Network & Infrastructure Services Archives - Page 2 of 6

Top network automation trends in 2024

Posted on: 15 February 2024

Network automation has become increasingly prevalent in enterprises and IT organisations over the years, with its growth showing no signs of slowing down.

In fact, as of 2024, the Network Automation Market size is estimated at USD 25.16 billion (GBP 19.78 billion), expected to reach USD 60.59 billion (GBP 47.65 billion) by 2029. By 2028, a growth rate of 20% is predicted in this sector in the UK. Within CACI, we are seeing a higher demand for network automation than ever before, supporting our clients in NetDevOps, platform engineering and network observability.

So, how is the network automation space evolving, and what are the top network automation trends that are steering the direction of the market in 2024?

Hyperautomation

With the increasing complexity of networks that has come with the proliferation of devices, an ever-growing volume of data and the adoption of emerging technologies in enterprises and organisations, manual network management practices have become increasingly difficult to uphold. This is where hyperautomation has been proving itself to be vital for operational resilience into 2024.

As an advanced approach that integrates artificial intelligence (AI), machine learning (ML), robotic process automation (RPA), process mining and other automation technologies, hyperautomation streamlines complex network operations by not only automating repetitive tasks, but the overall decision-making process. This augments central log management systems such as SIEM and SOAR with functions to establish operationally resilient business processes that increase productivity and decrease human involvement. Protocols such as gNMI and gRPC for streaming telemetry and the increased adoption of service mesh and overlay networking mean that network telemetry and event logging are now growing to a state where no one human can adequately “parse the logs” for an event. Therefore, the time is ripe for AI and ML to push business value through AIOps practices to help find the ubiquitous “needle” in the ever-growing haystack.

Enterprises shifting towards hyperautomation this year will find themselves improving their security and operational efficiency, reducing their operational overhead and margin of human error and bolstering their network’s resilience and responsiveness. When combined with ITSM tooling such as ServiceNow for self-service delivery, hyperautomation can truly transcend the IT infrastructure silo and enter the realm of business by achieving wins in business process automation (BPA) to push the enterprise into true digital transformation.

Increasing dependence on Network Source of Truth (NSoT)

With an increasing importance placed on agility, scalability and security in network operations, NSoT is proving to be indispensable in 2024, achieving everything the CMDB hoped for and more.

As a centralised repository of network-related data that manages IP addresses (IPAM), devices and network configurations and supplies a single source of truth from these, NSoT has been revolutionising network infrastructure management and orchestration by addressing challenges brought on by complex modern networks to ensure that operational teams can continue to understand their infrastructure. It also ensures that data is not siloed across an organisation and that managing network objects and devices can be done easily and efficiently, while also promoting accurate data sharing via data modelling with YAML and YANG and open integration via API into other BSS, OSS and NMS systems.

Enterprises and organisations that leverage the benefits of centralising their network information through NSoT this year will gain a clearer, more comprehensive view of their network, generating more efficient and effective overall network operations. Not to mention, many NSoT repositories are much more well-refined than their CMDB predecessors, and some – such as NetBox – are truly a joy to use in daily Day 2 operations life compared to the clunky ITSMs of old.

Adoption of Network as Service (NaaS)

Network as a Service (NaaS) has been altering the management and deployment of networking infrastructure in 2024. With the rise of digital transformation and cloud adoption in businesses, this cloud-based service model enables on-demand access and the utilisation of networking resources, allowing enterprises and organisations to supply scalable, flexible solutions that meet ever-changing business demands.

As the concept gains popularity, service providers have begun offering a range of NaaS solutions, from basic connectivity services such as virtual private networks (VPNs) and wide area networks (WANs) to the more advanced offerings of software-defined networking (SDN) and network functions virtualisation (NFV).

These technologies have empowered businesses to streamline their network management, enhance performance and lower costs. NaaS also has its place at the table against its aaS siblings (IaaS, PaaS and SaaS), pushing the previously immovable, static-driven domain of network provisioning into a much more dynamic, elastic and OpEx-driven capability for modern enterprise and service providers alike.

Network functions virtualisation (NFV) and software-defined networking (SDN)

A symbiotic relationship between network functions virtualisation (NFV), software-defined networking (SDN) and network automation is proving to be instrumental in bolstering agility, responsiveness and intelligent network infrastructure as the year is underway. As is often opined by many network vendors, “MPLS are dead, long live SD-WAN”; which, while not 100% factually correct (we still see demand in the SP space for MPLS and MPLS-like technologies such as PCEP and SR), is certainly directionally correct in our client base across finance, telco, media, utilities and increasingly government and public sectors.

