Your network, security, and cloud teams spend a lot of time and energy trying to extract timely insights from your enterprise network data, so your organization stays on top of risks and continually improves network performance. But what if they could quickly search your network environment like a database to better understand everything in it — and whether those objects were operating as they should?
Forward Networks’ Network Query Engine (NQE) not only makes that possible — but also easy. NQE is a unique, user-friendly, end-to-end experience in the Forward Enterprise platform, and it’s a powerful tool for surfacing your network data gold, so you can use it to your advantage. The insights you can bring to light with NQE can help you make more informed decisions to improve the health, functionality, and security of your enterprise network environment, including your hybrid and multi-cloud environments.
NQE query results can be turned into verification checks that the Forward Enterprise platform runs with every snapshot it takes of network configurations and device state, so you can monitor trends over time. Importantly, once NQE queries are written, they will continue to perform as the network changes and ages. (NQE also integrates with data about your network that you already have!)
This Thursday, July 28th at 11am PT, Dr. Andreas Voellmy, the inventor of NQE himself, will be discussing how NQE is used to automate design validation, inform decision-making with accurate inventory, and proactively check for misconfigurations to prevent incidents. Register for Dr. Voellmy’s talk here!
If you’d like to learn more about NQE — including why it’s unique and the many benefits of using it for your business — check out our new white paper, Make the Impossible Possible With Forward Networks’ Network Query Engine (NQE). It includes real-world use cases that highlight the bottom-line business value that organizations are realizing by using Forward Networks’ NQE. (For one of these companies, that value was over $6 million in savings from identifying and eliminating unnecessary IT costs!)
When you’re ready to see for yourself how the NQE feature included in the Forward Enterprise platform can help you surface your enterprise network data gold faster while easing the workload burden on your teams, you can schedule a demo.
The cloud offers agility and speed for DevOps teams. Being able to spin up environments and create applications in a fraction of the time previously required helps organizations launch new capabilities for customers, employees, and vendors quickly. For most companies, this means reduced time to market and the ability to recognize revenue faster.
IT teams recognize the benefits of a DevOps culture, but they also know that by their very nature, new applications are prone to security errors that can put the business at risk. So, they require a security review prior to pushing new applications live. Nobody would argue with the need to ensure security compliance; however, most people would also agree that slowing down the process of launching new applications is not ideal. Companies today cannot afford to choose between speed and security — nor do they need to.
The only way to effectively address this issue is to automate the process of verifying the connectivity and security posture of cloud applications. Without automation, your IT teams cannot keep up with the demand to prove compliance for the rapidly growing volume of cloud applications.
The verification feature within the Forward Enterprise platform enables automated compliance checks for new applications in hybrid and multi-cloud environments. Developers are notified of the required changes if there's an issue, and compliant apps can be provisioned automatically with confidence. The intent and Network Query Engine (NQE) check feature also lets you continuously audit cloud configurations to prevent real-time changes from diluting security policy. If a non-compliant change is detected, the appropriate teams will receive specific, actionable data as to what the issue is and why it’s happening, enabling rapid resolution.
The ability to automate security for cloud app provisioning is just one of many powerful features in the Forward Enterprise platform that can help your organization reduce risk and enforce critical security policies as you deploy new cloud apps or migrate on-prem apps to the cloud. To learn more about how Forward Networks can help your business take the security and compliance guesswork out of cloud application deployment for good, read this use case or join our educational webinar.
Today's enterprise IT teams are well acquainted with the pressures of ensuring network security, while also managing the time it takes to do so. The recent experience of one multinational technology company perfectly illustrates how Networks Query Engine (NQE) can be used to quickly and effectively bolster network security.
As with most companies, this company's IT team was asked on a regular basis to locate IP addresses in the network. While some of these queries are more general in nature, others stem directly from concerns over network security.
For instance, IT might learn that a particular host isn't supposed to be on the network. Or someone might raise a red flag after seeing a tablet logged into another machine. Regardless of the cause, however, it's imperative that IT quickly locate and isolate potentially dangerous IP addresses.
