Data centers are at the foundation of any organization’s developmental strategy. However, over the past few years, they have evolved from traditional three-tier architecture to modern spine-and-leaf topologies and as a result, have introduced new complexities from a network overlay perspective. While this evolution has brought better scalability, the complexity of managing day-to-day network operations, and maintaining datacenter compliance still exists and has been further compounded by the growth of multi-vendor deployments aimed at reducing capital expense.
Manage datacenters more effectively with ATOM
Managing a multi-vendor environment is not easy for several reasons, among them are, multiple complex reference architectures and fundamental network operations (NetOps). IT professionals not only have to keep up with technological advancements such as IP Fabric, L2 & L3 spine-and-leaf architectures, but they also have to manage large scale data centers efficiently while still maintaining legacy infrastructure. What’s required is an integrated platform to provide NetOps teams with a path to build & maintain next-generation data centers. Anuta Networks ATOM delivers a multi-dimensional product with multi-vendor network automation & analytics support at its core.
With a fully extensible platform, ATOM can deliver the unique requirements necessary for data center automation. Among these are the following:
- Multi-vendor support – 45+ vendors and 150+ platforms supported unrivaled in the industry
- Day-0 onboarding – Bring spine & leaf switches and other components to life through Greenfield & Brownfield discovery support
- Hierarchical topology – Visualize detailed network layouts with operational and performance data overlayed for ease of interpretation and action
- Day-N provisioning – Realize automation use cases such as routing policy, EVPN, VXLAN, VLAN to VXLAN mapping, VLAN, VRF, and many others across a multi-vendor infrastructure
- Multi-device service chaining – Facilitate application delivery use case across switching, routing, firewall, IPAM, and load balancers
- Real-time analytics & telemetry – Harness powerful in-depth visibility and realize the most impactful insights for your network
- Workflow automation – Trigger approval and remediation steps through low code automation
Ensure datacenter compliance with ATOM's Compliance Management
Automated provisioning is considered to be the most important aspect in any network automation & orchestration solution. But at the same time, network compliance plays an equally important role in the automation journey. Achieving compliance is only the first step; maintaining it is the bigger long term challenge. Network outages and security breaches resulting in loss of data and intellectual property are common occurrences, unfortunately, and the resulting regulatory penalties levied are significant. These are the negative after-effects of non-compliance. So how does one get a handle on ensuring consistency? It can be an expensive endeavor given the manual oriented process and frequent changes to compliance guidelines. Juggling through scripts and meager automation tools on the day of an audit will only bring temporary results. Compliance must be managed as a continuous cycle rather than a snapshot in time.
Datacenter networks are complex and highly dynamic with devices ranging from switches, routers, firewalls, load balancers, IPS, IDS, IPAM, and many more. Ensuring compliance across this highly complex environment is a daunting task. Furthermore, each industry vertical has a different set of requirements to meet the likes of PCI, HIPAA, SOX, etc. Anuta Networks ATOM offers a network-aware compliance framework to define policies ensuring configuration and software consistency across any multi-vendor infrastructure. ATOM constantly monitors the network, detects any changes to the device or multi-device configurations through the following capabilities:
Service compliance – Multi-device service chaining, underlay & overlay configurations, and external connections to wide area networks are common scenarios in any data center. These scenarios require provisioning across multiple platforms such as spine & leaf switches, firewalls, load balancers, IPAM devices, and more to enable services. While enabling a few services, there are many different services, protocols, and daemons that should be kept inactive as part of a strict compliance guideline. Also to keep in mind any changes made by other external processes as a random change or troubleshooting exercise which pushes the device into non-compliance. Given ATOM’s service compliance feature, NetOps teams can keep a close watch on the multi-level services configured in their network. ATOM also retrieves configurations at regular intervals or on out-of-band changes to track any deviation and reconcile issues. For example, a deleted VIP on the load balancer with an ACL rule on the firewall left unattended; ATOM detects this as a non-compliance and takes remediation actions.
Configuration compliance – Every industry vertical maintains a different set of compliance rules and guidelines for IT. Organizations must deploy and manage a platform which can dissect every command and syntax that affects device configurations. This analysis begins with device hardening configurations mandatory routes or firewall rules on devices. ATOM offers a very flexible framework to define policies for match and non-match conditions along with the corresponding actions required. For example, a matching action taken upon non-compliance to ensure device hardening syntaxes such as password encryption, non-default passwords & SNMP community strings, SNMP versions, services such as telnet, ssh, https, FTP, and NTP.
Device level compliance can be considered as a lower-level construct when compared to service compliance. Any service level configurations are broken down into device-level configurations. As an example, in a data center, where multiple customers are on-boarded, segmentation is the norm for a secure experience. L2 definitions using VLAN or L3 definitions using VRF are not only provisioned using a single-click with ATOM’s modeling or workflow capabilities, but ATOM also ensures that device-level configurations for the services are consistent. Security is of paramount importance in a data center, and ATOM offers device compliance services to maintain the integrity of firewall configurations. ATOM also monitors and ensures anti-spoofing commands don’t adversely affect network devices. As an example of device compliance, if an external or manual process accidentally deletes a VLAN or VRF, ATOM can detect and recover the configuration.
Similarly, Configuration drift can be tracked on any devices to take remediation actions. For example, a continual CLI compliance management feature in ATOM ensures an access list on the interface facing the internet to maintaining a password to protect all EIGRP adjacencies as an example. ATOM also supports Jinja templates that facilitate a single-defined and scalable solution. ATOM also assess non-compliance against defined policies and maps the resulting data back to business-driven service levels.