Capability: Network & Infrastructure Services

Five strategic steps to optimise vendor consolidation

Posted on: 13 May 2025
Five strategic steps to optimise vendor consolidation

Managing multiple vendors has become a logistical nightmare for many businesses as the tech landscape evolves. Between ballooning vendor lists, overlapping services and spiralling costs, the need for effective vendor consolidation has become greater than ever. 

Vendor consolidation isn’t just a trend, it’s a strategic move that empowers businesses to optimise their systems, reduce operational inefficiencies and drive meaningful cost savings. If your business is looking to achieve cost optimisation and streamline operations, this blog outlines the five key steps CACI recommends taking to successfully execute vendor consolidation. 

What is vendor consolidation and why does it matter? 

Over the past decade, IT innovation has led to an explosion of niche solution providers with expert capabilities. With the number of tech vendors increasing tenfold from 2012 to 2023, multi-vendor models that have worked in the past now introduce complexities, redundancies and inflated management costs. By consolidating vendors, businesses can: 

  • Simplify vendor relationships 
  • Improve service integration 
  • Strengthen security postures 
  • Reduce shadow IT risks 
  • Achieve significant cost efficiencies. 

However, rushing into consolidation without a thoughtful approach can create more problems than it solves, which is why a strategic framework is essential. 

CACI’s five key steps to perfecting a vendor consolidation strategy 

Define your vendor consolidation goals 

The first step to successfully consolidating is clearly defining what the goals and desired outcomes are. 

Are you aiming to: 

  • Lower operating costs?
  • Streamline vendor management?
  • Reduce security vulnerabilities?
  • Improve service quality? 

Before taking action, identify your pain points, consider future growth strategies, assess regulatory compliance requirements and prioritise your goals. Your consolidation efforts must align with broader business strategies, not just short-term savings. These factors will then guide the entire process and help measure success once the consolidation is complete. 

A clear vision will provide a roadmap to measure success once the transition is complete. CACI works across multiple verticals and is well placed to advise on and provide industry best practise. We can complete a requirements assessment to support this step to align with a business’ goals and provide a strong foundational step for consolidation. 

Assess your current vendor landscape 

Before you optimise, you must diagnose. 

Large and varied vendor estates often result from aggressive growth periods, prioritising expansion over efficiency. This leads to underutilised software, overlapping services and unmanaged contracts, complicating the accurate measurement of the value being brought to the business. 

A strategy must therefore begin with assembling a detailed inventory of: 

  • Vendors 
  • Products/services 
  • Service-level agreements (SLAs) 
  • Contract expiration dates 
  • Internal stakeholders. 

Once the full landscape has been mapped, a deep analysis of how each product is performing should be completed and each vendor should be evaluated through both objective and subjective lenses: 

Objective evaluation: 

  • SLA performance 
  • Incident history 
  • Service costs versus delivered value 
  • Service duplication across vendors 
  • ROI and proven cost savings to date. 

Subjective evaluation: 

  • Strategic importance to your business 
  • User experience and training support 
  • Vendor flexibility, transparency, and reputation. 

Gathering this information and conducting interviews with key users will help build a holistic vendor profile. Knowing who truly delivers value and who doesn’t will guide strategic decisions. Considering security architecture will further impact strategic decision-making. Firewalls, for example, are vital as the first line of defence against cyber threats. However, businesses can often manage a diverse array of firewalls from multiple vendors. This flexibility can complicate security and compliance due to organic security policy growth from new applications and services, rapid deployment of policy changes to meet project deadlines, temporary fixes to address immediate issues which are not revisited and more.  

To remedy this, CACI’s network automation experts have developed a Firewall Optimisation Assessment to generate actionable insights, analysis and remediation suggestions for network security appliance configuration. With over 20 years of operational experience in network security engineering across many businesses, we undertake assessments across leading security device vendors including Palo Alto, Fortinet, Cisco and Checkpoint.

Are you confident that your firewall configurations are consistent and easy to manage? That there are no security weaknesses such as overly permissive policies or insecure protocols? That the rulebase is necessary and not leftover from testing? That the policies are configured according to industry best practice? If not, CACI can help.

Our Firewall Optimisation Assessment offers many benefits, including:

  • Identification of security weaknesses
  • Increasing operational efficiency
  • Eliminating the need for reworking firewall RFC change requests
  • Scaling your firewall for security posture
  • Validating your security posture against known assessment criteria
  • Progressing towards implementing governance-as-code.

Communicate your goals and priorities to vendors 

Transparency with current vendors is crucial. By communicating goals, priorities and current challenges to vendors, more information can be gathered on the full capabilities of what each product and service can offer. Through this, opportunities for expanded partnerships or service integrations can also arise. Key areas to examine include: 

  • Managed services experience 
  • Industry expertise 
  • Service range and frameworks 
  • Innovation capacity 
  • Governance standards 
  • Global and local resource presence. 

Often, a single vendor may offer additional services you currently purchase from others. At CACI, we regularly uncover these overlaps, offering clients enhanced solutions across network services, logistics, and mar-tech platforms. 

Tip: Use third-party analyst reports like Gartner Magic Quadrants to benchmark vendor capabilities against the broader market. 

Develop and implement a transition plan 

With insights in hand, it’s time to build your strategy. 

Prioritise vendors that: 

  • Can cover multiple service areas 
  • Maintain high standards of quality, security, and support 
  • Offer strategic partnerships, not just transactional relationships. 

