Network automation is coming, whether network engineers are ready for it or not. It may still lag behind more general IT process automation, but network management tools are evolving, and enterprises are demanding that engineers reduce complexity and increase their productivity with network management automation tools.
"Enterprises are saying, 'Why should I require a highly paid, certification-type person to go into a device and type the magic command line language?'" said Glenn O'Donnell, senior analyst at Forrester Research. "That's – number one – error prone; number two, it's slow; and number three, it's not scalable. Network automation software can be all three of those things."
Network management automation software has been around for a while, but it hasn't taken off -- for a variety of reasons. That may change now that many successful companies have emerged with technology that automates certain elements of network management. Network configuration and change management products from companies like Netcordia, Voyant (acquired by EMC) and Rendition (acquired by Opsware, then by HP) are examples of successful network automation software, O'Donnell said.
Resistance to network management automation
Network automation has been slow to catch on because of a lack of standardized architecture in network devices, according to Jim Frey, research director at Enterprise Management Associates. Automation of servers and storage is easier to achieve because servers generally run only a couple of operating systems (Windows, Linux), and storage devices come in only a couple of formats.
In the networking world, the diversity of platforms is overwhelming to engineers who consider automation.
"If you're trying to deploy VoIP out to remote facilities and you've got a bunch of configurations you have to go update to set up proper traffic prioritization, there should be no reason why you shouldn't be able to automate that set of commands and send it out to all the appropriate devices," Frey said. "The challenge has been: This edge router is running this version of [Cisco] IOS, and this [other] router is running a different version of IOS, and a third one is not a Cisco router. So how do you [automate] that on a standard basis?"
As a result, many network management tools, particularly network configuration and change management (NCCM) tools, are starting to use model-based approaches to automation, which abstract the details of the actual network operating system and give engineers a basic ability to make requests and issue commands at a higher level, Frey said.
In some cases, network engineers themselves have been an impediment to network automation, according to O'Donnell.
"[Network automation] has probably been impeded more by what I like to call the networking illuminati, the people who possess all the knowledge about networking," he said. "In many cases, they are resistant to any kind of automation that could potentially do something they feel they are best suited to do. Network automation is not going to replace them, but it is certainly going to replace a lot of the things they do, such as a lot of the configuration changes on equipment."
New realities demand adoption of network automation
New demands on the network are requiring more network management automation, said Yama Habibzai, vice president of product marketing for Netcordia.
"One of the reasons network [automation hasn't been embraced] is because people think that by deploying a router and configuring it a certain way, they're done with their work. Like building a house, they think once you've built your foundation, you don't have to touch it anymore because it's sitting there solid. That's the perception and it's a flawed perception," Habibzai said. "Networks change all the time. You talk to any network manager and one of their biggest stresses is that they're constantly making changes to improve the overall architecture and design and performance of the network."
Virtualization and cloud computing add to the change requirements in networks, according to Frey, and they are also driving up interest in network automation.
"Every virtual machine is connected to its host via a virtual network component," he said. "If you want to set up secure, provisioned access… [for a virtual machine] … and you move that virtual machine, you've got to move all the policies along with that. If you're not automating that, you'll never keep up with that. It limits the flexibility of virtualized systems."
Extending network automation beyond configuration
Although network configuration management tools and virtualization management tools grab the headlines on the network automation front, there are opportunities to expand automation to other elements of network management.
Enterasys Networks, for instance, offers a high degree of automation in NetSight, a network management software suite it offers customers of its networking equipment. Its Automated Security Management module can make critical automated decisions based on network security policy.
"If something is misbehaving on the network and it gets picked up by our SIM product or our IDS product, it talks to our Automated Security Management [ASM] product, which can make changes to the network," said Eric Stinson, product manager for Enterasys. "It can automatically turn off a port on the network to stop bad behavior. What people like is its ability to create an automated option but not actually do it until a person approves it."
Carl Merrick, network manager for the town of Enfield, Conn., plans to implement the automated security remediation features of Enterasys' ASM product soon.
"Right now, we have it in detect mode but no remediation," Merrick said. "What we will do is [have it] detect and remediate automatically. We're still getting it up and running. We're actually in the middle of merging our town and schools' networks together, and instead of having a false detect and false positive, we want to make sure everything is working properly before we go through with a full implementation."
Let us know what you think about the story; email: Shamus McGillicuddy, News Editor