It’s early days, but network automation is gaining ground as enterprises look to streamline network device management, reduce human error and speed problem resolution. Credit: Art24hr / Getty Images GHD’s foray into network automation wasn’t deliberate, but it turned out to be a game changer. Five years ago, the global professional services company, which has 12,000 employees and 260 locations around the world, needed to add another 100 North American sites onto the network because of an acquisition. And time was of the essence. C. Randy Taylor, global network manager for GHD, decided to get 50 of those sites on the network using traditional Cisco routers, switches and wireless technology. It took 18 months to implement those first 50 sites, and two technicians had to be present on site to bring up each one. For the second 50 sites, Taylor took a different approach. Instead of the Cisco products, Taylor and his IT team went with Riverbed Technology’s SD-WAN product, which is part of the company’s SteelConnect solution. By using SD-WAN, they cut the implementation of the second 50 sites down to six weeks, and they didn’t need to have a single technician on site. “We were simply looking for an easy-to-deploy network solution rather than an automated solution,” Taylor says. “At first, it was more about wanting something that integrated well with our other equipment and was backward compatible with what we had in place. But when we started using SD-WAN, we found that because of the automation built into it, we were able to configure everything in the cloud… It’s like we started out with automation almost by accident.” Once Taylor and his IT team got a taste of network automation, they didn’t want to go back. “Automation became a game changer,” he says, noting that SD-WAN has been deployed to 145 of their sites, with the plan to replace Cisco equipment with Riverbed gear. “Network automation five years ago wasn’t in our strategic plan. Today it is one of our three pillars.” Network automation is designed to streamline the maintenance of physical and virtual network devices. Enterprises are looking to reduce their dependency on manual methods, and automation can simplify repetitive IT processes, improve consistency across branches and geographies, lower operational costs, and reduce human errors. Enterprises are deploying automation technologies in various types of networks, across data centers, wide area networks (WAN) and cloud environments. Major players in the market include traditional network vendors such as Cisco Systems and VMware; IT management players including SolarWinds, Forward Networks and Micro Focus; and automation specialists and startups such as AppViewX and NetBrain Technologies. It’s a burgeoning field: MarketsandMarkets Research reports that the global network automation market is on track to grow from $2.3 billion in 2017 to an estimated $16.9 billion by 2022. “It’s a really exciting topic in the networking industry right now because the scale and complexity of networks is really greater than it ever was before,” says Brandon Butler, senior research analyst covering enterprise networks at IDC, a Framingham, Mass.-based industry analyst firm. “It’s a revolution we’re still in the early days of. There are more mobile workers out there, accessing high-bandwidth company apps from more diverse places. By 2025, there are going to be 41.6 billion connected IoT devices that enterprises are getting data and insights from. If your network is down, it touches everything in the company. Relying on manual, ad-hoc management isn’t efficient, scalable or secure.” And while it’s an exciting market, it really is in its infancy, according to Andre Kindness, principal analyst at Forrester, a Cambridge, Mass.-based research firm. He notes that enterprises might be automating firewall configurations or the monitoring of their switches and traffic. They might even be looking for security issues. But most are wading, rather than diving, in. “Everybody will say they’re doing it, but it’s about the degree,” Kindness says. “If you look at all the network operations, I think less than 1% is automated at this point.” Corralling a network with Cisco DNA Center When Adventist Health West wanted to automate some of their network processes, the not-for-profit healthcare organization went all in with Cisco. With 380 clinics, 24 major hospitals and 48,000 employees, managing the enterprise’s network “can be a complete pain in the butt,” according to Ed Vanderpool, IT technical manager at Adventist Health, based in Roseville, Calif. With all those sites to oversee, strict HIPAA regulations, sometimes different operating systems running in the same building, and what Vanderpool calls medical-device sprawl, he quickly needed to gain control of his network. In 2018, Adventist Health decided to solve these problems by leaning into network automation. They had been using Cisco Prime, a network management system that the healthcare organization had “had around for a while,” according to Vanderpool, who