At this stage, address critical risk factors: 

  • Contractual obligations and penalties 
  • Regulatory and compliance impacts 
  • Potential downtime risks. 

Perform a thorough ROI analysis, weighing financial metrics alongside strategic benefits like increased agility, improved compliance posture, and enhanced integration. This risk assessment will significantly improve the efficacy of the transition plan and prevent new challenges from emerging during the consolidation process. 

Best practice: Phase your transition for minimal disruption. Pilot smaller changes before scaling consolidation efforts across the business. 

Continuously monitor and optimise 

Vendor consolidation isn’t a “set it and forget it” process. Ongoing monitoring and tracking is key. 

Establishing clear KPIs and SLA benchmarks to measure vendor performance will contribute hugely to the successful management of ongoing, optimal operations. Conduct annual evaluations to: 

  • Identify new consolidation opportunities 
  • Validate vendor alignment with business goals 
  • Maintain cost and performance optimisation. 

Regular reviews foster a culture of continuous improvement, ensuring your vendor strategy evolves alongside your business.
CACI offers both shared and dedicated managed services which can provide 24/7 monitoring, helping businesses continuously improve, develop and innovate to achieve optimisation goals. 

Common pitfalls to avoid during vendor consolidation 

While consolidation offers powerful benefits, be mindful of these common mistakes: 

  • Over-consolidating: Diversification can mitigate risk. Avoid relying solely on one provider for critical systems. 
  • Underestimating transition complexity: Budget time and resources for integration, training and risk mitigation. 
  • Ignoring stakeholder input: Early engagement with users ensures buy-in and identifies potential friction points. 
  • Focusing only on cost: Strategic value, security posture and service quality must weigh heavily in decisions. 

By navigating these challenges thoughtfully, you can realise maximum benefits without unintended setbacks. 

How CACI can help you master vendor consolidation 

At CACI, we understand that vendor consolidation is more than an operational exercise — it’s a strategic transformation. Our team partners with businesses to: 

  • Map vendor ecosystems 
  • Identify strategic partners 
  • Design transition roadmaps 
  • Mitigate consolidation risks 
  • Drive operational efficiencies.

Ultimately, any consolidation exercise needs to enhance a business’ capabilities, increase efficiencies and drive agility. If, based on these considerations, your business is ready to move forward with strategic vendor consolidation, CACI is working with multiple clients to explore and implement strategies to optimise their systems, improve operational inefficiencies and drive cost-effectiveness. Ready to elevate your vendor consolidation game? 

Contact CACI today to learn more about our tailored vendor consolidation strategies and how they can help you streamline operations, enhance resilience and position your business for future growth. 

Navigating the technical challenges of cloud.microsoft

Posted on: 2 December 2024
Navigating the technical challenges of cloud.microsoft

Transitioning to cloud.microsoft is not just a superficial change; it requires intrinsic technical adjustments that may affect your network’s security and performance. So, according to CACI’s network security experts, what are the technical challenges that may arise with this transition and what solutions are available to businesses to ease it? 

Identifying & resolving the technical challenges

  • DNS configuration and management: Transitioning to a unified domain requires meticulous DNS configuration. Therefore, you must ensure your DNS settings are correctly aligned with the new domain structure for uninterrupted access to Microsoft 365 services. This involves updating DNS records, modifying conditional forwarders, checking root hints, or even changing DNS resolvers in your network to cope with the new .microsoft root TLD and correctly route all subdomains.
  • Proxy and firewall adjustments: Adjustments to proxy settings and firewall rules are necessary with the new domain. This includes updating allow-lists and ensuring traffic to and from cloud.microsoft is filtered and monitored correctly. Implementing robust proxy configurations will be necessary to maintain secure and efficient access to Microsoft 365 services through the transition period.
  • Code and API integrations: The unified domain offers a more streamlined approach for businesses leveraging custom API integrations with Microsoft 365. Ensuring that all scripts, code, API gateway and native API calls are updated to reflect the new domain is essential for maintaining functionality and security in any collaboration integrations.
  • Security protocols and compliance: The cloud.microsoft domain’s enhanced security features necessitate a thorough review of your existing security protocols. This might include implementing advanced threat protection, ensuring compliance with industry standards and leveraging Microsoft’s security tools to monitor and mitigate potential threats. 

Challenges and solutions

  • Firewall reconfiguration: Shifting to a new domain will cause existing firewall rules and policies to be updated, which can be a complex and lengthy process, particularly for large organisations with extensive firewall configurations. CACI can assist by conducting a thorough audit of your current firewall settings with our Firewall Optimisation Assessment, identifying necessary changes and implementing these updates to ensure seamless access to Microsoft 365 services.
  • Proxy PAC file updates: Proxy Auto-Configuration (PAC) file logic will need to be updated to reflect the new domain, which involves modifying the scripts that determine how web browsers and other user agents can automatically select the appropriate proxy server. CACI’s NetDevOps experts can help rewrite, optimise and test these PAC files to ensure they are correctly configured, minimising disruptions to your 365 network traffic.
  • DNS reconfiguration: Updating DNS settings to accommodate the new domain structure will be critical. This includes modifying DNS records, resolver chains, forward lookup zones and conditional forwarders to manage the new subdomain and root TLD routing. CACI can provide comprehensive DNS management and optimisation services, ensuring that all changes are correctly implemented and that your DNS infrastructure remains secure and efficient.
  • Network infrastructure adjustments: Beyond firewalls and proxies, other network infrastructure components such as load balancers, VPNs, SDCI (ExpressRoute) and intrusion detection systems may also require reconfiguration. CACI’s team of expert network security engineers can assess your entire network setup, identify areas that need adjustment and implement the necessary changes to ensure compatibility with the cloud.microsoft domain.
  • Compliance and security: Adhering to industry standards and compliance regulations will be paramount for your network. The transition to cloud.microsoft offers enhanced security features, but these must be properly configured and monitored. CACI can help you leverage these security enhancements, implement advanced threat protection measures and ensure that your network remains compliant with all relevant regulations. 

