Introduction
As businesses embrace the cloud for hosting their vital applications, their quest for a cutting-edge SD-WAN solution intensifies. They look for a solution that not only maximizes their cloud investments by delivering superior economics, control, reliability, and performance but also empowers them to harness the robust capabilities of cloud infrastructures.
Cloud on-ramps are solutions to help organizations quickly and securely obtain cloud connectivity. These solutions extend the WAN to public clouds such as AWS, Google Cloud, and Microsoft Azure. They optimize network performance, reduce latency, and provide scalability, flexibility, and security.
In this blog, we will understand the challenges of deploying the Cloud on Ramp solutions, explore how Anuta ATOM addresses these challenges and automates this use case.
Navigating Complexities
To illustrate the complexity, consider a customer requirement to deploy application workloads in a public cloud such as AWS and extend their WAN into the public cloud to establish secure connectivity to the applications. Additionally, monitor the connectivity between the customer sites and the cloud applications and take remediation action in case of a network performance degradation or outage. A representative procedure often involves:
- Open a Change Request in an ITSM system such as ServiceNow and seek approvals from stakeholders.
- Deploy AWS workloads
- Log in to Cisco vManage SD-WAN controller and deploy Cloud Gateway in AWS, extend the Cisco SD-WAN fabric into AWS, and establish secure connectivity to the application workloads.
- To monitor the connectivity between the sites and the workloads, create tests in the Thousand Eyes monitoring system and execute them.
- Update and Close the Change Request in ServiceNow
- Finally, Notify the stakeholders via Webex and email.
Some of the challenges in this process include-
- Accessing Multiple Controllers and IT systems
- Network Operations teams must know about these controllers and systems to accomplish the various provisioning tasks.
- ClickOps heavy processes
- Some of these controllers can be ClickOps heavy. An Operator might have to navigate through multiple screens and many clicks to complete provisioning tasks.
- Manual exchange of information between the systems
- For example,
- Virtual Networks of the SD-Access branch must be mapped to Service VPNs on the SD-WAN Fabric.
- Service VPNs are extended into AWS Public Cloud and mapped to the AWS Host VPCs.
- AWS Workload endpoints are required in ThousandEyes tests
- For example,
- Multiple team coordination
- There can be multiple teams managing these systems, and the entire provisioning process coordination can be very time-consuming.
These challenges make the entire process slow, cumbersome, inconsistent, error-prone, and unreliable.
Best-fitting solution– Faster and more accurate
In response to these challenges, ATOM emerges as a powerful solution by providing Network Operators with a unified user interface. It incorporates–
- Pre-built Workflows: Several out-of-the-box process automation workflows can be invoked from an OSS/BSS portal or an ITSM system like ServiceNow. These workflows take care of all the integration with the various domain controllers and systems in no time.
- Consolidated User Forms: The network operator is presented with a single user form that systematically captures all the controllers’ inputs and required information to complete the provisioning process.
ATOM workflows seamlessly integrate with all the controllers and systems to simplify the complex provisioning process. Thus ensuring reliability, consistency, reduced delivery time, and improved customer satisfaction.
Multi-Cloud On-Ramp & Assurance using ATOM
ATOM – Cross Domain Automation Platform
ATOM Workflow Summary Dashboard can be the landing page for the Network Operations teams. This dashboard can provide helpful information like the number of complete vs. in-progress vs. error processes, pending user actions, SLA compliance violations, Activity planner and scheduled automation processes, heatmaps required to identify any process bottlenecks, trends, charts, etc.
ATOM – Workflow Dashboard
ATOM also supports automation of Day0 to Day-N use cases such as
- New Campus Branch onboarding
- Policy updates on SD-WAN Fabric
- Deploy new or update existing Access policies
- Enable end-to-end segmentation across SD-Access and SD-WAN to ensure consistent policies across the SD-Access sites.
- SDN-DC provisioning
- Establish connectivity between SD-Access and DC Fabric
- Closed-Loop Automation
- Software Upgrades
- Compliance etc.