called it an early version of a management system that was slow and prone to fail. Adventist Health first attempted to have its own people build the automation software they’d need, but quickly realized their development staff was too small for a job of that scale. Then Vanderpool found Cisco DNA Center, the network-management and command center for Cisco DNA, the company’s architecture for enterprise networks. That was the impetus Vanderpool and the IT team needed. “One thing it enabled us to do was build a configuration template and reuse it,” Vanderpool says. “Our biggest thing had been wrapping our arms around configuration. Instead of me having someone dedicated to walking up to each device and adding updates and then verifying them, we could just set up a template that would reach out to a device, interrogate it, verify what’s on it, and then update what’s missing. Once it does that initial interrogation or check-in, if anything changes, it will tell you what changed and when. It’s been a lifesaver.” Vanderpool, who went with Cisco after evaluating SolarWinds, says he also was drawn in by his ability to adopt Cisco DNA Assurance, which monitors his network equipment and connections, and gives him insights into what needs to be done. “You can see how connections are working. Switch levels. Router levels,” he explains. “It’s a great one piece of glass so you can see the health of your network.” Adventist Health had only used network automation for six months before it took a major leap and started working automation into their data-center network. Vanderpool adopted Cisco ACI, a policy-based networking solution that integrates hardware and software. It did much of the heavy lifting and allowed him to script most of the changes when he had to build out the network or a service. “You need to connect part of the data center into the cloud? You’re adding servers or services, or you’re moving stuff? We can script all of that and verify it,” he says. And when Adventist Health was ready to replace its data center, “we scripted out the entire build,” Vanderpool says. “It did 90% of it for us. It was the coolest thing in the world, but you could kill yourself with that kind of thing, too.” Indeed, Forrester’s Kindness says some companies are taking a big risk when they dive into network automation by immediately taking on their critical data center. “Companies should do something niche where there’s the least chance of disruption,” Kindness says. “Don’t start out with automating a data-center network. That’s the fabric of networks. There are so many dependencies. You can’t pull one thread without affecting a lot of sections… It’s so difficult. It’s overwhelming.” Vanderpool says he took the calculated risk because he had few other options. He was given three months to create a new data center – part of which would run in the cloud, and part would be built up in a new location. “Our data center had been housed in the same building for 20-some-odd years. We’d gotten too big for it. It needed a new place. They came to us and said, ‘We’re moving.’ At that point we had to move,” Vanderpool says. “Without automation it would have been impossible. It would have taken us about a year, and it would have been very costly for our company.” Was he nervous? “We were scared to death,” Vanderpool says. “If it hadn’t worked… it wouldn’t have put the company in a great place financially. They wouldn’t have been closing hospitals, but it wouldn’t have been good.” The “thorn” in Vanderpool’s side, though, has been integrating Cisco Identity Services Engine (ISE), security-focused network administration, into their Cisco DNA Center. “It’s difficult to connect them. If we could do that, we could automate ISE,” he says. Easing into automation with SolarWinds Britton Starr, senior enterprise monitoring specialist at OneMain Holdings, Inc., knew he had to ease into the network automation waters. Working at a financial company, he has to remain laser focused on stability and avoiding undue risk. Starr also wanted to be more efficient with his time and resources when it came to managing the Evansville, Ind.-based consumer finance company’s network, which spans 1,650 locations and 12,000 employees. Starr had been using Kiwi CatTools, network automation and configuration management software, from SolarWinds. The problem was CatTools didn’t integrate well with other pieces of his network, but that was an issue he could fix with a different set of tools from SolarWinds. “We wanted to do more,” Starr says. “We wanted to do automation in context. Doing an automated task is great, but knowing when to do it and how to do it is better. I wanted to look at configurations and know what devices were in compliance. Then if I need to make a change, I could choose a group and apply change to them. We wanted to deal with situations and not just a single task.” Starr pointed out the problems they had – pre-automation — with changing an access control list (ACL), a network packet filter that can restrict, permit, or