Introduction
At Anuta Networks, we constantly examine the challenges that ISPs and network providers encounter in effectively managing a sprawling multi-cloud environment. One valuable learning is that most of the automation and orchestration solutions available today are designed around traditional drawbacks such as vendor lock-in and heavy integration cost. None have fully embraced the cloud’s capabilities to address the complexities inherent in cross-domain deployments. To address these pain points, Anuta will embark on a blog series starting with this entry that will outline ATOM’s new and improved features in cross-domain automation.
To begin, we plan to delve deeper into contemporary networking challenges and highlight how ATOM emerges as a transformative solution. Our exploration will cover a range of cross-domain automation use cases, focusing on the potential of ATOM’s unique approach in solving challenges and ensuring an organization’s readiness for modern cloud network innovations.
Networking complexity, from first to last mile
The landscape of large enterprise networking has evolved dramatically, encompassing a fusion of traditional networks, Software Defined Networks (SDN), and cloud deployments. This blending often involves numerous domain-specific controllers that must pinpoint the handling of bespoke networks. While the performance of these controllers within their individual domains is commendable, a complex, unavoidable challenge arises when attempting to interlink these controllers cohesively. The true test lies in establishing a seamless connection among these elements to effectively provision and manage use cases that transcend the boundaries of multiple domains.
The Challenge
To illustrate the complexity, consider a scenario within a large enterprise encompassing two distinct branch types: Cisco Meraki Branch and Cisco SD-Access. A typical procedure often involves:
- Opening a Change Request in an ITSM system like ServiceNow and seeking approvals from stakeholders.
- Reserving VLAN and IP Addresses for the branch in an IPAM system like Netbox
- Provisioning the branch via
- Cisco Meraki Dashboard or
- Cisco DNA Center for SD-Access Branch and Cisco vManage for SD-WAN
- Deploying AWS workloads
- Enabling Cloud Security Policy in Cisco Umbrella
- Executing Reachability tests
- Notifying various teams and closing the Change Request in ServiceNow
Some of the challenges in this process include-
- Accessing Multiple Controllers and IT systems
- Network Operations are expected to know about these various controllers and systems to accomplish the various provisioning tasks
- ClickOps heavy processes
- Some of these controllers can be ClickOps heavy. An Operator might have to navigate through multiple screens and a lot of clicks to complete provisioning tasks
- Manual exchange of information between the systems
- Information from one system might be required in another system
- For example,
- IP Addresses reserved in Netbox are required in the Cisco Meraki Dashboard to provision the branch
- Virtual Networks of the SD-Access branch must be mapped to Service VPNs on the SD-WAN Fabric
- AWS Workload end points and branch IP Addresses to enable Cloud Security Policy
- This process is error-prone
- Multiple team co-ordination
- There can be multiple teams managing these systems, and the entire provisioning process coordination can be very time-consuming.
Addressing the Challenge
In response to these challenges, ATOM is a powerful solution that provides network operators with a unified user interface. It incorporates–
- Pre-build Workflows: Several out-of-the-box process automation workflows can be invoked from an OSS/BSS portal or an ITSM system like ServiceNow. These workflows take care of all the integration with the various domain controllers and systems
- Consolidated user forms: The network operator is presented with a single user form to capture all of the controller inputs and required information to complete the provisioning process.
Cisco Meraki Branch Deployment
Example: ATOM Cross-Domain Catalog
ATOM – Site Deployment Workflow
Upon initiating the branch deployment workflow, the network operator gains access to a user input form, facilitating the submission of all necessary details for branch provisioning. Furthermore, the operator possesses the discretion to opt for the deployment of AWS workloads and activation of a cloud security policy.
Alternatively, the workflow can be activated through the OSS/BSS portal, streamlining the process by providing all essential inputs.
ATOM – Site Deployment Input Form
ServiceNow – Change Request Created
Netbox – Prefix reservation
ATOM integrates with the Cisco Meraki Dashboard to provision the branch. It performs pre-checks to ensure that the branch is not already provisioned, that the device is available, and more. IP Prefix reserved in Netbox is passed to Meraki Dashboard to provision the Data VLAN 101 subnet. An IPSec tunnel is established between the branch and Cisco Umbrella so that all the traffic from VLAN101 is routed through Cisco Umbrella.
Meraki Dashboard – Site onboarded
Meraki Dashboard – Routing Configuration
Meraki Dashboard – Site-to-Site VPN Configuration
Once the branch is provisioned, ATOM proceeds to deploy the AWS workloads. ATOM executes terraform scripts to create Host VPC and EC2 workload instances.
AWS – Host VPC deployed
AWS – EC2 instance deployed
The final provision stage is to enable the Firewall policy in Cisco Umbrella.
Cisco Umbrella – Firewall Policy Enabled
ATOM executes a reachability test to ensure the branch can access AWS workloads.
ATOM – Reachability Test Executed
ATOM wraps up the process by updating and closing the Change Request in ServiceNow and sending an email notification.
Email Notification on Successful Site Deployment
ChatOps tools like Cisco Webex Spaces are updated at major milestones. Similarly, the notes section in the Change Request is also updated.
Cisco Webex Spaces – Notifications at major milestones
Amplify with ATOM Cross-Domain Automation
Orchestration through Unified Workflows
A consolidated user interface eliminates the complexity of coordinating between domain controllers and systems, streamlining input collection for controllers and provisioning specifications. Providing out-of-the-box process automation workflows readily accessible through various portals also fosters a cohesive orchestration environment.
Integration for Reduced Manual Effort: ATOM’s capacity to facilitate the exchange of information between systems ensures seamless integration and data flow between diverse domain controllers and systems. Moreover, the precision and expedited workflows reduce manual intervention to mitigate the risk of human errors.
Accuracy and Time Efficiency: ATOM significantly improves provisioning accuracy by centralizing data inputs and automating processes. It combines innovation in AI with its network automation expertise to help customers improve network performance and realize operational efficiencies while simplifying management requirements.
Collaboration and Communication: Embracing ATOM’s integration capability allows organizations to orchestrate workflows using a unified interface effortlessly. Moreover, teams can collaborate seamlessly, diminishing the potential for miscommunication or fragmented operational approaches. Integrating ChatOps tools further enhances communication, ensuring key stakeholders are well-informed at every milestone.
As we navigate through this blog series, the profound transformation that ATOM introduces to cross-domain deployments becomes increasingly evident. The capability to simplify network operations while embracing modern cloud capabilities for massive scale is a testament to Anuta Networks’ commitment in redefining network automation standards.
Stay tuned as we delve deeper into the cross-domain automation journey, highlighting the many capabilities that ATOM delivers.
Additional Contributors: Manisha Dhan