Warakorn - Fotolia
Manually configuring and managing network changes is a chore of the past, thanks to products that automate these tasks.
Yet, with the increased size of today's networks -- spanning mobile phones, virtual switches, network functions virtualization (NFV) and bare-metal switches -- change management now requires a greater level of automation. Add to that mix software-defined networking (SDN), and the lure to remove the human equation from configuration and change management tasks becomes even more enticing.
Configuring network devices one by one became impractical early on. The next step for many organizations was to manually create scripts that consisted of a series of command-line interface commands. But creating and maintaining these scripts has become increasingly time-consuming and error-prone. As a result, change and configuration management products have evolved to automate script creation and remove the need for network managers to remember the specific command syntax for each device type.
These change management automation products also archive network configuration after each change or update, so an earlier configuration can be quickly reinstalled if a change introduces problems. The most recent device configuration can also be quickly restored if a device fails and a new unit must be substituted. Products scan the network periodically to detect and report manual changes, as well as maintain an inventory of installed devices.
Mobile devices have challenges of their own; software products designed for wired networks cannot support mobile phones. Managing mobile devices manually is impossible for any but the smallest enterprises. Device software -- especially security software -- must be kept constantly up to date, with updates often every day or multiple times per day.
Devices must be scanned frequently, since it's difficult to prevent device owners from making configuration changes or installing apps that sacrifice security. Making the situation even more complicated, management software must be prepared to deal with a wide variety of different models from each of the mobile device manufacturers.
Keeping tabs on VMs, NFVs with change management automation
Virtual switches and NFV execute in server-resident virtual machines (VMs). Virtual switches provide the same services as conventional hardware-based switches, and NFV can be used to implement firewalls, load balancers, deep packet inspection and other network functions.
There is a significant difference between VM resident functions and their hardware equivalents. VMs can be created, used to support an application and then quickly deleted when the application completes. The static configuration methods of the past are obviously inadequate for these functions.
Programming languages and tools such as Puppet, Ansible and Chef were designed to automate Linux system and server management. Each provides a set of tools and a language syntax to aid in automating and managing VM resident functions, including virtual switches and NFV. These change management automation tools have added support for Windows servers and VMs.
Linux-based tools have also been extended to manage bare-metal switches, which are sold without operating software. Buyers may choose among a number of public domain and vendor software products designed to be installed in the switches, including software options containing Linux implementations. Installing software offering a Linux interface makes it possible to manage these switches using the same tools as virtualized functions.
SDN and its impact on change management automation
SDN takes automated management to the next step: The computing environment is viewed as a whole. Network and server management become a combined effort to provide all of the resources necessary to execute each application.
Network resources are managed by the SDN controller. It sets up the path for each source to destination packet flow. Protocols such as spanning tree and Open Shortest Path First no longer determine the routes packets follow through the network.
Applications automate network allocation and configuration by interfacing to the controller. Each application communicates its specific bandwidth requirements. The controller then configures the network to support application requirements, directing individual packet flows and allocating bandwidth.
SDN causes a major change for network managers. Statically configuring devices -- either manually or using script-generation tools -- is no longer possible, eliminating a major part of managers' current tasks. It's still necessary to monitor the network for device or link failures.
The changes brought about by SDN require network managers to broaden their change management automation knowledge. It's still necessary, but no longer sufficient to understand network devices and operation. With SDN, network managers must understand the computing system as a whole and develop coding skills to use software-based management services. Network and system managers must also work together and with application developers to specify resource requirements for each application.
Building up your mobile security
Why change management requires persistence
Avoiding failure with change management