Enterprises will be adopting network automation in the next three years, due to demands for faster network provisioning wherever enterprise assets reside. Network IT must manage networking in a broader variety of environments spanning multiple cloud networks, between clouds, and in containerized environments in addition to hypervisor, and physical networking and manual configuration will be untenable.
The network in this case extends beyond routing and switching to application delivery controllers and load balancing, TLS encryption handling, application front-end support, and security functions, which all have to be included in the realm of network automation. Automation and orchestration suites will not only simplify network provisioning, but change the way IT manages networks.
The 451 Take
Network workflow automation and orchestration is a new segment that is starting to grow. It takes an alternative approach to network management, focusing on automating workflows rather than simply doing element management at scale. Network workflow automation vendors give IT the ability to create and use automation in their datacenters, without having to invest in extensive software development. For automation to become successful across a broad spectrum of enterprises, these companies need to be spend more time on automated workflows and less time writing code or managing developers. Success is not clear for these vendors or the segment because there are significant operational hurdles that enterprises must get over, such as supporting or modernizing legacy network products and adopting rigorous IT change control processes. For the enterprises that get over those hurdles, the benefits will be more responsive IT to change requests, and fewer errors.
Network IT can't add value to the other parts of IT or the business if it's spending too much time on operations and maintenance. In our Voice of the Enterprise: Digital Pulse, Organizational Dynamics 2019 study (see Figure 1 below), a majority of enterprise IT respondents from all roles thought too much time is spent on operations. With manual methods for making changes, gathering data and configurations from the network, troubleshooting and recovering from configuration errors, there's little time for IT to devote to projects that add value.Contrary to misguided beliefs, network staff aren't sitting idle waiting for change requests to cross their desk. Network staff are engaged in manual, time-consuming processes, from monitoring the network to documenting changes. As enterprise IT environments get more complex, network staff must look to automation and orchestration tools to speed up operations and reduce errors.Networking vendors are becoming more responsive to the enterprise need for automation tooling by offering developer portals like Cisco DevNet and Juniper's EngNet with well-developed educational resources, support communities, and developer tools and APIs designed to help IT and developers collaborate effectively and make progress on integration and automation efforts. These developer-oriented portals are of significant value to IT professionals that want to improve their skill sets, adding programming and automation development to their resume. Many of these portals feature sandbox environments for educational use or for developing and testing code in a proof of concept before moving to more rigorous testing in a live environment.Automation reduces the time spent on operations just by speeding up time-intensive tasks like data collection or making widespread changes across the entire network. We noted in our report Network workflow automation gets a low-code makeover that IT is transitioning to automation, with only 8% of respondents reporting IT currently is highly manual; 5% are highly automated, and the remaining 88% are in between those two extremes.The path from mostly manual operations to highly automated runs a similar course. IT writes scripts or uses purpose-built tools to carry out menial tasks like distributing software updates or gathering configuration files. As they become more advanced and equipment vendors add more automation to their management systems, IT can make wide-scale changes quickly, and may begin integrating across IT systems such as collecting configuration files and opening a trouble ticket in their help desk system. Finally, enterprises are moving deeper into automation with orchestration platforms designed to handle all the complex requirements in automating workflows. As the enterprise progresses, it becomes more efficient and responsive to business needs.
The network automation market breaks out into three major segments comprised of software platforms that provide customizable workflow automation, systems that primarily offer prepackaged automation, and vendor-specific SDN and automated network management. Note, however, that these segments are loose groupings based on the capabilities of similar products and are not rigid pigeonholes – some products may fit into multiple categories. We would contrast these products from system automation products like Ansible and Terraform because they focus specifically on networking functions and capabilities, and can be driven by external datacenter automation systems.
Workflow-focused network automation systems allow IT to create their workflows based on their own existing workflows and processes. Network workflow automation software such as Anuta or AppViewX creates a network model based on device discovery or, like Itential, uses existing network models from other automation systems such as Ansible. The workflow systems offer integration capabilities southbound to network hardware and software, east/west to other ITSM products, and northbound to other orchestration systems.
AppViewX and Itential offer a rich canvas on which workflows are created, tested and run. Anuta supports the Business Process Model and Notation (BPMN) language, and can import and export BPMN models directly into its Atom automation platform. With any of these products, enterprise IT can create its own workflows complete with check points so IT can review and approve changes. Intelligent error handling is supported with branching logic based on the outcome of previous steps.
The automation platforms have an abstraction layer that translates high-level configuration directives to device-specific language. The downside is a significant learning process to model a workflow and handle errors, but the graphical approach is far more accessible than writing code. The primary benefit with workflow automation tools is that it brings automation to IT without the need to learn to write programs, and IT can rapidly create and alter automated workflows.
Workflow automation vendors are good acquisition targets because the shipping products are field-tested and proven in enterprise environments. But most importantly, the design, engineering and developer talent to bring these products to market are a considerable asset for an established networking vendor. A software vendor that already focuses on multivendor management and wants to expand its capabilities would be better off buying a startup with an established product than developing it in-house. Equipment vendors would be less of a good fit since they generally haven't been successful with multivendor management efforts.
