Infoblox Network Automation Matt Gowarty, Sr. Product Marketing Manager Dynamically Controlling Your Network Complexity Outpacing Resources Tasks Quantity/Size Discovery and network analysis Reduce risk & ensure compliance Increase productivity & network availability Shorten time to deploy services Network Scale & Complexity Network Infrastructure Demands More complex work Increased expectations Menial tasks Distracted focus Network Management Resources Time 2 © 2013 Infoblox Inc. All Rights Reserved. The Power of Infoblox Network Automation Cross Functional Enablement Task Delegation Network AutoDiscovery IP & Device Management Infoblox Network Automation Dynamic Provisioning Policy Enforcement & Audits 3 © 2013 Infoblox Inc. All Rights Reserved. Dynamic IPAM Sync Change & Config Automation 3 Solving Business Problems Shorten time to delivery Ensure ongoing compliance Empower IT staffing Eliminate network bottlenecks to deploy services & apps Reduce risk of policy violations and non-standard networks Support growing IT needs with existing IT staff Infoblox Network Automation Automated Network Discovery Compliance & Policy Standardization 5 © 2013 Infoblox Inc. All Rights Reserved. Change & Configuration Management Discover Automate Maintain Control Firewall ACL & Rule Automation 5 Infoblox Network Automation Overview Real-time & Historical Analysis • Network discovery • Built-in analysis • Check against best practices • Detect issues • Monitor and manage change • Automate change • Maintain compliance • Provision ACL & rules 6 © 2013 Infoblox Inc. All Rights Reserved. Collected Via: SNMP CLI/configuration Syslog Fingerprinting What’s On and Connected to My Network? Manual, spreadsheets and/or scanning tools • Often out of date Tight budgets and stretched teams • Multi-vendor network devices • Proliferation of IP devices Ever-changing questions • What’s on my network? • Which ports are active? • Do I need more capacity? • What device is using which port? • When & where did they connect? 7 © 2013 Infoblox Inc. All Rights Reserved. 7 Network Auto-Discovery Automatic device discovery Extensive multivendor support Layer 2 physical & 3 logical data Integrated topology views New device detection Detailed VLAN information 8 © 2013 Infoblox Inc. All Rights Reserved. 8 Switch Port Management Track free vs. available port Identify unused ports Capacity planning & management Track connected end-hosts/devices History of what connected when and where Track devices/MACs by specific VLANs 9 © 2013 Infoblox Inc. All Rights Reserved. 9 Automated IPAM Sync Integrated with Infoblox IPAM Auto-created networks Synced device details within IPAM IP map correlation Updated smart folders All automated – no manual steps 10 © 2013 Infoblox Inc. All Rights Reserved. 10 Keeping Up with Daily Changes Extensive manual processes • CLI • Scripting Limited functionality • Configuration scrapes • Basic change automation • Vendor-specific tools Minimal control & documentation • Limited work-flow • Admin or nothing access rights • Massive files require extensive manual digging and compiling 11 © 2013 Infoblox Inc. All Rights Reserved. 11 Change Management Automatic change detection Accurate job flow and control Every change at fingertips Saved historical configurations Simple side by side comparisons Powerful configuration search 12 © 2013 Infoblox Inc. All Rights Reserved. Change Automation Embedded jobs and scripts Templates for easy customization Easily import existing Perl scripts Powerful variablebased jobs User-based, role access controls Scheduled and triggered jobs 13 © 2013 Infoblox Inc. All Rights Reserved. Intuitive Change Control Simplified switch port changes Strong user access rights Network tasks within NIOS GUI Enable single touch for common changes User initiated and triggered tasks Automatic detailed updates and sync 14 © 2013 Infoblox Inc. All Rights Reserved. Is My Network Still Compliant? Different drivers • External mandates • Internal security policies • Networking best practices Typically reactive • When something breaks • When audit is required Manually intensive • Massive log files • CLI access • Manually collect, aggregate, tabulate and present findings 15 © 2013 Infoblox Inc. All Rights Reserved. 15 Policy and Compliance Management Embedded compliance rules Customizable best practice templates Manage multiple policies Proactive violation detected Multiple remediation options Current and historical views 16 © 2013 Infoblox Inc. All Rights Reserved. 16 Configuration Analysis Unique pre-packaged expertise Identifies common misconfigurations Customizable alerting Recommended remediation options Understand concept of the network Network Scorecard views 17 © 2013 Infoblox Inc. All Rights Reserved. 17 Powerful Reporting Single-click compliance reports Pre-packaged and customizable Powerful filtering Executive and detailed reports On-demand or scheduled User-based view rights 18 © 2013 Infoblox Inc. All Rights Reserved. 18 So Many Firewall Changes – So Little Time Spike in number of security policy changes IT headcount not keeping pace Multiple point products add confusion Network SLAs impacted negatively Expensive and diminishes security effectiveness Firewall Change Needed Search For Devices 1 Figure Out Impacted Devices 2 Determine Correct Config Compare Change to Standards/ Compliance 3 4 Request Change/ Implement Manually 5 Reconfirm Correctness and Compliance 6 Manual Network Provisioning Time Hours/Days LEGACY APPROACH TO FIREWALL POLICY CHANGE IMPLEMENTATION 19 © 2013 Infoblox Inc. All Rights Reserved. Rule and ACL Analysis Built-in multi-vendor expertise Automatic alerts of common issues Continuous monitoring Finds hidden, overlapping & duplicates Automated discovery Topology path views 20 © 2013 Infoblox Inc. All Rights Reserved. Search and Alerting Customizable searches Flexible multiple device options Blacklisting reduces risk Whitelisting ensures access Automatic alerts “Simple English” commands 21 © 2013 Infoblox Inc. All Rights Reserved. Integrated Provisioning Integrated provisioning Creates vendorspecific syntax Push changes to one or multiple devices User-based access controls Testing and rollback options Change monitoring and tracking 22 © 2013 Infoblox Inc. All Rights Reserved. Taking Automation to the Next Level Dynamic • Improve capabilities with dynamic value look ups Topology • Better configurations based on understanding neighbors Control Flexibility Ease of use 23 © 2013 Infoblox Inc. All Rights Reserved. • Maintain control with role-based access and rights • Reduce time with multi-device coordinated change • Eliminate scripts by leveraging intuitive GUI across multiple vendors and devices Infoblox Network Automation Dynamically Controlling Your Network