Evolve automation v1.01 - White Paper

evolve automation

v.1.01 2014 Copyright Ecode Networks

Automation: Efficient Solution for Network Change & Configuration Management challenges

Abstract

Present day Organizations and enterprises rely heavily on the availability of network for business continuity. In current scenario network administrators face several challenges in executing changes, ensuring compliance to regulations, reducing the network downtime and network failure due to human errors. This white paper examines the problems in manual and traditional configuration management with an emphasis on the ways to tackle the challenges. The need for an automated solution to simplify the job of administrators, network designers and architects is discussed and the solution is explained in detail.

The Challenge

The backbone of the enterprises and modern IT is the networks. The backbone is made up of

components like switches, routers, firewalls which are quite complex and mission critical edge devices.

Huge investments are made by the organizations on establishing the necessary infrastructure and to

employ skilled professionals for administrating and managing the network infrastructure

.The continuity of the business depends directly on the availability of the network and thus makes the

task of managing the network challenging. Critical business services and thus revenue can get

affected as few minutes of network failure can have a rippling effect. This complexity increases as the

size of business grows. In network industry, network administrators will be under lot of pressure as

the responsibility of ensuring the network availability, reliability, security and optimized performance

is entrusted on them. The business requirements and goals change quite often and there by force

administrators to be in a constant state of flux and they have to configure the network devices often.

This is a sensitive, tedious and time consuming task.

Since a network infrastructure will contain devices from different vendors, specialized familiarity,

knowledge about all these devices from different vendors is required. Another crucial factor is the

evolve automation


knowledge about the impact of the changes which will be made. Hence only highly skilled network

administrators are allowed to carry out the changes.

The highly skilled professionals cannot properly concentrate on strategic network engineering as they

will be involved in labor-intensive and repetitive configuration tasks as a minor error in configuration

changes to the devices in production can lead to network outage.

Apart from the security threats to mission-critical network infrastructure and legal consequences of

information mis-management, enterprises everywhere are obliged not just to follow industrial

guidelines, stringent Government regulations, internal security policies and standard practices, but

also demonstrate that the policies are enforced and network devices remain compliant to the policies

defined. Ensuring compliance has become a priority for network administrators.

The enterprises expect the administrators to deliver cost-effective network management and

continuous operational efficiency. Administrators also have to continuously monitor the changes

carried out to the devices, as any unauthorized change can wreak havoc to the network.

Let us have a look at some of the traditional network configuration management practices:

• Network administrators create a document about the proposed changes before carrying out

them. In case, the configuration changes are not successful, they will turn the configuration

to the previous working state by undoing the changes as recorded by them in the

documentation.

• In worst case scenario, administrators follow the haphazard way of carrying out changes to

live equipment without any documentation or plan. This will not allow them to move the state

of devices back to the version where they were working, making them lose lot of man hours.

• Few fragmented tools are used to make specific tasks in the management. This is not so

fruitful as the administrators have to correlate the output from each tool manually.

• In large organizations, due to the huge number of network devices they use custom scripts to

push the changes and they tailor each custom script to the specific device syntax as the

hardware vendors are diverse.

evolve automation


Issues with the Traditional approach

Several limitations and disadvantages can be pointed out in the traditional way of device

configurations. Few of them are pointed out below:

• Due to the per box and vendor locked in features there is no provision to apply the changes

directly to multiple devices. As the administrators have to log into the individual devices, learn

their syntax and apply changes manually the whole process is distributed there by lacking

proper control.

• Most of the precious time of the skilled professionals in the organization is spent on the

repetitive and intensive tasks rather than the strategic network management which would help

in the growth of an organization. This leads to wastage of valuable resources time and cost.

• Since there is no room for verifying the change before deploying into the production

environment, security becomes a prime concern. A simple error in the configuration or change

might lure in the hackers and there by posing a serious security threat to the organization

• As the network infrastructure grows, administrators face difficulty in coping up with the

business priorities and requirements. This stressful environment might lead to the errors in

configuration.

• If the infrastructure is huge, lot of documentation is required to keep track of all the changes

and configurations done over a period of time. Complexity arises when the organization wants

to roll back to a previous state of the network. Also in case of network failure trouble shooting

would be daunting task as the professional will have to go through all the documentation and

roll back the changes, thereby increasing the mean time to repair.

