Capability: Network & Infrastructure Services

Navigating the technical challenges of cloud.microsoft

Posted on: 2 December 2024
Navigating the technical challenges of cloud.microsoft

Transitioning to cloud.microsoft is not just a superficial change; it requires intrinsic technical adjustments that may affect your network’s security and performance. So, according to CACI’s network security experts, what are the technical challenges that may arise with this transition and what solutions are available to businesses to ease it? 

Identifying & resolving the technical challenges

  • DNS configuration and management: Transitioning to a unified domain requires meticulous DNS configuration. Therefore, you must ensure your DNS settings are correctly aligned with the new domain structure for uninterrupted access to Microsoft 365 services. This involves updating DNS records, modifying conditional forwarders, checking root hints, or even changing DNS resolvers in your network to cope with the new .microsoft root TLD and correctly route all subdomains.
  • Proxy and firewall adjustments: Adjustments to proxy settings and firewall rules are necessary with the new domain. This includes updating allow-lists and ensuring traffic to and from cloud.microsoft is filtered and monitored correctly. Implementing robust proxy configurations will be necessary to maintain secure and efficient access to Microsoft 365 services through the transition period.
  • Code and API integrations: The unified domain offers a more streamlined approach for businesses leveraging custom API integrations with Microsoft 365. Ensuring that all scripts, code, API gateway and native API calls are updated to reflect the new domain is essential for maintaining functionality and security in any collaboration integrations.
  • Security protocols and compliance: The cloud.microsoft domain’s enhanced security features necessitate a thorough review of your existing security protocols. This might include implementing advanced threat protection, ensuring compliance with industry standards and leveraging Microsoft’s security tools to monitor and mitigate potential threats. 

Challenges and solutions

  • Firewall reconfiguration: Shifting to a new domain will cause existing firewall rules and policies to be updated, which can be a complex and lengthy process, particularly for large organisations with extensive firewall configurations. CACI can assist by conducting a thorough audit of your current firewall settings with our Firewall Optimisation Assessment, identifying necessary changes and implementing these updates to ensure seamless access to Microsoft 365 services.
  • Proxy PAC file updates: Proxy Auto-Configuration (PAC) file logic will need to be updated to reflect the new domain, which involves modifying the scripts that determine how web browsers and other user agents can automatically select the appropriate proxy server. CACI’s NetDevOps experts can help rewrite, optimise and test these PAC files to ensure they are correctly configured, minimising disruptions to your 365 network traffic.
  • DNS reconfiguration: Updating DNS settings to accommodate the new domain structure will be critical. This includes modifying DNS records, resolver chains, forward lookup zones and conditional forwarders to manage the new subdomain and root TLD routing. CACI can provide comprehensive DNS management and optimisation services, ensuring that all changes are correctly implemented and that your DNS infrastructure remains secure and efficient.
  • Network infrastructure adjustments: Beyond firewalls and proxies, other network infrastructure components such as load balancers, VPNs, SDCI (ExpressRoute) and intrusion detection systems may also require reconfiguration. CACI’s team of expert network security engineers can assess your entire network setup, identify areas that need adjustment and implement the necessary changes to ensure compatibility with the cloud.microsoft domain.
  • Compliance and security: Adhering to industry standards and compliance regulations will be paramount for your network. The transition to cloud.microsoft offers enhanced security features, but these must be properly configured and monitored. CACI can help you leverage these security enhancements, implement advanced threat protection measures and ensure that your network remains compliant with all relevant regulations. 

How CACI can help

As a trusted advisor with deep network and security expertise across sectors from finance, through telco, media, and government, CACI is uniquely positioned to help your business leverage the full potential of Microsoft 365 and the new cloud.microsoft domain.  With over 20 years of experience in cloud services and a deep understanding of Microsoft technologies, CACI can provide tailored solutions that meet your specific business needs. Our team of experts will ensure a smooth transition to the cloud.microsoft domain, minimising disruptions and maximising efficiency. 

CACI offers a comprehensive range of services, from initial consultation to ongoing support, ensuring you get the most from your Microsoft 365 investment. Our Managed Network Services help maintain your network and security, all while prioritising compliance and utilising the enhanced security features of the cloud.microsoft domain. Book a consultation with us today to discover how CACI can support help your organisation navigate the  Microsoft system change requirements here. 

Unlock time with NetDevOps: Your business’ most precious currency

Posted on: 6 November 2024
Unlock time with NetDevOps: Your business’ most precious currency

Time is seen as the ultimate currency as– it’s the one resource you can’t purchase or stockpile. But what if there was a way to maximise your time investment? Enter NetDevOps. 

NetDevOps: The time-saving bridge

NetDevOps combines the best of DevOps practices with deep knowledge from network operations (hence the name NetDevOps). By embracing NetDevOps, you bridge the gap between network infrastructure and applications, creating a unified approach that saves precious time. 

