Recently, our CTO and Co-Founder Chris Wade sat down with Drew Conry-Murray and Ethan Banks of Packet Pushers for an episode of the Heavy Networking podcast.
Their discussion centered around this idea of evolution for network automation, the idea that network automation engineers can (and indeed should) evolve ‘from Python to Platforms’ to achieve more.
The end goal of network automation is self-service, the ability to deliver network services to end users so that they can request them and receive them without any manual oversight — but how do you get there? To truly collaborate and share automation assets, you need to be able to package up entire services end-to-end and deliver them in a way that doesn’t create additional risk to the network.
Network Automation via Tools & CLI: Powerful, But Hard to Share
At most IT organizations and network teams today, network engineers build automations using tooling such as Python, Ansible, and/or vendor-specific point solutions. It’s a big level-up moment when you build and (successfully) run your first script, waving goodbye to late night change windows and endless copy-pasting.
But let’s say you build a few automations for routine configuration changes, and it goes well. You build more automations for additional use cases, and it starts to feel like every network task is just a few lines away from not bothering you anymore. But what happens when someone else on your team wants to run one of your automations? What happens when your boss asks you to share them with the NOC team?
As Ethan says in the episode, as engineers, when you’re done building, tweaking, and testing a solution, you don’t want to become the sole point of responsibility for that solution going forward. You want to “productize, make it so that anyone in the organization can implement and support the solution.”
With current automation tooling, it’s hard to break past that barrier. Let’s say you want to take some Python automations and turn them over to your IT organization as a whole — suddenly, you’re looking up tutorials for building RBAC and audit logging into your scripts, finding new edge cases to test for, and always updating and maintaining the scripts to integrate with new systems and account for changes in device software.
At an enterprise scale, processes need to flow in a way that’s consistent, secure, and easy to track or audit. But it’s not practical or desirable to put the responsibility for that on the individuals who are building automations.
To keep up as the industry evolves, we need to be able to both share automations across teams and expose automations for more methods of consumption. As Drew points out during the podcast episode, this vision is about “moving beyond individual scripts to a repeatable system that can touch many systems and work regardless of who’s pressing the Go button.”
Network Automation Platforms: Integration, Orchestration, & Collaboration
If you write an automation for yourself, you might be storing it in Git, running it from a network share, and generally taking simple, practical routes toward building and running the automation like a script.
A long list of additional considerations comes up when you’re looking to collaborate as a group and expose automations for self-service. Where are automation assets stored? How do you manage version control? What about integration with third party network and IT systems, what about RBAC, what about attaching a UI to an automation so it can be requested by non-engineers?
The answer is a comprehensive network automation platform that takes all this responsibility off the shoulders of the automation engineer.
Here’s how the Itential Automation Platform enables collaboration to help you reach the next level with network automation:
Integration With API-Enabled Systems
One of the most important components of the Itential Automation Platform is its ability to integrate with all of your external systems via API. This means that you can incorporate API calls to any system within an orchestrated workflow.
For example, you likely use an external system for IPAM, a change management platform like ServiceNow or Jira to document network changes, and a whole lot more. With Itential, all of this can be integrated with your existing network automations.
Orchestration
Itential helps you stitch together multiple automated steps or ‘tasks’ to automate an entire network service end-to-end. As mentioned above, Itential’s integration capabilities allow you to incorporate everything needed to deliver an automated network service across your organization. Orchestration is how you put everything in sequence to create an end-to-end workflow, ensuring that any time a configuration change is made, the associated change management steps, pre- and post-checks, reporting, and more are all automated alongside it so that self-service delivery is possible.
Don’t Start From Scratch
If you’re an experienced network automation engineer, maybe working a lot with Python or Ansible, reading this might leave you worried that your organization is going to adopt some new platform and all your work will go to waste.
Itential doesn’t ask you to rip-and-replace. Instead, you can leverage the high-code automation execution platform Itential Automation Gateway (IAG) to easily onboard Python, Ansible, Terraform, and vendor point solutions and attach APIs to them so that they can be part of the orchestrated workflows mentioned earlier. This approach bridges the gap between CLI and API, enabling automation engineers to stay focused on building effective automations while greatly increasing the shareability of those automations.
Expose Automations to End Users in Several Ways
Itential provides several types of triggers for automations, including events from other systems, scheduled execution, and the ability to expose automations via powerful JSON Forms for operators to run.
In addition, you can expose network services via an API so that other systems can call Itential and run your workflows. In our customer environments, this is most commonly used to expose automated network services to ServiceNow portals and to CI/CD pipelines, driving efficiency by making network automation as convenient as possible for end users to consume in their own systems and processes. Enabling self-service via these commonly used systems is critical to enhancing the efficiency of network automation and accelerating the time to complete network changes.
Build Guardrails to Share Automations Safely
Itential provides enterprise class security features that facilitate network automation collaboration at scale, enabling you to turn automations over to the wider organization without worrying that everything will break.
Granular role-based access control is available at many layers within the platform, providing flexibility and control over who can access features, components, and data within the platform, ensuring compliance to even the most stringent security policies.
Single Sign On (SSO) support allows specific users to securely validate with an SSO application through OpenIDConnect and automatically sign into the Itential Automation Platform.
In addition, you can leverage Itential’s aforementioned integration capabilities to ensure that you can incorporate any additional system(s) or solution(s) dictated by your organization or unique environment.
Collaboration & the Future of Network Automation
As network infrastructure continues to evolve, the need for more efficient network service delivery only increases. Automation is the best strategy for keeping up with scaling network needs. Using a platform like Itential that offers integration and orchestration capabilities allows you to include the enterprise features you need to expose automations practically and safely to others across your organization, enabling the ultimate level of collaboration.
For more, dive into the full discussion on this episode of Packet Pushers’ Heavy Networking.