Federal Agency Modernizes Mission-Critical Networks Through Automation & Orchestration with Itential
INDUSTRY
Federal Agency
GOALS
- Ensure Compliance Across Distributed Infrastructure
- Mitigate Risk & Improve Security
- Improve Internal Controls & Verification
- Reduce Outages
USE CASES
- IP Network Baseline Configuration Compliance Verification & Reporting
- Network Interface Description Configuration Compliance Verification, Remediation, & Reporting
- L3 VPN Provisioning Reads
INTEGRATIONS
Key Results
Enhanced verification and reporting for network baseline and network interface description configuration compliance across multiple device types.
Eliminated security vulnerabilities caused by out-of-date configuration and legacy devices.
Rebuilt and enhanced automation scripts to require less manual input, increasing engineer productivity.
Accelerated reads for crucial L3 VPN provisioning.
Build a roadmap for network modernization through automation and orchestration with Itential.
Legacy Device Configurations Creating Vulnerabilities & Impacting Compliance With Federal Requirements
Due to fed-specific vendor approvals and security requirements, a significant portion of the devices in federal agency networks are older than those found in most enterprise networks — which has the potential to create additional security vulnerabilities.
The network teams knew that automation would be critical to ensuring up-to-date device configurations and policy rules to maintain network security, but they would need a solution that could be part of a fully secure network technology stack.
With a small network team and a low level of existing automation (NSO, some Python, some Ansible), they were looking for something transformative that could help kickstart their automation journey.
To get started, they identified three primary use cases in order to realize the benefits of automation as quickly as possible:
- Verification and reporting for IP network baseline configuration compliance.
- Verification, remediation, and reporting for network interface description configuration compliance.
- Reads for L3 VPN Provisioning (writes identified as a near-future goal).
The focus on verification and reporting shows the importance of accurate, up-to-date configuration across their network to meet federal security requirements. The team wouldn’t stop here — their network modernization roadmap would involve more complex use cases down the line, including writes for L3 VPN provisioning and automating the management of brownfield services. However, to get started and solve challenges as quickly as possible, they chose to start with simpler use cases that would deliver immediate value.
Over time, we’ve been a little slow to adopt new tools, or even devices due to federal regulations. But to scale our network, our capabilities, we need to rapidly change how we’re working to manage configuration compliance with our team.
Senior Network Engineer
Why They Chose Itential to Advance Network Modernization
Across many federal agencies, network teams face similar challenges — their environments include a significant number of legacy devices, automation tooling is often limited, and teams are often smaller than their enterprise counterparts.
The network team at this agency was in the same position, and they knew they had to quickly adopt more automation and jump-start their progress to maintain security through configuration management across distributed network infrastructure. When Leidos was awarded a prime contract for network services under the GSM-O II contract to help with this modernization project, they knew Itential was the right choice to help modernize the way configuration would be managed across all devices, legacy and otherwise.
Itential provides a solution that is easy to adopt and scale, operates across all device vendors and device types in their network, and creates a framework for rapid network modernization — all from a company with a history of working with federal agencies, that includes an ATO (Authority to Operate) to ensure confidence.
The agency achieved their initial network management targets with Itential’s:
- Pre-Built Integrations to their key systems such as Cisco NSO, Cisco NED, and Kafka, as well as the ability to autogenerate integrations for additional bespoke systems.
- Robust configuration compliance management tools for both CLI-based network devices and API-driven systems and services.
- Automated remediation of all devices that are out of compliance in minutes, eliminating concern for security vulnerabilities.
- Out-of-the-box compliance reporting showing historical data of device compliance to help identify and eliminate issues.
- Low-code workflow canvasto maximize ease of adoption and accelerate building end-to-end orchestrations using modular assets.
- Ability to onboard existing script-based automations with Itential Automation Gateway.
- Capabilities for building modular automation libraries that become reusable assets leveraged across other automation uses cases and teams.
- Secure sharing and robust, role-based access control to ensure automation that changes the network is only accessible to authorized users.
- A commitment to security and compliance to ensure confidence in automation.
- On-premises deployment option to comply with federal air-gap requirements.
Building remediation workflows in Itential was really easy to pick up and seeing what we’ve done with our first few use cases, I can already tell the team will be able to do a lot more as we keep building workflows.
Senior Network Engineer
What They’ve Achieved & the Roadmap to Network Modernization
By automating verification, reporting, and remediation across IP network baseline configuration and network interface description configuration, the team is able to maintain confidence that configurations are up to date across several network domains and device types. They’ve moved away from a slow process of building custom Python scripts, which they lacked the expertise to do at scale — now, they can leverage scripts they are able to build while greatly extending capabilities through a low-code platform.
Looking ahead, their network modernization roadmap includes key priorities to help accelerate service delivery while continuing to improve configuration compliance. This list includes writes for L3 VPN provisioning, migrating a wide variety of brownfield services to Itential workflows to continue to manage existing services, cloud migration to GMS, expanding into the optical transport network and optical layer, and integrating processes with other GMS systems including ticket management and event streaming.
Itential has provided a strong framework for their network modernization efforts. Now that they’ve seen value from the first few use cases, they’re looking to build more ambitious workflows and continue to accelerate and scale.