Example: ATOM Out of Box Workflow Catalog
ATOM – Cloud On Ramp Workflow
Upon initiating the cloud onramp workflow, the network operator gains access to a user input form, facilitating the submission of all necessary details required for provisioning. Furthermore, the operator possesses the discretion to opt for the deployment of AWS workloads.
Alternatively, the workflow can be activated through the OSS/BSS portal, streamlining the process by providing all essential inputs.
ATOM – Cloud On Ramp Input Form
ATOM opens a change request in ServiceNow with all the required details. Once the stakeholders approve this Change request, the workflow proceeds to the next provisioning stage
ATOM – API call to ServiceNow to Create Change Request
ServiceNow – Change Request Created
ATOM deploys the AWS workloads and executes terraform scripts to create Host VPC and EC2 workload instances.
ATOM – Execute Terraform scripts to deploy AWS workloads
ATOM – AWS workload details
ATOM also integrates with the Cisco SD-WAN vManage Controller to extend the SD-WAN Fabric into the public cloud, specifically AWS, through the deployment of Cloud Gateway. This Cloud Gateway setup includes a Transit VPC, a pair of Cloud Services Routers, and a Transit Gateway. Tunnels are established between the Cloud Services Routers and the Transit Gateway, ensuring connectivity to AWS-deployed application workloads. Consequently, this configuration establishes end-to-end connectivity from the customer site to the application workloads in AWS.
ATOM – API calls to Cisco vManage to deploy Cloud Gateway
Cisco vManage – Cloud Gateway Deployed in AWS
Cisco vManage – Intent Realization
AWS – Transit Gateway deployed
AWS – Cisco Cloud Service Routers and Server deployed
The final provisioning stage is to create a test in ThousandEyes and execute it. To start with, a reachability test is run between the ThousandEyes agent in the customer site and the AWS workload.
In case the test fails, an alert gets generated in ThousandEyes. ATOM can ingest this alert and take appropriate action. This action can be
- Raise an incident ticket in ITSM system such as ServiceNow
- Run a workflow to capture the state of the network by executing a few commands on the network devices
- Run a workflow to remediate the issue
- And many more
ATOM – API calls to Thousand Eyes to Create and execute Reachability Test
ThousandEyes – Test Created
ThousandEyes – Test Executed Successfully
ATOM wraps up the process by updating and closing the Change Request in ServiceNow and sending an email notification.
ATOM – Workflow Completed Successfully
ServiceNow – Change Request Closed
ServiceNow – Change Request Notes updated at major milestones
Email Notification on Successful Site Deployment
ChatOps tools like Cisco Webex Spaces are updated at major milestones. Similarly, the notes section in the Change Request is also updated.
Cisco Webex Spaces – Notifications at major milestones
Handling complex provisioning involves several external systems and integration points, so the automation platform must have robust mechanisms to detect, notify, and resolve failure scenarios.
ATOM workflow has integrated checks designed to handle these errors with retry and rollback options. A corresponding Incident ticket is created in an ITSM system like ServiceNow. Additionally, an Email and Webex notification is also sent to the team.
Conclusion
Managing the logistics of deploying cloud on-ramp solutions can be very daunting. Deploying cloud applications, connecting them securely to WAN, and ensuring performance involves multiple complex steps like Change Request approvals, AWS deployment, SD-WAN setup, and monitoring. Another dimension to add would be the time and error involved in managing various controllers, manual data exchange, and coordination with various teams.
But now we have an idea how ATOM can help orchestrate critical logistics with features like Pre-built workflow and Consolidated User Forms to take the pressure off Network Operators. ATOM’s automation takes less than 30 minutes, a feat that would otherwise demand a laborious 5-hour manual endeavour.
With its capability to automate a wide spectrum of Day0 to Day-N use cases like streamlining New Campus Branch onboarding, facilitating Policy updates on SD-WAN Fabric, deploying or updating Access policies, provisioning SDN-DC Fabric, enabling Closed-Loop Automation, managing Software Upgrades, and ensuring Compliance, ATOM emerges as the much needed all-in-one solution.
Stay connected to explore the world of Cross-domain Automation Use Cases as ATOM’s distinctive approach fuses the latest technologies with its lifecycle orchestration expertise.
Additional Contributors: Manisha Dhan