ep stock - Fotolia
Published: 04 May 2017
Network managers have groaned for years that their high-priced technical people are chained to mundane tasks required to manually configure and manage switches, routers and other network components.
Enter a new era where software and automation take center stage.
While the industry has promised change through software-based networking for many years, 2017 just may be the year it finally happens on a broader scale.
Gartner networking research vice president Andrew Lerner said software's ascendancy should come as no surprise. Network switches have always been packed with software -- it's just that the industry grew comfortable viewing its products as hardware.
The big sticking point for years was that too much of the work configuring network components was manual and time-consuming, a cumbersome process that called for software-based networking innovation.
"What we're seeing now is a move away from manual and noncentralized networking to a more automated and centralized network management," Lerner said. "And the automation and centralization of policies is just much better done in software."
Moving toward software-based networking
Seth Pricesenior network engineer, Durham County, N.C.
Automating tasks and allowing IT staffers to be more productive were among the prime reasons why Durham County, N.C., moved to exploit the software that underpins Cisco's Application Centric Infrastructure (ACI). The government agency is in the midst of a network infrastructure upgrade that will enable it to rely far more on software and automation and less on manual configuration.
In the past, networking shops have spent 80% of their time just "keeping the lights on," said Seth Price, the county's senior network engineer. By deploying Cisco's Application Policy Infrastructure Controller (APIC) and Cisco's enterprise module, APIC-EM, Price said the county's IT staff can reverse the equation and spend 80% of its time on innovation.
The county plans to use APIC to not only automate data center router and switch configurations, but to use APIC-EM -- in conjunction with Cisco Stealthwatch and Identity Services Engine (ISE) -- to create a proactive security posture where malware can be automatically detected, contained and remediated.
Durham County began rolling out APIC last July and recently got to the point where the controller software is fully up and running. Now, the county is focusing on getting APIC-EM deployed, which Price said should pay huge dividends because the software will be used across 40 county facilities connected to the enterprise network.
Here's what Price envisions after integrating APIC-EM with Stealthwatch and ISE: In the event that malware is detected on an endpoint device, Stealthwatch will automatically connect to Cisco ISE, which stores all of the county's network policies. ISE will notify both APIC and APIC-EM that the device in question can only talk to a remediation server. If the malware can be removed, the device would be allowed back on the network. If it can't, the software automatically reimages the device.
"If I had to do all of that by hand, the damage would be done and the bad guys would be long gone," Price said. "Here in Durham County, we have a small staff. I'm in charge of the network, but I'm also responsible for security. We need technologies that will help us do more with less or with the same amount of people."
Software-based networking automates QoS
APIC-EM also has a feature that lets network managers automatically assign bandwidth policies.
Price said the feature, EasyQoS (Easy Quality of Service), eliminates nearly all the manual configuration tasks required to manage bandwidth. He said when a top manager or the CIO has an important video conference, for example, he uses EasyQoS to give full priority to the video conference for the duration of the presentation.
"Once the call is over, the system automatically removes that QoS policy," Price said. "This serves an important function for network managers because, in the past, a lot of policies would be built, and people would forget to take them down."
Brian McEvoysenior global network engineer, Symantec
At Symantec, two Cisco applications -- APIC-EM and EasyQoS -- allowed the company to streamline policy updates throughout its offices worldwide, said Brian McEvoy, senior global network engineer. In the past, before Symantec deployed the software, two engineers would work for six months to hand-configure policy updates for about 100 company offices, a task that resulted in about $200,000 in execution update costs alone.
Symantec is also using software to set policies for its IWAN, or Intelligent WAN, wide area network infrastructure rather than manual coding.
"This technology totally transforms the IT operation," McEvoy said. "Now, our network engineers can spend more of their time doing other projects with new technologies."
Software-based networking drives transformation
Software-based networking can transform organizations in ways management would never have thought possible.
J. Todd Watkins, director of technology and innovation at Eufaula City Schools in Eufaula, Ala., said once officials deployed a new wireless system based on Extreme Networks' wireless access points, management software and analytics engine at the district's middle school, technology usage skyrocketed.
"When teachers have zero confidence in the technology, they won't use it," Watkins said, explaining that the old network had poor connectivity and required manual configuration. "Now, confidence in our new learning management system at the middle school is way up."
Extreme's Management Center software lets the district automate policy updates. Now, every new request for service can be addressed more quickly, and the district can prioritize bandwidth based on its needs.
"When the district runs standardized tests, we can change the class of service to a higher level of priority for that day," Watkins said. "We also have visibility we didn't have in the past. If a wireless client can't get on the network, it will tell us if it's the access point, the switch or an uplink port that's the problem."
Plans are in the works to add Extreme's technology to the high school and the district's two elementary schools this summer.
Change automation is altering face of networking
Exploiting software to automate tasks
Using DevOps for network testing