Traditionally, the process of doing so has taken anywhere from a few minutes up to as long as 20 minutes. And if there's anything that enterprise IT teams agree upon, it's the need to reduce time-intensive projects.
According to one recent study, 72 percent of technology professionals say the shift to support remote work – whether fully remote or hybrid – has created additional work for IT departments, as they struggle to support employees in multiple locations. Furthermore, a quarter of the IT workforce is either looking for a new role, changing jobs or switching careers in 2022.
Not surprisingly, 97 percent of IT professionals cite feeling burned out as the primary driver for leaving the field and/or finding a new company. That burnout is driven by increasing demands from employers and other stakeholders – and many of those demands stem from unplanned interruptions like the need to locate an IP address.
In this particular case, the enterprise IT team found that by utilizing NQE to locate an IP address, they were also able to find the associated advertised subnet. Likewise, they quickly found the upstream layer 3 distribution switch and its associated media access control (MAC) address, enabling them to pull the associated virtual LAN and access the specific switch that's being used by a specific device.
Moreover, using NQE to locate the IP address reduced the amount of time needed to do so to just a matter of seconds vs hours or days of manual work. This frees the IT team to work on more strategic projects and eliminates a mind-numbing task that contributes to burnout.
Learn more about how you can use NQE to solve common IT tasks by scheduling a demo today. Be sure to read our other blogs in this series about how Forward Networks is impacting enterprise networks around the world, including The Show Must Go On: NQE Helps Entertainment Venue Avoid 'Spectacular Customer Service Fail.'
When Heraclitus wrote in the 6th Century that the only constant is change, he had no way of knowing just how apt his words would prove for contemporary enterprises.
Consider, for instance, the effect that the Great Resignation has had on enterprises. In 2021 alone, almost 4 million workers quit their jobs per month – the highest yearly average record of all time for employee turnover. Meanwhile, the number of mergers and acquisitions (M&A) in the United States alone totaled more than $2.6 trillion – again, the largest year for M&A activity on record.
Without question, these global events have significantly impacted enterprise IT teams. Companies that have undergone mergers, hired new IT staff, or otherwise made adjustments that impact the enterprise network face a common challenge: understanding what's on the network, why it's there, whether it's needed, and what can be changed to drive savings.
Several such companies have used the dynamic inventory capability of Network Query Engine (NQE) to answer those questions.
Traditionally, enterprise IT teams have relied upon spreadsheets to track information about the different hardware and software on the network. However, that manual system has always been problematic because it depends upon people updating those spreadsheets with accurate information.
But as enterprise IT teams have undergone massive upheaval since the beginning of the pandemic, those manual processes have proven completely ineffective – especially for companies that have undergone mergers or had significant turnover in IT staff.
NQE's dynamic inventory overcomes those challenges by enabling IT teams to immediately see everything that's on the network from a single dashboard. NQE's dynamic inventory enables users to see granular details (e.g., configurations, state, interfaces, counters, power supply serial number, module firmware rev, etc.) for the network.
For instance, users can quickly identify devices on the network that need software updates. Likewise, if you're replacing certain pieces of network equipment, dynamic inventory enables you to find that equipment in a matter of seconds. Dynamic inventory also enables IT teams to better secure the network by quickly identifying end-of-life devices and ensuring that code is updated and less vulnerable to attacks. Network planners can also quickly produce a report of network inventory with serial numbers and use it for support contract negotiations.
Forward Networks has worked with several companies that have used dynamic inventory in NQE with great success. In one case, two companies that merged used it to visualize the combined network and make the transition faster and smoother than it would have been otherwise.
We recently published a blog that describes how one company used rapid insights on NQE to achieve $6 million in savings. Let us show you how to use NQE for dynamic inventory with a free demo today.
When a large government agency decided to refresh its infrastructure down to Layer 2 switches, Forward Networks data delivered over $6 million in savings. Like many companies around the world, this organization had challenges getting full visibility and the structure of its network, which had grown organically over time.