NFV enables the decoupling of hardware from software, as well as the deployment of network services without physical infrastructure constraints. SDN, on the other hand, centralises network control through programmable software, allowing for the dynamic, automated configuration of network resources. Together, they streamline operations and ensure advanced technologies will be deployed effectively, such as AI-driven analytics and intent-based networking (IBN).

We’re seeing increased adoption of NFV via network virtual appliances (NVA) deployed into public cloud environments like Azure and AWS for some of our clients, as well as an increasing trend towards packet fabric brokers such as Equinix Fabric and Megaport MVE to create internet exchange (IX), cloud exchange (CX) and related gateway-like functionality as the enterprise trend towards multicloud grows a whole gamut of SDCI cloud dedicated interconnects to stitch together all the XaaS components that modern enterprises require.

Intent-based networking (IBN)

As businesses continue to lean into establishing efficient, prompt and precise best practices when it comes to network automation, intent-based networking (IBN) has been an up-and-coming approach to implement. This follows wider initiatives in the network industry to push “up the stack” with overlay networking technologies such as SD-WAN, service mesh and cloud native supplanting traditional Underlay Network approaches in Enterprise Application provision.

With the inefficiencies that can come with traditional networks and manual input, IBN has come to network operations teams’ rescue by defining business objectives in high-level, abstract manners that ensure the network can automatically configure and optimise itself to meet said objectives. Network operations teams that can devote more time and effort to strategic activities versus labour-intensive manual configurations will notice significant improvements in the overall network agility, reductions in time-to-delivery and better alignment with the wider organisation’s goals. IBN also brings intelligence and self-healing capabilities to networks— in case of changes or anomalies detected in the network, it enables the network to automatically adapt itself to address those changes while maintaining the desired outcome, bolstering network reliability and minimising downtime.

As more organisations realise the benefits of implementing this approach, the rise of intent-based networking is expected to continue, reshaping the network industry as we know it. The SDx revolution is truly here to stay, and the move of influence of the network up the stack will only increase as reliance on interconnection of all aspects becomes the norm.

How CACI can support your network automation journey?

CACI is adept at a plethora of IT, networking and cloud technologies. Our trained cohort of network automation engineers and consultants are ready and willing to share their industry knowledge to benefit your unique network automation requirements.

From NSoT through CI/CD, version control, observability, operational state verification, network programming and orchestration, our expert consulting engineers have architected, designed, built and automated some of the UK’s largest enterprise, service provider and data centre networks, with our deep heritage in network engineering spanning over 20 years.

Take a look at Network Automation and NetDevOps at CACI to learn more about some of the technologies, frameworks, protocols and capabilities we have, from YAML, YANG, Python, Go, Terraform, IaC, API, REST, Batfish, Git, NetBox and beyond.

To find out more about enhancing your network automation journey, get in touch with us today.

What is Network Automation?

Posted on: 23 January 2024

Network Automation and NetDevOps are hot topics in the network engineering world right now, but as with many new concepts, it can be confusing to decipher the meaning from the noise in the quest to achieving optimal efficiency and agility of network operations.

A useful starting point would be to first define what network automation is not:

Network automation is not just automated configuration generation or inventory gathering
It is not just using the same network management system (NMS) as today but faster
It is not just performing patching and OS upgrades faster, or network engineers suddenly becoming software developers
Network automation is not going to work in isolation of changing lifecycle and deployment processes, nor is it a magic toolbox of all-encompassing applications, frameworks and code.

At CACI, we view network automation as both a technology and a business transformation. It is as much a cultural shift from legacy deployment and operations processes as it is a set of tools and technology to implement speed, agility and consistency in your network operations. Infrastructure is changing fast, and with Gartner reporting 80% of enterprises will close their traditional data centres by 2025, the only constant in networking is that change will persist at faster clip.

So, how does Network Automation work? What differentiates network automation from NetDevOps? What difference can it make to modern IT operations, and which best practices, technologies and tools should you be aware of to successfully begin your network automation journey?

How does Network Automation work?