NetDevOps integrates the principles of DevOps – such as Continuous Integration (CI), Continuous Delivery (CD) and automated testing – into network management. This integration fosters a more agile and collaborative environment where network changes can be implemented swiftly and reliably without the usual pre-change request fear. 

Automation tools like Ansible and Terraform play a crucial role, reducing the need for manual interventions and minimising human errors, thus speeding up processes and enhancing overall efficiency. When combined with programming languages and tools like Python, Nornir, Nautobot, pyATS and SuzieQ, they create an unbeatable automation machine to complement and accelerate your network engineer’s knowledge of the enterprise network. 

Why NetDevOps matters

Traditional network management relies on manual processes, leading to inefficiencies, errors and delays. NetDevOps changes the game – it treats the network as code, allowing for all the advantages of DevOps and software engineering, such as: 

  • Version control through VCS such as Git 
  • Automated testing through frameworks such as pyATS 
  • Error avoidance through techniques such as linting to remove human error 
  • Integrated security through pipeline source code analysis tools 

The result?

✔ Faster deployments

Quicker upgrades

Reduced bottlenecks 

Your network becomes a time-saving powerhouse. 

Contrast this with traditional network management which is often slow, prone to mistakes and causes significant delays and operational issues. The automation of routine tasks also frees up valuable time for network engineers to focus on higher-value, more strategic initiatives. 

Imagining the possibilities of a NetDevOps approach

NetDevOps promotes a culture of shared responsibility and knowledge within the network team. By automating easier network tasks and maintaining comprehensive (and dynamically-updating) documentation and version control, the dependency on individual team members is significantly reduced. 

Concepts like automated testing and validation processes benefit everyone, ensuring that network upgrades and changes are implemented smoothly, with reduced risk of downtime and enhancing the overall stability of the network. 

NetDevOps + Cloud Networking: Making 1+1 = 5 

If you’re considering deploying Network Virtual Appliances (NVA) or Network Function Virtualisation (NVF/NVF) via ClickOps or TradOps, you may want to think again. For high velocity application delivery, embracing modularity, obtaining cultural shifts or infrastructure as code, a NetDevOps approach will be critical. Cloud environments like AWS, Azure and GCP offer powerful tools for deploying and managing network resources, such as: 

Azure API 

  • Dynamically update your UDRs based on observability practices to a lower-loaded firewall NVA or link. 

Azure CLI 

  • Expose the underlying Azure VNET BGP route paths using the relevant “az network” commands. 

Azure VM Scale Sets (VMSS) 

  • Horizontally scale-out your NVA firewall appliance from vendors like Fortinet, Palo Alto and Cisco to achieve the cloud-like elasticity you can only dream of via traditional N+1 deployment approaches. 

AWS CloudFormation 

  • Deploy your AWS landing zone based on a repeatable, easy-to-reproduce Infrastructure as Code (IaC) footprint, deployable and reproducible in minutes rather than days. 

The cultural shift towards automation and modularity further enhances the agility and responsiveness of the network. Vendors like VMware, Juniper Networks, and Palo Alto networks provide robust solutions that integrate seamlessly with these cloud platforms, and by using NetDevOps practices, you can take full advantage of this to enhance your network operations to meet your business’ potential. 

How CACI can help

 CACI understands that time is money, which is why our NetDevOps solutions are designed to buy you more of it. We offer: 

  • Expertise in network automation: Our team of experts bring years of experience in automating network processes, ensuring your network is always one step ahead. 
  • Customised solutions: We tailor our NetDevOps solutions to fit your unique business needs, ensuring maximum efficiency and effectiveness. 
  • Proven track record: Our successful deployments across various industries from media to telco, utilities, financial services and others speak for themselves. We deliver results that matter. 

Investing in NetDevOps is not just about keeping up with the times; it’s about staying ahead and buying time. CACI’s can help you unlock the true potential of your network and transform it into a strategic asset that drives business success. Remember, time might not be a currency, but with NetDevOps, you can buy simultaneous network delivery concurrency.

Invest wisely, get in touch with our team today.

Disclaimer: You may get back more time than the amount of invested. Past CACI performance is a guaranteed indicator of your network’s future performance success. Your network is almost certainly not at risk. 

How building a network automation content library accelerates efforts

Posted on: 19 September 2024
How building a network automation content library accelerates efforts

CACI  has a rich heritage in network engineering, IT infrastructure, delivery assurance and network automation, including NetDevOps practices such as network coding, CI/CD pipeline optimisation, network lifecycle management and more. Our network automation experts engage in a variety of activities for our clients, a few of which include:

Telco (ISP)

  • Build out of a NetBox NSoT (Network Source of Truth) and modelling of an ISP lab environment that allows for seamless network inventory management, such as VLANs, VRFs, IP linknets, cabling, chassis-to-blade mapping and more.

Telco (ISP)

  • Build out of a Python Flask-based application (including frontend, backend and API) “LabDash” to enable management of changing Telco inventory, such as line cards, SFP transceivers, patching – within a lab environment used for Telecommunications (Security) Act 2021 (TSA) testbed and network build-out activities.

