Case Study

How a Global MSP Is Bringing Agentic Change Management to Regulated Network Operations with Itential

Multi-agent orchestration, AI-authored change documentation, and built-in safety controls across BGP change operations – agentic AI introduced into a regulated change process without giving up the audit trails, validation gates, and human oversight that made it defensible in the first place.

The Challenge

BGP change management across a highly regulated managed services environment relied on manual configuration validation, manual ServiceNow ticket authoring, and manual conflict detection. A deep bench of CCIE-certified engineers was being consumed by repetitive change work rather than strategic engineering.

The Solution

FlowAI and the Itential Platform delivered a governed, multi-agent framework where validation, ticket authoring, conflict detection, and execution each ran as a purpose-built FlowAgent inside the same deterministic workflow, with audit and approval applied at every step.

Why Itential

Chosen for the deterministic-plus-agentic execution model, native API integration with ServiceNow and network infrastructure, multi-tenant Itential Gateway architecture for MSP operations, and platform-level governance built for regulated environments.

The Challenge

When Manual Change Management Consumes the Bench

A global managed services provider operates across multiple regions, supporting enterprise customers in financial services, retail, and manufacturing. The provider’s engineering organization includes one of the largest concentrations of CCIE-certified network professionals in the industry, a bench managing critical infrastructure in deeply regulated environments where every change requires documentation, validation, and second-set-of-eyes review.

That depth of expertise should translate to strategic capacity. Instead, it was being consumed by manual change work. Engineers were spending the majority of their time validating BGP configurations against current device state, manually drafting ServiceNow change requests with implementation plans, test procedures, and backout plans, and coordinating change windows across overlapping requests on the same devices. Multiple engineers per change was the norm, not the exception, not because the work required it but because regulation demanded the documentation, validation, and review that a manual process could not streamline.

When AI entered the conversation, the question was not whether AI mattered. It was whether AI could be introduced into a regulated change process without giving up the audit trails, validation gates, and human oversight that made the existing process defensible in the first place.

Three Fault Lines Beneath the Process

Each gap blocked the path to scaled automation, and made it impossible to safely introduce AI on top.

Validation Without Visibility

Engineers manually validated every proposed BGP change against current device configurations and routing tables. Conflicts like duplicate advertisements, routing overlaps, and redistribution issues often were not surfaced until after the change was implemented, making rollback an active operational risk rather than a documented procedure.

Documentation as Bottleneck

ServiceNow change request creation required engineers to manually author implementation plans, test procedures, and backout plans for every change. The administrative load was substantial, and it scaled with every new change request rather than every new engineer.

Conflict-Blind Scheduling

When multiple change requests targeted the same device, there was no automated way to detect overlap or sequence execution. Teams had to choose between delaying changes or accepting the risk of simultaneous execution, neither option acceptable for a regulated MSP serving multi-tenant customer environments.

I’m glad you guys adapted to this very early. Now it allows us to simplify and shrink a lot of these things.

Network Operations Lead

Global Managed Services Provider

The team did not want another vendor pitch. They wanted to bring AI into their change process safely, on infrastructure their own engineers had built and would continue to run.

Why Itential

Why They Chose Itential

After a comprehensive evaluation of multiple network automation vendors, the provider selected Itential to bring agentic capabilities into their existing operating model. Six capabilities sat at the center of the decision, together giving the team a governed foundation for both deterministic execution and agentic operations.

An Orchestration Foundation Built for Both Humans & AI Agents

Six capabilities sat at the center of the decision, together giving the team a governed foundation for both deterministic execution and agentic operations.

Explore the Platform

A Governed Execution Layer for AI Action

AI agents need a deterministic, auditable execution surface beneath them, or they cannot be deployed in regulated infrastructure. Itential provides exactly that, with policy enforcement, access controls, and approval gates that apply identically whether an action originates from a human or from a FlowAgent.

Native Integration with ServiceNow & Network Infrastructure

The Itential Platform integrated with ServiceNow for bidirectional change request management, network devices for configuration and routing intelligence, and the broader operational stack through native API ingestion, with each integration also exposed as a tool to FlowAI agents.

Multi-Tenant Itential Gateway Architecture

As an MSP, the provider required strict separation of customer data and configurations across customer environments. Itential’s Gateway model gave the team a single platform with per-customer gateways, supporting both shared services and customer-specific operational policy.

