Top 10 Network Automation Use Cases

Challenges facing today’s enterprises and how Gluware is keeping their networks working

Gluware’s intelligent off-the-shelf automation software delivers the features, simplicity and reliability organizations seek today to manage their complex, multi-vendor networks and enhance their time to value. Gluware’s powerful layer of intelligence is designed to bring disparate, multi-vendor systems together so IT can safely, securely and cost-effectively accomplish critical tasks including device inventory, drift detection, network audits, OS upgrades and configuration management. To prevent network outages, manual errors and security issues, enterprises look to Gluware for an intelligent approach to automating their mission-critical networks.

Explore these top network automation use cases and the IT challenges they present to enterprises today. Then explore the ways that Gluware network automation is solving these problems for organizations with complex, multi-vendor networks:

  • Enhance Security
  • Minimize Downtime and Outages
  • Enable Compliance
  • Accelerate Cloud
  • Network Optimization
  • NetOps Agility
  • Lifecycle Management
  • OS Management
  • Inventory and Assessment
  • Consolidation and Integration
Network Security

Enhanced Security

Ensuring network security is the #1 use case of our customers. Gluware works on multiple levels to help ensure security for your network from identifying bad acts with the Gluware Drift and Audit app to remediating change with Config Modeling and patching vendor issues with OS Manager. It is critical to work with a solution that can go out into your network to find violations and make changes using each vendor’s unique CLI with common policy enforcement for features like authentication, access control-lists, SNMP, password management, and more.

Challenges

  • Vendor vulnerabilities
  • Configuration integrity
  • Configuration management
  • Need for rapid response

Gluware Solutions

  • Deep discovery and inventory management
  • Assess the operating systems running on network devices including integration with Cisco support APIs for knowledge of vulnerabilities (PSIRTs issued)
  • Automate OS upgrades, patches and downgrades to ensure that you are only running stable, reliable, approved software in your network
  • Automate network configuration related to security including authentication, password management, ACL policies, etc.
  • Deploy new security features like Network Admission Control (NAC) on switch ports
Minimize Downtime and Outages

Minimize Downtime and Outages

It is estimated that Network Operations spends 80%+ of their time troubleshooting issues. Networks are built over many years and most have significant technical debt which is made up of unnecessarily bloated configurations since changes are often added and rarely cleaned up. Most network change are still performed manually as well resulting in manual errors that lead to inconsistencies and outages. Implementing network automation to inventory, monitor change, audit and enforce consistent configuration policy can eliminate errors and reduce outages in most cases by 90+%.

Challenges

  • Manual errors
  • Legacy management products
  • Unauthorized changes
  • Manual troubleshooting
  • Manual processes

Gluware Solutions

  • Standardize operating systems running on network devices ensuring only approved software images are running
  • Continually monitor network for configuration changes and notify when, and exactly what changes have been detected
  • Perform initial audit for ‘out of policy’ configurations
  • Automate network policies by feature to ensure approved configurations
  • Preview automated changes before applying
  • Automate troubleshooting processes
  • Convert manual procedures and processes to automated workflows
Network Automation Use Cases | Enable Compliance

Enable Compliance

Compliance and conformance to company and 3rd party standards are critical to most large enterprise especially for public companies in regulated industries requiring SOX compliance, to financials requiring PCI-DSS and healthcare requiring HIPAA and FDA among others. Implementing the ability to audit and ensure compliance is an integral component to satisfy 3rd party auditors to meet requirements.