• Since change management is carried out by the administrators and other professionals, the

scope for human error increases. Most of the times changes needs to be carried out

maintaining the business as usual. Hence the firewall rules or other changes are carried out

during least business hours. There is a serious question of the administrators focus during

such odd hours. A small mistake can cost the organization a fortune.

evolve automation


A Simple solution to the complex problem

The very heart of networking is about change. Your current network infrastructure is a platform on which the entire IT portfolio depends for communication and services. Although the network is made of many physical elements, such as routers, switches, and firewalls, it is for all practical purposes a single system. A change in any part of the network can cause a failure of the whole. This interdependence has led to a fear of change among network operators that prevents new services, new features, and even good operational practices.

SDN is a network architecture that changes how we design, manage, and operate the entire network so that changes to the network become practical and reliable.

According to Wikipedia, SDN allows network administrators to manage network services through abstraction of lower level functionality. This is done by decoupling the system that makes decisions about where traffic is sent (the control plane) from the underlying systems that forward traffic to the selected destination (the data plane). SDN requires some method for the control plane to communicate with the data plane. The architecture of SDN is described below.

The major difference between SDN and traditional networking lies in the model of controller-based networking. In a software-defined network, a centralized controller has a complete end-to-end view of the entire network, and knowledge of all network paths and device capabilities resides in a single application. As a result, the controller can calculate paths based on both source and destination addresses; use different network paths for different traffic types; and react quickly to changing networking conditions.

evolve automation


In addition to delivering these features, the controller serves as a single point of configuration. This full programmability of the entire network from a single location, which finally enables network automation, is the most valuable aspect of SDN.

Inside a company data is passed back and forth, and the traffic is usually managed by software inside the physical devices - software that knows how to manage the day-to-day operations of the workplace. In software defined networking instead of software embedded in the routers and switches managing the traffic, software from outside the devices takes over the job. The network layout, or topography, is no longer rooted in the physical. Instead, it's flexible and adjustable to the systems’ needs on the fly. Properly implemented, this means an application running inside the cloud itself can take over the job of directing networking traffic. Or a third-party cloud-management application could do the job. That could make it easier to perform tasks such as load balancing, firewalling with the available high-end OpenFlow enabled switches across servers and automatically adjusting the network architecture to deliver the fastest and most efficient data paths at the right time.

Benefits of Software-Defined Networking

• Planning: Better visibility into network, computing, and storage resources means resellers can also plan IT strategies more effectively for their customers.

• Better Management: Managed Service Providers (MSPs) can use a single viewpoint and toolset to manage virtual networking, computing and storage resources.

• Operational Savings: SDNs lower operating expenses. Network services can be packaged for application owners, freeing up the networking team.

• Flexibility: SDNs create flexibility in how the network can be used and operated. Resellers can write their own network services using standard development tools.

• Infrastructure Savings: Separating route/switching intelligence from packet forwarding reduces hardware prices as routers and switches must compete on price-performance features.

• Improved Uptime: By eliminating manual intervention, SDNs enable resellers to reduce configuration and deployment errors that can impact the network.

Automation for better network management

Conquering the complex, multifaceted operational and technological challenges of network configuration management is getting simpler nowadays with the help of SDN and powerful applications driving the controller and there by the network infrastructure. Since SDN approach is not vendor locked in, there is a single protocol (openflow) for driving all the network devices which are spread across the network infrastructure. Since the control is centralized, there is only a single point of change for the entire network. The advantage with the Software defined networking is that there is an application layer sitting over the top of the control layer which guides the network as per the user`s requirement.

Advantages of automating the change management using SDN are listed below:

evolve automation


• Saves the valuable time of professionals as all the labor intensive and repetitive tasks can be automated and hence helps the organization in utilizing the man power in other important tasks such as design, implementation etc.

• Documentation gets easier as all the data is stored at one place. • Since there is no vendor locked down approach, bulk changes can be pushed to a large

number of devices at once there by reducing the time required for the overall change. Valuable business hours are saved and also the chance of affecting the business is reduced.

• Since the process of change is carried out by the computer intelligence with least human intervention, the scope for errors is significantly reduced.

• Since all the changes re properly documented, in case a roll back is required it can be achieved in a very short time thereby drastically reducing the mean time to repair.

• For the BAU (business as usual operations), automation can be used to configure the require changes in the middle of the night. This will reduce the scope of human errors as a result of working in odd hours.

