Infoblox Network Automation
Matt Gowarty, Sr. Product Marketing Manager
Dynamically Controlling Your Network
Complexity Outpacing Resources
Tasks



Quantity/Size

Discovery and network analysis
Reduce risk & ensure compliance
Increase productivity & network
availability
Shorten time to deploy services
Network Scale
& Complexity


Network
Infrastructure
Demands


More complex work
Increased
expectations
Menial tasks
Distracted focus
Network
Management
Resources
Time
2
© 2013 Infoblox Inc. All Rights Reserved.
The Power of Infoblox Network Automation
Cross
Functional
Enablement
Task
Delegation
Network
AutoDiscovery
IP & Device
Management
Infoblox
Network
Automation
Dynamic
Provisioning
Policy
Enforcement
& Audits
3
© 2013 Infoblox Inc. All Rights Reserved.
Dynamic
IPAM Sync
Change &
Config
Automation
3
Solving Business Problems
Shorten time to
delivery
Ensure ongoing
compliance
Empower IT
staffing
Eliminate network
bottlenecks to
deploy services &
apps
Reduce risk of
policy violations
and non-standard
networks
Support growing
IT needs with
existing IT staff
Infoblox Network Automation
Automated Network Discovery
Compliance & Policy Standardization
5
© 2013 Infoblox Inc. All Rights Reserved.
Change & Configuration Management
Discover
Automate
Maintain
Control
Firewall ACL & Rule Automation
5
Infoblox Network Automation Overview
Real-time & Historical Analysis
• Network discovery
• Built-in analysis
• Check against best practices
• Detect issues
• Monitor and manage change
• Automate change
• Maintain compliance
• Provision ACL & rules
6
© 2013 Infoblox Inc. All Rights Reserved.
Collected Via:
SNMP
CLI/configuration
Syslog
Fingerprinting
What’s On and Connected to My Network?
Manual, spreadsheets and/or scanning
tools
• Often out of date
Tight budgets and stretched teams
• Multi-vendor network devices
• Proliferation of IP devices
Ever-changing questions
• What’s on my network?
• Which ports are active?
• Do I need more capacity?
• What device is using which port?
• When & where did they connect?
7
© 2013 Infoblox Inc. All Rights Reserved.
7
Network Auto-Discovery
Automatic device
discovery
Extensive multivendor support
Layer 2 physical & 3
logical data
Integrated topology
views
New device
detection
Detailed VLAN
information
8
© 2013 Infoblox Inc. All Rights Reserved.
8
Switch Port Management
Track free vs.
available port
Identify unused
ports
Capacity planning &
management
Track connected
end-hosts/devices
History of what
connected when and
where
Track devices/MACs
by specific VLANs
9
© 2013 Infoblox Inc. All Rights Reserved.
9
Automated IPAM Sync
Integrated with
Infoblox IPAM
Auto-created
networks
Synced device
details within IPAM
IP map correlation
Updated smart
folders
All automated – no
manual steps
10
© 2013 Infoblox Inc. All Rights Reserved.
10
Keeping Up with Daily Changes
Extensive manual processes
• CLI
• Scripting
Limited functionality
• Configuration scrapes
• Basic change automation
• Vendor-specific tools
Minimal control & documentation
• Limited work-flow
• Admin or nothing access rights
• Massive files require extensive manual
digging and compiling
11
© 2013 Infoblox Inc. All Rights Reserved.
11
Change Management
Automatic change
detection
Accurate job flow
and control
Every change at
fingertips
Saved historical
configurations
Simple side by side
comparisons
Powerful
configuration search
12
© 2013 Infoblox Inc. All Rights Reserved.
Change Automation
Embedded jobs and
scripts
Templates for easy
customization
Easily import
existing Perl scripts
Powerful variablebased jobs
User-based, role
access controls
Scheduled and
triggered jobs
13
© 2013 Infoblox Inc. All Rights Reserved.
Intuitive Change Control
Simplified switch
port changes
Strong user access
rights
Network tasks within
NIOS GUI
Enable single touch
for common changes
User initiated and
triggered tasks
Automatic detailed
updates and sync
14
© 2013 Infoblox Inc. All Rights Reserved.
Is My Network Still Compliant?
Different drivers
• External mandates
• Internal security policies
• Networking best practices
Typically reactive
• When something breaks
• When audit is required
Manually intensive
• Massive log files
• CLI access
• Manually collect, aggregate, tabulate
and present findings
15
© 2013 Infoblox Inc. All Rights Reserved.
15
Policy and Compliance Management
Embedded
compliance rules
Customizable best
practice templates
Manage multiple
policies
Proactive violation
detected
Multiple remediation
options
Current and
historical views
16
© 2013 Infoblox Inc. All Rights Reserved.
16
Configuration Analysis
Unique pre-packaged
expertise
Identifies common
misconfigurations
Customizable
alerting
Recommended
remediation options
Understand concept
of the network
Network Scorecard
views
17
© 2013 Infoblox Inc. All Rights Reserved.
17
Powerful Reporting
Single-click
compliance reports
Pre-packaged and
customizable
Powerful filtering
Executive and
detailed reports
On-demand or
scheduled
User-based view
rights
18
© 2013 Infoblox Inc. All Rights Reserved.
18
So Many Firewall Changes – So Little Time

Spike in number of security policy changes

IT headcount not keeping pace

Multiple point products add confusion

Network SLAs impacted negatively

Expensive and diminishes security effectiveness
Firewall
Change
Needed
Search
For
Devices
1
Figure Out
Impacted
Devices
2
Determine
Correct
Config
Compare
Change to
Standards/
Compliance
3
4
Request
Change/
Implement
Manually
5
Reconfirm
Correctness
and
Compliance
6
Manual
Network Provisioning Time
Hours/Days
LEGACY APPROACH TO FIREWALL POLICY CHANGE IMPLEMENTATION
19
© 2013 Infoblox Inc. All Rights Reserved.
Rule and ACL Analysis
Built-in multi-vendor
expertise
Automatic alerts of
common issues
Continuous
monitoring
Finds hidden, overlapping & duplicates
Automated
discovery
Topology path
views
20
© 2013 Infoblox Inc. All Rights Reserved.
Search and Alerting
Customizable
searches
Flexible multiple
device options
Blacklisting
reduces risk
Whitelisting
ensures access
Automatic alerts
“Simple English”
commands
21
© 2013 Infoblox Inc. All Rights Reserved.
Integrated Provisioning
Integrated
provisioning
Creates vendorspecific syntax
Push changes to one
or multiple devices
User-based
access controls
Testing and
rollback options
Change monitoring
and tracking
22
© 2013 Infoblox Inc. All Rights Reserved.
Taking Automation to the Next Level
Dynamic
• Improve capabilities with dynamic value
look ups
Topology
• Better configurations based on
understanding neighbors
Control
Flexibility
Ease of use
23
© 2013 Infoblox Inc. All Rights Reserved.
• Maintain control with role-based access
and rights
• Reduce time with multi-device
coordinated change
• Eliminate scripts by leveraging intuitive
GUI across multiple vendors and devices
Infoblox Network Automation
Dynamically Controlling Your Network