...

Blogs

Cross Domain Automation: ATOM Site Deployment – Part II

Introduction

As the adoption of new enterprise-driven use cases, such as distributed enterprise, work-from-anywhere, and the shift to hybrid multi-cloud deployments, continues to rise, so does the level of complexity in network operations. 

This complexity is particularly evident during site deployments, where network providers must navigate tight schedules while navigating various tasks such as device configuration, IP address allocation, and SD-WAN router provisioning. The importance of executing these tasks swiftly while ensuring precision cannot be overstated, as integrating multiple tools and controllers introduces a considerable risk of human errors.

To tackle these, multi-domain orchestration needs to evolve to enable faster deployment of services, simplification, and better structure. In the Cross Domain Automation use case series, we will explore another use case in this blog to examine how a Cisco SD-Access Branch can be automated using Anuta ATOM out-of-the-box workflows.

The process encompassing user input, Change Request creation, integration with Cisco DNA Center and vManage Controller, AWS deployment, security policy enforcement through Cisco Umbrella, and reachability tests creates smooth communication through tools like Cisco Webex Spaces. This unified cross-domain orchestration streamlines networking infrastructure and extends to cloud workload deployment.

The Four Pillars of ATOM's Cross-Domain Automation

The following components of ATOM play a crucial role in achieving cross-domain automation for site deployment–

ATOM Platform: A customized or extended version of the ATOM platform that includes deployment-related automation scripts and modules.

Integration: ATOM’s integration with other tools and systems used in the deployment process, such as version control systems (e.g., Git), continuous integration/continuous deployment (CI/CD) pipelines, and cloud platforms (e.g., AWS, Azure).

Workflow Automation: Defining and automating the workflows involved in site deployment, including– automation of code deployment, database migrations, content updates, and marketing campaign adjustments.

Monitoring and Reporting: Implement automated monitoring and reporting to ensure the deployed site performs well and meets desired objectives. This might involve tracking website traffic, conversion rates, and ad campaign metrics.

Site Deployment using ATOM

ATOM’s site deployment workflow supports Meraki-based and Cisco SD-Access branches. The identical workflow employed for onboarding a Cisco Meraki branch is utilized for deploying the Cisco SD-Access Branch. 

ATOM – Cross Domain Automation Platform

Example: ATOM Cross-Domain Catalog

ATOM – Site Deployment Workflow

Once the branch deployment workflow is triggered, the network operator is presented with a user input form where he provides all the details required, such as site name and WAN router, etc., for provisioning the branch. Optionally, the operator can deploy AWS workloads and enable a Cloud Security policy.

The workflow can also be triggered from the OSS/BSS portal, providing all the required inputs.

ATOM – Site Deployment Input Form

A Change request is created in ServiceNow with the required details. The workflow proceeds to the next stage after all the stakeholders approve the change request.

ServiceNow – Change Request Created

ATOM integrates with Cisco DNA Center for SD-Access branch provisioning, conducting essential pre-checks such as device availability, IP Address pool availability, and Site presence within Cisco DNA Center, then reserving LAN and WAN IP subnets for the branch.

Cisco DNA Center – IP Address Allocations

ATOM onboards the site router and associates it to the branch site in the Cisco DNA Center. A role is assigned to the device, and the required configurations are pushed onto it to make it compliant.

Cisco DNA Center – Onboard Router

Cisco DNA Center – Assign Router to the Site

Virtual network and L3 handoff interfaces are configured.

Cisco DNA Center – Virtual Network

Cisco DNA Center – Site Border Node L3 Hand Off 

ATOM integrates with Cisco vManage Controller to provision the SD-WAN router to establish connectivity with the SD-Access branch. It executes pre-checks on the Cisco vManage Controller to ensure that the SD-WAN router is UP and the Secure Internet Gateway Tunnel is established between the router and Cloud Security Gateway – Cisco Umbrella. 

ATOM fetches the WAN IP address for the SD-WAN router from Cisco DNA Center

ATOM configures the device and feature templates, i.e., Service_VPN, BGP, Interface, etc., on the Cisco vManage Controller associated with the SD-WAN router. Cisco vManage, in turn, generates the required configuration and pushes it to the SD-WAN router.

Cisco vManage – SD-WAN Router Configuration Template

Cisco vManage – SD-WAN Router Configuration Template

Cisco vManage – VPN Interface Feature Template

Cisco vManage – BGP Feature Template

Post-checks are executed on the Branch and SD-WAN router via Cisco DNA Center and Cisco vManage Controller, respectively.

Cisco DNA Center – Post Checks

ATOM invokes terraform scripts to deploy Host VPC and EC2 workloads

AWS – Host VPC deployed

AWS – EC2 Instance deployed

ATOM – EC2 Instance Public IP

ATOM integrates with Cisco Umbrella to enable Firewall policy to establish connectivity between the SD-Access branch and AWS workloads.

Cisco Umbrella – Firewall Policy Enabled

ATOM executes reachability tests to ensure that the branch can access AWS workloads.

ATOM – Reachability Test Executed

ATOM wraps up the process by updating and closing the Change Request in ServiceNow and sending an email notification.

Email Notification on Successful Site Deployment

ChatOps tools like Cisco Webex Spaces are updated at major milestones. Similarly, the notes section in the Change Request is also updated.

Cisco Webex Spaces – Notifications at major milestones

Why a Unified cross-domain service orchestration?

As we explored this use case, it became evident that the key to success lies in integrating, automating, and coordinating various components and systems. Anuta ATOM connects the dots across diverse domains, from user input forms and change request management to seamless integration with Cisco DNA Center, vManage Controller, and AWS. It ensures not only the deployment of networking infrastructure but also extends to the deployment of cloud workloads and the enforcement of security policies through Cisco Umbrella.

Moreover, Anuta ATOM enhances reliability and confidence in the entire deployment process through its capabilities in performing post-deployment checks, invoking Terraform scripts, and conducting reachability tests. Utilizing collaboration tools like Cisco Webex Spaces and comprehensive documentation in the Change Request Notes section further ensures transparent communication and milestone tracking.

The Active Assurance module within ATOM takes on the crucial role of continuously testing and reporting on the overall health of the deployment process.

As a platform, ATOM continues to simplify, expedite, and organize intricate site deployment procedures. Stay tuned for a glimpse into additional use cases as we navigate the world of ATOM’s cross-domain automation.

Additional Contributors: Manisha Dhan

About Author

You will also like...