Use DDI to Jumpstart Network Automation in a Cisco Environment
Why Network Automation is Needed
Besides economically driven reasons, digital-transformation strategies are still a prime reason to perform Network Automation in general. The main goals here are to improve efficiency and flexibility to increase productivity. The challenges aimed to be solved are in the areas of cost, visibility and change, in order to maximize return on investments.
As Gartner puts it: “… by 2024, organizations will lower operational costs by 30% by combining automation technologies with redesigned operational processes …”
When challenged, finding a suitable starting point is a common difficulty, so we will elaborate why and how DDI (DNS, DHCP and IP Address Management) can be a good place to start. This will include some best practices and have some focus on Cisco environments in context (but is not exclusively to these). Think about environments where Cisco Umbrella, ACI, DNA, Viptela, DUA, XDR and/or Meraki are commonly used and where a Network-Source-of-Truth (NSoT) is often missing or incomplete.
What are the Common Challenges?
The main challenge when starting the Network Automation journey is maybe not even technical, but more to do with organizational approach:
“… Leaders must treat automation as a principle to be embraced, rather than as a project to be done and ought to be aware of common mistakes that can lead to failures …” (Source: Nicole Sturgill/Gartner).
Besides this, we see quite a bit of unsubstantiated resistance to automation where there is the perception of job-loss caused by automation. This is not new, but the explanation that automation actually helps you to do your job better is a very important one to get between the ears and drive acceptance.
From a more “solving problems” angle, challenges lie around the identification of what to automate and what purpose and benefit it will have. Besides impact in general, not knowing where to start, having no reference data on Networks makes it difficult to initiate an automation framework or to select tools.
And there are of course the classic “excuses”: No Resources, No Time, No Focus and No Budget.
Network Automation often requires significant contribution at an organizational level, and is therefore forgotten about in many cases. Network Automation needs an all-in, everyone-on-board approach.
When looking at the more technical challenges and “know what you have” perspective, the lack of a Network-Source-of-Truth (NSoT) is very prevalent. Any automation, and network automation in particular, is useless/pointless if networks are not “documented” first. If NSoT is available, automation can do its job properly and function with low risk, low impact and at lower cost. As we’ll explain below, a very prominent candidate for NSoT is DDI (DNS-DHCP-IPAM).
EfficientIP provides solutions including Smart DDI, Network Object Management (Network Object Manager) and Cloud Discovery/Reconciliation (Cloud Observer), which all help with enabling Network and Cloud Automation.
How to Jumpstart your Network Automation Journey in a Cisco Ecosystem
To make sure your Network Automation journey will be a success, here are some best practices when starting:
- Leverage existing investments to accelerate in time and tooling.
- Start small and iterate slowly with activities not associated with change.
- Find Common and Repetitive Problems/Tasks to solve.
- Start to Baseline your network, document and build a Network Source of Truth (NSoT).
- Be VERY collaborative and inclusive, Network Automation needs everyone on board.
- Cisco areas where a Smart DDI, such as EfficientIP SOLIDserver DDI, can enrich or enable automation based on the above revolve around Cisco DNA, ACI, Umbrella, DUO and XDR as examples.
Take a look at our series of videos on Network Automation to gain more insight, learn about drivers and inhibitors, and be able to find that starting point you perhaps need.
Valuable use cases using SOLIDserver DDI
When EfficientIP’s DDI is used as an enabler for Network Automation, it also brings the ability to start other uses around automation. Some of the common cases we are seeing are listed below (please reach out to us for more detailed information):
- Harmonize, Unify and Reconcile Multi-cloud Data
Having a DDI-based NSoT provides a facility where cloud infrastructure is including the networks and instances that are deployed. It becomes inclusive and simplifies Network Automation.
- Automate Infrastructure, Applications or Services Deployment
Utilizing SOLIDserver DDI as NSoT provides Network Automation the access to up-to-date and accurate data on the Network Architecture. This can be used for automated decision-making and provisioning/deployment purposes. It upgrades capacity-management and impact-analysis.
- Automate NetSecOps Collaboration
SOLIDserver DDI provides useful information about end-points/users regarding intent and behavior which can be utilized in security based automation and improve user access control.
- Documented Networks and a Network Source of Truth (NSoT) are crucial for any Network Automation where DDI can provide NSoT (often missing in a Cisco environment).
- When DDI is included, full-stack or end-to-end automation is made possible, including zero-touch provisioning and autonomous networking. Provides enriched orchestration wherever Cisco ACI, DNA or Viptela is used, for example.
- DDI enhances and enriches security, making your security posture stronger – behavioral, intent and experience information about any node, device or user is unlocked by DDI. These are upgrades that can enrich, for example, environments where Umbrella, DUO, XDR or Observability in general are used.
- In conclusion: Network Automation without DDI makes no sense!
Contact the EfficientIP Networking and Security experts
Want to discuss or hear more about Network Automation, especially in Cisco Environments?Reach out to us