Network Automation implements learnings from DevOps developments within the software development world into low-level network infrastructure, using software tools to automate network provisioning and operations. This includes techniques such as:

Anomaly detection
Pre/post-change validation
Topology mapping
Fault remediation
Compliance checks
Templated configuration
Firmware upgrades
Software qualification
Inventory reporting.

In understanding how these differ from traditional network engineering approaches, it is important to consider the drivers for network automation in the post-cloud era – specifically virtualisation, containerisation, public cloud and DevOps. These technologies and approaches are more highly scaled and ephemeral than traditional IT Infrastructure, and are not compatible with legacy network engineering practices like:

Using traditional methodology to manage infrastructure as “pets” rather than “cattle”
- Box-by-box manual login, typing CLI commands, copy-pasting into an SSH session, etc.
“Snowflake networks” which don’t follow consistent design patterns
Outdated (or non-existent) static network documentation
Lack of network validation and testing.

Network automation aims to change all this, but to do so, must overcome some obstacles:

Cross-domain skills are required in both networking and coding
Some network vendors do not supply good API or streaming telemetry support
Screen scraping CLIs can be unreliable as CLI output differs even between products of the same device family.
Cultural resistance to changes in both tooling and practice
Lack of buy-in or sponsorship from the executive level can compound these behaviours.

What differentiates network automation from NetDevOps?

You may also have heard of “NetDevOps” and be wondering how – or if – this differs from network automation. Within CACI, we see the following key differences:

We often see our clients use a blend of both in practice as they go through the automation adoption curve into the automation maturity path, from ad-hoc automation, through structured automation, into orchestration and beyond:

What difference can network automation make to modern IT operations?

Network automation aims to deliver a myriad of business efficiencies to IT operations. This has proven to be transformational across our wide and varied client base, with improvements demonstrated in the following ways:

Increased efficiency

Much of networking is repetition in differing flavours – reusing the same routing protocol, switching architecture, edge topology or campus deployment. A network engineer is often repeating a task they’ve done several times before, with only slight functional variations. Network automation saves time and costs by making processes more flexible and agile, and force-multiplying the efforts of a network engineering task into multiple concurrent outputs.

Reduced errors

Networking can be monotonous, and monotony combined with legacy deployment methodology can cause repetition of the same error. Network automation reduces these errors – particularly in repetitive tasks – to lower the chances of reoccurrence. When combined with baked-in, systems-led consistency checking, many common – but easily-avoidable – errors can be mitigated.

Greater standardisation

Networks are perhaps uniquely both the most and least standardised element of the IT stack. While it is easy to have a clean “whiteboard architecture” for higher-level concerns such as application development, the network must often deal with the physical constraints of the real world, which, if you’ve ever tried to travel to a destination you’ve not been to before, can be messy, confusing and non-sensical. Network automation ensures the starting point for a network deployment is consistent and encourages system-level thinking across an IT network estate over project deployment-led unique “snowflake” topologies.

Improved security

Increased security often comes as a by-product of the standardisation and increased efficiency that network automation brings. Most security exploits are exploits of inconsistency, lack of adherence to best practice or related – which ultimately pivot around “holes” left in a network (often accidentally) due to rushing or not seeing a potential backdoor, open port, misconfiguration or enablement of an insecure protocol. When combined with modern observability approaches like streaming telemetry and AIOps, network automation can help enforce high levels of security practice and hardening across an IT estate.

Cost savings

Given its position as the base of the tech stack, the network is often a costly proposition – with vertically-integrated network vendors, costly telco circuit connectivity, expensive physical world hosting and colocation costs, and so on – the network is often a “get it right first time” endeavour which can be cost-prohibitive to change once live and in service. Network automation encourages cost savings through the creation of right-the-first-time and flexible network topologies and in performing design validation which can minimise the amount of equipment, licensing, ports and feature sets required to run a desired network state.

Improved scalability

As both consumer and enterprise expectations of scale are set by the leading web scalers of the world, the enterprise increasingly expects the flexibility to scale both higher and lower levels of the IT stack to larger and more seamless sizes, topologies and use cases. Network automation aids in achieving this through the enforcement of consistency, modularisation, standardisation and repeatability for network operations.

