Today's complex network infrastructures include a multitude of edge devices such as switches, routers, firewalls, load balancers, and more. Effective management of the network in a holistic manner is crucial for business continuity. Regardless of the network size, configuration changes to infrastructure components based on business and technical requirements is inevitable. Due to exponential growth in the frequency of network changes and the challenges faced by network teams to stay on top of all the issues in the network environment, organizations naturally focus on deploying or leveraging traditional Network Configuration and Change Management (NCCM) tools to solve immediate configuration drift and compliance issues.
It is a common perception in many organizations to equate NCCM to network automation. The reality is that NCCM is an important, but small part of a broader end-to-end network automation process. Traditional NCCM process focuses on defining static standards in text files and application of configuration changes via CLI, which results in limited compliance checking. However, the ongoing issue for most organizations is the manual and arduous nature of the procedure even though they often use purpose-built NCCM point solutions that provide specific functionalities.
The traditional way of 'automating' NCCM represents only 10 to 20 percent of the total effort involved in network management activities. In other words, NCCM activities do not address 80 to 90 percent of true network automation that supports business process management, intent-based networking, automated compliance monitoring, advanced analytics and more spanning complex, multi-domain and multi-vendor environments
Statistics validate the need for end-to-end network automation processes to mitigate the costs associated with human error and network outages.
- Gartner analyst Andrew Lerner states that downtime, at the low end, can be as much as $140,000 per hour, $300,000 per hour on average, and as much as $540,000 per hour at the higher end.
- 80 percent of unplanned outages are a result of misconfigurations due to human errors caused by manual config changes.
- 22 percent of data center outages are directly a result of human errors from manual network changes, and that the average cost of the data center outage is approximately $740k.
Managing the network is challenging as business continuity depends on network availability. Network complexity continues to grow exponentially as organizations transition to the modern network. D&B estimates that 59 percent of Fortune 500 companies experience at least 1.6 hours of downtime per week, resulting in catastrophic consequences for a company that relies on its network as a core part of its business function.
As many organizations start their network automation journey with NCCM, it is important to utilize a tool that can also be leveraged to automate the additional 80 percent of network management activities and tasks to achieve end-to-end network automation. The solution should be able to scale as the network complexity grows and requirements change over time. Without that, disparate management tools will result in a skills gap (lack of expertise across multiple tools) and lack of end-to-end network visibility.
NCCM will remain a largely manual process, like CLI command executions for pre and post-checks, followed by 'stare and compare' of the results, and configuration rollback if required. These activities done manually often use stale configuration data during the maintenance windows, resulting in failed execution and rescheduling of the previously completed activities. Also, CLI/Python driven device configuration and syntactically complex attributes of the network configuration files will lead to frequent human errors. While ensuring network compliance is a priority for network administrators, it is an activity that can’t be executed rapidly and successfully without automation.
Modern network automation requires a more dynamic approach because the network and services being managed are software-defined. One must be able to define standards that contain rules, procedures, and policies that are adopted to formalize a consistent and repeatable process. A process that keeps records of current device configurations, tracks changes made to these configurations, evaluates the results of requested changes before implementation, checks network stability post-implementation, and saves configuration backups based on criteria such as device type, user role, function, network topology and more.
In addition, it is essential that the automation around device compliance is being performed leveraging network data as the source of truth in order to ensure configuration drift issues are resolved in real-time.
Lastly, it is also vital to implement RBAC policies that define who in the organization can make changes, and how to recover quickly from failed network changes. Simplifying network management by replacing manual processes with automation to monitor and control the change process and ensure real-time compliance and remediation are essential steps in driving towards end-to-end network automation.