Whether we are dealing with a private cloud or a public cloud, the enterprise applications (e.g. 3-Tier applications, SharePoint, SAP, Exchange etc) are hosted in a shared network infrastructure. Network operators must configure multiple network elements such as Load Balancers (Popularly known as Application Delivery Controller – ADC), Firewalls, Web Proxy, Routers, Switches, IP Address Managers (IPAM), Certificate Managers manually.
The manual process is burdensome and requires complex exchanges among multiple teams for approval. To further complicate the matter, enterprise networks are traditionally multi-vendor. So, you need expertise to configure F5, Citrix, Radware, AVI, Checkpoint, Fortinet, Cisco, Juniper, HP, Brocade, Infoblox, Blue Coat, QIP, VeriSign etc. The manual process often results in mis-configurations and security violations. Additionally, it is extremely challenging to ensure compliance and auditing is frightening.
It is not unusual for the network operations team to take 3 to 6 weeks to deploy a VIP.
This situation cannot continue for an indefinite period. The server teams got their act together. Virtualization coupled with API driven DevOps culture has eliminated the bottlenecks in provisioning servers and storage. Now, we are noticing collaboration among networking vendors to simplify this problem. More and more vendors are supporting programmability for their platforms through Open APIs and the network operation teams are embracing the DevOps movement.
Network Service Orchestration has a huge and important role to play in accelerating this DevOps culture among networking teams.
Network Service Orchestration primarily automates complex work flows across multiple L2-L7 vendor devices.
For instance, let us review the NCX Network Service Orchestration platform. NCX uses industry standard YANG (similar to XML) language to model network services. NCX also has built-in device models for all the industry-leading vendor devices. For the latest list, see Supported Devices.
A service model describes the service chaining requirements among the various network functions as well as the approval workflow. The device models describe the exact CLI or API to provision a network function on a specific vendor device.
The Cloud admin defines a consolidated user interface (UI) that supports self-service. Network operators will use the UI to submit parameters for all vendor devices such as VIP address, Firewall rules, Certificate properties, IPAM parameters etc.
NCX converts such UI form automatically to a YANG Service model such as below:
The DevOps teams build the necessary business logic in Python. For example, python scripts can enforce workflow rules, perform sanity checks on user input, optimize workload placement depending on application requirements.
The python code describes the business logic based on abstract device model (also defined in YANG).
This separation between services and device operations allows DevOps teams to focus exclusively on service logic without worrying about underlying infrastructure.
The NCX YANG mediation engine will implement the abstract device model operations and using the concrete mappings (such as CLI, Netconf, API or XML) generates commands or API for each vendor device.
NCX translates a consolidated UI to the actual commands across multiple vendor devices within minutes.
In addition to the YANG platform, NCX has functionality to support the Application Delivery process. NCX discovers existing resources and services in a brown field environment. NCX monitors device configurations and further validates against the policy model on a periodic (configurable) basis. In case of any inconsistencies, NCX will generate alarms for reconciliation by the administrator, as a result ensuring compliance.
In summary, Network Service Orchestration introduces consistency, avoids human errors, reduces time to market and ensures compliance.
For more details, checkout NCX product page
– Kiran Sirupa, May 12th, 2016.