• Since there is a single point where changes are made, monitoring and troubleshooting becomes quite easier when compared with the traditional change management approach. Evolve: Automation tool based on SDN Approach

While defining Software defined networking we mentioned that controller is the central brain for driving the whole network infrastructure. This controller needs a proper guidance to perform a certain task as per the business requirements. This is done with the help applications which form a part of application sitting on the top of control layer. The architecture is described in the figure below:

evolve™ takes the new architectural approach to network and security design, deployment and management by providing Service Providers and Enterprise IT departments with an easy-to-use solution that controls all aspects of Software Defined Networking [SDN] Orchestration. Decoupled

evolve automation


from the controller, Evolve resides in the application plane and communicates with the Representational State Transfer (REST) based southbound API of the control plane. Evolve™ gives an interactive interface to the user, delivering a full SDN experience. Evolve as an application provides a simple web interface for the automatic change management approach. This allows the Network administrators to simply feed in the changes and forget about the implementation. Evolve`s automation intelligence takes the network management to next level. The features are discussed below:

Abstract network view: Since evolve makes use of SDN technology network administrators have an abstracted view of the whole network topology. This enables them to properly plan and identify the devices where the changes need to be made. This solves the problem of lack of visibility.

No per-box change: Since software defined networks eliminates the vendor lock-in, organizations can use several switches as per their requirement and configure them using a simple web interface. This is possible due to the open flow protocol and centralized controller which drives all the open flow enabled devices in similar fashion. Hence administrators can configure a single change and push it to multiple devices at once.

Minimal human intervention: Evolve offers a simple web interface, which can be used to feed in the change required. All these changes which are yet to be implemented are collected into one common pool called policy base. Here the administrator might chose to implement the change at that instant or might schedule it to some other time. Evolve`s intelligence takes up this task of extracting the policy and implement it in the network and there by converting the policy into a rule existing in the network.

Separate policy and Rule base: Network administrators often find it difficult to manage the policies which are yet to implemented and the policies which are already implemented. Evolve offers a simple solution for this problem by facilitating policy base and rule base. The policy base holds all the changes which are yet to be implemented and the rule base holds all the rules which are running live on the network. Scheduled policy base shows the users the policies which are scheduled to be implemented at a particular point of time

evolve automation


Scheduling of implementation: Apart from pushing the policies into the production network at that instant of time, Evolve also facilitates the Administrators to schedule the change at a particular point of time in future. This reduces the hassle of implementing the changes in odd hours.

evolve automation


Detailed implementation report: Apart from implementing the changes, Evolve tests and generates a detailed summary of the change implemented and its outcome. This helps the administrators in identifying the problems if any with the change they have made.

Real-time Change Monitoring: Unauthorized, faulty or malicious configuration changes could drastically

affect business continuity and hence it is essential to have the ability to monitor configuration changes

in real-time and make the latest configuration available in the central repository so that administrators

will immediately know when their network operations are at risk.

Easy Roll back: Administrators need not go through all the documentation to roll back a specific change they implemented. Evolve takes care of the job with the click of a button. The time to repair is almost negligible in this case.

Compliance with existing change management procedures: In most organizations the required change is received in the form of a document. Network administrators need to read to the documents and then make custom scripts for each device. Evolve is capable to parsing the excel sheets or other documents and creating policies straight from the documents without human intervention.

evolve automation


evolve automation


Change Management Policies & Notifications: Evolve offers robust change management policies to

enable administrators define the action to be initiated when a configuration change is detected. The

action could be anything – automatically rolling back changes, sending an email notification, SMS to

mobile, triggering an alert to the network monitoring system etc.

Scope of evolve for organizational role

An indicative list explaining how an NCCM solution could aid your day-to-day work based on your

organizational role is provided below:

Manager

• Reduce network outages occurring due to faulty configuration changes; ensure business

continuity

• Automate device configuration tasks to reduce operation costs

• Get informative reports on your network and take informed decisions

Network Administrator / Engineer

• Automate time-consuming, repetitive configuration tasks

• Maintain versions of device configurations in a secure, centralized repository and manage

them from a single interface

• Carry out configuration changes to a large number of devices with precision and ease

• Monitor configuration changes in real-time

Summary

evolve automation


Business continuity of the enterprises is often affected by the Lack of effective and efficient device

configuration management. Lot of valuable time and resources are wasted on the manual

configuration of devices. It also makes the task of keeping track of configuration changes a tedious

task.

Automated Evolve solutions with the help of underlying Software defined networking technology

enable network administrators to take total control of the entire life cycle of device configuration

management. Changing rules, managing changes, ensuring compliance and security are all

automated. These solutions improve efficiency, enhance productivity, help save time, cost and

resources and minimize human errors and network downtime.

With Evole in place, enterprises can make best use of their network infrastructure. They can achieve

increased network uptime and reduced degradation and performance issues.

Internet

Evolve automation v1.01 - White Paper