Spec-Driven Development for Domain Experts

Itential’s published Builder Skills allowed engineers to author agents from plain-language intent rather than coding new automation from scratch. Domain experts could ship working agents directly, without a translation layer or engineering handoff.

Platform-Level Governance Applied to Agents

RBAC, audit logging, secrets management, approval workflows, and SSO applied natively to every agent action. Every decision was traceable, every change auditable, every approval recorded, meeting the documentation requirements of the provider’s regulated customer environments.

Deployment Flexibility for an MSP Operating Model

Availability in both cloud and on-premises deployment models gave the provider the ability to match each customer’s deployment posture, whether a cloud-first enterprise or a regulated environment requiring on-premises control.

Platform Approach, Not a Point Solution

Unlike single-purpose AI tools, Itential offered a comprehensive platform that integrated with existing systems and any future system with an API. The same platform supports today’s BGP change use case and tomorrow’s firewall, compliance, and troubleshooting workloads, with per-step token consumption exposed at the agent level for cost visibility over time.

Token Consumption Visibility

Per-step token consumption was exposed at the agent level, giving the team the foundation to track agent cost over time, identify high-cost agents, and convert stabilized patterns into deterministic workflows when appropriate.

The Solution

4 FlowAgents, 3 Use Cases, 1 Governed Multi-Agent Workflow

Over the course of the engagement, the provider’s engineers, supported by the Itential team, built four specialized FlowAgents, deterministic workflows that orchestrated them into end-to-end change flows, and a safety architecture that demonstrated AI could block a flawed change even after a human had already approved it.

BGP Configuration Validation Agent

Retrieves the full device config and routing table, analyzes proposed changes against current state, and flags duplicate advertisements, routing conflicts, and redistribution issues. Outputs a recommendation with justification and an auto-generated rollback procedure.

ServiceNow Change Request Authoring Agent

Generates complete ServiceNow change requests from validated change data, authoring the implementation plan, test procedures, and backout plan, with categorization, workflow assignment, and ticket status all set automatically.

Duplicate Change Detection Agent

Queries ServiceNow for scheduled changes, filters to isolate BGP work, and separates unique from duplicate requests by target device, making conflict-aware scheduling possible without manual cross-referencing.

Scheduled Change Execution Agent

Processes approved changes on schedule, executing across devices in parallel and sequencing duplicates with configurable delays. Status updates route to ServiceNow at each step, with errors auto-flagging tickets for review.

Implementation plan, testing, and back out, all through AI. All of that was done by the AI.

Network Automation Lead

Global Managed Services Provider

The Outcome

Bringing AI into Change Management Without Trading Off Control

The engagement validated that agentic operations could be deployed inside a regulated MSP change process without losing the audit trails, validation gates, and human oversight that the existing operating model required. Four working FlowAgents, a complete multi-agent orchestration, and a demonstrated safety override of a flawed human approval proved the model.

4

FlowAgents Built

Spanning BGP configuration validation, ServiceNow change authoring, duplicate detection, and scheduled execution.

3

Use Cases Proven

Configuration validation, AI-authored change documentation, and conflict-aware execution scheduling.

Deep

CCIE Bench Freed for Strategic Work

Skilled engineers released from manual change validation and ticket drafting to focus on architecture and customer engagement.

100%

Safety Override on Flawed Approval

A FlowAgent blocked execution of a configuration error after the change had been accidentally approved upstream.

AI-Ready Foundation for FlowAgents

With governed, vendor-agnostic orchestration as the execution layer, the organization is positioned to deploy FlowAgents on their highest-complexity workflows – with the audit trail and policy controls enterprise AI operations require.

What’s Next

From BGP to the Rest of the Change Surface

With multi-agent BGP change management validated against the live environment, the team is expanding agentic operations into firewall rule creation and cleanup, port troubleshooting and validation, and unused firewall object detection. Use cases the team has identified as the highest-leverage extensions of the multi-agent pattern proven during the engagement.

Additional focus areas include knowledge-base integration of internal compliance and standards documentation for agent reasoning, automated hardware and firmware validation for emerging infrastructure programs, and extension of the multi-agent operating model across the provider’s full engineering organization and customer base.

Keep Learning