Network teams today must manage configuration across many devices distributed across different network domains. Enterprise network device counts are increasing faster than network teams can keep up with.
This makes configuration compliance more difficult (and time consuming) than ever before. Managing thousands of devices from different vendors across many network domains can eat up at network engineers’ time — or create configuration backlogs that increase cybersecurity risk and can lead to regulatory penalties.
That’s the exact situation a major North American utilities company found themselves in as they were in danger of paying over $1M/day in fines for network-related NERC-CIP regulatory non-compliance. They knew their existing manual configuration management wouldn’t be enough. To eliminate out-of-date devices and bring their network into compliance, they would need to take on a refresh effort for their Field Area Network, which could potentially add significant workload to a team that already faced backlogs.
The company needed to enable their network team to scale their capabilities — without increasing hours or cognitive load, and without sinking money into headcount.
Their Goals: Enforce Compliance While Increasing Engineering Efficiency
Finding a cost-effective way to scale configuration management capabilities and bring their network back into compliance was crucial. The key is the efficiency of the network team — the most cost-effective solution would be one where the team can do more without taking on more workload or increasing headcount.
The company had to ensure they could maintain compliance even as their network continued to expand, without spending more money than necessary.
Too Much Manual Work, Too Little Time
Increasing device count, a priority initiative in the shape of a Field Area Network refresh, and the looming threat of compliance fines due to a backlog of out-of-date configurations — the network team at this utilities company seemed to pick up more work than they could complete with each passing day. An experience most network engineers can relate to.
To successfully complete the refresh project, they would need to decommission legacy routers, switches, and firewalls, and provision and configure new replacements across all sites. In addition, they would need to update and source information from a variety of sources of truth — something that added complexity and increased potential for error due to the manual effort involved. Each device transition – from decommissioning legacy hardware to provisioning new routers, switches, and firewalls – was a potential pitfall for compliance breaches and operational inefficiencies.
Configuration backlog seemed to be building, and network engineers found themselves struggling to keep up while swivel chairing across a variety of different tools to update sources of truth and complete the activities required.
“We eventually found ourselves unable to maintain accuracy with many different sources of truth to manually go and update. Any automation solution we adopted had to also solve for this problem.” – a Network Engineer on the team.
With the importance of the Field Area Network refresh and the urgent need to fix non-compliance with regulations, they had to find a way to drastically accelerate and increase their capabilities. The company had to support and enable the network team to do more.
How Itential Empowered Their Network Team
Itential provides a single platform to manage the full lifecycle of their Field Area Network refresh and automate configuration management across all devices and services in their network.
Integration
The key Itential capability for this transformation is the platform’s ability to integrate with everything in their network. One of the most significant challenges the network team had faced was the need to swivel chair between many different systems, with additional manual steps like data gathering and updating sources of truth essentially tacked on to any network process they wanted to execute. Itential leverages the APIs exposed by networking and IT systems, platforms, and controllers to provide an abstracted workflow orchestration layer where network engineers can coordinate processes that include actions across a wide variety of different systems. Instead of manually swivel chairing to complete these actions, users can simply document their existing manual processes and translate them into workflows.
For a detailed breakdown of Itential’s integration capabilities, see here.
Configuration Management
In terms of configuration compliance, Itential provides a unique set of features that allow teams to manage configurations across many more devices than they could handle manually. Itential users can build Golden Configuration templates for any device type (and for API-enabled services using JSON), and these templates can be related hierarchically for greater flexibility and granular control. All network devices across all domains can be federated and displayed in a single inventory through Itential, allowing compliance plans, reporting, Golden Configuration, and remediation workflows to be centralized for more efficient configuration management.
For a full exploration of Itential’s configuration compliance features, see here.
Automated Configuration Compliance Transforms Network Management
With Itential, this utilities company has modernized the way they manage their network and empowered their network team to do more with less effort. They’ve been able to bring their network back into compliance, complete their refresh effort, and avoid costly fines while empowering their network team to keep up with expanding network infrastructure going forward.
They’re able to ensure that every device, from the moment it’s onboarded, is configured to meet intended standards and remain compliant. Provisioning is more consistent and reliable, and updates can be rolled out near-instantly. In addition, Itential allows dynamic compliance reporting that can be used to trigger remediation workflows, ensuring misconfigurations or out-of-date configurations are fixed ASAP.
The shift to automation did more than just streamline operations; it fundamentally transformed the company’s approach to network management. With orchestrated workflows ensuring consistency and accuracy, the company experienced a significant boost in operational efficiency and team productivity. Crucially, this was achieved without a significant expansion of the network team, their hours, or their cognitive load.
This customer story highlights how automation and orchestration can serve as powerful tools for companies navigating complex network upgrades or stringent regulatory landscapes. Itential delivered the scalability needed to not only avoid substantial fines, but also establish a more resilient and efficient network management framework. For other companies facing similar challenges, the message is clear: automation and orchestration are not just options; they’re requirements for maintaining compliance across large, complex, distributed, evolving network infrastructure.
Read the full story here. Looking for a better configuration management solution? Learn how Itential transforms configuration compliance here.
Rich Martin
Director of Technical Marketing ‐ Itential
Rich Martin is the Director of Technical Marketing at Itential. Previously, Rich has worked at several networking vendors as a both a Pre-Sales Systems Engineer and Systems Engineering Manager but started his career with a background in software development and Linux. He has a passion for automation in the networking domain, and at Itential he helps networking teams to get started quickly and move forward successfully on their network automation journey.