Finance

  • Build out of a customised observability solution to complement in-flight NMS, OSS and BSS tooling, with customised metrics around specific values of SNAT count, TCP session count and related for a complex load-balanced application solution.

Defence

  • Build out of IaC blueprints to deploy complex NVA router, NVA firewall, Load Balancer ADC and other centralised infrastructure as part of an Azure landing zone deployment.

In everything we do, we always follow DevOps and software development practices, most notably being “DRY” (Don’t Repeat Yourself). As such, we are building a library of automations and network code that can benefit future clients through a faster delivery of NetDevOps solutions – leading to a flywheel of network affects, meaning the more we do for clients, the more we learn and can apply our shared learnings – and code libraries, modules and approaches – to accelerate network automation efforts for future clients.

Automation library

Giving back to the network automation community

We know that we can’t do this alone, and equally to ensure we  attract and maintain top-quality NetDevOps talent and network automation consultants, we give back to the wider network automation community by building several tools within our public GitHub Repository. These include:

PAC File Performance Comparer 

PAC File Performance Comparer is intended to be run on an ad-hoc basis to allow for a quick comparison using the Pacparser to calculate both the time difference (i.e. performance optimisation gain of the JavaScript PAC code refactor) and conformity against a test set of URL behaviours (i.e. proxy or direct) for a “before” and “after” PAC (Proxy Auto-Configuration File) refactoring exercise.

Azure JSON IP Feed to Juniper SRX Checker

Azure JSON IP Feed to Juniper SRX Checker is intended to be run on a periodic (i.e. daily) basis to check for updates, changes or deletions made by Microsoft to their Azure IP Address Ranges as per the Microsoft-published Azure IP Ranges and Service Tags – Public Cloud JSON feed and convert into Junos SRX-compatible security policy syntax/configuration.

Adding to our sandpit

Whenever we develop a module, code, artefact or solution for a client, we always ensure that we contribute any non-sensitive elements of this network code back to our “sandpit”, which is a growing area of internal “scraps” of code and approaches that we use internally to accelerate our development of solutions for clients. This enables our NetDevOps engineers to accelerate their developments into clients’ environment and build on shared learnings within our wider network automation practice.

Below is just a small sample of some of the things we’ve already done and can do faster again – perhaps to help you if your NetDevOps is feeling more like NetDevOops:

  • ajax-code-snippets
  • azure-f5-bigip-ha-cluster-cfe-do
  • azure-natgw-azlb-stress-tester
  • azure-zscaler-ip-lookup-csv
  • caci-ns-employee-profile-tools
  • certificate-automation-python
  • credly-certs-badging
  • cytoscape-network-topology-viewer
  • gartner-market-vendor-scraper
  • hostnames-geoip
  • megaport-api-provisioner
  • network-weathermap-visualiser

Ready to turn your NetDevOops into NetDevOps?

At CACI, we’re well-versed across all areas of IT infrastructure – be that IT, delivery assurance, cloud, network or DevOps and systems administration. Our expert consultants have worked across a large spectrum of clients in varying stages of digital transformation, some with adherence to more agile-led delivery lifecycle, others with adherence to more waterfall-led delivery lifecycle – and have experience across a plethora of industry frameworks, from TOGAF to SAFe to more traditional ITIL deployments.

Get in touch and let us help you assure and stabilise your cloud, IT or network infrastructure to fulfil the four key DORA DevOps metrics in your company (or ask us what they are if you don’t already know) and accelerate your NetDevOps and SRE success!

How to successfully navigate the opinionated NetDevOps stack

Posted on: 17 September 2024
How to successfully navigate the opinionated NetDevOps stack

Getting to NetDevOps and network automation is hard – sure, there may be plenty of free tools and resources available, but knowing which tool to use in certain situations can complicate the process. The often-complicated naming conventions of these tools and resources don’t exactly make matters easier. See for yourself whether you can spot the fake tool or protocol among these:

  • gNMI
  • Batfish
  • Parafidgeon
  • Pandas
  • BaHalmAI
  • Nornir
  • Flask
  • DuncanO
  • Suzieq
  • Pytest
  • Scrapli
  • BookPie
  • pyATS
  • Netmiko
  • AutoM8

(Answer: Keep reading to find out!)

Building with Open Source also has its risks – do you want this to be your network automation stack when it’s in production supporting your mission critical, CNI or other network Infrastructure concern?

Opinions, we’ve got a few

At CACI Network Services, we’ve been doing everything from network infrastructure, telco, delivery assurance, cloud and DevOps infrastructure and more for nearly two decades – just enough time to formulate some opinions on what is good, what actually works, and when to use it in your technology stack. Our mission as a trusted advisor is ultimately to benefit your IT network infrastructure to grow greater than the ever-growing sum of our deep network engineering expertise – where we’re increasingly finding the best way of conveying this to be through articulating which technology to use in which aspect of NetDevOps, depending on a client company’s size, maturity, culture and budget.

