By Michael Haugh
Recently, Gartner published a paper titled “Innovation Insight for Digital Twin Tools for Enterprise Campus Networks” (ID G00723651, June 26 2020), offering an analysis and sharing uses and benefits of using products that can create a “digital twin” of the campus network.
Gluware was referenced as a representative vendor with a commercial offering for the digital twin. The Gluware “digital twin” implementation is based on defining the Infrastructure as Code (IaC), JSON-based data models and orchestration engine components to process those data models. As the Gartner example mechanism mentioned, Gluware connects with the actual enterprise network to collect data and, depending on how it is used, can update network policies or other critical information.
Gluware first ingests the data from the network to enable assessment
Gluware® Device Manager
For network device information, performing a “crawl” of the network devices is required (using ARP, CDP, LLDP), identifying all the IP addresses that are connected to the network. Next, each device is interrogated using a device detect capability to extract out all the required system information. This includes the device type, vendor, operating system (OS) OS version, serial number, SKU and more. The data captured can be searched, filtered, and sorted to provide perspective on the inventory. Gluware also perform checks of the SmartNet contract status, End-of-life/End-of-sale and PSIRT (security advisory) information for the Cisco API Console.
Config Drift and Audit
If the customer chooses to use the Gluware Config Drift and Audit application, Config Drift will perform a capture of all the config information (keeping historical captures) and enables a notification of change and visual comparison highlighting exactly what has been added, removed or changed in each device configuration.
Using Gluware Config Audit, no-code policies can easily be defined for “required” and “forbidden” statements, using regex to handle variables. These policies can then be used to scan through all the collected configurations (or a real-time scan can be performed) to determine if there are any violations with the defined policies. This is useful for 3rd party compliance checks, company standard policy checks, security/vulnerability audits (like from NIST), and ad-hoc searches that are often required in operations to find out if a specific configuration condition exists in the network.
The ability to perform operational state checks for an interface state, a protocol state, a route count and many more examples are one of the most common tasks performed by network operations. Gluware provides this capability to define any “show” command, extract out what you are looking for, and apply a query to determine if it is as expected, or not. State assessments are used for troubleshooting, pre/post OS upgrades, pre/post config changes and more.
Gluware uses the “data” to update the network—from digital to the actual
Gluware Config Modeling
Gluware takes a unique approach to configuration management using a technology called Config Modeling. It is based on breaking down a monolithic CLI (dump from a ‘show run’) into individual features that are each treated as code and version controlled. For example, features like the banner, AAA, DNS, NTP, SNMP, QoS and more all become data-models within Gluware. These ‘features’ can then be stitched back together as a modular template through a construct we call and assembly.
When these constructs are first built one of the most innovative ways to achieve this is leveraging the Gluware Intelligent Model Discovery (IMD) workflow which can connect to a live device, read in the features and their configurations and create data-models in the Gluware system on the fly. These features can now be used as a customer’s policy, to then enforce that specification on other devices.
A differentiating feature of Gluware is that it provides declarative mode provisioning, with a full preview before the change. The Gluware orchestration engine will first read the current state (for each feature it is managing), then compare it to the desired policy, then only make the necessary changes to add/remove/update configurations to ensure the desired end state is achieved. Gluware provides a preview to show the user exactly what commands will get generated for each device. When the provisioning is pushed to the network, it is also fully verified. The goal of Config Modeling is to keep every managed feature in the network synchronized and in a known good state. State assessment can also be wrapped into an operation to validate operational state pre/post configuration changes.
By coupling Gluware’s Config Drift and Audit app to Gluware’s Config Modeling app, we are able to offer closed-loop, self-operating capabilities with regular drift detection and auto-remediation to the gold standard. This allows us to constantly check that the actual network is in parity with the digital twin’s intended state, and if it is not, we are able to declaratively ensure that it is remediated back to the intended state.
Gluware OS Manager
If the customer is using the OS Manager app, they have the ability to fully automate operating system changes (upgrades/downgrades/patches). This involves the planning, pre-checks, operational steps, and post-checks to ensure success (even at scale). With an increasing number of threats and vendor updates, the increasing rate of OS upgrades has presented challenges to most organizations.
Workflows within Gluware are often customized to each customer’s requirements. They offer the ability to automate a process involving several steps, often with user input and programmatic interaction with 3rd party systems via REST API, including ITSM and other systems. Gluware categorizes workflows into Design, Operate, Plan, and Troubleshoot. These are generally a swiss army knife to address specific network operational procedures customers are looking to address. When you begin to look at specific use-cases, like perform a test of the forward path, then based on performance updating routing parameters to change the preferred path and validate – this could be accomplished with a workflow.
Gluware provides as well-documented, published RESTful API for customers who require a programmatic interface to the platform. Via the GluAPI customers can interact with the various Gluware solutions to programmatically read, write changes, or trigger actions. Some examples of these include adding devices into Device Manager or reading all the devices out. Users can also initiate a Config Drift or run a Config Audit policy. Using Config Modeling, users can feed external variables into configuration data models, like IP Addresses, VLANS, ASN, Etc. They can also trigger a provisioning as part of a CI/CD automated pipeline to configure the network or automate responding to a monitoring condition.
The Gartner paper provides some in-depth analysis, use-cases, and benefits of leveraging a digital twin to model the real work network. Gluware offers productized capability to create the digital twin of the network inventory, configuration and state then apply intelligence to improve lifecycle management. As large enterprises look for ways to improve efficiency, reduce cost and increase agility network automation will become a critical component. To achieve digital transformation network automation is a key enabler, but will only really be reliable and scalable if it leverages data-modeling and is declarative like Gluware.