Ben Byer • 00:05
Hi, welcome to Itential’s webinar on how to orchestrate unique SD-WAN configurations at scale with Itential. So we’re going to take some time today and look at common challenges for orchestrating and deploying SD-WAN at scale and how do you deal with that in the long term, right? And how do you sort of operationalize or finish operationalizing SD-WAN, right? If we look at some of the common challenges with SD-WAN deployments, SD-WAN is set up real great, it’s got profiles or templates for configurations that get pushed down. But you’ve got to go out and create those templates for every device that you’re going to migrate to. You can imagine if you’ve got hundreds or thousands of devices, that’s going to take quite a bit of time. You have to create those uniquely because every one of those devices has at a minimum a unique IP address.
Ben Byer • 01:04
There is some unique configuration that has to be pushed down that can’t be pulled out of a template. We’re going to talk about how we can do that in a quick and rapid manner. We’re going to talk about the activation process. We go through and we configure these SD-WAN devices, and then we have to migrate and we have to activate them. How can we turn that into something that takes a lot less work from maybe the network team or the NOC team, and turn that into a self-service activation process. And finally, we’ll look at how we manage SD-WAN in the long-term, looking at how we can track unique configurations. So sometimes unique configurations get put on a device.
Ben Byer • 01:49
How do we track that? How do we make sure that those unique configurations are where they need to be? How do we deploy that without a bunch of clicks? And how do we turn that into self-service, right? So those are kind of the challenges with SD-WAN that we’re going to be looking at and solving today with Hytentl. What we’re doing is, you know, we’ve set up a little demo here. So we’re going to start it.
Ben Byer • 02:10
Well, eventually we’ll start at service now to process these self-service requests. Hytentl platform will orchestrate those requests, track the changes in Lifecycle Manager, and then finally make those changes and then instantiate those changes on VeloCloud. VeloCloud is the vendor we’re using today for SD-WAN discussions. So we’re going to go through kind of the full lifecycle here of, you know, how do we build these, how do we activate them, and how do we operate them in the long-term? And so this is, you know, kind of a simple demo. It’s not crowded with every possible feature, right? Just to show you this process of how we build self-service network automation and orchestration.
Ben Byer • 02:53
All right, so let’s jump into it. So I’ve got my VeloCloud management console up here and we’re looking at different configurations, right? We’re not really concerned today about sort of the day-to-day operations and moving packets around, so to speak, but we’re really concerned on how do we configure this at scale and how do we manage this at scale in the longterm? So just kind of to orient you here, I have edges. This is what VeloCloud calls their routers. So these are routers that we have set up and notice that they’re set up on quick start profiles. I have a number of profiles here, quick start kind of default profile, but I’ve also created profiles for data centers, offices, and retail stores.
Ben Byer • 03:40
And we’ll be focusing on the retail store profiles today. The reason is, is because we’re looking to do this at scale, right? In a typical SD-WAN deployment, you may have a handful of data centers, a handful of offices, but hundreds of branches or thousands of remote sites that you’ve got to deal with. Retail store is pretty common for this, having that scale problem. We’re going to use the retail store profile here. This has some configuration that every edge that we create is going to get. That configuration is great, but it doesn’t have things like the unique IP addresses on it.
Ben Byer • 04:17
We’re going to look at how to deal with that and through that. But these are the parts we’re looking at, some of the profiles, and then here at the edges. That’s the base background of where we’re interacting here with VeloCloud, and we’ll see more as we go into this. The other half of this is really the Itential portion of this. I’ve brought up a SD-WAN branch management project here in Itensial. Let me point out some pieces and parts to this. This is the demo that I’ve created.
Ben Byer • 04:47
These first few workflows up here, all the way down to shared components. These are folders here and I have shared components and a bunch of different workflows that are created. These are all available from Itential from the Git repository where you can download and have this running. What are these? These are workflows that Itential has created to wrap the API functionality of VeloCloud. VeloCloud’s API is VeloCloud’s API. It’s got a bunch of different pieces and parts and you interact with them in a specific way. VeloCloud has taken those pieces and parts and wrap these together into some useful components.
Ben Byer • 05:35
It’s not just the API call to provision an edge, so to speak. It’s the entire workflow here where we provision the edge and we make sure that there’s no errors and things like that. We’ve built some error handling into this basic functionality and we’ve dealt with some of the data formatting. We start our project just by simply downloading the workflows from my potential, and then I make some demo assets here. These demo assets fall into two parts. One is I’m going to wrap these wrapper workflows again into what we call Lifecycle Manager workflows. These are the same type of workflows, it’s just that they interact with what we call Lifecycle Manager.
