...
Anuta ATOM

ATOM Cloud Trial Guide

Table of Contents

Anuta ATOM Overview

Anuta ATOM platform provides comprehensive end-to-end network automation, network monitoring, configuration and compliance management, network orchestration, and closed-loop automation for multi-domain and multi-vendor networks.

Key Features of ATOM Platform

Vendor Agnostic Platform: Anuta ATOM supports 45+ vendors across 150+ platforms. All major vendors, including Cisco, Juniper, Arista, F5, and others, are supported. Anuta ATOM provides SDK, enabling customers and partners to develop device models not supported by ATOM currently.

Automated Device onboarding: Network devices can be onboarded on ATOM either manually or automatically through seed and sweep mechanisms. ATOM also provides zero-touch provisioning through DHCP or PnP. Once onboarded, ATOM provides a complete device lifecycle and inventory management.

Configuration & Compliance management: Upon onboarding the devices, ATOM provides configuration management and automated compliance enforcement. ATOM periodically archives and versions device configurations. Any out-of-band changes are detected, notified, and remediated on approval. ATOM’s compliance policy builder enables the administrator to define and standardize configurations. Any violation of baseline behavior triggers automated remediation to fix non-compliance.

Service Orchestration: ATOM enables Service lifecycle management and service orchestration. L2VPN, L3VPN, Application delivery, or any custom service can be modeled and ordered using the ATOM platform.

Low Code Workflow Automation: ATOM provides an intuitive drag & drop framework to develop automation for even the most complex workflows such as software upgrades, Device RMA, network migration, troubleshooting, and diagnostic scenarios.

Performance & Network Health Monitoring: Anuta ATOM provides a single-pane-of-glass to monitor the entire network. ATOM can collect necessary device and network data through SNMP, SNMP Trap, Syslog, and streaming telemetry mechanisms. Operators can visualize the collected data through out-of-box and custom charts or share it with external databases.

Alert Routing & Suppression: ATOM supports alert deduplication, alert grouping, alert suppression, and alert routing. ATOM allows the grouping of similar alerts into a single notification. During significant outages, when many systems fail simultaneously, numerous alerts are triggered. Alert Manager in ATOM can be configured to group alerts by their cluster or alert name to send a single compact notification for similar alerts.

Closed-Loop Automation: ATOM enables closed-loop automation by relaying the monitoring platform’s feedback to the automation platform. Network administrators can set thresholds and alerts for network events. The ATOM platform can automatically trigger remediation workflows based on the network administrator’s approval on breach of thresholds.

APIs and Integrations: ATOM is an Open and API-driven platform. All operations in ATOM can be triggered through the ATOM’s self-service portal or APIs by northbound solutions such as OSS/BSS, ITSM, Ticketing/Billing, etc. ATOM workflow automation can invoke APIs from external entities such as ServiceNow, Jira, IPAM, etc.

RBAC & Multi-Tenancy: ATOM Supports Role-based access control and multi-tenancy, which will allow customizing privileges to various functions in ATOM. Workflow automation also supports similar access control rules where the workflows created by one user will not be seen by another unless explicitly assigned to them. RBAC policies also offer control over the execution of workflows.

Massively Scalable: The ATOM platform is built on the latest technologies. It is a microservices-based stateless platform that can scale horizontally to support thousands of devices with high throughput and low-latency. ATOM is componentized and enables the deployment of selected components essential for desired functionality.

HA & Full redundancy: ATOM Software is microservices-based, containerized, and runs on the Kubernetes platform. All components of ATOM, except for databases, are stateless. Databases contain state information and are in HA. ATOM components support the active-active cluster model.

Scope of this Guide

ATOM Trial Instance allows you to experience the following ATOM features.

  • Multi-Vendor Resource & Configuration Management
  • Service Orchestration
  • Workflow Automation
  • Compliance Management

Accessing the ATOM Cloud Instance

Visit the Anuta Networks website and request an ATOM Cloud Instance.

On requesting a free trial, you will receive a set of emails related to your account.

  • The first email provides instructions to set your password.
  • The second email provides instance URL and login details.

Access the instance URL and login with your credentials.

In case of any issues, please contact support@anutanetworks.com.

Anuta ATOM Cloud Walkthrough

Before we test drive Anuta ATOM, let’s briefly examine the lay of the land.

On every login, you will be presented with an ATOM Cloud info page. The page provides you with all essential information related to ATOM Cloud instance and agent health, license details, support information, and documentation links.

The menu bar on the left helps you traverse through various ATOM features.

