Before we explore the concepts of network automation, orchestration, and other network technologies, it is important to get the basics of network straight. In this section, we’ll brush up some network topics – network domains, devices, management planes, and roles.
One of the first items to describe is what is being automated, and where does it reside. The broad categories used to describe network domains include:
Local-area-network (LAN), also known as the “Campus” – these are generally made up of routed and switched infrastructures where devices like PCs, servers, printers, wireless controllers, and more are connected to physical Ethernet ports for access to the network.
Wide-area-network (WAN) – is generally made up of routers, switches, and other transport services that deliver network services to all the locations required by the enterprise. Transport services, like circuits, MPLS, SONET, Carrier Ethernet, and others, are typically provided by a telecom carrier. The management of the network devices, like branch routers, backbone routers, and more may be managed by the carrier – referred to as a “managed service,” or could be managed directly by the enterprise.
Data Center – is made up of compute, storage, networking, and more. The data center servers are typically where enterprise applications are hosted along with the required storage and network infrastructure required to enable connectivity for those applications out to the end-users.
Wireless Network, also known as “Wifi” – is made up of wireless LAN controllers, which control access points that provide the wifi network that PCs, tablets, phones, and other devices use to connect to the network.
Cloud – is a generic term that can be used to describe public resources (compute, storage, and networking) provided by companies like Amazon AWS, Microsoft Azure, Google Cloud, and more. It can also refer to “private cloud,” which is built and maintained by an enterprise but leverages similar technologies to the big public cloud providers.
Security – is unique, since it is not a typical domain since there are generally components in all domains, yet often organizations have separate security operations (SecOps) teams who use their own specific tools for O&A to manage firewalls, intrusion detection, proxies and more.
As applications for the network continue to expand, additional domains and/or technologies become part of the landscape, including things like:
Internet-of-Things (IoT) – has many applications and adds hundreds to millions of new endpoints to the network for use-cases such as supply chain management and tracking, medical devices, sensors in manufacturing applications, and more.
Operational Technology (OT) – enables automated business operations and is critical for distribution and manufacturing. However, technology often predates modern API and management frameworks and requires rigorous external security controls.
Edge Computing – looks to push compute power closer to the edge of the network (out from the data center or public cloud) to improve response time (latency) and bandwidth. Most of the use-cases are around driving digital services requiring processing power related to the coming faster wireless edge delivered by 5G.
Devices (physical or virtual) that make up the network infrastructure include:
While these devices exist in nearly every enterprise network, they now also exist in the virtual form in the cloud and virtualized environments. Network Function Virtualization (NFV) has had moderate success, and organizations must manage these network functions as Virtual Network Functions (VNFs) running in virtualized environments as well as traditional physical devices and appliances. When leveraging a virtualized infrastructure, there will also be a virtual infrastructure manager (VIM) component. Virtualization technologies, including hypervisors, like VMware ESXi, and full-stack systems like OpenStack, add virtualization management and can be another component to automate. The deployment of 5G infrastructure is another driver of the usage of virtualized network functions. Additional network appliances often include:
The network management plane is made up of various tools and services each that provide functions for provisioning, monitoring, and operating the network and services. This is often made up of:
Asset Management – refers to a formal mechanism to store information about all the (networking) assets in the network.
Configuration Management Database (CMDB) – is used to store information about networking hardware and software assets. In addition, the CMDB typically stores the details of the assets, like software release versions and configuration back-ups and/or standards.
IP Address Managers (IPAM) – are used to plan, manage, and assign IP addresses used by the network devices. It also can allocate pools of addresses used for DHCP services.
IP Flow monitoring – provides a monitoring infrastructure using a protocol like NetFlow or SFlow to collect information about the IP traffic flows, provide analysis and reporting of the traffic types on the network.
Application Flow monitoring – CNCF (Cloud NativeComputing Foundation) sandbox project is similar to IP flow monitoring but originates with agents injecting application flow information at multiple tiers in the web, app, and database. Applications can be threaded together in loosely coupled groups, and one can map outcalls across one application stack into another application stack. Cloud vendors are now starting to introduce the capability to incorporate Application Flow monitoring in their cloud-based offerings along with other metrics on this list.
IT Service Managers (ITSM) – are platforms (like ServiceNow, Remedy, and others) that provide structure and processes to plan, deliver, and operate IT systems.
Simple Network Management Protocol (SNMP) based monitoring – is an internet standard protocol for collecting information using a management information base (MIB) structures that describe the system status and its configuration.
Telemetry – is a new form of real-time monitoring to collect and analyze network information (typically, provided by gRPC, an agent-based protocol) streaming from a network device that has been subscribed to.
An issue most enterprise IT faces is establishing and maintaining a “Source of Truth” (SoT). Network administers may believe the source of truth is in a CMDB system, while Network Operations may believe it is on the running network devices. Enterprises must decide how they synchronize information from devices running in the network and offline databases to reconcile the data. This synchronization can often be automated via API integration. Large organizations also may have distributed SoT systems which are federated. In the O&A workgroup, this has been a topic of interest since there are challenges within organizations creating, keeping, and maintaining accurate SoT. In most cases, there are many different sources for things like inventory, IP address, operating system tracking, and more. Most of these systems do not currently have an automated process to reconcile with what is actually in the network.
The stakeholders of enterprise networks usually include budget holders, technical decision-makers, and operators. These roles include:
Executive Management (Director, CIO, CTO) – These are the budget holders who understand the strategic direction of the business and how the underlying technical resources are going to be funded to drive those.
Network Architects – are responsible for the network architecture and typically own network design and standardization. They have deep protocol expertise across multi-platform and multi-vendor. They must consider the lifecycle of a product or solution going into the network.
Network Engineers – are the bridge to operations and oversee implementation of ongoing changes in a network. They typically have a deep level of vendor specialization along with protocol expertise and see the big picture of the network and how the applications are using the network.
Network Operations – are responsible for day-to-day operations, including implementing moves, adds, and changes along with the required troubleshooting. They have vendor and platform experience from beginner up to advanced depending on their seniority.
As organizations formally embrace automation, additional job roles can include:
Director of Automation – a formal owner of the automation infrastructure, tools, and processes the organization uses and maintains.
Tools Manager – is largely responsible for managing management software provided by vendors and may also manage the development of in-house software and/or scripts.
Developer – if an organization is building its own software platform and/or creating a “manager of managers” to automate integration, they will be staffing developers with core programming skills.
Full Stack Engineer – this role typically defines a staff member who has network engineering skill sets as well as programming or scripting skills and can develop automation for tasks or processes the organization requires.
DevOps Engineer – this role is often associated with the automation pipeline for development and delivery of applications, however, as enterprises look to automate network infrastructure, there is cross-pollination to leverage the skillset and tools used in DevOps.
SecOps Engineer – this role will leverage data provided from internal and external sources and build automation in support of organizational security policies and practices that may include a range of actions.
Site Reliability Engineer – is a newer role in an organization that includes the design and operational elements, including security, performance, scale, and availability.