Challenges

  • Paper company policies and standards not implemented on the network
  • Requirement for 3rd party compliance (HIPAA, PCS-DSS, SOX, etc.)
  • Need for ad-hoc audits related to vulnerabilities
  • Ability to audit hardware inventory and operating systems running as well as the configuration components running on each device

Gluware Solutions

  • Audit the hardware inventory and running operating systems
  • Easy to create CLI and RegEx based rules
  • Internal, 3rd-party and ad-hoc audits
  • Automate ongoing config audits
  • Automated ongoing monitoring of config changes
  • Implement standards-based configs
  • Zero-Touch-Provisioning (ZTP) to implement correct configs from the start
  • Automate changes across the network
Accelerate Cloud

Accelerate Cloud

Enterprise IT is moving towards a “cloud-first” strategy, consuming Software as a Service (SaaS) and moving workloads to the cloud via Infrastructure as a Service (IaaS). SaaS and public cloud infrastructure have proven to help agility, scalability, availability and either save cost, or at least align cost with consumption. Enabling an entire enterprise company to move from on-premises services, like mail servers and storage, to SaaS based services, like Microsoft 365, can mean significant changes to network traffic patterns, potentially requiring a network re-architecture – or at least a re-configuration.

Challenges

  • Strategic business need
  • Direct impact on network
  • Change in traffic
  • Internet breakout
  • Distributed security
  • Manage network policy as it extends into public cloud infrastructures

Gluware Solutions

  • Inventory and Assessment
    • Get to a known state
    • Plan OS upgrades to enable features
  • Automate OS Upgrades/Downgrades
  • Config Management
  • Automate:
    • Network-wide QoS for backhaul
    • SNMP and NetFlow for monitoring
    • Local-breakout for Internet
    • Distributed firewall rules
    • Public multi-cloud network infrastructure
Network Optimization

Network Optimization

Network technical debt is the accumulation of aging devices, old operating systems, unnecessary or partial configurations, and variances in deployments. This technical debt increases the cost of maintaining and operating the network. In some particularly bad cases, the debt decreases productivity across the entire organization, which can be invisible and incredibly expensive. The cost to the organization is like a tax or interest paid on the technical debt. Automating the network is a critical step to optimize the network through the inventory of all the devices running on the network, standardize on platforms and operating systems and minimize configuration complexity while enforcing standards.

Challenges

  • Strategic business need and impact on the network
  • Ongoing inventory of all devices on the network
  • Change in traffic requiring configuration change
  • Internet reachability and policy
  • Distributed security

Gluware Solutions

  • Inventory and Assessment
  • Get to a known state
  • Plan OS upgrades to enable features
  • Automate OS Upgrades/Downgrades
  • Config Management
  • Automate:
    • Network-wide QoS
    • SNMP and NetFlow for monitoring
    • Local-breakout and related config for internet access
    • Distributed firewall rules
NetOps Agility

NetOps Agility

Business requirements are constantly changing, and the IT organizations must have the ability to be responsive to not just common and standard change requests, but to unplanned changes as well. Network changes implemented manually or that require the development and testing of scripts will significantly impede the agility of an organization.  Outsourcing network changes also often comes with significant delays and cost. Enabling a NetOps organization with advanced networking automation technology that does not require all the manual building and skill set development will accelerate changes enabling agility to meet business needs.

Challenges

  • 7-10 days for network changes
  • Manual and reactive processes
  • Siloed expertise, serial workflows
  • Delays due to outsourcing
  • Delays due to script development, testing and maintenance

Gluware Solutions

  • Intelligent Model Discovery (IMD) – build automation policy from current configurations
    • Rapidly automate reference features
  • Native CLI support for config standards
  • Multi-tenant platform
    • Quickly move from test to production
  • Config Management
    • Automate network-wide changes
    • Preview change
  • Workflows
    • Customized stepwise execution of common tasks
Lifecycle Management

Lifecycle Management

Network automation is sometimes thought of only in the context of an initial configuration or a limited, scripted day 2 change. It should be thought of in the context of full lifecyle management of each network device and the services running on top of the network.  The most challenging component is starting with automating the currently deployed “brownfield” network and getting to a known, good state.  Lifecycle management involves automating the initial deployment along with all related moves/adds/changes the business requires.  This ranges from low-level policy changes to new end-to-end service deployments. Network automation is the key enabler to lifecycle management.

Challenges

  • Initial provisioning of device
  • Staging of OS
  • Ongoing moves, adds and changes
  • Upgrade/swap of devices

Gluware Solutions

  • Config Management
    • ZTP or “advanced” provisioning
    • Model entire configuration, or start small
    • Centralized control
    • Version control
  • Ability to automate vendor/device swap
  • Automate OS upgrades
    • Advanced network-wide updates
  •  Workflows
    • Customized stepwise execution of common tasks
OS Management

OS Management

Upgrading network device firmware/software is a task that IT operations often avoid, given that it introduces change—and therefore risk—and it requires a highly-coordinated effort to minimize downtime. IT organizations often try to limit firmware/software changes such as OS upgrades on their network equipment to once a year and, for many, it can be a costly and arduous process. Network operating system changes are driven by: vendor vulnerabilities, new required feature-set and versions going end-of-support. The security vulnerability is often the most urgent requirement which forces an IT team to plan and execute an upgrade to minimize risk. These days security vulnerabilities are on the top of the priority list for IT leadership. This is because high profile hacks can negatively impact a business financially, operationally and publicly. Any delay in addressing a known vulnerability will reflect poorly on a company, especially if it is exposed and impacts business continuity. This drives the requirement for NetOps to be able to automate network OS changes much more frequently to minimize risks.

Challenges

  • Vendor vulnerabilities
  • Requirement for new features
  • OS going EOS/EOL
  • Risky manual process for upgrade

Gluware Solutions

  • Device Manager
    • Inventory and assess
  • OS Manager
    • Automate global FW/SW updates
    • Provides centralized organization and control
    • Eliminates manual, error-prone processes
    • Performs pre-checks and post-checks
    • Distributed file server
    • Can integrate drift snapshot and state assessment
Inventory and Assessment

Inventory and Assessment

You must know what is in a network before you can manage it. The inventory should be complete and accurate. If you miss tracking a device, it could allow a black hat attacker to gain unauthorized access to the network. In addition to knowing your network devices, you will also want to identify rogue devices – unauthorized network hardware, firmware or software like wireless access points and switches under desks. As many network executives, architects and operations teams know, these can be real-world vectors for enabling dangerous cyber-attacks or data theft. The process of conducting network inventory consists of several steps, typically performed by different systems: device discovery, hardware and software inventory and using the inventory data to drive best practices.

Challenges

  • No accurate source of truth
  • Lack of standards enforcement
  • Keeping up with vendors
  • Overlooked fundamental step

Gluware Solutions

  • Run real-time discovery
  • Get to a known state
  • Plan OS upgrades to enable features
  • 3rd party API calls for Smartnet, EOS/EOL, PSIRTs (Cisco)
  • Automate OS upgrades/downgrades
  • Configuration audits
  • Audit for config statements related to PSIRTs
Consolidation and Integration

Consolidation and Integration

When performing discovery with NetOps teams with regards to what tools and systems they use for network management – there is no shortage. This is a significant part of the problem they face is that there are many fragmented solutions for specific vendors or specific purposes and this is made up of commercial legacy and vendor tools as well as home-grown solutions that have been integrated over years. These existing legacy tools and processes often impede the ability to implement change and significantly move the needle when it comes to network automation. With the current demands on IT operations, it is time to consolidate and modernize network management and automation. Modern technologies like intent-based networking, data-modeling and API integrations must be embraced to meet business needs for agility and security with stability.

Challenges

  • Multiple legacy tools
  • Too many manual processes
  • Home-grown scripts
  • Management systems to integrate

Gluware Solutions

  • Multi-vendor, multi-platform
  • Unify management across vendors
  • Ability to co-exist
  • Automate as much, or as little as you want to get started
  • API integrations
    • Ability to rapidly integrate 3rd party API calls
    • Gluware has a published API so 3rd party systems can interact programmatically