Task-specific automation tools describe management and automation software that was designed for a specific set of tasks and processes or where the workflows are predefined by the vendor. Unlike workflow-focused network automation, the enterprise has limited ability to create new workflows on its own, and instead relies on the vendor to produce workflows for them. These products have a growing library of automated workflows to select from, so customers can get started quickly with reliable automated steps.
Task-specific tools are geared for a subset of network IT's processes. For example, Netbrain augments and supports enterprise IT by streamlining data collection and modeling. These time-consuming tasks are currently aimed at monitoring, troubleshooting and root cause analysis like gathering device configuration and state, and displaying it to the operator, comparing to past dates, or exporting to an external system. With add-on modules, Netbrain can automate tasks, but this level of automation is more about assisting IT with distributing configuration changes, rather than fully automating workflows.
Gluware has developed applications for common operations such as configuration modeling, configuration drift and auditing, and OS management. Apstra offers a growing set of automation functions for datacenter and cloud networking including automating complex projects such as deploying an EVPN across multiple environments and establishing virtual routing and forwarding domains. Task-specific automation tools let IT start to gain benefits quickly with pre-built automation and intelligent tools that assist IT in their daily operations and can save significant amounts of IT time.Task-specific automation products are also good acquisition targets for vendors that have multivendor and system management products, as well as for equipment vendors because task-specific automation enhances difficult processes that networking IT faces, regardless of whether they have a single or multivendor approach.
Product-specific automation is comparable to intelligent management for a single vendor's product, and is presented in multiple forms from centralized management, which distributes configuration changes across the network, to SDN, which abstracts the network into software objects in a network controller. The network controller is both a management system as well as the integration point for other management, automation and orchestration tools.
For example, Arista CloudVision, Cisco ACI and DNA, Juniper Contrail and VMware's NSX all fall into this group of automation tools. While these tools don't compete directly with the other groups of workflow and task-based automation tools already mentioned, the competitive aspect is reducing the need for IT to look for third-party automation tools.
If the goal of automation and orchestration is to reduce workload and errors while speeding up the time to execute changes, SDN and other automation capabilities developed by equipment vendors for their own products can be an easily accessible and low-cost entry with sufficient benefit that enterprises don't need to evaluate third-party automation suites. For enterprises that want to orchestrate changes across servers, storage, networking and applications on-premises and in the cloud, the vendor-supplied software is a strong integration point to offload the details of network changes.
Challenges and Obstacles
Respondents in our 2019 Voice of the Enterprise: Compute Infrastructure Workloads and Key Projects report said the top three automation challenges their organizations faced were security gaps (40%), infrastructure that didn't support automation (38%), and uncontrolled change management (25%). It's up to IT to close those gaps, work around the lack of automation capabilities in products, and ensure that change management processes are followed.Security gaps are nearly always a top concern for enterprise IT regardless of the topic. In automation, one of the key areas is managing authentication credentials for all of the managed infrastructure and access controls, enabling or limiting staff to particular actions or parts of the network. Access control is an extremely difficult process, and vendors are providing these features in varying degrees. Matching enterprise requirements to the product's capabilities will be a key differentiator, particularly in security-conscious companies.The lack of automation support in networking hardware and software – primarily the availability of APIs or a CLI device driver for each product and OS version – is a significant hurdle for enterprises with legacy products, but automation vendors have developed extensive device libraries to interact with the CLI, and claim they can add new devices in a few weeks' time.However, maintaining those device libraries has typically been a burden on startups, so the maintenance cycles can be long. Enterprises typically keep equipment for five to seven years, but having 10-year products isn't unheard of. Most modern networking, and IT products in general, have APIs. Vendors will have to demonstrate they are reliable stewards of their APIs, which means having controlled processes for adding new functions, and most importantly, modifying, deprecating and removing APIs.Uncontrolled change management is an issue for enterprises that don't have mature change control practices in place, and without that, automation will only exacerbate IT's problems. Shifting to an automated IT department should be a motivator to adopt change control practices, which include documenting processes, creating and testing runbooks, and validating and documenting IT inventory.Having those processes in place will help when building up automated workflows, because, unlike people, scripts can't make decisions. IT staff know how to make changes, and know what success and failure looks like – and all of that knowledge has to end up in the script. Runbooks document those processes. Enterprises that are unprepared might not make it past a proof-of-concept phase, or may be better suited for software containing prepackaged automated tasks.
Innovation and Roadmap
There are two areas of innovation that are taking place. The first innovation is rapid development environments that abstract the details of network function CLI and API processing into reusable building blocks and logic blocks such as conditional statements, interactive dialogs for user input, and integration with third-party systems like help desk ticketing or configuration management databases. Itential currently has the most well-developed rapid development environment, with Anuta a distant second. In 2020, we should see more work in this area across network automation, with improvements to the existing environments as well as more software vendors bringing their own environments to market.
Machine learning and artificial intelligence will also continue to be at the forefront of innovation in network management and automation. Implementations in 2019 from vendors like Cisco Meraki and Aruba Networks focused primarily on campus wireless, but those capabilities will continue to spread across the wired networking product space. In addition, ML and AI services for the datacenter and cloud will continue to be developed, and will assist IT in being more efficient. No vendors (collectively to their credit) are making unreasonable claims for their products' capabilities, but ML and AI are where experience and time to develop and tune the algorithms becomes a competitive differentiator in the final product.