Ben Byer • 06:17
Lifecycle Manager is where we track the changes, where we track those unique configuration portions of the configurations that we’re pushing down. So that’s the portion of Itential that we’re going to use to track all of this unique configuration. So we wrap these wrapper workflows into some workflows to interact with how we track stuff. And then I’ve created a number of workflows down here at the bottom to actually perform the actions we want. So to create the edges in bulk, right? We’ve got a bulk create edge. We’re gonna activate the edge.
Ben Byer • 06:55
And then I’m gonna talk about, you know, building some business policies here, prioritizing IP addresses, right? And we’ll talk about that in a self-service manner when we get to it. That’s what we’ve done here in this demo to create it. These workflows right here, I’m not interacting particularly difficult interactions with VeloCloud API or anything like that. That’s already done up here. All I’m doing is putting together a handful of little pieces here. These are very easy to build.
Ben Byer • 07:25
They take 15-20 minutes, and I’ve essentially tooled up the VeloCloud API. Let’s see what that tooling up gets us. I’m going to flip over here to Lifecycle Manager. Lifecycle Manager is where we’re going to track the changes. I know I haven’t shown anything yet, we’re building up to it. But in Lifecycle Manager, I have a model. This is actually a description of exactly what we’re going to track.
Ben Byer • 07:55
Here for every SD-WAN branch location, I’m going to track the Edge ID. This is the secret ID that the API uses to identify that Edge. That’s something you’ve got to extract out of the API. We’re going to go ahead and track that so that we always have that and don’t have to take that extra step. We’re going to track the management IP. The management IP is that unique piece of configuration that has to be put down on every single Edge, VeloCloud Edge, before you can actually start doing anything with it. We’re going to track some firewall rules that we add.
Ben Byer • 08:30
We’re going to track some business policy rules that we add as well. These are the unique configurations that we’re adding to each edge. I’ve chosen to pick just these very small subset. We can certainly track every single possible variable and replicate all of what VeloCloud does, and we can do that here, but that’s not really beneficial to us. We’re just tracking the things that are hard to track across different configurations in VeloCloud, and then we’re going to operate on those. We have this model here, and I have a number of actions that I can do on this model, essentially create and delete and things like that. I can create an SD-WAN site, I can delete an SD-WAN site.
Ben Byer • 09:16
I can activate a site, right? There’s a one-step activation process that happens after you configure it, and we’ll show that. And I can add a business policy and of course set this management IP. I can have a lot of other uptake functions in here. I’ve cleaned this up and sort of narrowed this down to exactly the functions we’re gonna be working with here. If I flip back to where these functions come from, these are just the functions that I’ve set here. Here’s the create, the delete, activate.
Ben Byer • 09:49
I have an add and a delete business policy rule. I could have firewalls, I could have VLANs, I could have any of that stuff that’s available up here in the wrappers that Itential has written for VeloCloud. So firewall rule updates, VLAN updates, right? IP addresses on physical interfaces, all of this can be controlled out of here. You just gotta write these little wrappers here and put it into Lifecycle Manager. All right, so we’ve seen the actions that we can do on this model to build these configurations and push them to VeloCloud. So let’s start doing some of that.
Ben Byer • 10:30
So I come over here to Instances. I haven’t created anything. I’m going to go ahead and create a new SD-WAN site. I’m creating it right out of this interface. This isn’t typically how we’re doing this. We’re going to build up to a better interface, a better way to do this. Because right now, creating it here is functionally not very different from creating it on the VeloCloud website, on your admin console for VeloCloud.
Ben Byer • 10:58
I’m just moving the work. I’m moving it from one site to another. So we’re going to see in a moment how we can start pulling all this together. So I’m going to go ahead and call this Test Site. Notice I’m putting in just the bare minimum of things that I need here. I’ll put my name in and my contact email, Itential.com. And I’m going to go ahead and save this.
Ben Byer • 11:23
And what that’s going to do is kick off a process where Itential is now going to go out and create this test site on VeloCloud. I’m going to switch over here to VeloCloud. Here are the edges that I had created. I’m going to go ahead and refresh this, and we see that this test site has now been created. I’ve moved the cheese a little bit. Instead of having to go in here and add an edge, I’ve now moved that over to Itential, not a lot of great benefit yet. I want to point out one more thing here on this test site.
Ben Byer • 11:56
Notice that we’ve got a corporate VLAN setup and there is no IP address assigned. There’s nothing unique assigned to this test site yet. It’s all still just the configuration that it’s pulled down from the profile, which is the retail store profile. Notice I didn’t have to specify when I created that. I actually hard-coded that into my LCM wrapper workflows. Why? Because I’m using this only to ever create retail branches.
