When making a change to an environment, one of the most important steps is to ensure you are validating all of the proposed changes to the environment. Testing and validation are essential to make sure that we’re changing what we intend to change while also making sure we didn’t break anything else, regardless of whether the environment is one driven by legacy devices or by modern infrastructure. These steps should include validating input data and translating formats, building pre- and post-checks, and taking all necessary steps to ensure compliance with organizational standards. With the amount of changes today’s network teams have to make across complex network ecosystems, finding ways to successfully automate validation and testing steps is becoming more and more vital.
I come from a hands-on network engineering background, so I’ve seen my fair share of scrambling change windows where we might have a text pad full of show commands to copy-paste into the CLI, logging SSH sessions before and after the change and hoping to catch everything with manual pre- and post-checks (again, by staring at a text pad). And because of that, I’ve also been part of many troubleshooting windows after someone missed something in post-checks, unknowingly causing that dreaded first hour of the morning outage.
And this isn’t something that’s only true for traditional environments. Let’s not kid ourselves — we run into similar problems in DevOps as well. And today, the line between NetOps and DevOps is thinner than it’s ever been, since application deployment largely relies on the network and network teams are often pursuing ways to expose network services to developers. So how do we ensure that for both NetOps and DevOps teams, we can achieve more comprehensive, repeatable, and reliable methods for validation, testing, and compliance? The best solutions are those that can bridge the gap between the two teams, enabling everyone to do the testing and validation they need while unifying tools and methods where it makes sense.
How Itential Helps NetDevOps to Enhance Their Ability to Test & Validate Network Automations
At Networking Field Day 31, I led a session showcasing how Itential enhances both DevOps and NetOps approaches to testing and validation. I walked through some of the primary capabilities, including our dynamic command templates for repeatable testing and our flexible nested Golden Configuration trees. Then, I demonstrated how to add these validation steps to an automation workflow, which operationalizes testing and greatly reduces human error.
Itential’s approach to testing and validation supports both NetOps and DevOps teams, enabling seamless orchestration of processes that touch every kind of infrastructure.
Other key capabilities include:
- Input validation with JSON schemas for API inputs and outputs.
- A modular library of automation and testing assets for future reuse.
- Support for both CLI device compliance and JSON-powered compliance rules for modern API-based networks.
- The ability to leverage testing and outputs while building each automation asset in order to catch issues as early as possible.
- And more!
All of these capabilities make testing and validation more robust while simultaneously accelerating it so that network changes can be made at increased scale. Let’s dive into the two major areas my demo was focused on at NFD 31 — command templates and Golden Configurations.
Command Templates: Pre-Checks & Post-Checks
Itential’s command templates offer a way to turn sets of commands into reusable, shareable assets that are added to an organization-wide library (with full control over who has access, of course). The command templates offer a wide array of capabilities that you can use to build out comprehensive testing steps for your process orchestration workflows.
For the NFD demo itself, I was working with a Cisco IOS device, so my network engineer’s instincts made me start out with some simple show commands just to check device information and status, much like you’d do for a manual pre-check. However, the power of the command templates lets Itential users go a lot deeper than that. You can use variables, which will apply across the entire Itential platform, to make a very specific check without hardcoding the template itself. As you get more advanced, command templates can effectively become strict prescriptions of your exact expectations for a device post-change, which helps avoid errors or bad changes. And then on top of that, you can also leverage regular expressions to perform comprehensive validations that are more genericized than those based on variables.
Golden Configurations: Compliance
Another major component of validations is ensuring your configurations are within compliance. Itential’s Golden Configurations features prioritize flexibility, agility, and control — modern organizations usually have complex environments, and our customers are often operating devices across many different physical sites and clouds alike.
To solve for this, Itential provides the ability to build robust hierarchical Golden Configuration trees, which can be applied to your federated inventory of devices across all your network and cloud domains dynamically. This gives teams the ability to build compliance policies in pieces, validating exactly what should be applied to each given device by leveraging the federated device categories instead of going and validating individual configurations manually.
And Golden Configuration templates aren’t just for CLI devices. Itential enables you to build them against JSON nodes so you can ensure compliance even for API-driven environments — something that’s only becoming more important with time.
How to Include Testing & Validation Steps in Your Automation Workflows
Once testing and validation steps such as command templates or Golden Configs are built, it’s important to incorporate them into your automation workflow. Today, many network teams are looking to provide their end users with self-service capabilities to request network services. But doing that without including enough testing and validations is a quick recipe for disaster. Only by including these important pieces of your workflow can you safely and securely enable automated cloud-like network service delivery.
In my NFD demo, I walked through how to leverage Itential’s drag-and-drop workflow builder to add the pre-checks, post-checks, and compliance steps. With the workflow builder, it’s possible to include robust automated validation steps before a change is actually pushed live, a built-in way to greatly reduce human error and ensure only valid changes go to production even when automations are being requested for self-service. Itential’s comprehensive capabilities for testing, validation, and compliance management of both physical and virtual network infrastructure are a core component of our ability to offer faster, simpler, more reliable network automation to our customers.
Want to learn more about Itential’s full scope of capabilities for NetDevOps teams? Check out our full NFD presentation series here.