Today’s network landscape has introduced a wide range of new technologies and challenges that come along with them. One of the biggest challenges teams are facing is the lack of tools available to effectively manage configuration compliance across their entire network infrastructure. In fact, a recent survey from Itential and EMA Research revealed that only 34% of network management professionals are completely satisfied with their tools and processes they use for network configuration management.
That’s why I was very excited to showcase Itential Configuration Manager in a recent live webinar as part of our Modern Network Compliance series. During this webinar, viewers got a full demo of how our product solves the challenges that network teams discover while using the current tools that are holding them back from successful network automation.
The starting point for most network teams is the process of ensuring the network is brought into compliance so there is standardization across each type of network device, as the network shouldn’t be comprised of snowflake devices, where every configuration is unique and different. A key capability of Configuration Manager is the ability to quickly accomplish this across your traditional CLI-based network as well as your API-based network solutions in the same application. In addition, automation is tightly aligned with the Configuration Manager application, so we showed how easy it is to start building compliance automations that meet your precise needs.
Federated Inventory
Your network today is made up of many different network elements, and any one of those elements can be physical devices, virtual versions of physical devices, or cloud-based network services of some kind. Each of these types of elements may be managed differently – directly through CLI or using an API through a controller or orchestrator. Yet in order to properly deliver an application or a service across the network, these different network elements must be configured to work together. With a federated inventory available in a single platform, you have the ability to quickly identify network devices, group them, configure them, and automate them as a whole.
Configuration Backup
Network teams are already aware of how important it is to have a recent backup configuration of their network devices. Anyone who has spent time in the network trenches can remember a time when having a backup configuration helped to resolve an outage quickly, and you can also probably remember a time when not having a backup configuration prolonged an outage. In Configuration Manager, every device in the federated inventory can quickly have its configuration backed up, including API-managed network solutions or services. API managed network elements have their configurations expressed as JSON formatted objects, but they still accurately describe how a networking service is configured and allows for network engineers to quickly understand how an API-based network service, like an AWS VPC, is configured just as they can look at a CLI configuration for a network router. When you have the ability to manage configurations for CLI and API network infrastructure, you can now build compliance rules for those configurations.
CLI Golden Configuration
A Golden Configuration is a template based on a device configuration, that represents the current standard for that device. It defines a standard of what a device configuration must have and what a device configuration must never have. These standards originate from many different sources – regulatory guidelines, security requirements, or best practices to name a few, and typically define features that involve security, performance, and reliability. As an example, you should never allow any unencrypted in-band management services to a network device (a standard that originates from regulatory guidelines, security, and good old common sense/best practices). That general idea needs to be defined in the specific CLI configurations of multiple devices.
API Golden Configuration
With the Golden Configuration feature, teams have the ability to quickly define these rules in the standard configurations for any type of device. As in our example, if you are defining a configuration for a Cisco Router you can disallow the appearance of “ip http server,” and getting started is easier than you think – you can load a live configuration from a device and use it as a starting point to build your Golden Configuration. Compliance is a necessity across the entire network, which is why we built the ability for network teams to define and enforce Golden Configurations for API managed network solutions and services as well. This allows you to ensure that controller-based solutions like SD-WAN and wireless are also operating under the same compliance standards. APIs for cloud-native network services like VPCs, transit gateways, and security groups are also supported for multiple cloud platforms, so the network team can also ensure compliance across cloud infrastructure as well.
Network Automation
At the end of the webinar, I demonstrated how quickly network teams can start building compliance automations based on the work they’ve done in Configuration Manager. At Itential, we speak a lot about how quickly network teams can get started automating, but it’s important to show that in action. All the features and functionality in Configuration Manager are directly available to be automated in Itential Automation Studio – an application that allows a network practitioner to drag-and-drop tasks onto a canvas, connect them together, and create automations without writing any code. Once the network team starts using Configuration Manager, it becomes the foundation to start building automations. As an example, we showed how a single task to back up a device configuration could be automated and then extended that to build an automation to back up a group of devices that were defined in Configuration Manager. From here, network teams can start developing automations which can include integrations into IT systems like ServiceNow, Infoblox, or Slack to reduce manual “swivel-chair” processes and increase efficiency.
This is what makes the Itential Automation Platform so revolutionary – it enables network teams to get their arms around the entire network, on-prem and cloud, and drive compliance all while addressing the skills gap around building network automation, giving them the fastest way to do both. By accomplishing this, network practitioners finally have the tools and the skills they need to drive innovation within their network domain, which is exactly what is needed in today’s fast moving, modern IT environment.
To see the full demo in action, check out the on-demand webinar here. You can also check out a short demo video of Itential Configuration Manager here.
Rich Martin
Director of Technical Marketing ‐ Itential
Rich Martin is the Director of Technical Marketing at Itential. Previously, Rich has worked at several networking vendors as a both a Pre-Sales Systems Engineer and Systems Engineering Manager but started his career with a background in software development and Linux. He has a passion for automation in the networking domain, and at Itential he helps networking teams to get started quickly and move forward successfully on their network automation journey.
