The advent of networking technologies, like SD-WAN and public cloud services, fundamentally changed enterprise network domains. These modern networking technologies have introduced new complexities that exacerbate the silos that separate network teams from the application delivery teams that use the public cloud and virtualized infrastructure in data centers to rapidly iterate and adapt to market conditions. These conditions challenge network change and configuration management tools and processes, as networking teams try to align end-to-end networks with the hybrid, multi-cloud architectures that application teams require.
Automating network change and configuration management is a complex process. Some IT organizations use network configuration management tools to automate some aspects of this process, most often the generation and implementation of network device configurations. The automation of change management, change monitoring, and compliance control is less common.
Most IT organizations know their network configuration management processes need improvement. They know they are at risk of fatal errors. Configuration compliance is an essential starting point. Unfortunately, while network engineers and architects generally know the intent of their network, they are not confident in their network’s ability to comply with their intent. Because IT organizations generally lack confidence in their networks’ ability to pass a configuration compliance audit, operations within data centers, public clouds, local-area networks (LAN) and wide-area networks (WAN) can suffer.
Here we will discuss how network automation can improve network configuration compliance and properly support these general network domains.
Understanding the lack of confidence in network compliance audits
A compliance failure in any domain can impact the performance and security of all other domains, causing a lack of confidence end-to-end, from the data center to the cloud and down to the access layer. Analyzing the connection between configuration compliance methods for LAN and confidence in a LAN compliance audit, data reveals that manual processes translate to a lack of audit compliance, while a mix of automation and manual processes correlates with more confidence. At the same time, automation has a very strong effect on compliance audit confidence in the WAN as well. Whether using automation only or a mix of automation and manual tasks, these organizations feel better about their configuration compliance, while those who use manual processes in the WAN continue to struggle.
Compliance methods for cloud networks against cloud network audit confidence also show that manual processes can lead to the lowest confidence. More confidence is seen from those who use a mix of automation and manual processes in the cloud. Strict, automation-only approaches produce more mixed results, suggesting a lack of trust in cloud automation. Those who expect that their network automation strategy will fail are the most likely to lack confidence in cloud audits.
Overall, the correlation between audit confidence and use of network automation varies from domain to domain - verifying that IT organizations often use different types of automation tools from one domain to another. While they might be satisfied with the automation they use in the LAN, they are less satisfied with the tools they use in the data center.
Enforcing end-to-end network configuration compliance
In the world of IT networking, there are a few terms that are widely used but not so widely understood, and "network compliance" is certainly one of them. Consider today’s modern network infrastructure - the network has exploded and expanded across the internet and network teams must now contend with managing this complexity. Instead of applications being located in specific, centralized areas, both applications and users can be located anywhere and securely and seamlessly connecting the two together falls into the responsibility of network teams. When the network can traverse physical, virtual, and cloud network infrastructure, network teams need a way to standardize the configuration of all these network elements to ensure consistent security, performance, and reliability.
Given the uneven confidence in compliance from one domain to another, end-to-end network configuration compliance enforcement should be a starting point for any network automation initiative. While every journey may look slightly different, there is a natural progression to achieve an ultimate automated state that starts small and builds to full on automation of network configuration and compliance management. By automating each function, IT teams must ensure a network is operating as designed and without interruption. Automation can enable businesses to move faster, while accelerating the pace of change on the network, allowing IT organizations to roll out new applications quickly. But, IT teams must first impose controls that ensure the network is stable and behaves as intended - from the data center to the cloud and out to the user edge. Then, configuration compliance can ensure that the state of the network aligns with the IT organization’s intent for that network, end-to-end.
When IT organizations are able to enforce configuration compliance via at least some automation in the data center, the cloud, the WAN, and the LAN, they are more likely to predict future success with network automation. By imposing configuration compliance controls end-to-end, network engineers and architects can be confident that their network will also comply with their intentions.