Enter the “opinionated stack”, or more concisely, one of the below DevOps mobius loops, with some added context on which tool to use, in which situation and why:

Profiling isn’t always a bad thing

To help direct our clients to the right opinionated stack, we’ve found that profiling our customers across the following three dimensions has helped us gain deeper insight into their network operations behaviours:

Size

  • Small – <100 nodes (routers, switches, NVAs, firewalls, etc.)
  • Medium <1,000 nodes
  • Large >1,000 nodes

Maturity

  • Nascent – mostly ClickOps, box-by-box, limited or no CI/CD or network automation ecosystem
  • Developing – pervasive ClickOps, box-by-box with some or trialling CI/CD or network automation ecosystem
  • Practicing – ClickOps by exception, box-by-box in emergency with strong CI/CD and growing NetDevOps ecosystem

Culture

  • Engineering-led – organisations that value in-house engineering as a primary driver
  • Financial-led – organisations that value minimisation of OpEx as a primary driver
  • Risk-led – organisations that value minimisation and risk mitigation as a primary driver

Want a preview of our work for your organisation? Take a look at our IP Fabric Partnership and forthcoming announcements in this space to see how we can help.

Getting answers

We did promise we’d tell you which were the real tools in network automation, so here goes:

  • Batfish
  • Pandas
  • Nornir
  • Flask
  • Suzieq
  • Pytest
  • Scrapli
  • pyATS
  • Netmiko

How CACI Network Services can help 

If you’d like to know more about these tools, what they can do for your network infrastructure and how we deploy, operate and maintain them for our clients in finance, defence, government, utilities, media and beyond, get in touch to see how we can help demystify them into actionable insights for your IT network infrastructure estate.

How to determine whether your network is ready for AI

Posted on: 13 September 2024
How to determine whether your network is ready for AI

You’re busy, and so is your network. Or if it’s not, it’s about to be. AI workloads are coming for your network, and to remain competitive in a world where AI-enabled applications and workflows become the norm, it must be embraced. 

Networks are collectively facing their next pivotal moment of transformation and must therefore equip themselves with the necessary network automation and NetDevOps practices to sufficiently operate and enable AI. 

What steps can be taken to prepare a network for AI?

As organisations strive to control the power of AI, it’s crucial to ensure that their network infrastructure is prepared to support these advanced technologies. 

In our experience, AI has two key implications to network environments: 

Changing the operation of the network 

  • AIOps fundamentally changes some monitoring approaches such as the Network Management System (NMS) trap and poll of yesteryear towards observability approaches, leveraging streaming network telemetry 
  • Finding signal in the noise of network alarms shifts from “hard” to “impossible” without the assistance of AI that AIOps brings. 

Changing the deployment of the network 

  • AI workloads are fundamentally different to traditional IT workloads, requiring network topologies that can sustain low flow entropy, high flow burstiness, elephant flows and near-100% bandwidth utilisation 
  • Stock Ethernet isn’t the only player on AI networks, often utilising RDMA-approaches and protocols such as RoCE and InfiniBand, which require differing abilities to design, deploy and operate. 

By taking the following proactive steps, businesses can not only enhance their operational efficiency, but also position themselves as leaders in the AI-driven future. 

Evaluate the current infrastructure for AI compatibility

To ensure your network is ready for the AI era, start by thoroughly understanding and evaluating your current infrastructure for AI compatibility. This includes assessing the following areas: 

  • Link bandwidth utilisation 
  • Average end-to-end latency 
  • Interconnect and Edge capacity 
  • SFP compatibility with known GPU and TPU hardware 
  • Consideration for Smart NIC and DPU offload. 

Just because your current network topology can run an AI workload or cope without AIOps doesn’t mean it will when your business starts deploying AI workloads at increasing pace. 

Modify IT operations practices 

AI comes from a world of software engineering backed by DevOps practices which might be at odds with your current IT service management approaches. Ensure cultural differences of AI workloads and tooling have been considered, such as: 

  • Continuous Integration with Continuous Deployment (CI/CD) pipelines for end-to-end infrastructure operation and deployment 
  • Governance via self-service approaches such as pull request (PR) and merge 
  • Infrastructure as Code (IaC) for self-documenting infrastructure, topologies and design validation 
  • Observability against proactive KPIs to replace reactive capacity management processes 
  • Automated remediation based on categorised risk tolerance levels of network change activity, removing humans from the loop where possible. 

AI isn’t going to wait for an RFC before swamping a poorly-configured uplink with a deluge of elephant flows that exhaust your “deep” packet buffers. Controllerless networks are going to feel more strain, so software-defined networking (SDN) approaches should be considered to remove the need for high-touch human interaction in sustaining network operations. 

