arrow down
Arrow down
Arrow down
Arrow down

By Fabrizio Maccioni, Director of Technical Marketing, Forward Networks

Closed loop verification may be the answer to the threats and vulnerabilities that plague network automation. Fabrizio Maccioni, director of technical marketing at Forward Networks, takes a closer look at how your network automation journey risks could be tackled better with closed loop verification.

Not too long ago, IT professionals physically connected to network devices for upgrades and changes. Imagine trying to physically go to every device on your network, plug in and manually push an update. It’s obviously an impractical and unaffordable proposition that would require a veritable army of IT professionals and weeks, especially for organizations with data centers spread around the globe. Undoubtedly devices would be missed, and other mistakes would be made, increasing the risk of outages or vulnerabilities...

[READ MORE on SPICEWORKS]

A customer posed this question to me recently; after pausing and smiling (a little too) broadly, he continued, “Their lips are moving.”

I thought this would be funnier if it weren’t partly true.

The software industry has over-promised and under-delivered for years, making technical executives rightfully skeptical when they hear a new promise. Unfortunately, it’s common for software to lack promised features or to create new headaches when deployed across the enterprise.

Here we go again – another impossible promise!

The executive I was speaking with runs the network of a Fortune 250 global financial services company; he’s experienced his share of pie-in-the-sky sales pitches. Understandably, he was skeptical when he met a software executive promising a network digital twin that provides analysis and insight into the behavior of his network, supports all major hardware vendors, and can do this without posing any security risk.

In 2017 at a conference in New York, he met our co-founder and CEO, David Erickson. He remembers thinking David’s a great guy, but there’s no way his platform can do everything he’s saying, and especially not at the scale needed to support tens of thousands of devices.

As fate would have it, he bumped into David again in Las Vegas at another tech event where after a bit of discussion – he agreed to test the platform in his lab environment.

Wait, is this actually working?

Once the platform was up and running, he was genuinely astounded; in his own words, “Wow, this really, really amazing, it actually does everything you say it will.”

Many other teams were interested in the platform’s capabilities, but like many global enterprises, the organization and responsibilities are highly segmented. Working across functions to adopt new technology is a slow process. So while there was interest and promise, the platform stayed in the lab.

Can a digital twin help with audits?

During a discussion to prepare for an upcoming audit, the team expressed concerns about their current tools’ ability to provide the desired details and specificity around traffic and device behavior. Trust is everything for a financial services company; opacity or inaccuracy can create doubt in an instant.

The Forward Networks platform in their lab claimed it could instantly provide the information they needed, taking much of the pain out of audits while ensuring they continued to develop trust with customers.

The POC delivers immediate insight

They decided to put the platform to a bigger test within a contained area of the network. To kick off the POC, they used a seed list of known devices for collection. The collection indicated about half of those devices were not in the network. As this was a small area of the network that the Ops team felt they knew very intimately, they were very confident the devices did indeed exist and that there was an error in the collection. However, when they attempted to verify their existence, they were nowhere to be found.

This experience gave the team a clear indication of how much they didn’t know about the network. For example, if they were missing 50% of the expected devices in a well-known area of their environment, what could they discover across the entire network? Especially considering the company had recently undergone a significant merger.

The implications were significant. For example, how many of those devices were still included in expensive maintenance contracts? What else are they paying for that’s no longer in use?

In addition to exposing them to the scope of what they don’t know about the network, the snapshots collected in the platform provide an always-on audit. The team can now tell what a device was doing on a specific day and what devices it could have reached. Because they can gather this data as simply as conducting a Google search, audit responses are no longer nearly as painful.

Supporting future automation efforts

Because the platform is API accessible, they are constantly coming up with new ways to extract data from the platform and improve efficiency. They are looking at automating developer queries, for example.

If you want to see what Forward Networks can do, view our webinar on-demand, where we asked participants to challenge our co-founder and CTO Brandon Heller to prove our platform can live up to its promise, or request a personalized demo.

By George Lawton, VentureBeat

The network, once seen as little more than plumbing in the datacenter, is at the center of distributed IT operations. Ensuring network operations and protecting them from cyberattacks has become paramount to modern enterprises.