How CACI can help

As a trusted advisor with deep network and security expertise across sectors from finance, through telco, media, and government, CACI is uniquely positioned to help your business leverage the full potential of Microsoft 365 and the new cloud.microsoft domain.  With over 20 years of experience in cloud services and a deep understanding of Microsoft technologies, CACI can provide tailored solutions that meet your specific business needs. Our team of experts will ensure a smooth transition to the cloud.microsoft domain, minimising disruptions and maximising efficiency. 

CACI offers a comprehensive range of services, from initial consultation to ongoing support, ensuring you get the most from your Microsoft 365 investment. Our Managed Network Services help maintain your network and security, all while prioritising compliance and utilising the enhanced security features of the cloud.microsoft domain. Book a consultation with us today to discover how CACI can support help your organisation navigate the  Microsoft system change requirements here. 

Unlock time with NetDevOps: Your business’ most precious currency

Posted on: 6 November 2024
Unlock time with NetDevOps: Your business’ most precious currency

Time is seen as the ultimate currency as– it’s the one resource you can’t purchase or stockpile. But what if there was a way to maximise your time investment? Enter NetDevOps. 

NetDevOps: The time-saving bridge

NetDevOps combines the best of DevOps practices with deep knowledge from network operations (hence the name NetDevOps). By embracing NetDevOps, you bridge the gap between network infrastructure and applications, creating a unified approach that saves precious time. 

NetDevOps integrates the principles of DevOps – such as Continuous Integration (CI), Continuous Delivery (CD) and automated testing – into network management. This integration fosters a more agile and collaborative environment where network changes can be implemented swiftly and reliably without the usual pre-change request fear. 

Automation tools like Ansible and Terraform play a crucial role, reducing the need for manual interventions and minimising human errors, thus speeding up processes and enhancing overall efficiency. When combined with programming languages and tools like Python, Nornir, Nautobot, pyATS and SuzieQ, they create an unbeatable automation machine to complement and accelerate your network engineer’s knowledge of the enterprise network. 

Why NetDevOps matters

Traditional network management relies on manual processes, leading to inefficiencies, errors and delays. NetDevOps changes the game – it treats the network as code, allowing for all the advantages of DevOps and software engineering, such as: 

  • Version control through VCS such as Git 
  • Automated testing through frameworks such as pyATS 
  • Error avoidance through techniques such as linting to remove human error 
  • Integrated security through pipeline source code analysis tools 

The result?

✔ Faster deployments

Quicker upgrades

Reduced bottlenecks 

Your network becomes a time-saving powerhouse. 

Contrast this with traditional network management which is often slow, prone to mistakes and causes significant delays and operational issues. The automation of routine tasks also frees up valuable time for network engineers to focus on higher-value, more strategic initiatives. 

Imagining the possibilities of a NetDevOps approach

NetDevOps promotes a culture of shared responsibility and knowledge within the network team. By automating easier network tasks and maintaining comprehensive (and dynamically-updating) documentation and version control, the dependency on individual team members is significantly reduced. 

Concepts like automated testing and validation processes benefit everyone, ensuring that network upgrades and changes are implemented smoothly, with reduced risk of downtime and enhancing the overall stability of the network. 

NetDevOps + Cloud Networking: Making 1+1 = 5 

If you’re considering deploying Network Virtual Appliances (NVA) or Network Function Virtualisation (NVF/NVF) via ClickOps or TradOps, you may want to think again. For high velocity application delivery, embracing modularity, obtaining cultural shifts or infrastructure as code, a NetDevOps approach will be critical. Cloud environments like AWS, Azure and GCP offer powerful tools for deploying and managing network resources, such as: 

Azure API 

  • Dynamically update your UDRs based on observability practices to a lower-loaded firewall NVA or link. 

Azure CLI 

  • Expose the underlying Azure VNET BGP route paths using the relevant “az network” commands. 

Azure VM Scale Sets (VMSS) 

  • Horizontally scale-out your NVA firewall appliance from vendors like Fortinet, Palo Alto and Cisco to achieve the cloud-like elasticity you can only dream of via traditional N+1 deployment approaches. 

AWS CloudFormation 

  • Deploy your AWS landing zone based on a repeatable, easy-to-reproduce Infrastructure as Code (IaC) footprint, deployable and reproducible in minutes rather than days. 

The cultural shift towards automation and modularity further enhances the agility and responsiveness of the network. Vendors like VMware, Juniper Networks, and Palo Alto networks provide robust solutions that integrate seamlessly with these cloud platforms, and by using NetDevOps practices, you can take full advantage of this to enhance your network operations to meet your business’ potential. 

How CACI can help

 CACI understands that time is money, which is why our NetDevOps solutions are designed to buy you more of it. We offer: 

  • Expertise in network automation: Our team of experts bring years of experience in automating network processes, ensuring your network is always one step ahead. 
  • Customised solutions: We tailor our NetDevOps solutions to fit your unique business needs, ensuring maximum efficiency and effectiveness. 
  • Proven track record: Our successful deployments across various industries from media to telco, utilities, financial services and others speak for themselves. We deliver results that matter. 