Consolidate your current IT operations tooling

In our experience, it is not uncommon for clients to have a multitude of monitoring systems that have collected over the years. No business ever intends to have more than one, but you may have: 

  • Started a proof of concept (PoC) using PRTG for some of your network estate 
  • Implemented SolarWinds for your IT server and virtualisation equipment 
  • Spun up Cisco Prime Infrastructure for your mainly-Cisco network environment 
  • Added Tufin for your firewall and network security appliances 
  • Forgotten the small Juniper Space deployment for your Juniper SRX Firewall data centre edge. 
  • Purchasing yet another monitoring tool that introduces AIOps will not help here.

Now is a good time to reassess each monitoring tool from the perceived benefit against the actual benefit it gives you. 

AIOps in conjunction with a comprehensive review of what you want your monitoring tools to add aligned to Observability pillars such of logs, metrics, and traces – and crucially aligning these to who is going to do what with each outcome – almost certainly will. 

Provide AI-oriented training

Not every team member has to be—or will be—a full-fledged engineer, and that’s okay. There must, however, be at least a basic awareness of some of the nuances of how AI operates and some common pitfalls. For example: 

  • Think in terms of context and having the outcome you want in mind at all times 
  • Work with Large Language Models (LLM) context windows 
  • A PDF export of a NMS device inventory is likely to be bigger (in data storage terms) than a comparable CSV export – therefore use more context window “tokens” when fed into an AI prompt engine.
  • Sanitise sensitive data from network configurations 
  • When using network vendor configurations across device families, the act of find-replacing a SNMP username/password might not be as easy as looking for “snmp-sever username…” due to syntax differences of the same configuration across vendors and even within similar devices from the same network vendor. 
  • Ensure you take extra time in sanitising sensitive data such as IP addresses, hostnames, SNMP username/passwords, PKI (SSH/SSL) certificate fingerprints and the like 
  • Consider AIOps an integral API that is central to your observability stack 
    • How will it process southbound data from network devices and element managers, and what protocol(s) will it utilise? 
  • Define the business logic that will help it understand the context of network deployment in your organisation 
  • Consider common fault scenarios and how these are codified into the AIOps tooling. 

The key to both AIOps and AI workloads is ensuring the upfront work is taken to assess how these will change both technology and culture within your organisation before adding them to the potentially already-full pile of half-used monitoring tools on the organisational shelf. 

How CACI can help 

CACI understands the importance of data and streamlined processing. Our team possesses over 20 years of experience in every network engineering undertaking imaginable, from architecture, design and operations to managed networks and network automation. We are trusted by some of the UK’s most successful companies in finance, telco, utilities, government and public sector to innately understand their systems, culture and industries. 

Talk to our Network Automation experts today and let us get you from network automation to NetDevOps to assure, run and manage the increasing velocity of AI workloads that are coming to network infrastructures on a wider scale. 

 

How NetDevOps transforms network management for AI applications

Posted on: 11 September 2024
How NetDevOps transforms network management for AI applications

AI – more specifically, GenAI (Generative AI) – is continuously making its presence known through embedded integration into various network applications and workloads. First, there was DevOpsa grassroots initiative to unite the fractured worlds of development and operations. Then there was NetDevOps, where network engineers joined in to complete the trifecta:

NetDevOps transformation

AI workloads with disparate and sprawling protocol interdependencies mandate something new: AIOps. Humans could previously keep pace with FCAPS processes such as SNMP Traps, Syslog Alerts, NMS Alarms and more. Now, however, the network is evolving in such a pace that manual processes won’t cut it. 

The future of network engineering is clear: network automation through NetDevOps is the only viable way to achieve a semblance of sanity in obtaining signal to noise (SNR) in the demanding, high throughput, zero-loss network utilisation that AI workloads demand. 

What roles do NetDevOps and network automation play in business operations? 

High-performing networks are now vital for business operations, as digital transformation becomes a reality for most enterprises – enabled perhaps most notably by the pandemic and compounded by technological innovations such as GenAI and the “GPT” conversational interface to the Large Language Model (LLM). In a climate of recessions, tightening budgets, decreased human workers and increased AI agents, the network simply can’t continue to look like: 

  • Ticket-led troubleshooting slowly finding the Resolver Group in Servicenow 
  • Ad-hoc configuration changes driven via vendor syntax in notepad.exe 
  • Failed firmware upgrades caused by inaccurate human knowledge of HA architectures 
  • Fragile underlays, circuits and protocols with high provisioning times driven through paper request processes and Word documents 
  • Static network architectures focused more on artificial tiers that only help network vendors sell their quota for the month. 

Where network automation focuses on the changes required to the network engineering discipline itself, NetDevOps builds on this by uniting the teams required to achieve this, turning network engineering from mastering the dark arts to coding against the well-trodden software engineering path. 