Faster service delivery

IT service delivery is increasingly moving away from being ticket-led to self-service, with the lower-level infrastructure elements expected to be delivered much faster than the traditional six-to-eight-week lag times of old. As telco infrastructure moves through a similar self-service revolution, so too does the enterprise network require the ability for self-service, catalogue-driven turn-up and modularised deployment. Network automation enables this by optimising network performance to the required parameters of newer services and applications in the modern enterprise.

What are the best practices for network automation?

Network automation is as much a cultural transformation as it is a technology transformation. Much as DevOps disrupted traditional ITIL and waterfall approaches, NetDevOps similarly disrupts current network engineering practices. We find the following best practices to be beneficial when moving towards network automation:

Choose one thing initially to automate

Pivot around either your biggest pain point or most repetitive task
Don’t try to take on too much at once. Network automation is about lots of small, repeated, well-implemented gains which instil confidence in the wider business
People love automation, they don’t want to be automated. The biggest barrier to adopting automation will be keeping colleagues and stakeholders on-side with your efforts by showing the reward of that they provide to them and to the wider business.

Choose tooling carefully

Stay away from the “latest shiny” and pick open, well-used tools with large libraries of pre-canned vendor, protocol and topology integrations, and human-readable configuration and deployment languages
Maintain your specific business context during tool selection
Think ahead for talent acquisition and retention – writing custom Golang provisioning application might be handy today, but you could struggle to get others involved if the author decides to leave the business.

Optimise for code reusability

Build and use version control systems such as Git, GitHub and Azure DevOps from day one and encourage or even mandate their use
Advocate for the sharing of functions, modules, routines and snippets written within code, runbooks, IaC and state files within scrapbooks and sandpits. The flywheel of productivity increases exponentially within NetDevOps as increasingly more “we’ve done that before” coding and practices accelerate the development of newer, more complex routines, IaC runbooks and functions
Code should be written with reuse and future considerations in mind. While it may be tempting to “save ten minutes” so as to not functionise, modularise or structure code, this will catch up with you in the future.

Use templating for configuration generation

Templating programmatically generates the vendor-specific syntax for a network device based on a disaggregated, vendor-neutral input format (such as Jinja2, Mako or Markdown) which is later combined with data (such as specific VLANs, IP Addresses or FQDNs) to generate the vendor-specific syntax (such as Cisco IOS, Arista EOS or Juniper Junos) for the network device
The act of creating the templates has an added by-product of forcing you to perform design validation. If your design document doesn’t have a section covering something you need template syntax for, it could well be due for an up-issue
Templates become a common language for network intent that are readable by all network engineers regardless of their individual network vendor and technology background, aiding in time to onboard new staff and ensuring shared understanding of business context around the IT network.

Which tools, frameworks and languages enable network automation?

There are a myriad of network automation tools, frameworks, languages and technologies available today. Deciphering these can be confusing, but a good starting point is categorising the distinct types of network automation tooling available:

Network Configuration and Change Management (NCCM)

Enable patching, compliance and deployment (rollout)
Often align to network management systems (NMS) or BSS/OSS (Telco space)

Network Orchestration

Enable programmatic device access (CLI, API, SSH, SNMP)
Often align to DevOps engineering usage

Policy-based Automation

Abstract network device box-by-box logic into estate-wide, policy-driven control
Often align to industry frameworks and controls (SOC2, HIPAA, CIS, PCI/DSS)

Intent-Based Networking Systems (IBNS)

Translate business intent through to underlying network configuration and policy
Are starting to become the “new NMS”

It would be exhaustive to list all possible tools, frameworks and languages available today, but these are some of our most seen within our client base today. Our current favourites can be seen in What are the most useful NetDevOps Tools in 2023?:

Tools

Terraform – An open-source automation and orchestration tool capable of building cloud, network and IT infrastructure based on input Infrastructure as Code (IaC) code via HCL (HashiCorp Configuration Language) that defines all attributes of the device and configuration blueprint required. Terraform is highly flexible and has a vast array of pre-built modules and providers for most network engineering concerns via the Terraform Registry.
Ansible – An open-source automation and orchestration tool typically used to configure within the device rather than provision the underlying Baremetal or cloud infrastructure the cloud, network or IT device sits atop, which is based on input IaC code via YAML that defines the attributes and device configuration required. Ansible is versatile and has a large cache of pre-built runbooks and integrations for network engineering concerns via Ansible Galaxy.
NetBox – The ubiquitous, open-source IP Address Management (IPAM) and Data Centre Infrastructure Management (DCIM) tool, which acts as the Network Source of Truth (NSoT) to hold a more detailed view of network devices, topology and state than could be achieved via alternative approaches such as spreadsheet or CMDB. NetBox is highly customisable, with a rich plugin ecosystem and customisable data models via YANG to adapt around business-specific topology data models.
Git – The de facto version control system, which is the underlying application that powers GitHub and GitLab and supplies a mechanism to store IaC, configuration and code artefacts in a distributed, consistent and version-controlled manner. Git is pivotal in enabling the controlled collaboration on network automation activities across a distributed workforce while maintaining the compliance and controls required within the enterprise environment.