Investing in NetDevOps is not just about keeping up with the times; it’s about staying ahead and buying time. CACI’s can help you unlock the true potential of your network and transform it into a strategic asset that drives business success. Remember, time might not be a currency, but with NetDevOps, you can buy simultaneous network delivery concurrency.

Invest wisely, get in touch with our team today.

Disclaimer: You may get back more time than the amount of invested. Past CACI performance is a guaranteed indicator of your network’s future performance success. Your network is almost certainly not at risk. 

How building a network automation content library accelerates efforts

Posted on: 19 September 2024
How building a network automation content library accelerates efforts

CACI  has a rich heritage in network engineering, IT infrastructure, delivery assurance and network automation, including NetDevOps practices such as network coding, CI/CD pipeline optimisation, network lifecycle management and more. Our network automation experts engage in a variety of activities for our clients, a few of which include:

Telco (ISP)

  • Build out of a NetBox NSoT (Network Source of Truth) and modelling of an ISP lab environment that allows for seamless network inventory management, such as VLANs, VRFs, IP linknets, cabling, chassis-to-blade mapping and more.

Telco (ISP)

  • Build out of a Python Flask-based application (including frontend, backend and API) “LabDash” to enable management of changing Telco inventory, such as line cards, SFP transceivers, patching – within a lab environment used for Telecommunications (Security) Act 2021 (TSA) testbed and network build-out activities.

Finance

  • Build out of a customised observability solution to complement in-flight NMS, OSS and BSS tooling, with customised metrics around specific values of SNAT count, TCP session count and related for a complex load-balanced application solution.

Defence

  • Build out of IaC blueprints to deploy complex NVA router, NVA firewall, Load Balancer ADC and other centralised infrastructure as part of an Azure landing zone deployment.

In everything we do, we always follow DevOps and software development practices, most notably being “DRY” (Don’t Repeat Yourself). As such, we are building a library of automations and network code that can benefit future clients through a faster delivery of NetDevOps solutions – leading to a flywheel of network affects, meaning the more we do for clients, the more we learn and can apply our shared learnings – and code libraries, modules and approaches – to accelerate network automation efforts for future clients.

Automation library

Giving back to the network automation community

We know that we can’t do this alone, and equally to ensure we  attract and maintain top-quality NetDevOps talent and network automation consultants, we give back to the wider network automation community by building several tools within our public GitHub Repository. These include:

PAC File Performance Comparer 

PAC File Performance Comparer is intended to be run on an ad-hoc basis to allow for a quick comparison using the Pacparser to calculate both the time difference (i.e. performance optimisation gain of the JavaScript PAC code refactor) and conformity against a test set of URL behaviours (i.e. proxy or direct) for a “before” and “after” PAC (Proxy Auto-Configuration File) refactoring exercise.

Azure JSON IP Feed to Juniper SRX Checker

Azure JSON IP Feed to Juniper SRX Checker is intended to be run on a periodic (i.e. daily) basis to check for updates, changes or deletions made by Microsoft to their Azure IP Address Ranges as per the Microsoft-published Azure IP Ranges and Service Tags – Public Cloud JSON feed and convert into Junos SRX-compatible security policy syntax/configuration.

Adding to our sandpit

Whenever we develop a module, code, artefact or solution for a client, we always ensure that we contribute any non-sensitive elements of this network code back to our “sandpit”, which is a growing area of internal “scraps” of code and approaches that we use internally to accelerate our development of solutions for clients. This enables our NetDevOps engineers to accelerate their developments into clients’ environment and build on shared learnings within our wider network automation practice.

Below is just a small sample of some of the things we’ve already done and can do faster again – perhaps to help you if your NetDevOps is feeling more like NetDevOops:

  • ajax-code-snippets
  • azure-f5-bigip-ha-cluster-cfe-do
  • azure-natgw-azlb-stress-tester
  • azure-zscaler-ip-lookup-csv
  • caci-ns-employee-profile-tools
  • certificate-automation-python
  • credly-certs-badging
  • cytoscape-network-topology-viewer
  • gartner-market-vendor-scraper
  • hostnames-geoip
  • megaport-api-provisioner
  • network-weathermap-visualiser

Ready to turn your NetDevOops into NetDevOps?

At CACI, we’re well-versed across all areas of IT infrastructure – be that IT, delivery assurance, cloud, network or DevOps and systems administration. Our expert consultants have worked across a large spectrum of clients in varying stages of digital transformation, some with adherence to more agile-led delivery lifecycle, others with adherence to more waterfall-led delivery lifecycle – and have experience across a plethora of industry frameworks, from TOGAF to SAFe to more traditional ITIL deployments.

Get in touch and let us help you assure and stabilise your cloud, IT or network infrastructure to fulfil the four key DORA DevOps metrics in your company (or ask us what they are if you don’t already know) and accelerate your NetDevOps and SRE success!

How to successfully navigate the opinionated NetDevOps stack

Posted on: 17 September 2024
How to successfully navigate the opinionated NetDevOps stack

Getting to NetDevOps and network automation is hard – sure, there may be plenty of free tools and resources available, but knowing which tool to use in certain situations can complicate the process. The often-complicated naming conventions of these tools and resources don’t exactly make matters easier. See for yourself whether you can spot the fake tool or protocol among these:

  • gNMI
  • Batfish
  • Parafidgeon
  • Pandas
  • BaHalmAI
  • Nornir
  • Flask
  • DuncanO
  • Suzieq
  • Pytest
  • Scrapli
  • BookPie
  • pyATS
  • Netmiko
  • AutoM8

(Answer: Keep reading to find out!)

