EIS Extreme Networking Evolving Red Hats network automation

  • Slides: 30
Download presentation
EIS Extreme Networking Evolving Red Hat’s network automation Brad Sollar Sr. Solutions Architect bsollar@redhat.

EIS Extreme Networking Evolving Red Hat’s network automation Brad Sollar Sr. Solutions Architect bsollar@redhat. com

Networks Overtime. . . Most agencies’ portfolios are a mix of old and new

Networks Overtime. . . Most agencies’ portfolios are a mix of old and new devices including desktops, servers, gateways, VPNs, firewalls, switches, routers, scanners, SEIMs, etc. .

Networks Overtime. . . Each device on the network has its own way of

Networks Overtime. . . Each device on the network has its own way of being managed, some through special vendor-specific command line tools, APIs, or SDN suite of tools.

Network Management - Multiple Vendors This makes a unified management tool difficult to implement

Network Management - Multiple Vendors This makes a unified management tool difficult to implement or cover all use cases.

Network Challenges Network operation really hasn’t changed that much in the last few decades.

Network Challenges Network operation really hasn’t changed that much in the last few decades. The engineers that design and manage networks are still largely doing it manually. Traditional proprietary networking methodologies continued to persist despite the rise of Dev. Ops and open source.

Network Challenges People Products ● Domain-specific skill sets ● Infrastructure-focused features ● Vendor-oriented experience

Network Challenges People Products ● Domain-specific skill sets ● Infrastructure-focused features ● Vendor-oriented experience ● CLI-only methodologies ● Siloed organizations ● Siloed technologies ● Legacy operational practices ● Monolithic, proprietary platforms

Just use SDN. . . SDN is great for customers that have the budget

Just use SDN. . . SDN is great for customers that have the budget to get rid of their old gear and buy all new SDN networking.

Just use SDN. . . In reality, most agencies’ networks are too large for

Just use SDN. . . In reality, most agencies’ networks are too large for a expensive rip and replace. Even with SDN, there will always be some form of legacy devices on the network.

Government Network Challenges Compliance - DISA STIG NIST 800 -53 Fed. RAMP Updates -

Government Network Challenges Compliance - DISA STIG NIST 800 -53 Fed. RAMP Updates - Software Firmware Patches Policy - Password changes 90 -day log-ins Monitoring

Red Hat’s Goals for Automation Simple The language and tools must be simple to

Red Hat’s Goals for Automation Simple The language and tools must be simple to use and implement. You should not have to be a seasoned developer to use automation. Simplicity leads to more adoption at all levels of user skill sets.

Red Hat’s Goals for Automation Powerful The language and tools must be powerful enough

Red Hat’s Goals for Automation Powerful The language and tools must be powerful enough to cover all use cases and devices found on agencies’ networks.

Red Hat’s Goals for Automation Open The language and tools must be made of

Red Hat’s Goals for Automation Open The language and tools must be made of open protocols & standards and use a Open Source development model. This allows everyone to contribute to the success of the project.

ANSIBLE IS THE UNIVERSAL LANGUAGE CUSTOMER DEV SECURITY NET OPS

ANSIBLE IS THE UNIVERSAL LANGUAGE CUSTOMER DEV SECURITY NET OPS

SIMPLE POWERFUL AGENTLESS Human-readable automation Gather information and audit Agentless architecture No special coding

SIMPLE POWERFUL AGENTLESS Human-readable automation Gather information and audit Agentless architecture No special coding skills needed Configuration management Uses Open. SSH and paramiko Tasks executed in order Workflow orchestration No agents to exploit or update Get productive quickly Manage ALL IT infrastructure More efficient & more secure

BIGGEST CHALLENGE FOR ENTERPRISES: CULTURE! Traditional Network Ops Next-Gen Network Ops • Legacy culture

BIGGEST CHALLENGE FOR ENTERPRISES: CULTURE! Traditional Network Ops Next-Gen Network Ops • Legacy culture • Community culture • Risk averse • Risk aware • Proprietary solutions • Open solutions • Siloed from others • Teams of heroes • “Paper” practices, MOPs • Infrastructure as code • “Artisanal” networks • Virtual prototyping / Dev. Ops

ANSIBLE NETWORK AUTOMATION 50 Network Platforms 700+ Network Modules 12* Galaxy Network Roles ansible.