NetDevOps is essentially the enabler that speeds up automation within a network engineering department through cultural reinforcement and moving the network towards an “as a service” offering. It also aligns deployment, change and provision of the network towards platform engineering and self-service approaches as seen elsewhere in IT Service Management (ITSM) and software development. Through NetDevOps, you can achieve: 

  • Version control for network state through mature configuration management that escapes the bureaucracy of the CMDB 
  • Abstracted intent-based network configuration to achieve network vendor independence, deduplication of network coding and cross-team collaboration on previously opaque network vendor settings 
  • Operational state verification through testing approaches to bring the rigour of software development practices to the previous discipline of network engineering 
  • Expedited mass deployment using sequential means of network configuration via API rather than CLI 
  • Self-documenting infrastructure provision using Infrastructure as Code (IaC) to consistently, efficiently and universally bring complex multi-vendor NVA routing, firewall and security solutions into reality. 

What will the impact of AI be on traditional network engineering?

NetDevOps supplies one key component that traditional network engineering has fallen short on: reliable infrastructure velocity. AIOps gives operations one key component that network management has fallen short on: expedited network remediation. Finally, AI workloads give the network one key problem that previous IT workloads have not: high-throughput, lossless utilisation. 

Essentially, the impact of AI on network engineering will be twofold, becoming the cure to the problem it creates: 

  • The problem: Super-high utilisation of network capacity through continuously-bursty elephant flows, requiring near-lossless network throughput. 
  • The solution: Instantly intuitive insight, observability and remediation of network faults and capacity exhaustion through AIOps. 

AI is not just a passing trend, it is a transformative force that will reshape the way networks operate and evolve. As AI-driven applications and workloads become more complex, your network will need to handle unprecedented levels of data traffic while maintaining optimal performance and security. 

How CACI can help

We understand that every network is unique and have worked on some of the most unique and well-known network architectures deployed from Critical National Infrastructure (CNI), through to telecommunications, data centres, hybrid cloud and service provider. 

Whether you are looking to integrate AI into your existing ITSM tooling, CI/CD pipelines or overhaul your network deployment scripts, we have over 20 years’ experience across a breadth of network technologies to support you. 

Benefits of our NetDevOps services include: 

  • Eliminating manual network provisioning and troubleshooting tasks 
  • Codifying understanding of network topology in a structured data format 
  • Integrating network provisioning workflows into IT Service Management (ITSM) tooling 
  • Expediting network troubleshooting through assisted alarm and event correlation 
  • Reducing the risk of network deployment mistakes and rework 
  • Minimising costs through modularisation of network configuration approach 
  • Increasing ROI through reuse of codified Network Functions as Code. 

We understand that the network is a piece of the wider infrastructure that underpins your business. CACI manages and delivers entire technology transformation programmes – from programme management, business analysis, service design, managed services and more, we offer the full stack of IT network expertise for your business. 

Contact CACI Network Services today to find out more about how our team of experts can guide you through the disruptive AI network wave.

How AI is rewriting the rules of network engineering

Posted on: 4 September 2024
How AI is rewriting the rules of network engineering

AI is coming for your network… but not as you expect

Seasoned IT professionals are no strangers to technology transformations and weathering the storms associated with them. Artificial Intelligence (AI), however, presents different, unique challenges to your network. Everyone is talking about the changes that AI will bring to your work, but few are talking about the changes AI application workloads bring to the design, architecture and operations of your network.

What changes are coming to network engineering and automation due to AI?

The advent of AI means that now more now than ever before, the architecture, design and operational excellence of your network matters. Network automation is coming to the fore to deal with the changes AI requires of networks, including: 

  • High throughput transactions facilitated via features such as RoCE Adaptive Routing (AR) 
  • Parallelised datagram transmission through AI network protocols such as RoCE, InfiniBand and other RDMA-based approaches 
  • Dense port connectivity to interconnect numerous distributed GPU and TPU processors required for generative AI (GenAI) training and model processing 
  • Lossless packet transmission to optimise LLM training runs and prevent the need for costly retransmission that can lead to AI training data corruption 
  • Extreme bandwidth utilisation from bursty elephant flows which can flow up to the line-rate of the connected NICs. 

AI workloads such as GPT, LLM and ML have different requirements of your network to traditional IT workloads. Legacy ITSM approaches also won’t cut it for AI-enabled business applications. It isn’t just routers, switches, firewalls and cables – it’s the 24/7 backbone of your organisation’s competitive advantage. 

This is FCoE (Fibre Channel over Ethernet) all over again; only this time it’s not going away – AI is here to stay. Humans driven through ITIL don’t work 24/7 at 100% capacity like AI does, which is where automation comes in. Specifically, network automation facilitated through expert NetDevOps practices and tooling. 

How CACI can help

Embracing the power of automation will lead to a robust and agile network infrastructure for your organisation. With over 20 years of experience with all aspects of network engineering – data centre, service provider, hybrid cloud and beyond – including complimentary offerings in delivery assurance and DevOps, CACI has networked, designed automated some of the UK’s most successful companies in financial services, telecommunications, utilities, government and public sector. 

Our renowned network automation and NetDevOps services revolutionise your network infrastructure by leveraging advance technologies required for AI workloads. From configuration management to network monitoring and troubleshooting through observability, we streamline your operations, improve efficiency and maximise your network performance. 