Building with Open Source also has its risks – do you want this to be your network automation stack when it’s in production supporting your mission critical, CNI or other network Infrastructure concern?

Opinions, we’ve got a few

At CACI Network Services, we’ve been doing everything from network infrastructure, telco, delivery assurance, cloud and DevOps infrastructure and more for nearly two decades – just enough time to formulate some opinions on what is good, what actually works, and when to use it in your technology stack. Our mission as a trusted advisor is ultimately to benefit your IT network infrastructure to grow greater than the ever-growing sum of our deep network engineering expertise – where we’re increasingly finding the best way of conveying this to be through articulating which technology to use in which aspect of NetDevOps, depending on a client company’s size, maturity, culture and budget.

Enter the “opinionated stack”, or more concisely, one of the below DevOps mobius loops, with some added context on which tool to use, in which situation and why:

Profiling isn’t always a bad thing

To help direct our clients to the right opinionated stack, we’ve found that profiling our customers across the following three dimensions has helped us gain deeper insight into their network operations behaviours:

Size

  • Small – <100 nodes (routers, switches, NVAs, firewalls, etc.)
  • Medium <1,000 nodes
  • Large >1,000 nodes

Maturity

  • Nascent – mostly ClickOps, box-by-box, limited or no CI/CD or network automation ecosystem
  • Developing – pervasive ClickOps, box-by-box with some or trialling CI/CD or network automation ecosystem
  • Practicing – ClickOps by exception, box-by-box in emergency with strong CI/CD and growing NetDevOps ecosystem

Culture

  • Engineering-led – organisations that value in-house engineering as a primary driver
  • Financial-led – organisations that value minimisation of OpEx as a primary driver
  • Risk-led – organisations that value minimisation and risk mitigation as a primary driver

Want a preview of our work for your organisation? Take a look at our IP Fabric Partnership and forthcoming announcements in this space to see how we can help.

Getting answers

We did promise we’d tell you which were the real tools in network automation, so here goes:

  • Batfish
  • Pandas
  • Nornir
  • Flask
  • Suzieq
  • Pytest
  • Scrapli
  • pyATS
  • Netmiko

How CACI Network Services can help 

If you’d like to know more about these tools, what they can do for your network infrastructure and how we deploy, operate and maintain them for our clients in finance, defence, government, utilities, media and beyond, get in touch to see how we can help demystify them into actionable insights for your IT network infrastructure estate.

How to determine whether your network is ready for AI

Posted on: 13 September 2024
How to determine whether your network is ready for AI

You’re busy, and so is your network. Or if it’s not, it’s about to be. AI workloads are coming for your network, and to remain competitive in a world where AI-enabled applications and workflows become the norm, it must be embraced. 

Networks are collectively facing their next pivotal moment of transformation and must therefore equip themselves with the necessary network automation and NetDevOps practices to sufficiently operate and enable AI. 

What steps can be taken to prepare a network for AI?

As organisations strive to control the power of AI, it’s crucial to ensure that their network infrastructure is prepared to support these advanced technologies. 

In our experience, AI has two key implications to network environments: 

Changing the operation of the network 

  • AIOps fundamentally changes some monitoring approaches such as the Network Management System (NMS) trap and poll of yesteryear towards observability approaches, leveraging streaming network telemetry 
  • Finding signal in the noise of network alarms shifts from “hard” to “impossible” without the assistance of AI that AIOps brings. 

Changing the deployment of the network 

  • AI workloads are fundamentally different to traditional IT workloads, requiring network topologies that can sustain low flow entropy, high flow burstiness, elephant flows and near-100% bandwidth utilisation 
  • Stock Ethernet isn’t the only player on AI networks, often utilising RDMA-approaches and protocols such as RoCE and InfiniBand, which require differing abilities to design, deploy and operate. 

By taking the following proactive steps, businesses can not only enhance their operational efficiency, but also position themselves as leaders in the AI-driven future. 

Evaluate the current infrastructure for AI compatibility

To ensure your network is ready for the AI era, start by thoroughly understanding and evaluating your current infrastructure for AI compatibility. This includes assessing the following areas: 

  • Link bandwidth utilisation 
  • Average end-to-end latency 
  • Interconnect and Edge capacity 
  • SFP compatibility with known GPU and TPU hardware 
  • Consideration for Smart NIC and DPU offload. 

Just because your current network topology can run an AI workload or cope without AIOps doesn’t mean it will when your business starts deploying AI workloads at increasing pace. 

Modify IT operations practices 

AI comes from a world of software engineering backed by DevOps practices which might be at odds with your current IT service management approaches. Ensure cultural differences of AI workloads and tooling have been considered, such as: 

  • Continuous Integration with Continuous Deployment (CI/CD) pipelines for end-to-end infrastructure operation and deployment 
  • Governance via self-service approaches such as pull request (PR) and merge 
  • Infrastructure as Code (IaC) for self-documenting infrastructure, topologies and design validation 
  • Observability against proactive KPIs to replace reactive capacity management processes 
  • Automated remediation based on categorised risk tolerance levels of network change activity, removing humans from the loop where possible. 

