of this is leaving Debug mode enabled after manually completely health checks via CLI. With this setting enabled network resource utilization spikes, and could cause an outage over time.
With the growth of cloud based offerings and availability of public APIs from network and security vendors, NetOps and SecOps can finally start to scale their operations. Gone are the days of hand-typing commands into network devices one by one. You can ensure your network is operating as intended from installation through the entire device life cycle by expressing the actions you’d like to take as code.
Choosing the right Network Automation Platform
The most important aspect of deciding what network automation platform is right for your business is identifying what problems currently exist from either a network perspective or a efficiency perspective. An important thing to note, is understanding the scale of your network. For example, if you have a limited number of devices in your network or a solution from a vendor such as CheckPoint, and have the engineers certified in that solution, working within the CLI (Command Line Interface) should suffice for your business needs. However, CLI has scaling limitations, especially when introducing a larger number of devices. Keep in mind, when you introduce new vendors into your network environment, the knowledge of your engineers is required to double considering every device has its on language; increasing the difficulty of retaining all of the commands for each solution. Here’s a list of challenges many customers run into with CLI:
• Users do not have the knowledge of the commands to run via CLI
• Users do not have the time to login to devices manually to check system health
• They are not able to collect data quickly in troubleshooting situations to prove or disprove the networking devices are to blame for the performance issues or outages
When reaching this threshold of CLI capabilities, its important to start looking elsewhere for automation solutions.
The next step it to identify the tasks that are eating the most amount of time for your IT team.
Based on the previous criteria, identify which automation platforms integrate with your vendor. While in-house solutions have their benefits, one of the setbacks in when there are large changes required to be made in the solution which require a large amount of testing, in addition to having to retrain new employees with a product that is not universally IT operations-ready. Here’s a guide that explains the different types of network automation.
Once you have a set list of network automation platforms selected, identify which aspects of your processes you will be automating. Subsequently, the IT team should implement an audit on the network and place ensure that network devices align to performance and configuration best practices. It is important to understand that with automation, there is always more to do and that continuously improving the integration of your automated processes to impact more aspects of your business.
In today’s multi-vendor networks, the largest obstacle in the way of efficiency is complexity. The increasing flow of information and data is too overwhelmingly large to be managed through humans alone. For IT teams to have a network functioning properly, they must automate their processes in addition to needing orchestration. While the implementation phase may leave some setbacks on your team and network, the future return on investment is exponential.
Indeni is the source of network and security knowledge for IT. Through our open development process in our community, certified IT professional express health checks and network validation tasks as code. Indeni’s Knowledge language is based on AWK, a familiar language for many non-dev IT professionals, that was built for text processing. Indeni code is tested, refined and published through the Indeni Automation Platform to our customers around the globe. This continuously refreshed, out of the box knowledge enables leading organizations such as Visa, Blue Cross Blue Shield and Government entities to ensure their networks are highly available, and meet operational excellence standards. If you’re ready to start your journey to automation, download Indeni.