The Network: Here, There, and Everywhere
A few years ago, if you asked someone on a networking team, “Where is the network?,” they would probably show you a wiring closet or a data center. They might also describe where the wireless access points are located and how remote offices are connected through MPLS or leased lines. This would be an accurate description of the traditional campus, branch, and data center networks that have been the norm for many years. These networks were comprised of specialized hardware devices, like routers and switches, and for the most part, managed through a specialized Command Line Interface (CLI) on a device-by-device basis. Networking vendors innovated and adopted solutions that utilized controllers to manage groups of devices together, providing a single GUI interface to manage all the devices in the common solution. Even with these innovations, the question of “Where is the network?” was still answered by pointing to a series of tangible, hardware-based appliances.
Enter the Elastic Infrastructure
Consider the state of the network in 2021 and ask the same question. Where is the network? The answer is very different for many enterprise network teams. It still includes the traditional network domain of the campus, branch, and data center, but now it includes much more. The network now includes a series of virtual network services spread out across the Internet. As applications moved to multiple cloud platforms, they diminished the need for the traditional data center and increased the complexity of the network. Branch offices have transformed from primarily leased line-based connectivity to Internet-based connectivity through SD-WAN solutions. This has put more of the network across the Internet. The users of these applications, whether they are inside or outside of the organization, are dispersed across the Internet which adds to the complexity.
One of the benefits of cloud-based services is that they can scale very quickly. The network team is experiencing a rapid growth of services like VPCs, transit gateways, cloud inter connections, and many other network services. This has created a very elastic infrastructure for networking, which brings a number of challenges for network teams attempting to manage the network, which has now exploded on the Internet.
Building Trust and Confidence
Networking teams are keenly focused on building trust and confidence in their network, and they spend a fair amount of time ensuring that devices on the network operate according to a standard configuration. This standard configuration provides a level of confidence, knowing that a device is configured with the correct security features and proper operational state. In traditional networking, where devices are CLI-driven and overall control of the network was tightly held by the network team, the ability to ensure compliance across the network was straight forward. But as we have discovered, today’s network is not just physical devices. It is network services across the Internet and cloud platforms. These services may not have a CLI and access to these services may be shared by multiple groups outside of the network team. The challenge of building trust and confidence through compliance across this new part of the network infrastructure will need to be addressed.
Shifting From Control to Governance
Networking teams will need to look at compliance from a different point of view and they will also need a new set of tools to drive compliance across the entire network, whether it’s on-prem CLI-based devices or cloud-based API-driven services. Automation from the cloud world and compliance from the network world must work together to overcome these challenges. As the network becomes more elastic in nature, any potential change to the network should first be validated to ensure that the change does not break the compliance standard defined for that area of the network. Network teams able to accomplish this will move from a control model to a governance model, which will enable them to manage all of their network domains and ensure the highest level of trust and confidence at scale.
Applying Validation through Automation
Traditionally, the network compliance process engages sometime after a change to the network was made. This change remains active until the compliance process reaches this device’s configuration and determines it is out of compliance. Typically, the details are logged, and a notification is sent out so that someone on the network team can fix the configuration to bring it back into compliance. The out of compliance changes may expose the network to unnecessary risks until it is corrected, and now that these network services are on the Internet, this methodology will no longer work.
Automation is the key to solving this problem, and tightly coupling automation and compliance is the best solution. Network teams will need to create automations that allow others to make changes to the network and before any change is applied, engage the compliance process to validate that the intended change meets the set standard. This changes the compliance process from a reactive method to a proactive method and ensures a high level of confidence across the entire network, regardless of whether it is physical, virtual, or cloud-based networking.
Interested in hearing more on this? Attend Itential’s Proof of Concept titled Automating Compliance Across Hybrid and Multi-Cloud Network Infrastructure at ONUG Spring taking place digitally May 5-6