AI isn’t going to wait for an RFC before swamping a poorly-configured uplink with a deluge of elephant flows that exhaust your “deep” packet buffers. Controllerless networks are going to feel more strain, so software-defined networking (SDN) approaches should be considered to remove the need for high-touch human interaction in sustaining network operations. 

Consolidate your current IT operations tooling

In our experience, it is not uncommon for clients to have a multitude of monitoring systems that have collected over the years. No business ever intends to have more than one, but you may have: 

  • Started a proof of concept (PoC) using PRTG for some of your network estate 
  • Implemented SolarWinds for your IT server and virtualisation equipment 
  • Spun up Cisco Prime Infrastructure for your mainly-Cisco network environment 
  • Added Tufin for your firewall and network security appliances 
  • Forgotten the small Juniper Space deployment for your Juniper SRX Firewall data centre edge. 
  • Purchasing yet another monitoring tool that introduces AIOps will not help here.

Now is a good time to reassess each monitoring tool from the perceived benefit against the actual benefit it gives you. 

AIOps in conjunction with a comprehensive review of what you want your monitoring tools to add aligned to Observability pillars such of logs, metrics, and traces – and crucially aligning these to who is going to do what with each outcome – almost certainly will. 

Provide AI-oriented training

Not every team member has to be—or will be—a full-fledged engineer, and that’s okay. There must, however, be at least a basic awareness of some of the nuances of how AI operates and some common pitfalls. For example: 

  • Think in terms of context and having the outcome you want in mind at all times 
  • Work with Large Language Models (LLM) context windows 
  • A PDF export of a NMS device inventory is likely to be bigger (in data storage terms) than a comparable CSV export – therefore use more context window “tokens” when fed into an AI prompt engine.
  • Sanitise sensitive data from network configurations 
  • When using network vendor configurations across device families, the act of find-replacing a SNMP username/password might not be as easy as looking for “snmp-sever username…” due to syntax differences of the same configuration across vendors and even within similar devices from the same network vendor. 
  • Ensure you take extra time in sanitising sensitive data such as IP addresses, hostnames, SNMP username/passwords, PKI (SSH/SSL) certificate fingerprints and the like 
  • Consider AIOps an integral API that is central to your observability stack 
    • How will it process southbound data from network devices and element managers, and what protocol(s) will it utilise? 
  • Define the business logic that will help it understand the context of network deployment in your organisation 
  • Consider common fault scenarios and how these are codified into the AIOps tooling. 

The key to both AIOps and AI workloads is ensuring the upfront work is taken to assess how these will change both technology and culture within your organisation before adding them to the potentially already-full pile of half-used monitoring tools on the organisational shelf. 

How CACI can help 

CACI understands the importance of data and streamlined processing. Our team possesses over 20 years of experience in every network engineering undertaking imaginable, from architecture, design and operations to managed networks and network automation. We are trusted by some of the UK’s most successful companies in finance, telco, utilities, government and public sector to innately understand their systems, culture and industries. 

Talk to our Network Automation experts today and let us get you from network automation to NetDevOps to assure, run and manage the increasing velocity of AI workloads that are coming to network infrastructures on a wider scale. 

 

How NetDevOps transforms network management for AI applications

Posted on: 11 September 2024
How NetDevOps transforms network management for AI applications

AI – more specifically, GenAI (Generative AI) – is continuously making its presence known through embedded integration into various network applications and workloads. First, there was DevOpsa grassroots initiative to unite the fractured worlds of development and operations. Then there was NetDevOps, where network engineers joined in to complete the trifecta:

NetDevOps transformation

AI workloads with disparate and sprawling protocol interdependencies mandate something new: AIOps. Humans could previously keep pace with FCAPS processes such as SNMP Traps, Syslog Alerts, NMS Alarms and more. Now, however, the network is evolving in such a pace that manual processes won’t cut it. 

The future of network engineering is clear: network automation through NetDevOps is the only viable way to achieve a semblance of sanity in obtaining signal to noise (SNR) in the demanding, high throughput, zero-loss network utilisation that AI workloads demand. 

What roles do NetDevOps and network automation play in business operations? 

High-performing networks are now vital for business operations, as digital transformation becomes a reality for most enterprises – enabled perhaps most notably by the pandemic and compounded by technological innovations such as GenAI and the “GPT” conversational interface to the Large Language Model (LLM). In a climate of recessions, tightening budgets, decreased human workers and increased AI agents, the network simply can’t continue to look like: 

  • Ticket-led troubleshooting slowly finding the Resolver Group in Servicenow 
  • Ad-hoc configuration changes driven via vendor syntax in notepad.exe 
  • Failed firmware upgrades caused by inaccurate human knowledge of HA architectures 
  • Fragile underlays, circuits and protocols with high provisioning times driven through paper request processes and Word documents 
  • Static network architectures focused more on artificial tiers that only help network vendors sell their quota for the month. 

Where network automation focuses on the changes required to the network engineering discipline itself, NetDevOps builds on this by uniting the teams required to achieve this, turning network engineering from mastering the dark arts to coding against the well-trodden software engineering path. 

NetDevOps is essentially the enabler that speeds up automation within a network engineering department through cultural reinforcement and moving the network towards an “as a service” offering. It also aligns deployment, change and provision of the network towards platform engineering and self-service approaches as seen elsewhere in IT Service Management (ITSM) and software development. Through NetDevOps, you can achieve: 

  • Version control for network state through mature configuration management that escapes the bureaucracy of the CMDB 
  • Abstracted intent-based network configuration to achieve network vendor independence, deduplication of network coding and cross-team collaboration on previously opaque network vendor settings 
  • Operational state verification through testing approaches to bring the rigour of software development practices to the previous discipline of network engineering 
  • Expedited mass deployment using sequential means of network configuration via API rather than CLI 
  • Self-documenting infrastructure provision using Infrastructure as Code (IaC) to consistently, efficiently and universally bring complex multi-vendor NVA routing, firewall and security solutions into reality. 