Ben Byer • 12:27
I’ve got this test site here. It’s created. This configuration is here ready to have things done to it. And notice that I’m also tracking this test site here in Lifecycle Manager. I want to point out that these other few devices that we’ve been testing on in our Atlanta lab and our professional services device, these don’t show up in Itential. I’m not tracking these, right? I’m using this to track my branch site.
Ben Byer • 12:55
So you’re going to have other sites there, office sites, data center sites. We’re not interacting with those. We’re only interacting with the sites that we’re deciding to interact with, right? Why are we doing that? Because we’re trying to offload the massive amount of work with those sort of retail branch sites, you know, that get stamped out. All right. So I’ve created this site here.
Ben Byer • 13:19
I can go ahead and view this. I’ve got the properties. Notice that I’ve stored my enterprise ID. This is, you know, sort of our unique login to the, you know, the ID that tells VeloCloud exactly which set of things that you’re using. I’ve got my edge ID. Remember, this is kind of that secret key we want to keep track of, the API identifier for each possible edge or router. And notice that my management IP is IP.set.
Ben Byer • 13:47
So I haven’t set that yet. I’m going to go into actions here and set my management IP. I’m going to give it, well, 10.10.10.1, and go ahead and click run. This is going to go now out and set that management IP. So this is the unique configuration that is now being set, right? Again, I haven’t particularly put these together, right, and sort of accelerated this, but this is going to go ahead and run. Well, it is running.
Ben Byer • 14:18
So let’s go ahead and look at this edge. Let’s see if it’s updated here. And we see that the IP address 10.10.10.1 has now been updated here. And if I flip back to Lifecycle Manager, I look at these properties here, and I see that we are now tracking 10.10.10.1. Great. So we’ve got everything set up here. We can now use Lifecycle Manager to create, make changes on these edge configurations.
Ben Byer • 14:46
We’re tracking those changes. We’re ready to go now and start getting some benefit from this. What do I mean by that? I’ve got a bulk create edge workflow that I created. It’s very easy. I’m going to pass in some Excel to this. I’m going to convert it to JSON and then I’m going to run a child job, which actually goes out, creates the edge, and sets the management IP interface. I’ve got a spreadsheet set up here.
Ben Byer • 15:15
And I’ve just got five different sites specified out on this, right? Branch site one through five, you know, some dummy contacts, you know, name and email. And I’ve got unique IP addresses put on all this. So when I think about, you know, the common use case of, you know, migrating to SD-WAN, you’ve got to configure hundreds of devices. A lot of people have a spreadsheet with IP addresses and site names and things like that. This is fairly common and easy to generate. But you don’t want to spend the time and go through and click through the VeloCloud interface for days on end, you know, hey, put this IP address in.
Ben Byer • 15:58
You’re going to make a bunch of errors, things aren’t going to go well. So this is how we’re going to automate this. We’re going to take this set of branches here, and we’re going to go ahead and bring these branches in. So in operations manager here, I have a SD-WAN. All right, so here in Operations Manager, this is the portion of Itential which actually kicks these workflows off. It keeps track of who’s running it, has permissions created on this. I’ve created a trigger here that allows us, it’s a manual trigger, it allows me to upload something in a form.
Ben Byer • 16:35
In this case, this form is going to allow me to upload my Excel spreadsheet. I’ve got my Excel spreadsheet with all of my branch definitions on here. I’m going to go ahead and drop that in. I’m going to go ahead and click ”Run Now”. This opens up Operations Manager view here that’s actually going to show my workflows running. I’m already into my bulk create edge workflow. We’ve gone through and taken that Excel, parsed it, we’ve queried it out, fixed up the JSON, we’re running the child jobs.
Ben Byer • 17:09
We’ll see over here, now we look at the edges. We’ve already got through three of them. They’re already set up. The other two are coming. Takes a moment to go through this. If I look through here, I see that I’ve got the IP addresses, the unique IP addresses all set up. Now we’ve gone from, hey I’ve just moved the interface from the VeloCloud portal to the Itential portal, to now we’ve taken that move and orchestrated that together. We put these two steps together and we’ve eliminated a lot of this process, this manual process that is very time-consuming and error-prone of setting all these ups or setting all these sites up. So now I’ve got all five branch sites here. If I go ahead and look in Lifecycle Manager again or refresh this and I’ve got all five branch sites here and notice now that I’ve also got the management IP, this piece of unique config that we’re tracking through this. So that’s how I can go through and orchestrate and automate the creation of all my configurations. If you think about doing this for hundreds of sites, thousands of sites, that’s very time-consuming, done in a matter of a couple hours to set these workflows up here.