“You can almost imagine that networks would be on par with power and water and electricity and that kind of stuff,” Nikhil Handigol, co-founder of Forward Networks, tells The Next Platform. “You cannot imagine a modern business functioning without its network functioning. On one hand, networks were super critical for big businesses and are becoming increasingly critical. On the other hand, they’re becoming more and more complex and more and more fragile, both from a connectivity perspective and from a security perspective. From a connectivity perspective, they were so fragile that one misconfiguration could take the entire network down. It’s still the case.”... [READ MORE ON THE NEXT PLATFORM]

By George Lawton, VentureBeat

This is the second of a two-part series. Read part 1 about the current state of networking and how digital twins are being used to help automate the process, and the shortcomings involved.

As noted in part 1, digital twins are starting to play a crucial role in automating the process of bringing digital transformation to networking infrastructure. Today, we explore the future state of digital twins – comparing how they’re being used now with how they can be used once the technology matures.... [READ MORE on VentureBeat]

By George Lawton, VentureBeat

Designing, testing, and provisioning updates to data digital networks depends on numerous manual and error-prone processes. Digital twins are starting to play a crucial role in automating more of this process to help bring digital transformation to network infrastructure. These efforts are already driving automation for campus networks, wide area networks (WANs), and commercial wireless networks... [READ MORE on VentureBeat]

Network automation has many benefits for organizations adopting a DevOps model for managing their infrastructure, including speed, agility, and a consistent change control process. However, with improvements in speed, there comes an added risk of configuration errors rapidly propagating through the network. 

To safeguard against potential mistakes, network and security verification become an essential part of the network DevOps lifecycle. By integrating Arista CloudVision® with Forward Enterprise, network operators can leverage the monitoring, change control, and configuration management of CloudVision, while using Forward Enterprise to execute pre-change and post-change network and security verifications.

Key Benefits of Integration

Figure 1: CloudVision and Forward Integrated Workflow

With this CloudVision and Forward Enterprise integration, users get a turn-key network verification platform that fits into any operational workflow. Operators can prevent mistakes from spreading through the entire network by using CloudVision to:

After the change is complete, send another API call to Forward Enterprise, triggering another network snapshot and creating a comprehensive report of the differences in the network between the pre-change and post-change. The Forward report includes configuration and state information, policy rules, behavior checks, device connections, interface, and paths. Additionally, it will run automated Network Query Engine queries and validation tests.

Figure 2: Forward Enterprise pre- and post-change report

Forward Enterprise is key to continuously ensuring that the network is compliant with security and availability policies. Interested in exploring the benefits of Forward Enterprise for your specific network needs? Request a demo here.

When a large government agency decided to refresh its infrastructure down to Layer 2 switches, Forward Networks data delivered over $6 million in savings. Like many companies around the world, this organization had challenges getting full visibility and the structure of its network, which had grown organically over time.

Initially, Forward Enterprise played a key role in providing accurate information that saved hours of manual effort by eliminating the need to manually synchronize spreadsheets from various inventory tools and internal sub-organisations. While that was certainly valuable, the real cost savings occurred through the rapid insights the platform provided.

The company's IT team wanted to understand everything connected to its network switches in hopes of finding ways to cut costs. Specifically, the team wanted to understand why its network was dependent upon a large number of 100M interfaces, which are considerably more expensive than standardizing on the more common 1G Ethernet standard.

To answer those questions, Forward's Network Query Engine (NQE) was used to create a list of all the devices connected to the network switches by MAC and VLAN. That list was then cross-referenced with the manufacturer to determine what was actually connected to the company's network switches. The results showed that the IT team didn’t need to support the 100M interfaces because the devices connected would support 1G. As such, the network was upgraded to 1G across the board, saving the agency more than $6 million. 

The agency stated that without Forward Enterprise, the inventory would never have been done at all, resulting in device failures, support for unnecessary devices, and wasteful expenditures. NQE helps to solve common challenges in network automation when it comes to retrieving network device configuration and state to verify the network posture. Customers with large networks comprised of many different vendors, technologies, and deployments, including on-prem and cloud, find this functionality extremely valuable.