Initially, Forward Enterprise played a key role in providing accurate information that saved hours of manual effort by eliminating the need to manually synchronize spreadsheets from various inventory tools and internal sub-organisations. While that was certainly valuable, the real cost savings occurred through the rapid insights the platform provided.
The company's IT team wanted to understand everything connected to its network switches in hopes of finding ways to cut costs. Specifically, the team wanted to understand why its network was dependent upon a large number of 100M interfaces, which are considerably more expensive than standardizing on the more common 1G Ethernet standard.
To answer those questions, Forward's Network Query Engine (NQE) was used to create a list of all the devices connected to the network switches by MAC and VLAN. That list was then cross-referenced with the manufacturer to determine what was actually connected to the company's network switches. The results showed that the IT team didn’t need to support the 100M interfaces because the devices connected would support 1G. As such, the network was upgraded to 1G across the board, saving the agency more than $6 million.
The agency stated that without Forward Enterprise, the inventory would never have been done at all, resulting in device failures, support for unnecessary devices, and wasteful expenditures. NQE helps to solve common challenges in network automation when it comes to retrieving network device configuration and state to verify the network posture. Customers with large networks comprised of many different vendors, technologies, and deployments, including on-prem and cloud, find this functionality extremely valuable.
The agency was able to clearly understand its network topology because Forward Enterprise organizes network information like a database, including the number of devices, physical and logical topology, maps of all possible traffic paths, device state, and configuration. Using that data, NQE makes finding information in the network as intuitive and quick as performing a web browser search.
To learn more about how you can use Forward Networks to verify your networks and automate timely processes, schedule a demo today. Be sure to read our other blogs in this series about how Forward Networks is impacting enterprise networks around the world, including Six-Figure Savings: How A Financial Institution Banked On NQE For Massive Returns; From Days To Minutes: Digital Media Provider Uses Forward Networks To Overhaul Reconciliation; and Confidence In Action: Investment Bank Uses Forward Networks To Verify Automation Software.
As one large, global financial institution prepared for employees to return to the office, its IT team identified a significant issue with the company's more than 8,000 access switches. The switches in question were used to provide connectivity to IP Phones – a crucial part of people's work across virtually all areas of the company.
In many cases, the 8,000 phones in question had essentially been unused for almost two years, as the pandemic forced people to work from home using alternate communication devices. As some users returned to the office they found the IP phones were not functioning. The bank's IT team discovered that the recently upgraded access switches had a configuration that rendered the phones inoperable due to a software defect.
Identifying the misconfigured switches was a laborious process that required engineers to manually examine the configurations of all 8,000 switches. The problem was exacerbated by the fact that the configuration wasn't consistent across the fleet of switches. This increased the complexity of identifying which devices needed to be rolled back.
At that point, the IT team turned to Forward Networks to determine whether its Network Query Engine (NQE) could simplify the process of identifying misconfigured switches and shorten the time for rolling back the configuration. NQE enables users to easily build verification checks – like those needed by the bank – that work across the entire fleet of devices in a network.
The IT team provided a list of requirements needed to identify misconfigured switches – checking for certain characteristics, ignoring others. Additionally, the IT team wanted a report of the findings so the third party could be tasked with repairing those switches.
By utilizing NQE, the bank's IT team was able to identify all of the switches that needed to be rolled back (6,000 of 8,000) in less than a day. Instead of manually trying to identify devices that were misconfigured, the financial institution's IT team was able to simply create criteria for doing so, and the Forward Networks platform did all of the work — at a fraction of the cost and in a fraction of the time. After the configuration was rolled back, the bank’s IT team was also able to use Forward Networks NQE to validate if the rolled back configuration was accurate.
Without NQE, it would have taken an average of about five minutes per switch to check for the misconfiguration. Manually checking 8,000 devices at five minutes per switch would have taken the bank's IT team at least 667 hours. By assuming a rate of $150 per hour, the bank would have spent more than $100,000 to manually complete the project. By utilizing Forward Networks and NQE to identify the misconfigured switches, the bank was able to lower the cost of the project significantly and save time.
