The expansion of network infrastructure into multiple cloud platforms brings the challenge of managing cloud-based network infrastructure and services in tandem with an organization’s existing on-prem devices. As a result, non-compliance with industry and security standards, as well as corporate and regulatory policies and requirements, will very likely become the norm. To effectively confront and manage the increasingly expanding network, organizations can implement network configuration changes and common network-related configuration tasks through automation. They can replace manual processes with multiple configuration templates for several device classes. Modernizing infrastructures through automation will enable better management of physical, virtual, and cloud-native network infrastructures.
Here we’ll discuss how to enact the network configuration changes that will face this new normal head on and ensure organizations can grow and expand efficiently and effectively as demands on networks grow.
Network governance and team collaboration
As organizations continue to employ multiple cloud platforms and SaaS-enabled services at once, networking teams will need to invest in the appropriate tools to assist with governance over this expanded infrastructure versus complete control. Network users are dispersed at home, in an office, or in a public area, and applications are similarly dispersed across on-prem and multiple cloud infrastructures. As a result, networking teams will need to collaborate with existing CloudOps and DevOps teams. These teams have experience in the use of cloud infrastructure and can work closely with network engineers to ensure quick and secure infrastructure deployment - moving from purely controlling a bounded network into a world where they provide governance over the dispersed infrastructure.
Quick integrations with existing systems
Many modern networking solutions are moving away from the management of individual network devices through command-line interface (CLI) and toward a network controller that manages all network devices in that domain. The human interface to these systems is typically a web front-end, but there is almost always a defined API available for machine-centric integration. With that said, while adopting an API-first approach makes it simple for network engineers to automate changes across multiple controllers and multiple domains, support is necessary for both CLI and API, as organizations may still choose to support existing and new CLI automation efforts, which will need to be integrated properly. API system integrations can be automatically generated by the networking team so that as new systems are deployed, integrations can be quickly created by the end-user.
The management of physical, virtual, cloud-native network configurations
Managing cloud-native network infrastructure requires networking teams to navigate multiple cloud dashboards to make simple changes in something as common as a virtual private cloud (VPC) or virtual network (VNet). It introduces complexities and complicates the process. As the number of VPCs, VNets, and other cloud-native tools grow across multiple cloud platforms, networking teams need a way to normalize configurations across all types of infrastructure. This means equipping networking teams so they can discover and manage cloud-native network services, such as VPCs or VNets, and treat them as if they were traditional network devices. This will empower teams to translate complex configurations into a simpler open standard file and data interchange formats.
Collect and federate data
The adoption of new network solutions means that multiple sources of truth exist within the networking domain. Add to that the sources of truth present in IP Address Management (IPAM), inventory, and monitoring systems, and it becomes evident that a tremendous amount of human effort is required to make a simple change to a single device. An API-focused solution may simplify the entire process. It can enable fast integration into all systems, which means that the information contained within any of these systems can be made available in real-time. All this can be achieved without consuming time with a "swivel chair" approach. Configuration can occur with the highest quality of information regarding that device and its state in the network. Most importantly, networking teams must build confidence and trust in the automations they create and free up their valuable time to address higher-level work on the network.
Compliance and remediation
A critical element of configuration management is the ability to automate configuration backup, check compliance, and execute intelligent remediation. This also means providing compliance and remediation to both legacy CLI infrastructure and modern API-driven infrastructure.
A network device or group of devices can be backed up and compared against the existing device configuration or previously saved configurations. Networking teams must schedule regular compliance checks, or run them as needed, on any part of the configuration tree. This will result in immediate reporting, which will show any configuration drifts present, provide a score based on the amount of drift, and offer the opportunity to remediate the drift with proposed configuration statements. Automated remediation workflows should be created in a low-code environment so the networking team can define the precise terms and metrics required before any change to a network device is implemented. This checks and balances approach provides a measure of trust, and a higher degree of confidence that any changes made are done according to their expertise and guidance, without the need for human intervention.
The onset of the pandemic accelerated the inevitable move towards digital transformation, pushing organizations further along this journey in a shorter amount of time than anticipated. Unfortunately, this means that networks are not being managed as they should be. Taking action now to implement proper configuration management changes will help to mitigate network complexity and properly prepare organizations for the future as they adjust to the increasingly connected world.
Rich Martin is a Senior Technical Marketing Engineer at Itential.