The U.S. District Court, Southern Alabama, is starting to reap the benefits of intent-based networking as it modernizes.
It was June 2018, and the U.S. District Court, Southern District of Alabama, was about to upgrade its digs in a major way.
As the court prepared to move to a new facility, though, it didn’t want to be hobbled by old networking gear that was out of step with the new Internet of Things (IoT)-connected devices throughout the building. So the court in Mobile, Ala., decided to modernize its data center infrastructure and adopt intent-based networking (IBN), a network architecture that automates network tasks.
“We have always been a forward-thinking court,” said Pat Shubird, director of IT at the U.S. District Court.
IBN’s precursor is software-defined networking (SDN), which shifts configuration and management of networking hardware to software. IBN extends SDN, bringing manual configuration and management of switches and routers to software, using programmable network code. As a result, IBN enables IT teams to manage networks automatically rather than manually. IT pros can manage network devices via application programming interfaces to automate network functions, set security policies and more. IBN is more flexible and agile but also less error-prone and time-consuming than manual configuration and management.
“Gone are the days of issuing CLI [command line interface] commands to make a change . . . to every device individually,” said Bob Laliberte, senior analyst and practice director at Enterprise Strategy Group.
IBN is becoming more important as organizations such as the District Court adjust to new technologies in the cloud era. Cloud computing, mobile and IoT-connected devices and new experiences like virtual reality require a lightning-fast, secure and flexible network. At the same time, most companies are still wrestling with older networking technologies that can’t deliver on these new network requirements for speed, performance and security.
Data suggests that enterprises are turning to technology like IBN to modernize. According to Enterprise Strategy Group’s “2019 IT Technology Spending Intentions Survey,” digital transformation is a key initiative for enterprises, with 55% having embarked on digital transformation projects to become more efficient.
In a recent survey on intent-based networking adoption, 54% of network professionals are familiar with intent-based networking, though just 3% have fully adopted the still-new technology, and 8% are getting started. And as far as SDN adoption, some 21% have it in production or are piloting it. IDC predicts the SDN market will continue to grow and reach $13.8 billion by 2021.
IBN enables networking administrators to make multiple automated changes, rather than one-off configurations. This is important for hardware-driven IT as it adjusts to the era of cloud, mobility and new application speed and performance requirements.
“In the old world, when it was time to update your switches, you pretty much had to go to every single switch—or at least log in to each one,” Shubird said.
With IBN, changes to physical gear can be made en masse and from a centralized location. “We can update one [switch] and then push it out to 30 or 40 switches,” said Troy Baas, an IT administrator at the District Court.
“In the old world, when it was time to update your switches, you pretty much had to go to every single switch.”Pat Shubird, director of IT, U.S. District Court, Southern District of Alabama
Using Cisco DNA Center to manage applications, the U.S. District Court can also prioritize tasks such as video streaming of testimony so that jurors can focus on the content of the case, not the blips in video quality.
“When you see video that is jittery, choppy, that cuts in and out, a juror can get frustrated,” Laliberte said. “What it comes down to is it provides a better experience.”
The ability to create granular security policies for individual users, user groups and devices is also critical, as enterprises become even more vulnerable to malicious attackers. Approximately 230,000 new malware samples are being launched every day—and as the number of IoT devices proliferates—with 31 billion IoT devices expected by 2020, according to Statista—the network needs to prevent the infrastructure from being attacked via vulnerable devices or code. The new courthouse is now IP-based, and various devices, including phones, appliances and more are connected to the Internet.
“IoT brings another set of risks. You don’t want a thermometer in the break room being able to access the court files,” Laliberte said. “Network segmentation helps prevent that.”
To bolster its cyber defenses, the court has deployed Cisco Identity Services Engine (Cisco ISE), which allows IT teams to set policies automatically and permit or deny network access to users or devices. And with Software Defined Access (SDA) the court can automatically segment the network throughout its IT environment, from the cloud to the edge. SDA thus helps disseminate policy while eliminating human error.
“Now you can establish a set of policies that we can enforce and distribute to the entire environment,” including to the core, edge and cloud, Laliberte said. “You can leverage segmentation and isolate the traffic,” he said.
Next, the U.S. District Court needs to define user and device access. IT staffers will roll up their sleeves and map out the appropriate levels of user access that each group should have, the devices permitted on the network, and where on the network each user and device is allowed to operate. Cisco DNA Center can be used to centrally manage and modify security policies as needed.
“We can’t say today what those rules will be,” Shubird said. “We need to get the whole team assembled and we start looking at it. To some extent, we don’t know what we don’t know.”
The court will work with its integrator, ID Technologies, to develop these user groups and policies, starting in June. The benefit, Shubird said, will be that tools like Cisco ISE can identify a specific type of device—a Raspberry Pi, for example—trying to access a port and simply lock down the port. This can be beneficial in preventing malicious attackers from gaining access to systems.
Intent-based networking brings networking administrators into a new paradigm. They need to shift from command-line scripting, learn how to program the network through code, partnering more closely with development teams to enable cloud-ready infrastructure.
Accordingly, Enterprise Strategy Group’s “2019 Technology Spending Intentions Survey” found that even among mature organizations that have taken on digital transformation, many IT skills are in short supply. For example, 50% of mature organizations needed skills such as IT automation and orchestration, and 45% needed artificial intelligence and machine learning.
Shubird concurred that SDN has shaken up skill sets at the District Court. “It required redoing some of the ways our network operates,” Shubird said.
Experts agree that IBN changes network administrators’ role and the skills they need to fill it.
“It’s especially important that organizations are equipped with trained network engineers to design and deploy automation and orchestration in SDN environments,” wrote Joe Clarke, a distinguished services engineer at Cisco in prepping the IT environment for IBN. “Network engineers will need to understand applications and data and their importance to business goals.”
The District Court is in some ways a testing ground for other courts in the system that will also implement IBN. Shubird said that at least two other local courts will use the court’s experience. The District Court, Alabama Southern, will help lay the foundation for other courthouses.
“We are a guinea pig going through the learning process,” Baas affirmed. “A lot of people learned from our situation and installation.”
“We are a guinea pig going through the learning process. A lot of people learned from our situation and installation. ”Troy Baas, IT administrator, U.S. District Court, Southern District of Alabama
Still, IBN isn’t yet a mainstream technology. Many are waiting for their peers to test and implement so they can learn lessons as these technologies evolve. But enterprise intent-based networking is marching toward a more automated, intelligent state.
“As it matures, IBN will bring a much higher level of automation and intelligence focused on business outcomes,” Laliberte said.
He noted that an organization like the District Court can look forward to future benefits of intent-based networking. He painted a vision of a future in which court visitors could use location-based services, Bluetooth- and beacon-enabled kiosks to find a courtroom and even get directions delivered to a mobile phone. Technologies will be more integrated and will work from the cloud to the edge securely and more seamlessly.
“We can instrument the entire network environment, leverage the intelligence we’re collecting and automatically adapt,” Laliberte said.
“As it matures, [intent-based networking] will bring a much higher level of automation and intelligence focused on business outcomes. ”Bob Laliberte, senior analyst and practice director at Enterprise Strategy Group
Lauren Horwitz is the managing editor of Cisco.com, where she covers the IT infrastructure market and develops content strategy. Previously, Horwitz was a senior executive editor in the Business Applications and Architecture group at TechTarget;, a senior editor at Cutter Consortium, an IT research firm; and an editor at the American Prospect, a political journal. She has received awards from American Society of Business Publication Editors (ASBPE), a min Best of the Web award and the Kimmerling Prize for best graduate paper for her editing work on the journal article "The Fluid Jurisprudence of Israel's Emergency Powers.”