Covering Scientific & Technical AI | Monday, December 2, 2024

Network Automation: Trust = Visibility 

Network virtualization and software-actuated networking are finally moving past the hype stage and it’s likely you’re now considering a real investment in automation. But before you start, consider this:

Don’t bother.  Don’t adopt any of it — from intent-based networking to managing an SD-WAN — if you don’t incorporate comprehensive monitoring.

Because unlike humans, automation arrives with zero trust, and you’ll never fully use something you have to micromanage. Monitoring solves the last mile of automation — full delegation — in the same first mile as any other tech. You must have visibility into what it’s really doing, or you’ll never really trust it.

Unfortunately, organizations tend to add monitoring only after all the other spending on applications and infrastructure (and not because admins don’t want it).  So when moving to take advantage of automation, leadership needs to move monitoring near the top of the project budget to achieve full ROI. It sets automation free. Like managing a team of humans, it lets you monitor work, set goals, qualify trustworthiness, and allows workers to go about their jobs without aggressive oversight.

Stop the Late-Night Emergencies

When it comes automation, tenured technology experts may be understandably skeptical. Network engineers and database administrators — the humans on the hook for failures — aren’t so much worried that software-defined networking (SDN) and intent-based networking (IBN) will automate them out of a job. They’re more worried it won’t be every bit as reliable as they are. After all, when automation gets itself into trouble, they’ll be both held responsible and have to resort to troubleshooting novel technology under duress.

And because automated systems make changes more quickly and with broader reach, without visibility there can be way more to troubleshoot than with manually controlled systems. Automation works day and night, even handling problems at 4 a.m., when you’re in bed. That’s a Good Thing™. The whole point is to increase efficiency, assure security maps to governance policies, and tirelessly push changes. But admit it, while it can be tedious to do all the work manually, it does at least feel right, like everything is under control. Alas, anything in IT involving feelings requires time to evolve. And time is a critical factor with automation.

When you include tools to monitor and visualize the changes network automation is making, humans can keep up. Outcome uncertainty or worse, report-based configuration change verification, throttles change velocity to match the slowest link in execution verification. This is slightly counterintuitive—we assume anything done at the command line or GUI is immediate. While that’s true for single changes, that’s not true for multiple concurrent network reconfigurations. With automation, we decouple immediate change feedback to save a little time, but we create a new oversight role that’s ongoing. Trading one manual role for another is not what automation is about.

Another advantage of detailed monitoring with SDN and SD-WAN is that you build collective trust by extending tools your team already knows and counts on. You aren’t putting yet another New Thing™ into the mix. Instead, you’re adding a new capability that’s easy for everyone to learn. You can observe the operation in a language you already understand, monitoring progress and receiving timely alerts as usual.

Also, as usual, you’re often likely to find the monitoring software you need isn’t the software that came with your automation technology. Only a handful of hardware vendors also sell great software, and that’s OK — hardware vendors’ goals are to make great hardware. They also generally aren’t interested in creating tools that manage multiple automation frameworks in a single dashboard. Why would they include competitors in their tools? Instead, they hope customers will stick to their brand.

Automation Watchtowers, for Freedom

The best monitoring for software defined and software actuated networks is a lot like the best human admins — management may mistakenly wonder what, exactly, they do. When IBN is behaving the way it’s supposed to and SD-WAN configuration is behaving the way it's supposed to, there’s really not much to do. Your NOC will be a wall of automated green, as intended, and management may believe it’s unicorn magic. But just like with human admins, detailed monitoring will be your go-to when best laid plans fail. Old fashioned guru-level computing skill and quality operational data tend to remind everyone of why humans — and good monitoring — are important.

In the end, well-skilled teams with good visualization will allow you to use your new technologies to their fullest. And like with any tool, stepping back to take a look can be revealing. If you’re not taking advantage of a tool’s full value, if they aren’t on the front lines of your essential production systems, then they might simply be cool toys. When the phone rings at 2 a.m. and it’s your officemate, you take the call because they are people and you trust them. And you fall asleep in the first place because you trust they’ll keep the production systems humming at night. That delegation to automation won’t happen without trust, and with machines that trust is data.

SDN and IBN finally offer truly useful capacities to offload toil and allow us to get back to a proactive posture well ahead of our systems. Without it, the manual configuration burden expands proportionally with increasing complexity, adding more systems management instead of removing routine, disruptive tasks. Don’t just move the ball forward. You’re deploying SDN and IBN for a reason. Add trust to your SDN system with better monitoring and set it free.

Patrick Hubbard is head geek at network management software vendor SolarWinds.

AIwire