To learn more about how you can use Forward Networks and NQE to automate labor-intensive, costly processes, schedule a demo today. Be sure to read our other blogs in this series about how Forward Networks is impacting enterprise networks around the world, including From Days To Minutes: Digital Media Provider Uses Forward Networks To Overhaul Reconciliation and Confidence In Action: Investment Bank Uses Forward Networks To Verify Automation Software.
The average network is a collection of configuration settings that exist in their own little island. They interact with each other and create situations where that interaction causes systemic issues in other places. Half of the job of a network engineer is figuring out those interactions and anticipating how they will impact other parts of the steady-state machine that we build to operate our applications. It’s hard enough to learn where all the switches are. Asking for anything more complicated is taxing for any engineer.
With the rise of networks that need to be more reliable for things like cloud applications and important use cases for financial or medical, it’s not enough to guess about the network state any longer. We can’t just hope that a configuration was done and that it was made in such a way as to lessen the impact on other systems. We can’t wish that things were configured correctly. We have to go one step further and actually verify that everything is done correctly. Adding that verification step into our routine is a source of contention, though. It’s a lot of extra work. It requires extra steps to get the information and make sure it’s accurate. It’s not what the standard network was built to provide. There needs to be a better tool out there to give us the info we need.
In my previous ONUG blog post Query Your Network like a Database, I talked about how companies are embracing Network Automation in order to become more agile. I described how Network Automation can be very powerful but frighteningly dangerous without a proper safety guard. I explained what the Forward Networks Network Query Engine is and how it can help in building a rock solid network verification solution.
But now I’ll explain how customers can build a complete network automation and verification solution with Ansible and Forward Networks.
Ansible (by Red Hat) is a simple, powerful and agentless tool used by many customers to automate the deployment and configurations of applications, servers and network devices.
Forward Networks’ flagship platform, Forward Enterprise, documents, searches, verifies, and predicts the behavior of your network by creating an always-accurate software copy of your entire network infrastructure for both on-prem and cloud.
With available REST APIs, it easily integrates into existing network management workflow and tools.
Last month we introduced our Network Query Engine (NQE) at Cisco Live Europe and to a very impressive technical audience as part of Tech Field Day 2019. If you didn’t have the chance to read through our introduction blog, NQE leverages the internal network data model that Forward Networks builds and manages to allow users to query their network infrastructure details like a database. These queries can be quickly built to confirm network health, proper configurations, effects of a change, device or interface status, etc. A few representative queries that customers have described to us and that are now possible include:
By viewing all network details as a data source, users are able to query on issues globally across their entire network, looking for any anomalies, in one quick sweep. This has rarely been possible before, without an enormous amount of usually custom effort. The alternative is to check for conditions at each device, one at time, across a large network. Scripts that automated these kinds of custom checks across network devices are very tedious to develop and maintain, especially across different vendors and device types. Forward Networks now makes it easy to build queries in only a few minutes, based on the normalized, vendor-neutral data model in our platform, with a very flexible new query language, GraphQL.
GraphQL was developed by Facebook and turned into an open source project in 2015. It offers enormous flexibility in defining what information is returned, independent of the data model, making it much more efficient for almost every use case than typical interface APIs. GraphQL query statements are natural to embed in programming or scripting languages, like Python, to further compare or analyze the extracted data, or format the results.
Now See the Demos
But, the best way to get a handle on how NQE works is to see a quick video we built that explains how it can be used inside our Forward Enterprise platform, how a sample query is built and how the information can be leveraged. Check out the short demo below:
A lengthier and more technically advanced use case was presented as part of Tech Field Day. Our lead NQE engineer, Andreas Voellmy, shows how we can compare BGP routes in downstream and upstream routers to confirm they were all exported correctly as advertised. This situation actually caused a severe outage at one of our service provider customers, so they wanted to be able to continually check for this scenario. To be able to programmatically verify this across an entire SP network, with many vendors, on a daily basis is a huge time saver and eliminates future errors for them now. Check out Andreas’ demo that replicates their use case here:
“For years organizations have been trying to extract value from the data available to them in large complex network environments. Unfortunately, manual efforts and inefficient collection and normalization procedures have held them back. Fortunately, Forward Networks has unlocked the ability to quickly, easily and programmatically convert network data into knowledge and actionable information leveraging its Network Query Engine feature.” - Bob Laliberte, ESG
Network IT engineers realize that NQE gives them a really accelerated approach to automate almost any of their network analysis and health status checks. Our platform provides many useful ways to analyze the network end-to-end, but NQE allows customers to query the collected and normalized data in thousands of ways and use cases that we didn’t design for.
