In order to ensure that infrastructure is initially deployed according to an organization’s compliance standard as well as ensure the infrastructure remains compliant over time, it is critical to include validation and compliance tasks into automation. It can be easy to overlook just how important and powerful these two features are when demonstrating network automation, so that’s exactly what our team at Itential highlighted in our Proof of Concept demonstration at ONUG Fall 2021 last week.
As a network engineer, my attention is naturally drawn to look at which network controllers or cloud platforms are being automated, what sources of truth or IPAM is integrated, and what other types of IT or messaging systems are involved. But highlighting these two components in this demo really opened my eyes to just how important these tasks are.
I’d like to share a bit more about this demo and what makes it so impactful.
Deploy Compliant Infrastructure Through Self-Service
The ability to create a self-service portal for IT users to request new infrastructure is a goal for most organizations. However, a big concern is ensuring that the requested infrastructure is deployed correctly, without misconfigurations that could impact security, reliability, or performance. This very concern is addressed in the first section of this demo. Here’s how:
An automation in the Itential Automation Platform can be used as an automation engine for a self-service request, originating in ServiceNow. In this use case an IT user can request AWS cloud infrastructure using ServiceNow, which executes an automation in Itential. The first step in the automation validates the proposed infrastructure configuration that it received from the ServiceNow request and determines if it meets the existing compliance standard. IT users who request new infrastructure with badly configured network settings will have their requests denied because they violate the compliance standards set by the network team. This is what makes it so impactful as it puts the ability to define and enforce compliance within cloud infrastructure in the hands of the network team.
This is a unique, powerful, and necessary ability that every enterprise network team must have because the network is everywhere, including multiple cloud platforms. This gives them the tools they need to ensure that any newly deployed cloud infrastructure is always configured correctly and in compliance.
Event-Driven Automated Remediation
In the second section of the demo, an automation kicks off a compliance check with automatic remediation. This automation is event-driven, triggered by an AWS CloudTrail notification that an AWS Security Group has been modified. The automation receives the event message and determines if the Security Group modification has violated compliance. If the security group is out of compliance, the automation determines what changes to the network rules are needed and updates the security group to bring it back into compliance. There are two reasons this piece of the demo is so impactful:
- This is a very real problem for teams managing cloud infrastructure. When individuals start modifying security group network rules to try to make something work, they can unintentionally create outages or security risks.
- Typical compliance check processes are reactive, and security risks will have a window of exposure based on the time it takes to detect a misconfiguration, plus the time it takes to correct it. By integrating with an event-driven process in AWS, teams can effectively optimize the check-break-fix process to seconds or minutes.
Watch the full demo here:
How Itential Keeps Your Infrastructure in Compliance
With both of these functions working together, it becomes an incredibly powerful tool for network teams who are responsible for cloud networking. These are the solutions they really need to deliver compliance for the full life of infrastructure. By using automated validation, teams can always be sure that cloud infrastructure is deployed correctly from the first day of deployment. With event-driven automated compliance and remediation, they can be also be sure that the infrastructure remains in compliance, even if someone makes changes to it. The changes will be detected nearly immediately, and the automation can make corrections to the configuration to bring it back into compliance.
With the Itential Automation Platform, network teams can easily bring automated compliance and validation to both traditional and cloud networks, ensuring that infrastructure is always secure, reliable, and efficient.
Seem too good to be true? You can watch the full demo video here to see it in action and if you’re ready to get started with Itential, you can give it a try a for free with full access to our cloud platform.