This is the fourth blog post in our “Massive Scale” series. The previous posts focused on the scalability of Workflow Automation and Service Orchestration. We also discussed the importance of massive scale automation and Anuta Networks ATOM’s capabilities. This blog post will emphasize ATOM’s scale for compliance, monitoring and analytics.
Massive Scale Compliance Management
Administrators and architects use detailed plans while building any network. They define strict rules for AAA, ACL, SNMP, MPLS, and other services. Network engineers and operators are expected to adhere to those standards. However, as the network grows, it becomes increasingly difficult to comply with the static measures. Multi-regional teams, multi-vendor devices, and network consolidation after acquisitions tend to drive non-compliance in the network. Consequently, detecting and remediating non-compliance on an extensive scale is critical for large networks. Anuta ATOM’s compliance framework helps enterprises standardize configurations and services in complex environments. It enables administrators to create granular multi-vendor policies, monitor violations, and automatically remediate non-compliance issues.
Compliance Enforcement of 31M configuration lines across 10,000 devices in 2 hours
A tier-1 media entertainment network based in Florida, suffered from a number of challenges. Their network comprised more than 10,000 devices across 9 vendors, 17 OS platforms and spanned multiple regions in the United States. Each device also had multiple touchpoints leading to nonstandard configurations and several policy violations. Adding to the complexity was the varying device access capabilities – while some supported CLI/SSH, others offered YANG and Netconf. Homegrown and open-source tools could not scale to meet the demands of such a massive network.
Anuta ATOM’s scalable compliance framework enabled the enterprise to standardize the current network and prevent future non-compliance through constant monitoring. Anuta ATOM provides an intuitive compliance policy builder that allows network administrators to build complex policy chaining use cases for multi-vendor devices with ease. This enterprise developed ~384 configuration policies enforced on devices with varying scales:
- small devices with 1000 configuration lines,
- medium with 5000 configuration lines
- large devices consisting of 70,000 configuration lines.
Altogether the enterprise standardized an astounding 31M configuration lines across 10,000 multi-vendor devices!
This company also maintains configuration consistency by performing full network weekly compliance runs and automatically remediating violations. ATOM is used to monitor and enforce policies across 10,000 multi-vendor and multi-regional devices with a cumulative of 31M lines of configuration. ATOM performs the audit for such a massive network in around 2 hours and generates a comprehensive report to visualize and identify non-compliance. On the first run, ATOM immediately discovered that nearly 60% of the devices were non-compliant to the set standards. Identifying and remediating violated policies manually would have required significant time and resources. Not only did ATOM help the enterprise identify non-compliant devices, but it also helped eliminate configuration inconsistencies immediately.
The ATOM platform generates a comprehensive compliance report on every run that provides granular details on compliant and non-compliant devices, passed and failed policies, and severity of non-compliance. In this case, it provided the flexibility to analyze compliance status through various views including device view, device model view, device location view, device group view and compliance policy view. Each of these views allows further filtering based on device ID, vendor, compliance status, locations, resource pools, device groups, severity, execution status, policy, rule, and condition name.
Massive Scale Network Monitoring & Analytics
Collecting information from a massive network, storing data in a time-series database, and displaying the information for charting and reporting is relatively simple. The challenge lies in collecting, visualizing, and alerting at millisecond granularity.
A global financial service provider pressed Anuta Networks with the task of monitoring their multi-vendor network with strict latency requirements. They required the ATOM collector to enable 60 persistent TCP connections to ingest 1 million or more metrics every second from 500 interfaces. To achieve a large scale, the enterprise transitioned from traditional SNMP to modern streaming telemetry mechanisms with support for GRPC and GPB. ATOM was also required to support metric collection precision at micro-second granularity as well as milli-second data processing latency for visualization and closed-loop automation.
The ATOM platform is also containerized to provide a horizontally scalable platform. ATOM can scale up its collectors and processing engines to capture device data at extraordinary speeds. These collectors can be deployed centrally or at a remote location closer to the devices to reduce latency. ATOM databases are highly-available and can also be scaled up as required. This elasticity enables ATOM to collect millions of metrics per second from thousands of devices and retain terabytes of information across many years. This capability immensely benefits time-critical applications. A financial service provider can utilize low latency capabilities within the ATOM platform to provide financial data in near real-time. On the other hand, healthcare providers can provide remote surgery services that require constant network monitoring, real-time feedback, and instant remediation capabilities.
High-scale monitoring for performance and compliance is critical in large networks. ATOM’s monitoring functionality not only allows the ability to visualize real-time data, but it also provides network operators with the ability to query granular data within milli-seconds for troubleshooting or reporting purposes. ATOM also provides a single-source-of-truth for multi-vendor environments enabling customers to enforce uniform compliance policies and visualize end-to-end network analytics with a single-pane-of-glass.
We hope you found this blog installment informative. Stay tuned for the next installment in the series!