Global Investment Banking Firm Scales Network Automation by Adopting a High-Code + Low-Code Strategy with Itential
INDUSTRY
Financial Services: Investment Banking
GOALS
- Decrease Time to Deliver Network Services
- Standardize Network Security & Compliance
- Maximize Engineer Productivity Across Diverse Skillsets
- Reduce Costs & Minimize Tool Sprawl
USE CASES
- Firewall Provisioning
- ServiceNow Network Request Integration
- Pre-Checks & Post-Checks
- Configuration & Compliance Management
- Network Failover Testing
INTEGRATIONS
Key Results
Fulfill network service requests in minutes vs. months.
Integrated network service requests with ServiceNow for orchestrated policy management.
Standardized automation architecture to maximize velocity while maintaining compliance standards.
Maximized automation participation across automation developers and network engineers.
The Need to Scale Existing Siloed Network Automation Efforts
For the network team at this global investment banking and financial services company, an increasing volume of network service requests for firewall policy updates presented a significant challenge. These network requests are key to securing and managing the company’s business-critical applications, and delivering same day services became one of the team’s top priorities.
With a small number of automation engineers building DIY scripts with Python as well as network engineers leveraging domain-specific, vendor-provided controllers such as Cisco DNAC for Data Center, Palo Alto for Firewalls and Viptela for SDWAN, IT leadership realized the team would need a more centralized, scalable approach to automation to increase efficiency and accelerate time to deliver critical services.
While a core of high-code automation engineers had initially been successful building scripts, the need to hand-execute scripts and manually interact with sources of truth and ticketing systems limited their capabilities. Needing to make the most of their existing capabilities, while also expanding automation to other network engineers, the team coalesced around a unified strategy centered on four major priorities:
- Enhancing service quality and accelerating delivery.
- Increase engineer participation in automation to increase velocity and utilization.
- Build compliance steps into every automated process to maintain standards at scale.
- Centralize tooling and eliminate tool sprawl wherever possible.
We had to take a look at everything in the network and ask ourselves: who wants to automate? Who can automate? What needs to be automated? And what’s the best way to support and maximize our existing automations?
Senior Vice President, Network Engineering & Architecture
Why They Chose Itential to Shift from Automation Silos to Orchestrated Workflows
Adopting the Itential platform enabled the company’s network engineering and architecture team to pair their high-code capabilities with a low-code platform to maximize impact, standardize processes, and eliminate the need for manual touchpoints that consumed engineers’ time. With Itential, automation engineers can onboard scripts to the platform and ensure others can access and run them safely. Network engineers can leverage these automation assets and integrate them with ServiceNow for end-to-end workflows that drive a more efficient change management process and accelerate network service delivery.
Itential also provided a way to unify their automation architecture to solve their tool sprawl problem — its wide range of automation capabilities means it was able to replace many point automation tools, while its integration and workflow orchestration capabilities allow the team to get more out of the specific tools they continue to use.
This company’s network engineering and architecture team successfully scaled automation, expanded participation, and alleviated tool sprawl through Itential’s:
- Ability to easily onboard, standardize, and secure existing high-code automations like Python and Ansible to be incorporated into orchestrated workflows.
- Low-code workflow builder that enables everyone on their team to participate in building and deploying end-to-end network services.
- Open integrations with any network and IT systems and existing automation tools and controllers, and the ability for teams to build their own.
- Robust data transformation capabilities, enabling teams to automate the data manipulation required for orchestrated workflows that touch multiple systems and data sources.
- Certified Itential ServiceNow Application for seamless self-service delivery to end users within the company’s ServiceNow environment.
- Configuration management capabilities including Golden Configuration templates, visibility across all of the network, and the ability to build pre-checks, post-checks, and other validation steps into any orchestrated workflow.
- Self-service capabilities that enable the team to expose network services as self-serve products for internal end users.
- Pre-built, modular assets from the Automation Marketplace to help the team move faster and provide ways for low-code engineers to build their library of automations for reuse.
- Single platform approach that centralizes, standardizes, and streamlines automation and orchestration across all of network infrastructure.
We want to avoid tool sprawl as much as possible, and Itential lets us do that. When we look at turnkey automation tools, we look at three things: do they have unique capabilities Itential doesn’t have? Are they worth the price? And can we scale them and use them for multiple vendors’ products? If the answer to one of those is no, we’re probably getting rid of the tool and building its functionality in Itential.
Senior Vice President, Network Engineering & Architecture
What They Achieved & How They Did It
Same Day Delivery of Firewall Requests
At the beginning of their partnership with Itential, the team focused on automating firewall requests as a first use case — their most commonly requested network service. Due to operational requirements, these changes can only be pushed overnight. With 8-10 policy change requests a night coming in through ServiceNow, the need to keep policies up to date meant the engineer who configured a given policy would need to wait and push a change past working hours. The team was able to solve this crucial challenge by building an Itential workflow that integrated with both their Palo Alto Panorama firewalls and ServiceNow, leveraging high-code assets to push actual policy changes and low-code orchestration capabilities to turn that into an efficient workflow that can be delivered as a service. Now, engineers don’t need to push updates overnight by hand, the workflows are standardized, errors are down, and network consumers are able to move faster.
Standardized Data Center Configuration & Compliance Management
After that first proof of concept, the team expanded into use cases focused on compliance and configuration management with validated pre- and post-checks. Beginning primarily with Cisco and Arista devices, they selected network failover testing as a first use case for its importance and manual time savings.
Network failover testing is critical to ensuring stability, but the tasks involved would take engineers a full day to perform manually, with five or six engineers running show commands to check branches. By building workflows in Itential, they were able to not only save time, but also expand on what can be done: moving beyond show/run to more dynamic and comprehensive testing. They specified BGP commands and scheduled jobs to run them morning and evening per region, sending the outputs of those commands to a SQL database that feeds an in-house network portal so that engineers can see route tables and compare them.
The team that built these workflows didn’t have a lot of network automation skills at the beginning, but with Itential’s low-code workflow builder and JSON data transformation capabilities they were able to build out the logic they needed and quickly become power users of the platform.
The Transformative Benefits of High-Code Automation Paired with Low-Code Orchestration
This company’s network team is ambitious and highly capable, and they’ve built a strong automation and orchestration roadmap leveraging Itential to increase efficiency in every area of the network. They’re looking ahead to event-driven automation, incorporating more AI into network management, building out data center networking services, and enabling their cloud team to orchestrate AWS VPCs for cloud network management.
The new operating model has given the company the best of both worlds when it comes to high-code and low-code. Automation engineers are given freedom to build their own network automations and leverage Itential to maximize the impact of those high-code assets. Traditional network engineers are able to build form-driven workflow logic, leverage pre-builts, and participate in automation in an impactful way. Orchestration turns those automation scripts into shareable assets for the entire organization, taking something that saves a little bit of time and transforming it into something that significantly increases the speed, security, and consistency of network service delivery. Ultimately, that means cost savings for the business, since developers can move faster, the company can adopt new technologies more flexibly, and they’re no longer paying for extraneous automation tools.
With orchestration, the team has expanded participation in automation, incorporated pre and post compliance checks into every workflow they build, standardized and centralized network change processes, and ensured they can always keep up with increasing demand for network services.