A few final quick points to know:
Want to learn more or get a live demo? We’ll show you how NQE can help accelerate your networking tasks and processes in minutes.
Last week, on February 8, 2019, Packet Pushers published our second podcast with them covering a range of customer use case updates and new features like our Network Query Engine (NQE), VMware NSX support, Cisco ACI announcement and more. We have always gotten great feedback on our shows with hosts Greg and Ethan, and find their audience to be one of the most savvy and technical groups out there.
Quite coincidently, we were surprised that Drew Conry-Murray from the Packet Pushers team also published a blog last week titled, “Intent-based Marketing Sucks”. Since many in the industry consider us one of the leaders in intent-based networking, we thought it was an odd prelude to our upcoming podcast release.
In reality, I pretty strongly agree with Drew, though, and I think we had a good chuckle about it over email. The two main points we agree on are that: 1) “intent based networking” has become one of those vaguely defined panaceas that every remotely-related vendor tries to tie into, and 2) Forward Networks actually does a really good job of not leading with “intent washing”, as so many people see it. Drew actually compliments us on our straight-forward, technical and value-based presentations.
To the point of Drew’s blog, “it appears that if you expose APIs and can auto-configure a network device, you are ‘Intent-Based’”. There are SD-WAN vendors, for example, pitching whatever link optimization feature they have as intent-based networking. That’s not really keeping with the full vision of how the industry defined “intent based networking”. We’ve seen the same thing in the past with “SDN washing”, “cloud washing”, etc.
Drew notes that customers don’t benefit from this kind of confusion and mislabeling. Instead, he says that customers want clarity and not jargon. Which is absolutely the approach that Forward Networks has taken while I’ve been doing product marketing. We rarely lead with “intent based networking” to define or position ourselves, precisely because it is still such an ill-defined technology. We educate customers first on what our product really does, and not refer solely to buzzwords.
For the most recent example, we presented at Tech Field Day in Barcelona on January 30 to a very seasoned panel of leading European networking bloggers and technologists, and they unanimously said that we were the best presentation of the week (via comments like this, this and this)! From clearly articulating how our product solves real problems, demonstrating use cases, and an in-depth walk-through of product features. No jargon, no buzzwords, no hype, no confusion. If you haven’t seen it, check it out here:
I think you’ll get the same impression from our Packet Pushers podcast where we cover a lot of the same material. We also have a number of short, helpful videos that quickly highlight actual product features and use cases rather than dumbing down the technology into a bunch of hyperbole.
The latest video we produced is on our Network Query Engine (NQE) feature, for example, which really opened people’s eyes at Cisco Live Europe. And the accompanying blog on NQE, which was jointly written by our CTO, lead engineer for the project and myself, is a very detailed technical tutorial implicitly devoid of any sales-speak. (It’s probably too long for a feature introduction, and maybe a bit dry, but we’ll be working on some more bite-sized presentations moving forward on NQE). Check them out and let us know what you think:
In the end, Drew assured us that he didn’t have Forward Networks in mind when he disparaged the industry’s intent-based marketing efforts. And we would agree with him that it has certainly become a confusing space, and that’s not going to help anyone. But, we’re finding quite the opposite with our customer efforts by focusing on real capabilities and solutions. You can find actual feedback from our customers on delivering real product value on Gartner’s peer insights website. And Dr. Jens-Henrik Soeldner, writing in one of Germany’s leading IT journals, thought we were the hottest, most interesting vendor at Cisco Live Europe last month (according to this). The bottom line is that when you’ve got a great product that delivers real value you don’t need to fall back on buzzwords and jargon.