Since last few years we keep hearing stories that how in future many of IT jobs at lower levels will be lost due to organizations showing interest in atomizing their daily operations & repeated tasks. If we think about it, this will be good as engineers can focus on better productive tasks.
I have read lots of documents , article to understand what should be the strategy an organization should follow to adopt automation for its daily operational and repeated boring tasks.
Here I am presenting steps that could help adopting automation of Network & Security operations. Although other domains can follow same strategy except from tools.
Step 1 : Task identification.
# Identify repetitive tasks.
# Identify time consuming tasks.
# Identify tasks that need to performed on multiple devices.
Step 2: Determine tasks that can be automated.
# Identify & validate tasks based on the current infrastructure.
# Upgrade firmware/IOS if required to larger scope.
# Prepare SOP of all identified tasks that are selected for automation.
# Categorize tasks in categories [Critical , Major , Minor].
## Tasks can be categories based on scope, complexity etc.
## Standard ITIL guidelines to be followed for during complete process.
Step 3: Identify tools
# Identify tools that can be used for atomization of tasks.
# There could be different criteria for deciding which tool can be used.
## Method how to interact with device.
### Ansible, Python using Netconf, Restconf protocols.
### Postman Clients for API calls.
### Cisco DNA, Cisco NSO, etc
## Based on tasks to be performed.
### Network operations and maintenance.
### Configuration management.
### Policy management.
## Cost of the solution.
### Free / Open source
#### Ansible, Python ,Terraform, Postman Client
### Paid
#### Ansible Tower
#### Cisco DNA
#### Cisco NSO [ Network Service Orchestrator]
# Training of staff who will work with automation solution.
Step 4 : Security audit.
# Validate proper security majors has been taken..
# M2M communication is secured using proper encryption.
# SSH keys/ credentials are stored securely.
## Eg: Ansible vault. 3rd Party KMS solution etc..
Step 5: Configuration , deployment and testing plan.
# Once we are ready for roll out automation in infrastructure, we should prepare proper plan.
# We should 1st test automation scenarios in LAB or simulated environment.
# Execute the automation task deployment during maintenance window.
# Analyze the results to confirm tasks executed as expected.
Step 6: Monitor & Maintain tasks
# Regularly monitor if tasks getting executed as schedule.
# It is possible that few task getting failed due to some other network changes.
# Modify tasks when needed or when there is change in related services. Eg:- DNS, DHCP etc..
Step 7: Optimize & increase scope.
# Fine tune automation tasks.
# Increase the scope of automation including more tasks.
Step 8: Feedback
# It is always good to have a feedback mechanism which enable end user to share their experience which would finally made solution better.
Common automation use-cases
- Software upgrade
- SD-WAN Branch Management
- Configuration templates
- Vlan configuration
- Device Onboarding
- Firewall policy changes