ANSIBLE NETWORK AUTOMATION 50 Network Platforms 700+ Network Modules 12* Galaxy Network Roles ansible. com/for/networks galaxy. ansible. com/ansible-network Ansible Network modules comprise 1/3 of all modules that ship with Ansible Engine

Ansible Networking vs. SDN With Ansible Networking, you can get 80 -90% of SDN

Ansible Networking vs. SDN With Ansible Networking, you can get 80 -90% of SDN functionality without replacing or buying new network equipment. Simply automate your existing infrastructure with Ansible Networking. But Ansible Networking also works great with SDN from all the major vendors too!

Control Node Managed Network Devices Inventory Network Element Playbook SSH, API Modules: Handles execution

Control Node Managed Network Devices Inventory Network Element Playbook SSH, API Modules: Handles execution of remote system commands NETCONF Control Node: Any client system (server, laptop, VM) running Linux or Mac OSX Network Element Managed Nodes (Inventory): A collection of endpoints being managed via SSH or API.

PLAYBOOK EXAMPLE --- name: run multiple commands and evaluate the output hosts: ios 01

PLAYBOOK EXAMPLE --- name: run multiple commands and evaluate the output hosts: ios 01 tasks: - name: show version and show interfaces ios_command: commands: - show version - show interfaces wait_for: - result[0] contains IOS - result[1] contains Loopback 0

NETWORK MODULES: BUILT-IN DEVICE ENABLEMENT A 10 Apstra AOS Arista EOS, CVP Aruba Networks

NETWORK MODULES: BUILT-IN DEVICE ENABLEMENT A 10 Apstra AOS Arista EOS, CVP Aruba Networks AVI Networks Big Switch Networks Brocade Ironware Exoscale Mikro. Tik Router. OS Extreme EX-OS, NOS, Openswitch (OPX) SLX-OS, VOSS F 5 BIG-IP, BIG-IQ Fortinet Fort. IOS, FMGR Huawei Cloud. Engine Illumos Cisco ACI, Aire. OS, ASA, Firepower, IOS-XR, Meraki, NSO, NX-OS Infoblox NIOS Citrix Netscaler Lenovo CNOS, ENOS Cumulus Linux Mellanox ONYX Dell OS 6, OS 9, OS 10 Juniper Jun. OS Ordnance NETCONF Netvisor Open. Switch Open v. Switch (OVS) Palo Alto PAN-OS Nokia Net. Act, SR OS Ubiquiti Edge. OS Vy. OS

Networking Pain Points

Networking Pain Points

Extreme Networking Pain Points

Extreme Networking Pain Points

COMPLIANCE Problem: Solution: • Managing policies across different types of hardware and software is

COMPLIANCE Problem: Solution: • Managing policies across different types of hardware and software is difficult and prone to error • Define the policy once, then apply to multiple infrastructures (Linux, Windows, switches, routers, etc. ) • Automating network security across infrastructure is difficult to implement and maintain • Leverage pre-defined playbooks to implement security across the entire infrastructure, STIG, NIST 800 -53 , C 2 S, Fed. RAMP, etc. . . https: //galaxy. ansible. com/Red. Hat. Official

COMPLIANCE IDS/IPS SIEM ENTERPRISE FIREWALLS ENDPOINT PROTECTION PLATFORMS SECURE EMAIL GATEWAYS NAC THREAT INTELLIGENCE

COMPLIANCE IDS/IPS SIEM ENTERPRISE FIREWALLS ENDPOINT PROTECTION PLATFORMS SECURE EMAIL GATEWAYS NAC THREAT INTELLIGENCE PLATFORMS SECURE WEB GATEWAYS

UPDATES Problem: • • Multiple devices on the network from different vendors that need

UPDATES Problem: • • Multiple devices on the network from different vendors that need to be patched Multiple ways and tools to manage each product. Solution: • Automate tasks across multiple devices with the same workflow • Define the update policy in a playbook and automate the patching of multiple systems.

