Why is Automated Provisioning last on the Priority List?

areyousure

Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.

The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog

The importance of provisioning network and security resources is often times overlooked. In the course of moving Data Centers from bare-metal infrastructure to virtual machines, most network and systems administrators have opted out of automating provisioning. This article aims to articulate some of the possible reasons why, and ways to get started with automation.

Task validation is higher priority than Provisioning

According to a survey by Indeni and GNS3, operations and engineering are focusing more on ensuring the availability and security compliance of resources. Tasks that focus on boosting network visibility and observing vendor best practice were found to be higher on administrators’ priorities than provisioning. When asked if they use IaaS provisioning in the allocation of network-based resources, only 33% of the respondents said yes. Of these, 28% said they used onsite provisioning while just 21% use cloud-based provisioning. 51% of the administrators interviewed said they combine both methods of provisioning.

Benefits of Automated Network Security Device Provisioning

There are a number of benefits to automationing the provisioning of services to network and security devices. Some of these benefits include:

  • Make changes faster
  • Enforce policies
  • Ensure compliance
  • Avoid security breaches
  • Reallocation of resources

At the same time there are a number of inhibitors to getting started. To automate the provisioning of a network or security device, the knowledge of the device (eg. Check Point, Palo Alto Networks, Juniper or Radware) and the interdependencies of the network need to be documented, and turned into code. Questions to consider:

  • Does the provisioning rules and instructions come from the vendor?
  • If the vendor has a robust library out of the box, does that pre-built policy or workflow apply to your environment as is?
  • Are all possible scenarios considered? OK to provision changes on every versions of CheckPoint firewalls? OK to complete on virtual and physical machines?
  • What happens if X feature is enabled? Disabled?

For these reasons, and many others, administrators want the opportunity to approve a change before it goes into production.

How to get started with automated provisioning

In order to teach a machine the steps to follow, someone must document the steps in the first place. I love this quote from Donald Knuth about a computer:

These machines have no common sense; they have not yet learned to “think,”
and they do exactly as they are told, no more and no less. This fact is
the hardest concept to grasp when one first tries to use a computer.
– Donald Knuth (1968). “Preface”. The Art of Computer Programming,
Volume 1: Fundamental Algorithms. Addison-Wesley.

Many organizations, including MasterCard, OfficeDepot and Pfizer are leveraging the wisdom of the Indeni Crowd to convert historical knowledge into reusable code, and continuously validate that their devices are working as intended.

You can learn more about the findings of Indeni’s automation survey by clicking here. Ready to explore crowd-sourced automation? Learn more about the Indeni network automation.

Related content

How to choose a protective DNS solution for your network

Learn how to choose the protective DNS solution that’s right for your network, including capabilities and integrations—without vendor hype.

Read more

Route traffic intelligently with DNS-based GSLB for BlueCat Edge

Discover how DNS-based GSLB with BlueCat Edge empowers networking teams to control traffic steering, reduce costs, and improve resilience.

Read more
Image shows BlueCat cathead image in the background with the text "Introducing Integrity X" appear over it. Integrity X is the newest version of BlueCat's DDI management solution.

Exciting product update: Introducing BlueCat Integrity X

Introducing BlueCat Integrity X, a single platform for complete visibility and control over critical network services.

Read more

What is protective DNS (PDNS) and why is PDNS important?

Discover what protective DNS is, how it prevents threats like phishing and malware, and why it’s essential for enterprise network security.

Read more