The agency was able to clearly understand its network topology because Forward Enterprise organizes network information like a database, including the number of devices, physical and logical topology, maps of all possible traffic paths, device state, and configuration. Using that data, NQE makes finding information in the network as intuitive and quick as performing a web browser search.

To learn more about how you can use Forward Networks to verify your networks and automate timely processes, schedule a demo today. Be sure to read our other blogs in this series about how Forward Networks is impacting enterprise networks around the world, including Six-Figure Savings: How A Financial Institution Banked On NQE For Massive Returns; From Days To Minutes: Digital Media Provider Uses Forward Networks To Overhaul Reconciliation; and Confidence In Action: Investment Bank Uses Forward Networks To Verify Automation Software.

Several years ago, a global investment bank embarked on an ambitious plan to automate its network configuration deployment process and use internal teams to run all aspects of network operations. The move was made, in part, because of the fluidity of the bank's network, which is constantly undergoing configuration changes. 

As a longtime Forward Networks customer, the bank utilized the Forward Networks platform to achieve this goal. For example, as IT teams integrated automation software throughout the network, the Forward Networks platform was used to validate that the correct configurations were deployed to achieve the desired outcomes on the network. Additionally, the platform proactively identified issues created by both human error and the automation software, providing quick remediation options for both.

When the bank’s developers write applications, firewall changes are necessary so that the application can securely flow across the network from servers, hosts, and so on. Traditionally, doing so has required the creation of a trouble ticket for someone to manually perform this process. 

Using Forward Enterprise, the bank decided to automate that process, enabling developers to indicate the connectivity that's required, including the source, the destinations, the protocol, and the ports that need to be reached, etc. Forward Enterprise clearly delineated which firewalls were in the path, as well as the changes that needed to be made in those firewalls. Post implementation, those changes were verified for accuracy by Forward Enterprise.

Not only did the Forward Networks platform save the bank's IT team time in terms of the number of people hours required to implement such a process, it also increased the rate at which applications could go live. For developers, that translates to a significant reduction in the amount of time between an application being developed and when it's rolled out to users. It also helped them recognize revenue from these applications faster than before without compromising security.

As this banking customer has learned, the Forward Networks platform helps IT teams make more judicious use of expert services versus hunting down specific devices or specific problems. Likewise, it enables IT teams to operate more efficiently and cost-effectively.

To learn more about how you can use Forward Networks to verify your networks and automate timely processes, schedule a demo today. Be sure to read our other blogs in this series about how Forward Networks is impacting enterprise networks around the world, including Six-Figure Savings: How A Financial Institution Banked On NQE For Massive Returns; From Days To Minutes: Digital Media Provider Uses Forward Networks To Overhaul Reconciliation; and $6 Million Savings: How Rapid Insights Led To Valuable Network Upgrades.

Today’s networks are too complex for manual network management and updates.  With most enterprises composed of tens of thousands of devices spanning multiple geographical locations, on-premises hardware, Virtual environment, and multiple clouds – it’s virtually impossible to push updates manually.   Also – the sheer volume of vendors and coding languages can be overwhelming for a network operations engineer.  In most cases learning a new language or new platform takes eight weeks to achieve basic proficiency; its not realistic to expect human skills to scale at the pace of network innovation (aka network complexity)

Fig 1. Itential Automation Example

Which is why we decided to integrate the Forward Networks platform with the industry-leading network assurance platform, Itential.  Their low-code automation platform makes it easy for network operations teams to deploy and manage multi-domain infrastructures.  Itential’s cloud-native software as a service offering provides a low-code interface that seamlessly connects to any IT system, cloud, or network technology for end-to-end closed-loop network automation and orchestration. Forward Enterprise enables network operators to deploy automated changes with the assurance that they are in compliance with network policies and won’t have any unintended side effects.

Fig 2. Closing the Loop: Automation + Verification

Forward Enterprise helps network operations engineers avoid outages through its unique mathematical model. The platform creates a digital twin of the network (across on-premises devices, private and public cloud) enabling network operators to map all possible traffic flows, instantly troubleshoot, verify intent, predict network behavior, and reduce MTTR (mean time to resolution). Itential simplifies and accelerates the deployment and management of multi-domain network infrastructure. Both platforms support major network equipment vendors and AWS, Azure, and Google Cloud platforms.

