Cisco’s network programmability has eased network management and brought new business capabilities for customers.
For some time, traditional networking management was stuck in a rut. Networking tasks were manual and slow.
In today’s fast-moving business environment, enterprises can’t wait months for branch offices to be set up or weeks to configure networking devices. For IT infrastructure to enable business objectives, it has to move at the pace of business.
Until recently, that’s put IT and business at cross-purposes. Old-fashioned hardware-based configuration is inflexible, time-consuming and error-prone, diverting IT pros’ time from strategic IT work that can further revenue-generating objectives.
A couple of years ago, though, networking began to modernize rapidly.
The fundamental shift lay in moving networking tasks from hardware to software. Dubbed as intent-based networking, network programmability enables IT pros to deploy, manage, or troubleshoot network devices. The tool chain uses application programming interfaces (APIs), which serve as the interface to the device or controller. The tool chain also utilizes software that uses the API to gather data or automate network functions.
A programmable network alleviates the burden of daily networking tasks—bandwidth allocation, traffic routing and security policy configuration, and anomaly detection— saving time, eliminating human error, and enabling troubleshooting and remediation in real time.
“We use programmability automation to speed customers’ deployments,” said Neil Anderson, practice manager of mobility and access at World Wide Technology (WWT), an integrator based in St. Louis, Mo. “A project that could have taken three years or longer before, we can shrink that down to three to six months.”
Cisco’s approach to networking programmability and automation is known as intent-based networking and enlists the management console Cisco Digital Network Architecture (Cisco DNA) Center. Engineers can configure devices en masse via the centralized management console in an automated way and set security policies at a granular level. Analytics provide real-time information on network performance and security threats. and provide automated paths to remediation.
For companies that need to modernize and accelerate their operations, networking programmability and automation offers practical benefits.
“There is a need for automation and programmability,” said Bob Laliberte, a senior analyst and practice director at Enterprise Strategy Group (ESG), an IT analyst and research firm. “As everyone moves into digital transformation to accelerate time to market, what they don’t want is to be slowed down by the network.”
Data suggests that companies have come to see networking automation as key to business agility and innovation.
In a survey of 300 networking professionals, 39% say they use networking automation because it brings agility to IT infrastructure. Further, 43% of respondents said they plan to use or currently use extensive networking automation, and another 47% use automation in a limited fashion. Nearly 75% of networking providers expect to achieve full or significant networking automation over the next five years.
For providers such as WWT—an integrator and Cisco partner—network programmability and automation delivers efficiency to customers.
One WWT retail customer in the Southeast U.S. has some 14,000 branch locations. Setting up these remote locations and configuring network infrastructure was time-consuming and costly.
Previously, “someone would sit down and configure each device, box by box,” said WWT's Anderson. “It was taking them hours and hours of configuration for each branch.”
With Cisco DNA, the retailer was able to reduce the time to deployment from years down to months. Previously, with manual configuration, each branch required about 250 clicks to set up. With network programmability and automation, that shrank to four. Anderson estimates that the associated savings might add up to as much $2 million.
Part of what’s new with this approach is a more open networking architecture. “We can easily push configurations to entire architectures and branch-office sets of equipment,” Anderson said. “That kind of automation isn’t possible with a closed system.”
In addition to its scale and scope, automation reduces human error, Anderson said.
“When you configure the network with programmability, you’re introducing fewer errors,” Anderson said. “Consistency is especially important for customers, like financial customers that have to prove to auditors that they have the same firewall policy across all their locations. That’s a lot easier doing it with programmability and using automation than going in manually and verifying configs one by one.”
That's a key differentiator of networking programmability and automation.
“In a manual environment, that is going to require a lot of CLI [command line interface] commands to a lot of devices,” said ESG’s Laliberte. What everyone is trying to do is eliminate that manual, error-prone effort so it can be done quickly and efficiently.”
The open architecture of the platform is key to these new kinds of capabilities, say experts. “[Network engineers] are no longer beholden to a CLI,” said Leslie Rosenberg, a research director at IDC, an IT analyst and research firm. “It allows them much broader thinking.”
For systems integrator Conscia, intent-based networking enabled it to help a university hospital in the Netherlands secure its network, which has an array of users. The university hospital has a mixed environment, with 7,000 users that include teaching and research clinicians as well as practitioners working in clinics and other care facilities. Prior to implementing intent-based networking, users’ access to networks and applications was determined by their location. With networking automation, the hospital was able to segment security access based on user profiles.
“Policy is now based on who you are, not where you are,” said Henrik Moell, a technical lead at Conscia. “Different employees have different requirements but still move around the campus. The ability to give users the same service wherever they are is a main differentiator,” Moell said.
Experts agree this kind of granular segmentation brings networking capabilities ahead by light years, so to speak.
“What’s new is the ability to have these segmentation rules for networks, and grouping users on an employee network or guest network and then apply security policies onto those networks or even onto access to SaaS-based applications [Software as a Service-based applications],” said Brandon Butler, a senior research analyst at IDC. “Being able to automate those processes using identity and role-based access control, those are really powerful tools."
Intent-based networking enables not only granular control of security policies but also far better management of applications. Bandwidth-heavy applications, in particular, can suffer from performance problems without rigorous network management.
That’s why Italtel USA, a Cisco partner and integrator, built Netwrapper, an application to manage network services, on top of intent-based networking. Netwrapper can manage bandwidth and set networking security policy for various applications and services. Videoconferencing applications, for example, might suffer from poor quality at certain times of day. With Netwrapper, customers can automatically configure network policies to prioritize network bandwidth to the applications that need it most.
“Now, we can understand the network behavior and change the network to adapt to the bandwidth available, providing priority to these services, and less priority to other services,” said Camillo Ascione, strategic alliance manager and chief technology officer at Italtel.
“The more that IT can automate the processes they do, they are in a better position to enable folks to use new technology,” Butler said. “It’s about making the IT department more efficient.”
“We are able, thanks to the programmability of [the network.], to adapt dynamically the networking in response to the quality of the video services running on the network,” Ascione said.
Innovations in networking programmability and automation now give companies the opportunity to become far more efficient in their key business processes and save dollars along the way.
“For the longest time, networking has been pretty stale, pretty static. There were new speeds, new feeds,” ESG’s Laliberte said. “With all the programmability, it’s really opening up opportunities.”
Nonetheless, it’s important to note that the ability to automate processes and centralize management doesn’t solve the problem of disparate management systems overnight.
“Even if there is opportunity to centralize management of these systems, that doesn’t mean it’s easy to do,” IDC’s Butler said. “It can be difficult to implement.”
Butler urged companies to get buy-in at high levels and to encourage education and training of networking staff to embrace networking programmability and centralized management. That means boosting skills with new programming languages as well as incorporating methodologies like DevOps, which brings IT operations and development teams together.
Admittedly, this new era requires new skills. Accordingly, networking professionals are making the shift to attain new programming skills. According to 2017 NetBrain data, 53% of network engineers said they are required to know programming platforms like Python and Perl for their jobs.
“The technology is there to do it,” Butler said. “It’s more the soft skills that are the roadblocks.”
For part two of this series on intent-based networking, see “Intent-based networking sparks innovation.”
For our recent coverage of Cisco Live, check out our Cisco Live 2018 guide.
Lauren Horwitz is the managing editor of Cisco.com, where she covers the IT infrastructure market and develops content strategy. Previously, Horwitz was a senior executive editor in the Business Applications and Architecture group at TechTarget;, a senior editor at Cutter Consortium, an IT research firm; and an editor at the American Prospect, a political journal. She has received awards from American Society of Business Publication Editors (ASBPE), a min Best of the Web award and the Kimmerling Prize for best graduate paper for her editing work on the journal article "The Fluid Jurisprudence of Israel's Emergency Powers.”