ATOM dashboard provides you with a quick summary of all essential metrics. You can add new widgets or create new dashboards as required.

See here to learn more about viewing and customizing the dashboard.

With this essential knowledge in place, let’s try out a few ATOM features.

Exercise 1: Resource and Configuration Management

ATOM can onboard network devices across 45+ vendors and 150+ platforms. (See the list of all supported devices). This trial instance has devices across Cisco, Juniper, Palo Alto, BigIP, Fortigate, and Infoblox.

Click on devices at the menu bar to see a list of all devices onboarded to your instance.

You can now see a list of all devices onboarded to your ATOM platform.

Click on the device grid icon on the bar at the bottom right corner to view device inventory in a tabular view.

View Device Inventory

Let’s take a look at one of the devices.

Click the first virtual CSR device.

Click on the summary tab to view device inventory including, device type, OS version and interface, and compliance status.

View Archived Configurations

The next tab will display a list of archived configurations. ATOM periodically archives device configurations. The status of each retrieval is also displayed.

Select any configuration to view.

You can tag every archived configuration. You can use this tag to restore configuration at a later point in time. Provide a tag name at the right bottom corner and then save the changes.

View Configuration Diffs

Select the following two configurations from the timeline and click on compare icon on the toolbar to view the difference between them.

View Configuration Data

The config data button in the configuration tab provides you with a simplified view of the device configuration. The entire configuration of the device is modeled into related items. This view is available for CLI and Yang/NetConf based devices.

Let’s check for all VLANs configured in this device. To view all VLANs in the current device, click on the “Config Data” button. Scroll down in “Config Elements” and click on “VLANs.”

Summary & Next Steps

Through this exercise, you learned ATOM’s resource and configuration management capabilities.

Some of the key capabilities are listed below.

Resource Management Configuration Management
  • Automatically onboard Greenfield networks through ZTP
  • Automatically discover brownfield network and services.
  • Automatically group devices based on custom rules (such as type, location, etc.)
  • View L2 Topology
  • Archival
  • Versioning
  • Restoration
  • RMA
  • Diff
  • Config Data Model

Check out the configuration compliance section in the user guide to learn more on these topics

Exercise 2: Service Orchestration

ATOM provides service lifecycle management for multi-vendor devices. ATOM provides numerous out-of-box services. Custom services specific to business interests can also be developed using ATOM SDK.

In this exercise, we will be provisioning, modifying, and deleting L3 and EVPN services.

Provisioning L3 Service on a Cisco Router

Please refer to the L3 service automation use-case guide to get a detailed understanding of the L3 service capabilities.

In the menu, Click on automation and then services.

Go to the service catalog and click on the L3 service card.

This page displays all L3 service instances. You can see an existing L3 service.

Create a new service

Let’s create another L3 Service. Click on “+” to create a new l3 service.

Entering Form Details

You are now provided with a form. ATOM will provision a new L3 service based on the details provided in this form. Enter the details as below and submit.

You can also import a template with prefilled form values(see below)

Field Value
Name Trial L3 Service
Device ID Select a vCSR from the dropdown
Interface-mode Sub-Interface
Interface GigabitEthernet3
Description TrialService
Vrf TrialVRF
Vlan-Id 522
Ip-Address 172.1.16.24
Netmask 255.255.255.0
Ipv6-Address Leave it blank
Ipv6-Prefix-Length Leave it blank

Importing a form template

ATOM allows operators to import an existing template. Download the L3 service template from here and import it.

Most of the form values are prefilled. Enter device and interface configuration and submit.

View task progress

Open the tasks view to monitor the progress.

We can see our service is being provisioned. The progress bar shows that it’s 50% done.

To view the details of the task, click on the three dots and then select details.

In the task details pane, you can view the logs and the commands that are yet to be provisioned.

Refresh the task list to retrieve the latest status of the task.

Once the task is completed, close the task panel and refresh the service view.

To view provisioned commands, follow the steps as described in this section.

Verify the service creation

ATOM automatically pulls configuration from the device after provisioning the service. To verify the service has been provisioned successfully, go to the archived configuration tab described in this section.

In this archive, you can see that the last entry is related to the operation “Create: L3 Service”.

Compare the last two configurations to verify if the correct configurations were provisioned in the device.

Modify existing service

Let’s try modifying the service configuration. Follow the steps described in this section to return to the L3 service summary view. Here we can now see an entry for the previously provisioned service.

To modify the service, select the row and click on edit.

In the displayed form, modify VLAN from 522 to 600 and submit the form.

This triggers a modification request, and ATOM modifies the VLAN on the device.

Monitor the task as described in this section. Validate service configuration as described in this section.

Delete the service

Now let’s proceed to the final step of a service lifecycle – Service Deletion.

To delete the service, select the row and click on delete.

This triggers a deletion request, and ATOM deletes the selected L3 service.

Monitor the task as described in this section. Validate service configuration as described in this section.

Provisioning EVPN VXLAN Service on a Juniper Router

Please refer to the EVPN VXLAN service automation use-case guide to get a detailed understanding of the EVPN VXLAN service capabilities.

Go to the service catalog as described in this section and click on EVPN VXLAN service.

Click on “+” to create a new service.

Fill the form with details as shown below and submit.

Field Value
Vlan-ID 202
Description S_EDU_NAT_202
Resource-Pool Select rp
create-vrf Select the checkbox
Rd 65301:101219
Rt 65301:101219
Vrf OVERLAY_DC_202
Cidr Select Evpn-vxlan-pool
Virtual-Gateway-Address 172.16.2.4

You can also import this template as defined in this section.

Monitor the task as described in this section. Validate service configuration as described in this section.

Summary & Next Steps

Through this exercise, you learned ATOM’s service automation and orchestration capabilities.

Some of the key service orchestration capabilities are listed below.

Service Orchestration
  • Stateful automation
  • Dry Run before production
  • Atomic transactions
  • Approvals
  • Service Compliance

Check out the user guide to learn more on these topics.

Exercise 3: Workflow Automation

ATOM Workflow Automation allows you to automate simple and complex method-of-procedures. The entire end-to-end procedure, including pre-checks, post-checks, and approvals, can be automated using this feature. ATOM provides a Workflow Builder to design and develop workflows. Workflow Builder is out-of-scope of this trial.

In this lesson, we’ll execute a workflow that automatically upgrades a Juniper MX device.

Juniper MX Upgrade Automation

Please refer to the Juniper vMX Workflow Automation use-case guide to get a detailed understanding of the upgrade capabilities.

In the menu, Click on automation and then Workflows.

Go to the Workflow catalog and click on the Juniper MX Upgrade Workflow.

You will now enter the workflow summary page. Here you can visualize the entire workflow, all instances of the workflow and their corresponding statuses, and the workflow version.

Start a new workflow

Execute this workflow by clicking the “start” button on the toolbar

Enter a name for this workflow instance and click on “start.”

You can now see an active instance in the instances section.

Click on the instance to see more details about the instance.

The workflow task that is currently being executed is highlighted in yellow. The upgrade workflow is waiting for input from the user (see the little human icon in the box? ).

Enter Workflow Form Details

Click on Actions (present at the bottom of the page) to view all claimed and unclaimed tasks.s

Select the tasks and click on “claim.”

Unselect “Un Claimed” to view all claimed tasks

Select the claimed task and complete it

You will now be presented with a form to collect all relevant data for the workflow. Most of the details are prefilled for this trial instance. Select the “vMX_SMU” device in the Device-Id and submit the form.

Follow the instance summary, and the workflow moves from 1 task to the next. This process should take few minutes.

The workflow will pause once again just before rebooting the vMX device to seek reboot approval.

Claim the task and open the approval form as described in this section.

Approve the request and submit the form.

Once approved, the workflow will proceed and upgrade the vMX router.

Summary & Next Steps

Through this exercise, you learned ATOM’s Workflow Automation capabilities.

Some of the key workflow automation capabilities are listed below.

Workflow Automation
  • Automate the entire Method of procedures
  • Introduce Prechecks, post checks
  • Approvals
  • Sequential and Parallel automation
  • Integrate with service orchestration
  • Integrate with external elements such as ITSM solutions, IPAM, Ticketing/Billing, etc.

Check out the user guide to learn more on these topics.

Exercise 4: Compliance Enforcement

ATOM enables operators to design global compliance policies. ATOM provides several out-of-box compliance policies that you can readily utilize in their network. ATOM also enables you to develop any custom use-cases specific to your business.

Go to the menu and select “config compliance” to view a list of all compliance policies.

This instance has three out-of-box policies.

  • Clock Synchronization
  • Disable CDP LLDP on Public IP Interfaces
  • Interface Configuration

Compliance policies are a collection of rules and conditions on the success or failure of rules. Let’s look at a few policies to understand them better.

Compliance policy for CLI based devices

Select “Clock Synchronization” policy and click on edit

The policy has two rules.

Let us examine each rule. Select Clock template and click on edit.

Simple Rules and Conditions

Any Rule has four sections. The first section, “Basic Information,” contains the rule description.

Next, select all platforms applicable to this rule. We have selected this rule to apply to all cisco devices.

We have no rules variables for this rule. We’ll come back to it soon.

In the last tab, we will add conditions and corresponding actions. We have added a single condition. Select the condition and click on edit.

Here we have entered the condition to check in the “value” field.

This condition is matched, and appropriate action is taken on success (condition match) or failure (condition not-matched). In case of a match, we do not take action for this condition. For a non-match, we have described the corrective action to be taken.

Variables in Rules and Conditions

Let’s now review NTP Template Rule. The rule structure is the same as the “Clock Template” for the most part. You will see a difference in the condition & action section. Let’s go to the “Condition & Actions” tab.

You will see that the “NTP Template” rule has three conditions. Select the “Check NTP ACL” condition and click on edit.

The “Value” field has 2 variables – ntp_primary_server & ntp_secondary_server. Variables are covered in double brackets like “{{ variable name }}” . In our condition, ntp_primary_server & ntp_secondary_server are variables whose values will be substituted at run time.

Actions can also have variables, as you can see below.

Default values of these variables are defined in the “Rule variables tab.”

Regex in Rules and Conditions

You can also use regex to match conditions. Go back to the compliance policy list and select “Disable CDP LLDP on Public IP Interfaces.”. This policy removes CDP/LLDP configuration from any interface with a public IP address.

Select the rule “Check Public IP Interfaces” and click on the edit

Next select, the “Verify CDP on Public IP Interface” condition

Here in the Value field, you would see a regex expression. The regex checks if the IP address of the interface is not private, i.e., it doesn’t fall in 10.0.0.0/24, 172.16.0.0/20, or 192.168.0.0/16 block of IP addresses.

In case the IP address is public, then we raise a violation and disable CDP for all those interfaces.

Compliance policy for Yang-based devices

Compliance policy definition and enforcement can be done for CLI or YANG-based devices. All principles that we learned in the previous section are applicable for YANG devices as well. Variables and regex are supported for both CLI and YANG devices.

Edit “Interface Configuration” compliance policy and open the “XML interfaces” condition under the “Check Interfaces” Rule.

The interface configuration that we expect to be present in every device is defined in XML (YANG/NetConf device).

The fix CLI is also in XML format.

Running Compliance Policies

Close all conditions, rules, and policies. Let’s check the profile section. We have two profiles Cisco and Juniper.

Select the cisco profile and click on “edit” Two policies are added to this profile. You can also observe that the default values for “NTP Template” are already populated. We can modify the default values for this profile as needed.

We then select the devices on which the compliance policies have to be validated in the next tab. We can either choose to schedule the compliance run at a later point in time or choose to run now.

Select “Start Now” and then submit. This will request ATOM to validate compliance on the selected devices.

Let’s execute the Juniper Profile. Select the “Juniper Profile” and select “Run Profile.”

ATOM will now validate all the selected Cisco and Juniper devices for compliance violations.

Analysing Compliance Reports

Go to the Reports tab to analyze the reports for all our runs. Here, you can see all policies and rules that have been validated on all cisco and juniper devices.

To view by device, go to the filter tab and pivot by “Device.”

Here, you can visualize device-level reports.

ATOM provides a comprehensive filtering capability to view and generate granular reports. Try out the pivots and filters to see how the data changes.

Remove the device filter and go back to the unfiltered view.

In our run, we see that all cisco devices are compliant with the policies. However, 1 Juniper device is noncompliant.

Select the noncompliant juniper device and click on “Fix-CLI.”

This window displays all non-compliant policies and the configuration needed to be provisioned to rectify non-compliance. Enter a compliance job name, select “shared with,” select “start now” and submit it to start the remediation process.

Monitor the remediation task as described in this section.

Summary & Next Steps

Through this exercise, you learned ATOM’s Compliance Enforcement capabilities.

Some of the key compliance enforcement capabilities are listed below.

Compliance Enforcement
  • Enforcement for CLI and Yang/NetConf based devices
  • Comprehensive report generation
  • Automated Remediation
  • Service, Configuration and Software compliance capabilities

Check out the user guide to learn more on these topics.

Execute the Juniper profile again to verify.

Continue to Explore

The above exercises give you a good insight into ATOM features and capabilities. The below resources will help you to learn more about ATOM’s capabilities.