IT Automation Best Practices for Network Engineers and Architects
I still remember a happy hour conversation at a local bar with my friends nearly a decade ago. Nobody thought that the idea of “cars on autopilot,” as one of the guys described his wish for his daily commute, would become a reality so quickly. However, several companies are innovating, testing, and iterating on driverless cars to bring the concept to mainstream. It appears for the first time in computing history, technological trends are catching up to automation goals.
In the IT department, this trend is positively impacting enterprise networking. The advent of server virtualization created opportunities to automate the compute layer, eventually leading to cloud computing and the infrastructure-as-a-service phenomenon. However, automation opportunities have remained sporadic and isolated in enterprise networking.
Software-defined networking (SDN) for L2 and L3 (layer two and three) networking and network function virtualization (NFV) for L4-L7 network services have remained elusive for many IT departments due to the lack of maturation of the technology or specialized skills needed to implement them. But, network automation doesn’t have to be an all or nothing proposition. Software-defined approaches for application and networking services combined with scripting and orchestration tools such as Ansible are enabling practical approaches to network automation that doesn’t require boiling the ocean. In this article, I’ll examine some best practices for network automation in L4-L7 services that can drive immediate improvements in your network.
The motivations to automate may seem obvious but are worth reviewing to understand what you want to achieve and how you will measure your success.
Improve Responsiveness to Business Units
Application-centric enterprises rely on rapid application delivery to achieve revenue targets and maintain their competitiveness. Many lines of business now use CI/CD (continuous integration and continuous delivery) processes for quick prototyping and deployments of application updates. In these operating environments, the networking team cannot take weeks to provision new application services such as virtual services for load balancing or to debug network issues.
Services for New Application Architectures
Application teams in many enterprises are developing disaggregated applications using microservices architectures. In the compute layer, containers and container orchestration platforms such as Kubernetes are enabling microservices-based development. It is not long before (it is already the case in some companies with which I have spoken) IT teams will be required to support the production rollouts of these applications. Supporting these applications without automating as much of the service chain as possible is very difficult if not impossible.
Eliminate Manual Configuration Errors
Adding the wrong pool member to the wrong the VIP, taking an application server out of service inadvertently, or configuring incorrect server certificates are examples of errors that can be caused by manual configuration processes. These tasks can be easily automated, and save significant time later in debugging problems, particularly in complex application environments.
Address Personnel Shortages
IT departments are always to going to face shortages of skilled technicians to handle requests. As one of my colleagues described it, he hates being a “VIP-monkey,” wasting time on activities that could be automated and freeing up his time in the process for more urgent tasks. More importantly, IT leaders are finding that the speed and scale of IT operations cannot be matched by simply scaling the workforce.
Ensure Consistency Across Applications
Automating configuration tasks is the easiest way to ensure consistency across applications. It enables network engineers to turn configuration into code, version-control the configurations and ensure that system configurations are always stamped out from a single point of truth.
Multi-Cloud and Hybrid-Cloud Use Cases
Many cloud and network architects are effectively leveraging public cloud environments as an extension to their data center. They want to deploy applications in their data center and then burst to the cloud to take advantage of the flexible capacity when responding to unexpected traffic spikes and then scaling back to their data center when traffic is back to normal.
While there may be different reasons to automate network services, some basic rules of thumb are common across environments. I have used and heard these best practices in discussions with my colleagues and at the networking meetups that I attend.
Get Executive Sponsorship and Set up an Automation Roadmap
Make sure that you have your organization behind you on your automation goals. Any time that you introduce new IT practices or procedures, it is a cultural shift with potential organizational impedances with which to deal. These can range from people who are reluctant to change or learn new tools, to teams which may be wary that automation could break standard operating procedures and other checks and balances. This is the reason to create a roadmap for your automation initiative, which provides an incremental approach that enables teams to build on small successes, learn and course-correct.
Conduct a Site Audit/Survey
Before starting your automation journey, make sure that you understand the types of applications and how they are interconnected, the environments that you will need to support (VMware, public cloud, bare metal deployments, etc.), and the scaling requirements for applications including the differences for production versus non-production. You will also need to take an inventory of network devices that are in use and their vendors since it will have implications on the automation tools that you choose. It is also useful to know the current application release pipeline so that you can understand maintenance windows and SLAs that have to be met. The site survey will also let you preserve your sanity by avoiding potential landmines (aka applications subject to industry regulations such as PCI DSS) that you may want to skip in your first automation salvo until you have had an opportunity to test your scripts.
Evaluate Your Automation Tool Choices
Before implementing a tool based on a thread that you read in a forum or a recommendation from a buddy, take the time to understand the landscape of network automation tools. They range from Python and Ruby code libraries to open source as well as commercial tools such as Ansible, Chef, Puppet, or Salt Stack. Go through a PoC process by which you can learn all of the systems and network devices that support and have prebuilt modules for your automation tool. For example, several network technologies have Ansible code samples and automation scripts already available in GitHub.
Choose Software-Based Solutions with Full REST API Support
Automation is a whole lot easier when you are not forced to purchase new hardware, configure it and then deploy. In particular, if you are looking to automate L4 – L7 application services, new software-defined load balancing approaches are enabling end-to-end automation by providing an elastic services fabric that creates a distributed pool of load balancers that are centrally controlled. Many Ansible playbook examples of these automation scripts are available for common load balancing functions. Choose technologies that provide all the capabilities of the platform as REST APIs which deliver the best foundation for automation. For example, these platforms can help you to enable developer self-service by setting up a portal to automate virtual service provisioning, automatically create and configure pools, modify headers and requests and capture your entire configurations in a portable YAML/JSON format.
The holy grail of IT is to automate operations to rapidly deploy innovative new services, drive the most efficient use of resources, and deliver optimal performance and an ideal user experience. As our computing infrastructure becomes more distributed and complex, automation is inevitable and will permeate all areas of IT from application development and testing, to network configurations, application networking services, security and monitoring. As tools improve and mature, and as network technologists reskill their teams, these automated approaches are sure to bring unmatched flexibility and scalability to the enterprise.