From management perspectives, IT automation is a useful solution for issues related to productivity, agility, scalability and lack of resources of the IT teams. But implementing automation in IT is not an easy transformation. It requires having technical leadership, defining the most suitable actions to target, using appropriate tooling, storing data, writing automation code and globally transforming the entire organization and processes in place. Organizations today have realized that trusted data is key for enabling automation. Therefore, many of their NetSecOps teams are already making use of IPAM (IP Address Management) as the source of truth.
Trusted Data is the foundation for automation
Starting an automation journey is far from straightforward, otherwise this topic would no longer be on anyone’s agenda. A pragmatic approach is to start by consolidating information and data on the network and its usages in a repository that can therefore act as a single source of truth (SoT) (see blog). Since every IT infrastructure is based on IP networks, we can simply start by collecting and storing the whole IP addressing plan in an IP Address Management (IPAM) specific repository. This trusted source can now be used to perform manual and automated tasks relying on IP subnet and address information, ideally enriched by metadata on their usage, their source, and their non-technical characteristics. This can be consulted to check or modify configuration on routers, switches or firewalls, for example.
A good place to start would be by automating simple tasks, which can require creating just a few lines of code with some API calls to the SoT to gather the information, thus saving a lot of time when changes are frequently required in the future. Everything can be stored in the IPAM, directly on the source of truth and the automation processes will perform the appropriate changes on the infrastructure accordingly. More importantly, changes in the IPAM can be delegated to users who are not experts on the infrastructure component that will be changed by the automation. This is where the source of truth becomes really valuable: each user responsible for their own domain, site, or part of the network can create and update simple data, being assured that it will be useful to other users and consumed by automation processes to perform changes, checks and controls on the IT.
For many organizations, IPAM is already being used as the source of truth
Some of our customers have already organized their IT teams with this principle: changes are made only in the network source of truth which is the IPAM, and efforts are made to align the processes to use and update it accordingly. For every action that is either complex, risky or time consuming for the IT teams, an automation process is developed in order to limit the risks, avoid configuration errors, improve reliability and reduce operation costs. Do you need information? It’s in the SoT. You want to store information on a network, an IP address or a network component? You put it in the SoT.
The benefits of using IPAM as the source of truth are numerous:
- workflows are simplified
- responsibilities become much clearer
- operations are more fluid
- troubleshooting is far more simple
To learn about real customer usage, discover how ST Microelectronics has enabled their network automation using EfficientIP IPAM as the Network Source of Truth.See ST Microelectronics Case Study