deny traffic. It was a complicated issue because there were a lot of restrictions on which technicians had the ability make configuration changes on specific devices. “Our department had increased from a few to maybe 20 people because there was so much work to do just to keep pace with that,” he says. To deal with this, Starr adopted SolarWinds’ Network Configuration Manager, which enables him to write a script that notes which devices need to be updated and what needs to be added to the ACL. Because the software has a decision structure in it, any technician can run that template with the IP address they want to add, and it will apply the change to every single device. “Boom! It’s done,” Starr says. “It would take somebody a few minutes that might have taken an hour-plus without automation. It’s extremely helpful, honestly. Handling that ACL wasn’t a good use of anyone’s time. You could get an intern to do just that, and it wouldn’t be a good use of their time. It allows people more time to work on more complex engineering tasks rather than routine projects. And it eliminates the risk of errors, taking the guesswork and uncertainty out of it.” OneMain Holdings now uses five different SolarWinds products. One of Starr’s favorite automation functions gives him a daily configuration change report. “Every morning, I get a report that shows every configuration change on every network device in the past 24 hours,” he says. “Out of our pool of 200 or 250 devices, I get a clear, distinct, easy-to-read report on what has been added and what has been removed. When something breaks, I can go to that report and see what changed last night. I’d pay twice as much for that it’s so helpful.” He also receives automated compliance-related reports, which are critical for a company in the financial industry. “You can build reports to look for compliance drift,” Starr says. “As people bring new devices online, we’ll know if those configurations started in compliance. I don’t have to guess. That report will tell me.” The biggest problem he’s had adopting network automation is that writing the necessary scripts isn’t a simple task. Starr says people give him the needed changes, and then he ends up building the scripts for them because not everyone can do it on their own. “The syntax wasn’t immediately apparent,” he says. “There’s a learning curve to figuring out how to do that. Could it stand to be improved? Yah, I think so. But I’ve come to understand their design philosophy better now.” Expanding network automation at GHD When GHD got 50 new sites up and running on its network using Cisco products, and then saw how much faster and easier it was doing another 50 sites with Riverbed’s automation software, they initially left the Cisco equipment running where it was. They’d already paid for it, after all. However, Riverbed’s automation tools quickly became GHD’s go-to product when networks at their international sites needed to be refreshed. Now they have plans to roll Riverbed technology out to every one of their 260 global sites by October of this year – and that includes removing the Cisco equipment and replacing it with Riverbed. Initially, GHD’s biggest challenge moving toward network automation was its members of its own IT team who didn’t have any experience with automation. Taylor says that led to what he called “political and cultural challenges” over the first six months of adopting network-automation software. “When you’ve got a team used to doing things one way, you’re going to hit a fair amount of resistance,” he says. “There was pushback in the idea that the technology wouldn’t deliver everything it was promised to do. They were doubtful it would work. That shook itself out after people touched the technology and realized it really was working out. Now our staff is excited to work on this and have been trained in it.” Related content how-to Compressing files using the zip command on Linux The zip command lets you compress files to preserve them or back them up, and you can require a password to extract the contents of a zip file. By Sandra Henry-Stocker May 13, 2024 4 mins Linux news High-bandwidth memory nearly sold out until 2026 While it might be tempting to blame Nvidia for the shortage of HBM, it’s not alone in driving high-performance computing and demand for the memory HPC requires. By Andy Patrizio May 13, 2024 3 mins CPUs and Processors High-Performance Computing Data Center opinion NSA, FBI warn of email spoofing threat Email spoofing is acknowledged by experts as a very credible threat. By Sandra Henry-Stocker May 13, 2024 3 mins Linux how-to Download our SASE and SSE enterprise buyer’s guide From the editors of Network World, this enterprise buyer’s guide helps network and security IT staff understand what Secure Access Service Edge (SASE) and Secure Service Edge) SSE can do for their organizations and how to choose the right solut By Neal Weinberg May 13, 2024 1 min SASE Remote Access Security Network Security PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe