The great panacea for network IT the last several years has been more and more automation. Automation through orchestration. Simplifying and accelerating network administration tasks at the scale of large enterprise and cloud networks. Automation to keep up with the accelerated deployment of virtual applications, workload mobility and virtual networks. But if everything is happening so fast, and change is constant, can we keep the same degree of accuracy and assurance in our network and security deployments?
Automating complex network configuration processes is a great way to propagate errors at warp speed to all corners of your data center. Orchestration platforms can be great tools in the right hands, but small errors have a way of doing greater damage in profound ways. Like a power chain saw can do more damage with the slightest miscalculation. What's needed is to couple orchestration platforms with rapidly emerging network verification technology. Network verification can now be completely automated, so you aren't introducing additional manual processes to slow down your orchestration. But you can verify that everything is accurate and deployed correctly at light speed.
But what is network verification? If you've been following Forward Networks to get this far, you probably know already. Verification is much closer to an automated audit process than traditional tests that look at live traffic, log files, sniffers or port analyzers. It is a much more thorough analysis of the entire network end-to-end based on identifying theoretical sets of packets that could potentially breach stated policies. The analysis is based on a behaviorally-accurate mathematical model of your large network that can be queried for policy compliance and end-to-end behavior. You define the policy checks you need to have in place, and the platform verifies whether the current network configurations deviate from any of the policies. In minutes or less.
How would this work in practice? We just recorded a great 30-minute webinar and demo that gives a great example of this scenario in action. In the following presentation, we show how Forward Enterprise, our verification and network assurance platform, can be integrated with Cisco Network Services Orchestrator (NSO, formerly Tail-f), a leading automation platform. In this short video, you can see how Forward Networks:
- can seamlessly verify correctness of changes after an NSO update to firewalls and network devices,
- can verify both automated and manual changes,
- hallows you to build a repository of policy requirements to automate future verifications, and
- allows admins to compare behavioral differences across snapshots in time to isolate configuration errors.