What will the impact of AI be on traditional network engineering?

NetDevOps supplies one key component that traditional network engineering has fallen short on: reliable infrastructure velocity. AIOps gives operations one key component that network management has fallen short on: expedited network remediation. Finally, AI workloads give the network one key problem that previous IT workloads have not: high-throughput, lossless utilisation. 

Essentially, the impact of AI on network engineering will be twofold, becoming the cure to the problem it creates: 

  • The problem: Super-high utilisation of network capacity through continuously-bursty elephant flows, requiring near-lossless network throughput. 
  • The solution: Instantly intuitive insight, observability and remediation of network faults and capacity exhaustion through AIOps. 

AI is not just a passing trend, it is a transformative force that will reshape the way networks operate and evolve. As AI-driven applications and workloads become more complex, your network will need to handle unprecedented levels of data traffic while maintaining optimal performance and security. 

How CACI can help

We understand that every network is unique and have worked on some of the most unique and well-known network architectures deployed from Critical National Infrastructure (CNI), through to telecommunications, data centres, hybrid cloud and service provider. 

Whether you are looking to integrate AI into your existing ITSM tooling, CI/CD pipelines or overhaul your network deployment scripts, we have over 20 years’ experience across a breadth of network technologies to support you. 

Benefits of our NetDevOps services include: 

  • Eliminating manual network provisioning and troubleshooting tasks 
  • Codifying understanding of network topology in a structured data format 
  • Integrating network provisioning workflows into IT Service Management (ITSM) tooling 
  • Expediting network troubleshooting through assisted alarm and event correlation 
  • Reducing the risk of network deployment mistakes and rework 
  • Minimising costs through modularisation of network configuration approach 
  • Increasing ROI through reuse of codified Network Functions as Code. 

We understand that the network is a piece of the wider infrastructure that underpins your business. CACI manages and delivers entire technology transformation programmes – from programme management, business analysis, service design, managed services and more, we offer the full stack of IT network expertise for your business. 

Contact CACI Network Services today to find out more about how our team of experts can guide you through the disruptive AI network wave.

How AI is rewriting the rules of network engineering

Posted on: 4 September 2024
How AI is rewriting the rules of network engineering

AI is coming for your network… but not as you expect

Seasoned IT professionals are no strangers to technology transformations and weathering the storms associated with them. Artificial Intelligence (AI), however, presents different, unique challenges to your network. Everyone is talking about the changes that AI will bring to your work, but few are talking about the changes AI application workloads bring to the design, architecture and operations of your network.

What changes are coming to network engineering and automation due to AI?

The advent of AI means that now more now than ever before, the architecture, design and operational excellence of your network matters. Network automation is coming to the fore to deal with the changes AI requires of networks, including: 

  • High throughput transactions facilitated via features such as RoCE Adaptive Routing (AR) 
  • Parallelised datagram transmission through AI network protocols such as RoCE, InfiniBand and other RDMA-based approaches 
  • Dense port connectivity to interconnect numerous distributed GPU and TPU processors required for generative AI (GenAI) training and model processing 
  • Lossless packet transmission to optimise LLM training runs and prevent the need for costly retransmission that can lead to AI training data corruption 
  • Extreme bandwidth utilisation from bursty elephant flows which can flow up to the line-rate of the connected NICs. 

AI workloads such as GPT, LLM and ML have different requirements of your network to traditional IT workloads. Legacy ITSM approaches also won’t cut it for AI-enabled business applications. It isn’t just routers, switches, firewalls and cables – it’s the 24/7 backbone of your organisation’s competitive advantage. 

This is FCoE (Fibre Channel over Ethernet) all over again; only this time it’s not going away – AI is here to stay. Humans driven through ITIL don’t work 24/7 at 100% capacity like AI does, which is where automation comes in. Specifically, network automation facilitated through expert NetDevOps practices and tooling. 

How CACI can help

Embracing the power of automation will lead to a robust and agile network infrastructure for your organisation. With over 20 years of experience with all aspects of network engineering – data centre, service provider, hybrid cloud and beyond – including complimentary offerings in delivery assurance and DevOps, CACI has networked, designed automated some of the UK’s most successful companies in financial services, telecommunications, utilities, government and public sector. 

Our renowned network automation and NetDevOps services revolutionise your network infrastructure by leveraging advance technologies required for AI workloads. From configuration management to network monitoring and troubleshooting through observability, we streamline your operations, improve efficiency and maximise your network performance. 

A few of the many benefits of CACI’s network automation services include:

  • Automating network provisioning and troubleshooting: Eliminating manual network provisioning and expediting network troubleshooting through assisted alarm and event correlation 
  • Enhancing network understanding and management: Codifying an understanding of the network topology in a structured data format and integrating network provisioning workflows into IT Service Management (ITSM) tooling 
  • Improving efficiency and cost-effectiveness: Reducing the risk of network deployment mistakes and rework and minimising costs through a modularisation of network configuration approach 
  • Optimising resource utilisation and talent management: Increasing ROI through reuse of codified “Network Functions as Code” and retaining in-demand network engineering talent through use of modern network deployment working practices. 