UPDATES

UPDATES

UPDATES

UPDATES

POLICY Problem: Solution: • Users need to log in every 90 days to keep

POLICY Problem: Solution: • Users need to log in every 90 days to keep account active. • • Some systems require a user to type in the terminal during installs or resets. Automate physical login and interaction via playbooks. • Automate logins and physical access using Ansible “expects” module.

POLICY

POLICY

THANK YOU plus. google. com/+Red. Hat facebook. com/redhatinc linkedin. com/company/red-hat twitter. com/Red. Hat youtube.

THANK YOU plus. google. com/+Red. Hat facebook. com/redhatinc linkedin. com/company/red-hat twitter. com/Red. Hat youtube. com/user/Red. Hat. Videos

SIX THINKING HATS SIX THINKING HATS The RedSIX THINKING HATS SIX THINKING HATS The Red
Evolving Network Automation Techniques for RealTime Applications EvolvingEvolving Network Automation Techniques for RealTime Applications Evolving
Extreme Networking Achieving Nonstop Network Operation Under ExtremeExtreme Networking Achieving Nonstop Network Operation Under Extreme
Extreme Networking Achieving Nonstop Network Operation Under ExtremeExtreme Networking Achieving Nonstop Network Operation Under Extreme
Extreme Networking Achieving Nonstop Network Operation Under ExtremeExtreme Networking Achieving Nonstop Network Operation Under Extreme
Six Thinking Hats Six Thinking Hats When weSix Thinking Hats Six Thinking Hats When we
Six Thinking Hats Six Thinking Hats When weSix Thinking Hats Six Thinking Hats When we
FJDALOMCSILLAPTK Hatserssg szerinti feloszts gyenge hats ers hatsFJDALOMCSILLAPTK Hatserssg szerinti feloszts gyenge hats ers hats
Six Thinking Hats Template Six Thinking Hats alsoSix Thinking Hats Template Six Thinking Hats also
THINKING HATS ASSESSMENT Thinking hats method stimulates theTHINKING HATS ASSESSMENT Thinking hats method stimulates the
De Bonos Thinking Hats Six Thinking Hats canDe Bonos Thinking Hats Six Thinking Hats can
Thinking Hats There are 6 Thinking Hats andThinking Hats There are 6 Thinking Hats and
EXTREME SPORTS Bungee jumping Extreme mountain biking ExtremeEXTREME SPORTS Bungee jumping Extreme mountain biking Extreme
EXTREME COLD AND EXTREME HEAT EXTREME COLD HumansEXTREME COLD AND EXTREME HEAT EXTREME COLD Humans
Red acadmica y Red comercial Red Acadmica RedRed acadmica y Red comercial Red Acadmica Red
The EIS Pay Claim The EIS Pay ClaimThe EIS Pay Claim The EIS Pay Claim
Aberdeen EIS Survey on Inclusion EIS members surveyedAberdeen EIS Survey on Inclusion EIS members surveyed
EIS Ignite 2012 EIS Virtual Library by theEIS Ignite 2012 EIS Virtual Library by the
SISTEM MAKLUMAT EKSEKUTIF EIS PENGENALAN APA ITU EISSISTEM MAKLUMAT EKSEKUTIF EIS PENGENALAN APA ITU EIS
Espritas Amaivos eis o primeiro ensinamento Instruivos eisEspritas Amaivos eis o primeiro ensinamento Instruivos eis
Automation Engine ismertet Automation Engine Az Automation EngineAutomation Engine ismertet Automation Engine Az Automation Engine
Office Automation Office Automation OS Office Automation SystemsOffice Automation Office Automation OS Office Automation Systems
Office Automation Office Automation OS Office Automation SystemsOffice Automation Office Automation OS Office Automation Systems
History of industrial Automation What is Automation AutomationHistory of industrial Automation What is Automation Automation