A few of the many benefits of CACI’s network automation services include:

  • Automating network provisioning and troubleshooting: Eliminating manual network provisioning and expediting network troubleshooting through assisted alarm and event correlation 
  • Enhancing network understanding and management: Codifying an understanding of the network topology in a structured data format and integrating network provisioning workflows into IT Service Management (ITSM) tooling 
  • Improving efficiency and cost-effectiveness: Reducing the risk of network deployment mistakes and rework and minimising costs through a modularisation of network configuration approach 
  • Optimising resource utilisation and talent management: Increasing ROI through reuse of codified “Network Functions as Code” and retaining in-demand network engineering talent through use of modern network deployment working practices. 

Don’t let your network get left behind by the AI network revolution. Contact CACI today to navigate AI and bolster your network ready for the AI-enabled, LLM-led, ML-fed future. 

How to craft a network automation strategy aligned with C-suite goals: A blueprint for success

Posted on: 10 April 2024
How to craft a network automation strategy aligned with C-suite goals: A blueprint for success

In the first blog of this two-part series, we assessed the impact of network automation on a business and ways in which a successful business case can be created. In this blog, we’ll look at strategies for keeping the C-suite interested in pursuing network automation and mistakes to avoid when developing strategies. 

How to keep C-suite interested

Long-term network automation strategies will only be successful if the C-suite has consistent buy-in on its implementation and maintenance. This can be achieved through:   

  • Providing progress updates: Sharing network automation progress updates with C-suite staff will help quantify its impact on the business and keep momentum high in terms of maintaining it. 
  • Highlighting ROI for the business: Cost reductions, increased capacity or resources and overall performance are all high interest to C-suite staff. Ensuring the C-suite is aware of how network automation affects these will be critical. 
  • Demonstrating alignment with the business’ strategic goals: Highlighting the ways in which network automation consistently aligns with the business’ strategic goals will help C-suite staff visualise the long-term business outcomes. 
  • Adapting to changes: C-suite members’ business priorities are likely to change over time. Remaining flexible and willing to re-align to changing priorities as needed will ensure long-term success of network automation within the business.   

It is often the case where organisations’ focus on network automation, while well-intended, results in them biting off more than they can chew rather than breaking down more tactical, low-hanging fruit. Despite this having an immediate impact, it can be less visible to senior executives. In general, network automation should be applied to try and achieve two key areas for immediate impact:  

  1. Improve the consistency of network deployment  
  2. Reduce noise within network operations.  

4 common mistakes to avoid when developing a network automation strategy

Some of the common mistakes we see that diverge these two key aims include:

Trying to do too much too soon 

The key with any automation in winning over detractors is incremental consistency over widespread adoption. We often find that small, tactical, lower-level automations with well-scoped outcomes for low-hanging fruit can exceptionally impact the overall consistency of deployment for this element and kickstart the incremental flywheel of trust. This is due to lower-level engineers and operations staff seeing the immediate benefit of automation and beginning to organically adopt these approaches within other higher-value, business-impacting tasks. 

Successfully adopted and maintained automation efforts nearly always look like bottom-up, grassroots endeavours, where buy-in through adoption and proven time efficiency or consistency outcomes have been recognised by low-level engineering resources closest to the network who can advocate for the approach to other peers on their level to the wider organisation. Quantifiable results which prove IT’s ability to deliver are key in achieving grassroots adoption which flows up the organisational hierarchy, rather than trying to mandate this as a top-down approach. Human psychology is as big a factor in network automation’s success in an organisation as technical prowess, given the personal friction many engineers will have to automation as something which could affect their personal wellbeing or circumstances.  

Focusing on the wrong use cases (selection bias)

Use cases which resonate with the business context faced by your organisation are pivotal in creating network automations that are immediately impactful and reap actual business rewards. Executive-led automation efforts can focus too intently on senior IT leaders’ specific issues that may be perceived as higher-affecting but are often more niche and low-scale than more commodity – but wider-scale – issues as seen by engineering and deployment resources.   

Network automation should focus on the daily toil rather than the aspirational state. For example, more dividend will be yielded by automating a firewall rule request process which several of your engineers unknowingly gatekeep as a bottleneck to your application development and implementation projects than would be from, for example, automating network configuration backups, which will likely already be catered for by a disaster recovery process, no matter how human-intensive that may be.   

Tool-led strategy adoption

Network automation is a complex area of abstractions and principles built atop chains of other abstractions or fundamentals. For this reason, it can be tempting to lean on the lowest common denominator within the field – often the “lingua franca” of the tooling and framework buzzwords such as Terraform, Ansible, IaC, YAML, YANG and so on.   

While countless types and competing network automation tools exist, this doesn’t always mean they’re developed for or relevant to your business’ specific issues. It’s also worth being mindful of “resume-driven development” here– while the “new shiny” might look great to your engineering and architecture teams, it doesn’t always mean it’s best for your business context, budget or other regulatory constraints.   

