IT Operations Management (ITOM)
cancel

5 Network Automation workflow use cases in an enterprise

5 Network Automation workflow use cases in an enterprise

MichaelProcopio

Guest post by Asadullah Mohammad, Software Test Engineer, HP Software

 

In an organization, where you have network engineers managing the devices and performing multiple operations on them, the changes are typically approved by their network administrators and the affected people should be notified.

 

HP Network Automation (NA) workflow provides a solution to change management that allows you to define a process flow, to review, approve and notify any change request or changes on the network. It does this based on user roles and permission defined by the network administrator, to make sure that the organization complies with their network policies.

 

NA workflow is very easy to setup using NA Workflow Wizard and can be understood by examining the diagram below:

 

Originators/Approvers/Recipients:

Originators can be network engineers who would be performing various tasks on groups of devices which needs approval.  However, Originators can override the approval process in case emergencies - only if the option is enabled in Administrative Settings.

 

Approvers can be network admins who would supervise these changes and approve, reject, or suspend it.

 

Recipients can be anyone who needs to be notified or is affected by changes to the approval status of the task.

 

Before you set up the workflow, you must plan and create a set of users and groups based of different roles and permissions depending on your organizational needs. Then it will be easier to select the Originators, Approvers and Recipients, as they would have specific roles and permissions.

 

For example:

Originators -> select Full Access User group

Full Access User group has the following roles:

  • Full Access Command Permission
  • All Scripts Script Permission
  • All Devices Modify Device Permission.

Approvers -> select Administrator group

Administrator group has the following roles:

  • All Partitions View Partition Permission
  • Administrator Command Permission

Recipients -> select All Users group

               All users in NA belongs to this group

 

Use Cases of workflow

The organization’s network admin chooses which tasks they want to get approved before proceeding.

 

The typical use case of workflows is for read-write tasks:

 

Use case 1 - Bulk Configuration Changes

Whenever you have to deploy a configuration in bulk i.e. deploy a configuration on a group of devices belonging to a particular device family, it is important that the bulk task is reviewed and gets approval before proceeding. As bulk tasks have a critical affect to devices and the network as a whole, it should notify the concerned users when the task status changes.

 

Use case 2 - Modifying Access Credentials

Modifying or deploying device access credentials is another critical task that should be implemented via workflow, as this would change SNMP community strings, device passwords etc. for a device or group of devices. This will need approval as this would affect the accessibility to multiple devices across the network once passwords are deployed.

 

Use case 3 - Changing Specific Configurations

Handling ACLs and Deleting ACLS is another critical feature in NA to manage devices using such tasks. NA also provides some inbuilt scripts which you can customize as well to make changes to ACL or bare metal changes to devices, by executing those scripts through tasks. It is important for these tasks to go through the workflow process before implementing the change as this would impact the control of both inbound and outbound traffic.

Use case 4 - Updating Device Software

When you have to update an OS image on a particular device family, say Cisco IOS, you can push the downloaded image(s) on the entire device family using a task. The tasks making these changes on Device’s OS are very critical and should go via workflow process to get the necessary approval.

 

Use case 5 - Auto-Remediation on Non-Compliance of Policies                             

Whenever a device or groups of devices goes out of compliance, the NA policy checking the specific parameters that fails triggers a rule based auto-remediation script to bring the devices in compliance. It is important that these policy compliance check related tasks are implemented via workflow, to make sure these auto-remediation scripts are duly approved before making any changes to the device configuration.

 

Above are a few use cases for implementing certain tasks via a workflow. However, you can select all the device specific tasks for approval while configuring the workflow.

 

Note that Approval Options are only displayed if the task is part of a Workflow Approval Rule.

 

Other than the workflow wizard, you can also add tasks in Administrative Settings->Event Notification and Response Rules and force them to get approval using the Administrative Settings -> Workflow in the NA UI. Once that task is triggered because of some event, it must be approved by Approvers created in workflow.

 

One concern in using workflows is having two or more workflows making changes to the same devices at the same time. Using a workflow, you can reserve devices by enabling Device Reservation System in Administrative Settings-> Workflow.

 

If the device or group of devices are already reserved by any other task, a conflict notification event is created, which prevents you from accidently working on the devices that are already under maintenance. This helps a large IT group to schedule and work in a controlled and organized fashion.

However, the conflict in device reservation does not prevent you from running the task against the device or device group and the current task would be waiting state until the reserved device is released from the previous task.

 

To learn more about NA Workflow, Reserving Devices, Roles and Permissions, please refer to HP Network Automation Software User Guide [Login required]

 

About the author: Asadullah Mohammad Asad has over 9.5 years of experience in Software Testing across multiple domains. He has been with NMC team for over 1.5 years and is currently working with Network Automation Patch QA team since last 1 year.

 

He is responsible for QA deliverables for Network Automation patch releases.

 

Asad has Bachelor of Engineering Degree in Computer Science from Magadh University, India.

 

 

HP Network Automation  software automates the complete operational lifecycle of network devices from provisioning to policy-based change management, compliance, and security administration. Start your free trial today.

 

Tweet to us at @HPITOps  and let us know what you think! | Friend HP Software on Facebook   | Join our Network Management Solutions group on LinkedIn    

 

-
Michael Procopio
LinkedIn.com/in/Michael Procopio
  • infrastructure management
About the Author

MichaelProcopio

HPE Software Product Marketing. Over 20 years in network and systems management.

Comments
Acclaimed Contributor

Thanks for your comments!

//Add this to "OnDomLoad" event