Fig 3. Automate Service Provisioning with Forward Networks and Itential

The Closed Loop Automation process enabled by the integration of Forward Networks Platform and Itential Automation Platform (IAP) acts as a safeguard to prevent any issues from becoming pervasive following a change window.  Using the pre-built automations, templates, form builder, automation builder within Automation Studio makes it easy for network operations engineers to build an automation catalog that enables changes at scale.  By using the API integration with Forward Networks, they can verify routing, add intent checks, verify new service connectivity, check for side effects and send notifications and verifications via Slack, Microsoft Teams, Cisco WebEX, and email.  Integration with change management systems including ServiceNow and Jira ensure everyone is working from a single source of truth and expedites collaboration. In the event of an issue, the diff check functionality within the Forward Networks platform makes it easy to pinpoint which changes are causing any unplanned behavior.

For more detail on how the integration works, please view our ONUG Spring 2021 session.

Network operations teams rely on highly specialized tools developed by individual vendors designed to address particular problems. The result? Most enterprises have 10+ Network Operations applications in place and they don’t talk to each other—which means that network operations engineers spend an exhaustive and unnecessary amount of time toggling between applications and sifting through information as they work to resolve tickets. Multiple tools providing state information introduces inconsistencies in the data accuracy and level of detail.

Because information is not portable between applications or is vendor-specific, inaccessible because it’s siloed due to security boundaries across the network, or current, the teams charged with network and security operations are at a disadvantage. When people working to solve a problem have incorrect, incomplete, or out-of-date information they cannot efficiently solve problems.

We don’t think it should be that hard

Forward Networks was created to make the hard parts of network operations easier.  For us, that means giving instant access to the information you need to troubleshoot and resolve network issues. 

The Forward Networks platform is based on a mathematical model that creates a digital twin of the network.  This software-based twin provides a comprehensive visualization of all possible network paths, a searchable index of configurations presented in a vendor-neutral manner easily understandable for even tier-one support specialists, the ability to verify network behavior, and predict how NAT or ACL changes will impact the network.  Network state information is updated at regular intervals determined by the operations team.

To ease the burden on network operations teams, we’ve developed an integration between Forward Networks and ServiceNow that provides a single source of truth for the network and enables more efficient use of both platforms. The integration between the applications allows engineers to automatically share relevant details about network state, configuration, and behavior with everyone working on resolving this issue. This information automatically updates within both platforms creating a detailed and current single source of truth.  The integration between the two applications takes only seconds to enable and configure. 

Reduce Mean Time to Resolution (MTTR)

A typical incident response involves several teams, the network operations engineer who got the call, maybe the apps team or security team, more senior engineers if the case needs to be escalated. The difficulty of resolving issues is compounded when everyone is working from their own assumptions and data. One of the most effective ways to reduce mean time to resolution is by creating an accurate single source of truth and ensuring everyone involved has access to it.  

Because Forward Networks regularly verifies that the network is behaving as intended, it can (at the discretion of the network operation team) proactively open, update ServiceNow incidents based on these verification checks. Whether incidents are created automatically or manually, a link to the relevant data becomes part of the incident and is updated as the system collects network state information, this ensures everyone is working from the same information.  For existing ServiceNow incidents, the Forward Networks integration allows network engineers to capture relevant information and add it to the incident, again saving the resolution team time they would have spent researching the issue.

This integration also allows networks operations to verify that the changes they’ve made have resolved the issue by running a query.  The platform will show if the issue is resolved or allow the engineer solving the issue to see how their change impacted the network and what else may be causing the issue, this way tickets can be followed through to resolution.  Incident history can be viewed from within Forward Networks or ServiceNow allowing the engineering team to see all actions and status from their platform of choice. 

The real benefit of this integration is immediate access to information that reduces the mean time to resolution from hours to minutes for most problems. 

See the Forward Networks ServiceNow integration in action

Have 5 minutes? Watch the Forward Networks and ServiceNow integration in action on our Forward Fix – engineering content by engineers, for engineers. 

Top cross