Automation in isolation of process review and improvement

There’s a reason “garbage in, garbage out” is a phrase– automating the garbage to go faster doesn’t get rid of its existence. Automation often lives in the space between process and technology, so improvements in one can feedback into the other. Automation tends to inform improvements to existing business processes through its installation than for static business processes that were perfect all along.   

The mere act of undergoing an automation journey can also be an exponential value-add when focusing on and improving business processes which would otherwise not have been explored. This ensures a double win from both optimising the business process itself and enables an extended reach of that into the network and IT plane, speeding up the process and improving its efficiency. This virtuous flywheel can often become a force-multiplier that tremendously benefits the organisation for relatively little upfront effort. 

How can CACI help?

CACI’s expert team comprises multidisciplined IT, networking infrastructure and consultant and automation engineers with extensive experience in network automation. We can support and consult on every aspect of your organisation’s network from its architecture, design and deployment through to cloud architecture adoption and deployment, as well as maintaining an optimised managed network service. 

To learn more about the impact of network automation and how to sell its value to the C-suite, please read our e-book “How to sell the value of network automation to the C-suite”. You can also get in touch with the team here. 

 

How does network automation drive competitive advantage in today’s market?

Posted on: 3 April 2024
How does network automation drive competitive advantage in today’s market?

This blog is the first of a two-part series that will uncover the value that network automation can bring to a business and how to effectively persuade the C-suite of its value.  Part two explores strategies for keeping the C-suite interested in pursuing network automation and mistakes to avoid when developing strategies. 

Why is network automation critical in a business? 

Network automation allows you to automate planning, deploying and optimising your business’ operations, networks and services. It is a game changer because it enhances the efficiency, reliability and capacity of your business’ management of its network infrastructure. This minimises the risk of human error, maximises scalability and helps you maintain a competitive edge in the market. 

With an increasing focus on digital services and data connectivity, ensuring that network automation becomes commonplace in a business has become paramount to long-term operational success. The importance and prevalence of network automation in businesses has skyrocketed in recent years, despite a reported 77% of technology professionals seeing room for improvement in their data centre network automation strategies.

This, coupled with the expectation from 45% of organisations expecting their data centre network automation investments to earn an ROI within two years stresses the need for businesses to get the C-suite on board with network automation and ensure they invest in a network automation strategy. But how do you go about effectively and strategically selling the value of network automation to the C-suite?  

How to create a successful business case

Step 1: Lead with evidence 

According to an article by Enconnex, the weakest link in data operations tends to be humans, with human error accounting for ~80% of all outages. Existing pipelines in businesses tend to operate sequentially and manually, increasing the probability of human error through the involvement of multiple individuals in the chain of events.   

Step 2: Outline a strategic software development process  

Ensuring each step of the operational process from integration to delivery is tested and accounted for and outlining this in a cohesive plan for the C-suite level will help earn their trust. Developing a process flow that outlines a long-term strategy and what the business will achieve through network automation will further encourage this crucial buy-in. A visualisation tool or platform to convey this can significantly enhance their understanding. 

Step 3: Stage a production deployment in a test environment 

Unlike application testing, network testing is often difficult because the network itself doesn’t exist in isolation and is nearly always the lowest level of the technical stack. This makes performing tests complex. While the applications within a development or pre-production environment are often considered non-production, the underlying network to these application test environments is nearly always considered “production” in that it must work, in a production-like, always-on, fault-free state for the applications atop it to be tested and fulfil their function. Replicating complex enterprise, data centre or even cloud networks often come at a price. Organisations can typically only duplicate or approximate small proportions of their network estate. As a result, staging looks more like unit testing in software development by making small but incremental gains and applying them exponentially to the production network looking to be automated.   

While many organisations may opt for a waterfall, agile or other project management approach, we nearly always find that an agile-like, iterative, unit-tested approach to developing network automations – such as scripts, runbooks, playbooks and modules — are more beneficial in pushing automation both into the organisation and into wider adoption than any other approach.  

Step 4: Prove that benefits will be reaped through the staged production 

One of the benefits of modern network engineering is quickly leveraging the commoditisation of the vertically integrated network hardware stack the industry has embarked upon over the last decade. It is now easier – and cheaper – than ever before to spin up a virtual machine, container or other VNF/NFV-equivalent of a production router, switch, firewall, proxy or other network device that will look, feel, act and fail in the same way that its production network equivalent device would. When combined with software development approaches like CI/CD pipelines for deployment and rapid prototyping of network automation code, this can be a winning combination to rapidly pre-test activities within ephemeral container-like staging environments and maintain dedicated staging areas which look like production. 

How can CACI help?

CACI’s Network Services team comprises multidisciplined IT, networking infrastructure and consultant and automation engineers with extensive experience in network automation. We can support and consult on every aspect of your organisation’s network from its architecture, design and deployment through to cloud architecture adoption and deployment, as well as maintaining an optimised managed network service. 

To learn more about the impact of network automation and how to sell its value to the C-suite, please read our e-book “How to sell the value of network automation to the C-suite”. You can also get in touch with the team here.