Change tickets, phone calls, emails. Is that any way to coordinate network changes in a dynamic, highly virtualized data center?
Virtualization managers should not be forced to phone a network engineer to request IP address assignments and VLAN changes every time they spin up a new virtual machine (VM). Network automation can replace many of these administrative tasks.
This network automation should not only remove human latency within the networking team, it should promote better cross-collaboration among different functional groups in the data center so that server-virtualization teams can get the network settings they need for new VMs within minutes instead of days.
Infoblox has introduced new network automation capabilities that it says will simplify network administration and promote better cross-collaboration within data centers. The company acquired some network automation capabilities two years ago when it bought network configuration and change management (NCCM) vendor Netcordia and its NetMRI product. Now Infoblox is extending network automation to all its products, including its Trinzic DDI (DHCP, DNS and IP address management) line.
Infoblox's new Automation Task Board abstracts the dozens of individual commands a network engineer must make while adjusting IP addresses, VLANs, ACLs, DNS assignments and other settings for virtualization. Instead, those tasks can be consolidated down to one or two clicks. And network engineers can assign permission to perform each of these tasks to network administrators or server administrators.
"Why not let the lower-tier guys do this tactical maintenance stuff in a safe way where they can't get into trouble?" said Tracy Corbo, principal research analyst at Enterprise Management Associates (EMA). "You don't want a lower-level guy going into CLI and making changes and not have any way to track it. They can do these tasks [with the Automation Task Board] with a few clicks and they won't get into trouble because it's been predefined [by a network engineer]."
What's more, the Automation Task Board better promotes and enables IT teams' cross-collaboration on the networking tasks that VM administration triggers.
"If a server team wants new IP addresses for a new server, the CCIE doesn't need to do that," said Andre Kindness, senior analyst with Forrester Research. "[Server admins] go into their own interface, and it has more language pointed at them and they can just grab their IP addresses that have been allocated. It's exactly where we tell [enterprises] to drive their toolsets. Empower other teams to do it, or empower a lower level person to do it."
Today that collaboration between the networking and server virtualization teams exists in only a minority of companies, according to an Infoblox-sponsored EMA survey of more than 100 enterprises. Only 46% of organizations said they have cross-silo collaboration. Twenty-one percent said their IT organizations remain siloed, and another 33% said IT cross-collaboration is a high priority but they lack the tools to make it happen.
The training that can make this collaboration possible is also sorely lacking. Only 12% of organizations said they have conducted cross-team training or integration of IT groups to ease the collaboration process. Another 48% said they have initiated collaboration efforts, but they remain a work in progress.
Network automation makes network engineers time-efficient
Meanwhile, supporting VM provisioning remains a tremendous black hole for network engineers. The EMA survey asked networking teams and other IT pros to identify the two most time-consuming tasks in a data center: They named VLAN management (59%) and ACL management (44%).
"You don't want to call in your CCIEs all the time to make those changes," said Zeus Kerravala, principal and founder of ZK Research. "The more stuff you can push down to lower-level admins the better, and even better is having some sort of automated system that takes out human error."
More on network automation and data-center network administration
Network automation tools: Buy or build your own?
Repetition will give you network automation "muscle memory"
VLAN configurations, ACL changes and IP address assignments are relatively trivial administrative tasks that engineers perform over and over as the server team instantiates new VMs or moves VMs to new racks. Engineers would love to pass these tasks on to less-skilled network administrators or virtualization teams, but giving up that control is also risky. Yet network automation allows engineers to focus on higher-level tasks without worrying that someone with limited networking skills will kill the network.
"Let's say I give [a virtualization administrator] access to set up [his] own IP addresses," said Steve Garrison, vice president of marketing for Infoblox. "What if, by mistake, the virtualization guy grabs a whole bunch of IP addresses that belong to the campus LAN? That would be a problem."
Why third-party network automation?
Automation is on the lips of IT pros everywhere, but this automation must have the type of safeguards that make engineers comfortable. Unfortunately comfort level is different for each IT silo -- and that leads IT teams to go with the vendors they know best. As a result, networking guys use Cisco tools and virtualization guys use VMware. Certain vendors play nice together, but they don't necessarily promote the cross-collaboration that enterprises are seeking in data centers.
"The ideal is using third-party commercial automation tools," said EMA's Corbo. "No one is going to use Cisco tools [if they aren't a] network engineer."
Let us know what you think about the story; email: Shamus McGillicuddy, News Director