Don’t let your network get left behind by the AI network revolution. Contact CACI today to navigate AI and bolster your network ready for the AI-enabled, LLM-led, ML-fed future. 

How to craft a network automation strategy aligned with C-suite goals: A blueprint for success

Posted on: 10 April 2024
How to craft a network automation strategy aligned with C-suite goals: A blueprint for success

In the first blog of this two-part series, we assessed the impact of network automation on a business and ways in which a successful business case can be created. In this blog, we’ll look at strategies for keeping the C-suite interested in pursuing network automation and mistakes to avoid when developing strategies. 

How to keep C-suite interested

Long-term network automation strategies will only be successful if the C-suite has consistent buy-in on its implementation and maintenance. This can be achieved through:   

  • Providing progress updates: Sharing network automation progress updates with C-suite staff will help quantify its impact on the business and keep momentum high in terms of maintaining it. 
  • Highlighting ROI for the business: Cost reductions, increased capacity or resources and overall performance are all high interest to C-suite staff. Ensuring the C-suite is aware of how network automation affects these will be critical. 
  • Demonstrating alignment with the business’ strategic goals: Highlighting the ways in which network automation consistently aligns with the business’ strategic goals will help C-suite staff visualise the long-term business outcomes. 
  • Adapting to changes: C-suite members’ business priorities are likely to change over time. Remaining flexible and willing to re-align to changing priorities as needed will ensure long-term success of network automation within the business.   

It is often the case where organisations’ focus on network automation, while well-intended, results in them biting off more than they can chew rather than breaking down more tactical, low-hanging fruit. Despite this having an immediate impact, it can be less visible to senior executives. In general, network automation should be applied to try and achieve two key areas for immediate impact:  

  1. Improve the consistency of network deployment  
  2. Reduce noise within network operations.  

4 common mistakes to avoid when developing a network automation strategy

Some of the common mistakes we see that diverge these two key aims include:

Trying to do too much too soon 

The key with any automation in winning over detractors is incremental consistency over widespread adoption. We often find that small, tactical, lower-level automations with well-scoped outcomes for low-hanging fruit can exceptionally impact the overall consistency of deployment for this element and kickstart the incremental flywheel of trust. This is due to lower-level engineers and operations staff seeing the immediate benefit of automation and beginning to organically adopt these approaches within other higher-value, business-impacting tasks. 

Successfully adopted and maintained automation efforts nearly always look like bottom-up, grassroots endeavours, where buy-in through adoption and proven time efficiency or consistency outcomes have been recognised by low-level engineering resources closest to the network who can advocate for the approach to other peers on their level to the wider organisation. Quantifiable results which prove IT’s ability to deliver are key in achieving grassroots adoption which flows up the organisational hierarchy, rather than trying to mandate this as a top-down approach. Human psychology is as big a factor in network automation’s success in an organisation as technical prowess, given the personal friction many engineers will have to automation as something which could affect their personal wellbeing or circumstances.  

Focusing on the wrong use cases (selection bias)

Use cases which resonate with the business context faced by your organisation are pivotal in creating network automations that are immediately impactful and reap actual business rewards. Executive-led automation efforts can focus too intently on senior IT leaders’ specific issues that may be perceived as higher-affecting but are often more niche and low-scale than more commodity – but wider-scale – issues as seen by engineering and deployment resources.   

Network automation should focus on the daily toil rather than the aspirational state. For example, more dividend will be yielded by automating a firewall rule request process which several of your engineers unknowingly gatekeep as a bottleneck to your application development and implementation projects than would be from, for example, automating network configuration backups, which will likely already be catered for by a disaster recovery process, no matter how human-intensive that may be.   

Tool-led strategy adoption

Network automation is a complex area of abstractions and principles built atop chains of other abstractions or fundamentals. For this reason, it can be tempting to lean on the lowest common denominator within the field – often the “lingua franca” of the tooling and framework buzzwords such as Terraform, Ansible, IaC, YAML, YANG and so on.   

While countless types and competing network automation tools exist, this doesn’t always mean they’re developed for or relevant to your business’ specific issues. It’s also worth being mindful of “resume-driven development” here– while the “new shiny” might look great to your engineering and architecture teams, it doesn’t always mean it’s best for your business context, budget or other regulatory constraints.   

Automation in isolation of process review and improvement

There’s a reason “garbage in, garbage out” is a phrase– automating the garbage to go faster doesn’t get rid of its existence. Automation often lives in the space between process and technology, so improvements in one can feedback into the other. Automation tends to inform improvements to existing business processes through its installation than for static business processes that were perfect all along.   

The mere act of undergoing an automation journey can also be an exponential value-add when focusing on and improving business processes which would otherwise not have been explored. This ensures a double win from both optimising the business process itself and enables an extended reach of that into the network and IT plane, speeding up the process and improving its efficiency. This virtuous flywheel can often become a force-multiplier that tremendously benefits the organisation for relatively little upfront effort. 

How can CACI help?

CACI’s expert team comprises multidisciplined IT, networking infrastructure and consultant and automation engineers with extensive experience in network automation. We can support and consult on every aspect of your organisation’s network from its architecture, design and deployment through to cloud architecture adoption and deployment, as well as maintaining an optimised managed network service. 

To learn more about the impact of network automation and how to sell its value to the C-suite, please read our e-book “How to sell the value of network automation to the C-suite”. You can also get in touch with the team here.