Network Automation Framework: 4 Building Blocks
Uncertainty is in the air, especially in the tech industry. A winter recession is looming, and many organizations are suffering from hiring freezes and layoffs. Health experts are predicting a Covid-19 resurgence which could lead to additional lockdowns, not to mention a sick population unable to work for weeks at a time. Additionally, political instability in Europe and the Middle East is cutting off physical access to critical remote infrastructure.
Despite these challenges, it’s more necessary than ever to keep networks, infrastructure, and applications running optimally. Organizations must find a way to maintain SLAs and keep businesses operating with fewer resources, which is why they’re turning to automation.
A network automation framework provides all the tools and components needed to fully automate infrastructure. This reduces the workload on human administrators and ensures the network will continue to function optimally without a physical presence in the data center while you manage remote sites. Let’s discuss the four building blocks that make up a resilient network automation framework.
The 4 building blocks of a network automation framework
1. IT/OT production infrastructure
The first layer of a network automation framework is the actual infrastructure that is or will be automated. It consists of both information technology (IT) and operational technology (OT).
IT refers to all the data computing and data networking infrastructure. It includes the servers, storage devices, and cloud platforms that host your data and applications, as well as the routers, switches, and other networking devices that transmit data. The key to IT infrastructure automation is vendor-agnostic platforms that support the use of third-party automation solutions.
OT refers to equipment that interacts with the real world. Some examples would be industrial equipment, HVAC systems, manufacturing devices, and hospital diagnostic and monitoring systems.
In many cases, these OT devices are already automated, meaning they perform their tasks without a human physically operating them. Automated OT equipment is typically controlled with specialized industrial computer systems, like supervisory control and data acquisition (SCADA) systems, on a dedicated physical network. This network, and the controlling systems, are usually isolated from the production IT network and managed by a specialized team separate from the IT team.
This separation and network isolation mean an operator must physically interface with an OT controller system in order to manage operational technology. This creates a problem if operators are unable to physically access this system—because of Covid-19 lockdowns, for example, or a dangerous political conflict in the region.
For more resiliency, a network automation framework should include an IT/OT convergence strategy. IT/OT convergence involves connecting OT systems and devices to the production data network to enable remote operation, which is facilitated by the management network. Instead of being tied to a physical computer system, operators use specialized remote software or cloud-based applications to monitor, control, and troubleshoot operational technology. That means business operations can continue running smoothly even during a crisis that prevents or limits physical access to technology.
2. Automation infrastructure
The second layer of a network automation framework is the hardware and software that enable automation to occur. On the OT side, this would include the specialized software that replaces on-site controller systems. On the IT side, there are many different automation infrastructure components that vary depending on the exact use case. Some examples include:
Software abstraction for infrastructure and network management, such as Infrastructure-as-Code (IaC), Software-Defined Networking (SDN), and Software-Defined Wide Area Networking (SD-WAN). These solutions create a management layer that sits overtop of the physical or virtual infrastructure, enabling programmatic configurations (e.g., imperative IaC via Ansible), intelligent routing, and other automated workflows.
Gen 3 out-of-band console servers and other management devices that enable automation on the management network. They connect to network devices via serial port and provide one common management interface from which to control and automate remote infrastructure. Gen 3 console servers are vendor neutral and can host or integrate with third-party automation scripts, playbooks, and solutions. This allows them to extend automation capabilities to other vendors’ devices.
Automating as many infrastructure and network workflows as possible will make it easier for IT teams to work efficiently even if there are cutbacks and layoffs due to the recession. The automation infrastructure layer is the critical component that connects automation and orchestration solutions to the production IT/OT infrastructure. This layer also provides the ability to perform automation via out-of-band, which gives teams a safety net to recover from mistakes in their automated scripts and workflows.
3. Orchestration infrastructure
The third layer of a network automation framework involves orchestrating automatic workflows. Orchestration includes version control for software-defined scripts and playbooks, automation workflow execution and management, and visibility and insight tools for the automated environment.
|Version Control||Automation Orchestration||Visibility & Insight|
|The orchestration solution is the single source of truth for network and infrastructure automation. The best practice is GitOps, which means using Git repositories (the standard in DevOps software projects) to store and track infrastructure code. Git provides version control, meaning that all changes are tracked to ensure mistakes can be easily rolled back.||
Orchestration gets its name from its ability to deploy and manage the various automation workflows that control an automated network infrastructure, just like an orchestra conductor directs many musicians playing various instruments.
The network and infrastructure orchestrator executes automated workflows according to predefined triggers to reduce the amount of tedious manual intervention required.
|An orchestration solution provides a single pane of glass from which to observe all connected automation infrastructure and the individual IT/OT components targeted by automation workflows. This includes dashboards with insight tools and visualizations so admins can monitor performance at-a-glance and spot opportunities to optimize.|
The orchestration layer is a critical component of the network automation framework because it centralizes the oversight and control of automated infrastructure. This reduces the number of administrators needed to efficiently monitor and manage complex network architectures, so business operations can continue to run optimally even during hiring freezes. Orchestration and automation also reduce the risk of configuration mistakes and other human errors, making networks more resilient.
The best way to ensure comprehensive coverage is to use a vendor-neutral orchestration solution that can dig its hooks into every component of a mixed infrastructure. In addition, the orchestration solution should support edge-native asynchronous automation so that remote/edge automation is able to function independently of the orchestrator. This provides additional resiliency in cases where the connection between the remote/edge site and the orchestrator is interrupted or cut off.
4. AI Ops
The final layer of a network automation framework is AI Ops, which applies artificial intelligence to IT operations. AI Ops takes the vast quantities of data produced by monitoring platforms, sensors, firewalls, and other infrastructure and uses machine learning algorithms to provide in-depth analyses. AI Ops can play a variety of roles within an automated network infrastructure, including:
Security: AI Ops can analyze data from firewalls and intrusion detection systems to spot anomalies that may indicate a breach has occurred or is actively taking place. AI generates fewer false positives than traditional signature-based detection and is often better at catching novel malware and zero-day exploits. That’s because AI Ops uses advanced machine learning algorithms that can predict the patterns and behaviors of brand new threats it hasn’t seen before, based on data collected from past threats.
Monitoring: AI Ops collects all the logs generated by automated infrastructure and provides real-time analysis of the health and performance of the network. AI can create visualizations to help track performance over time and predict future outcomes, so organizations can make smarter decisions about infrastructure upgrades and other costly IT initiatives.
Root cause analysis (RCA): When an issue occurs, AI Ops can comb through all the relevant logs and alerts to identify the underlying cause. Once the root cause is known, AI can remediate some problems automatically, often faster than a human administrator could. For everything else, AI Ops can generate incident reports, prioritize them according to severity and category, and assign them to the correct team for resolution.
The AI Ops layer uses data from all the other layers to provide intelligent analysis of the security, health, and performance of automated network infrastructure. Unlike the other technology layers, AI Ops can learn and make informed decisions, which reduces the amount of human intervention required to keep automated infrastructure running optimally.
ZPE’s Network Automation Blueprint
IT/OT production infrastructure, automation infrastructure, orchestration, and AI Ops all work together to ensure network resiliency during uncertain times. The Network Automation Blueprint from ZPE Systems provides a reference architecture for achieving Gartner’s definition of hyperautomation as well as meeting the Open Networking User Group (ONUG) Orchestration and Automation recommendations.
In future blog posts, we’ll explore the importance of each of the four building blocks of the Network Automation Blueprint in depth. In the meantime, click here to get a sneak peek of the blueprint, which includes a 10-step checklist to get started with automation now.
To learn more about building a network automation framework, contact ZPE Systems.