Ben Byer • 18:29
All right, so now we’ve got all this set up. I’m going to go into this edge. I’m going to take a look at this edge, branch one. I’ve got my configuration on it. It’s ready to go and I’ve got to send an activation e-mail. This is the portion of VeloCloud administration where you have to go and say, okay, I’ve got this configuration. I’ve got a box, a physical box.
Ben Byer • 18:51
Let’s get that configuration on the physical box and get it moving packets. That’s what this send activation e-mail does. It sends an e-mail to the tech on site. Whoever’s plugging stuff in, they use that e-mail to click a button. It’s got a link in it and that goes ahead and pulls the configuration for that edge down. I would have to go through here. We’ve configured everything in an automated fashion, but now when the tech goes out on site, they’ve got to go out and someone’s got to send them this activation e-mail and go through this migration process.
Ben Byer • 19:27
Again, it’s another point of time consumption. You’re almost certainly not going to give the on-site techs access to go in and do this themselves in the VeloCloud admin. How do we get this to be self-service? I’ve built that workflow that takes the activation process. It takes some information and it goes and sends that activation e-mail out. Great. I don’t necessarily want my on-site techs to have to log in, you know, to Itential, right? A lot of them are used to coming in and logging into ServiceNow.
Ben Byer • 20:03
So now, Itential has a plug into ServiceNow. I’ve built a form here in Operations Manager, activate SD-WAN site. If I click this run now, it asks me for my site, it asks me for my email address, and we’ll go ahead and send that activation email. But now I’ve got this up in ServiceNow, so I don’t even have to grant access to the on-site tech to go out and run this workflow from Itential. We’ve got this already populated here in ServiceNow. So I’m going to go through and select a site I’ve got all the sites that you know, we’ve got built and that we’re tracking. It’s not tracking. Remember there’s there’s a handful of Edge devices in that configuration that we’re actually not tracking. I’m gonna go ahead and pick branch site one I’m gonna put my email address in run this automation. It’s gonna kick off It does take a couple minutes to get through. Oh, it ran the automation. Great. Thank you It does take a couple minutes to run through I ran this earlier I’ve got this email here And so now I’ve got my VMware VeloCloud edge activation email, right?
Ben Byer • 21:16
This is set up for branch one, says that somewhere in here, I thought. Oh, for branch site one right here, all I have to do is bring this up on my phone, connect to the back of the device, bring this up on my laptop, connect to the back of that edge device, click this link, and it will go out and get its configuration and turn on, right? So this is the activation part of deploying VeloCloud. You can imagine that activation is actually more difficult than just plugging a new box in, right? You can imagine that maybe at a very minimum, I want to take my monitoring system and have it not monitor while I swap that over, but you probably also want to turn down, you know, another device, switch routing over, do some other things as well. Itential is an orchestration platform, that simple workflow that I built for edge activation, we can put those other steps in there as well, right? It’s a multi-domain, multi-system, you know, Itential is a multi-domain, multi-system orchestration platform.
Ben Byer • 22:22
So if I need to go in and say, okay, we’re going to go do that activation email, and now I need to make sure that we also, you know, turn off monitoring for the next hour and then turn it back on, that’s something you just put in that workflow as well. All right, so now we’ve activated the branch site. We’ve gone through this. It’s gone through, we’ve still got our unique properties here. Let’s take it up a notch. How do I manage this at scale long-term? Things are going to get configured on each of these edges long-term that may not.
Ben Byer • 23:04
I don’t necessarily want to go in and use the VeloCloud interface to do these configurations, to make these configuration changes. All of those configuration changes are going to be buried in three or four screens. How do we get that unique configuration? How do we track that unique configuration? Get it all in one place. How do we enable customers to really self-serve? To go through and get the services they need, and do that on their own terms without having to essentially engage the network team all the time.
Ben Byer • 23:40
So I’ve created a small service that I call it Prioritize IP. So you can imagine if you have a lot of retail sites, brand sites, something like that, maybe the C-level folks are going around and doing events at each site, or maybe you have training that’s running at each of these sites. Or maybe you’re running a trial and you have third-party ATM machines in there or something like that. This service simply allows you to go through, pick an IP address or specify an IP address and say whether that should be high, medium, or low priority. That’s it. It adds a business policy. I’ve created, if we go back to my automation studio, we’ve got a full wrapper for creating and deleting business policies here. I’ve built a full wrapper for creating and deleting business policies.
Ben Byer • 24:35
It will handle every option in a business policy. I guess I should pause and point out kind of what a business policy is, right? So if I look in here in my edge on VeloCloud, VeloCloud has a lot of business policies that essentially specify how traffic is going to move, right? So we see that box.com is marked as file sharing and this is going to be high priority and it’s bulk traffic, right? So there’s a lot of options here that I can go through and create on a business policy, right? Demo policy, I go through and hey, does this work for IPv4? Maybe I want to pull it from VLAN 1.
Ben Byer • 25:17
Here’s VLAN 1, source ports. I can put ports in. Here’s my actions, high, medium, low, do I send it right? I have all options here when I go through and create this, we go through these changes. Now I’ve created this custom policy. This one doesn’t particularly do much. It says that corporate traffic is normal priority. But I’ve gone through and I’ve created this policy.
Ben Byer • 25:41
This policy is buried. I go through, I’ve got to go into each edge to find out business policies that maybe override things. I can go through, I’ll delete this policy, it’s fine. How do we do this at scale and how do we track where these are? I go here to service now. I want to have this service where anyone can go in and prioritize an IP route. Probably I don’t want to let anyone go in and do this.
Ben Byer • 26:11
But I want to allow maybe a certain set of users to go in and be able to change the priority on an IP address. Again, this might be for a temporary thing. Hey, make sure that this presentation. Laptop out here is high priority, right? So we’ll go in again, we can select our site, right? We automatically populate that up. I’ll go ahead and put it in an IP address.
Ben Byer • 26:34
I don’t have any checks on these IP addresses. It’s just a demo, but you could go in and say, hey, maybe we only let IP addresses from the VLAN that has the ATMs on it or the VLAN that displays video, right? Has video stuff on it. Maybe we only allow IP addresses from there, right? So you build in the guardrails. This is how self-service networking really works is the networking team builds in the guardrails, right? I don’t have every option on here.
Ben Byer • 27:03
You can’t change the path and you can’t change the routing. You can just pick the two items here, an IP address and the priority. that are important to providing this as a service, right? So this is kind of a fundamental concept of self-service networking, is I don’t have something up here that says, hey, you’re gonna make a business policy. Here’s 14 options, here’s 20 options, right? I have just the options needed to create this particular policy. I have the guardrails in place here to offer this as a service, right?
Ben Byer • 27:38
Very easy to get to that point where you can start offering services to your constituents, services to your users, where they can consume network resources, make policy changes, make configuration changes, but you’ve put the guardrails around it, right? So I’m gonna go ahead and kick off this automation. I’m gonna run this automation. We’re gonna jump over here to, it’s actually gonna run this add business policy automation. If now I look at the properties, right? What I’m tracking here for Brampt site one, I’m now tracking a business policy rule.
Ben Byer • 28:19
It’s got a source IP address and the policy that we’ve put in. I’m tracking all of this in one place. It’s not buried anymore. It’s not buried in 15 different screens. It’s all right here in Lifecycle Manager. If I need a report that says, show me every unique business policy configuration, boom, it’s all right here. We don’t have to dig through everything.
Ben Byer • 28:43
We don’t have to mine the API of VeloCloud to kind of figure this out. It’s all right here. So we’re tracking this. I’ll pop over here to, we’ll go ahead and refresh and look at this edge site here. Now I look at the business policy. I have this prioritize IP rule. This was put in.
Ben Byer • 29:03
So this is done in a self-service manner. It’s done with guardrails in place so that now the users can get network services without having to go through and really bother the network team, right? It takes a lot of time off the network team. Again, this was a couple hours to set up, right? The most part of that setup is figuring out exactly what your guardrails are and figuring out exactly what you wanna offer as a service. Itential makes it incredibly easy to take these down and dirty API manipulations and build this into something that looks really easy. My prioritize service, I get the resources by name, right?
Ben Byer • 29:45
We’re passing the name of the branch in. I get that resource and I run that action. This takes 10, 15 minutes to set up. To sum up, this is what we’ve built here as a demo for VeloCloud. To sum up, SD-WAN is great. It’s solved a lot of problems for a lot of customers. How do I manage stuff at scale, but still a little rough around the edges?
Ben Byer • 30:10
How do I manage those unique configurations at scale? How do I get the IP addresses on? How do I turn this into more of a self-service networking environment? That’s what Itential does, right? We’re able to bulk create and do all those configurations as complex as you want, self-service to the activation and migration process, and self-service and track those unique changes across time and across the environment. So, thank you for joining us, and yeah, I hope this was helpful and informative for you.