Frameworks

Robot framework: A generic test automation framework allowing network automation code and IaC runbooks to run through acceptance testing and test-driven development (TDD) via a keyword-driven testing framework with a tabular format for test result representation. It is often used in conjunction with tools such as pyATS, Genie, Cisco NSO and Juniper NITA.
PEP guidelines: Short for Python Enhancement Proposals (PEP), these are to Python what RFCs are to network engineering, and provide prescriptive advice on setting out, using, structuring and interacting with Python scripts. The most commonly known of these is the PEP8 – Style Guide for Python.
Cisco NADM: The Cisco Network Automation Delivery Model (NADM) is a guide on how to build an organisation within a business around an automation practice, addressing both the human aspect as well as some of the tooling, daily practices, procedures, operations and capabilities that a network automation practice would need to take traction in an IT enterprise landscape.

Languages

Python: The de facto network automation coding language, utilised as the underlying programming language in tools from NetBox, Nornir, Batfish, SuzieQ, Netmiko, Scrapli, Aerleon, NAPALM and more, popularised by its extensive network engineering-focused library within PyPi. Python is the Swiss army knife of NetDevOps, able to turn its hand to ad-hoc scripting tasks through to full-blown web application development using Flask or API gateway hosting using FastAPI.
Golang: An upcoming programming language, which benefits over Python in terms of speed via a compiler-based approach, parallel-execution, built-in testing and concurrency capabilities when compared to Python. On the downside, it has a significantly steeper learning curve than Python for new entrants into the realm of development and has far fewer network engineering library components available to use.

What does the future of network automation look like?

The demand for network automation and NetDevOps professionals is undoubtedly on the rise, a trend that we at CACI expect to continue as budgetary pressures from the macroeconomic climate accelerate and trends like artificial intelligence (AI) begin to challenge the status quo and push businesses to deliver seamless, scalable network fabrics with more expectation of self-service and less tolerance of outage, delay or error. We see more of our clients moving up through the automation maturity path towards frictionless and autonomous network estates and expect this to accelerate through the coming years with ancillary trends such as NaaS (Network as a Service), SDN (Software Defined Networking) and NetDevOps set to continue and embed the NetEng Team firmly into the forthcoming platform engineering teams of tomorrow.

How can CACI help you on your network automation journey?

With our proven track record, CACI Network Services is adept at a plethora of IT, networking and cloud technologies. Our trained cohort of high calibre network automation engineers and consultants are ready and willing to share their industry knowledge to benefit your unique network automation and NetDevOps requirements. We are a trusted advisor that ensures every team member is equipped with the necessary network engineering knowledge from vendors such as Cisco, Arista and Juniper, along with NetDevOps knowledge in aspects such as Python for application Development, NetBox for IPAM and NSoT, Git for version control, YAML for CI/CD pipeline deployment and more.

Our in-house experts have architected, designed, built and automated some of the UK’s largest enterprise, service provider and data centre networks, with our deep heritage in network engineering spanning over 20 years across a variety of ISP, enterprise, cloud and telco environments for industries ranging from government and utilities to finance and media.

Get in touch with us today to discuss more about your network automation and NetDevOps requirements to optimise your business IT network for today and beyond.

DORA & NIS2: Key considerations for senior management

Posted on: 30 November 2023

In our increasingly digital world, safeguarding the digital infrastructure and information systems that uphold financial companies is now critical. Two key regulatory frameworks, DORA and NIS2, have emerged as essential regulations designed to enhance the protection of financial companies’ operations and systems.

My first blog of the four-part DORA and NIS2 blog series introduced the new financial regulations in-depth. In the second blog, I explained how these new regulations will impact UK financial companies. This blog will explore the key considerations around DORA and NIS2 for senior management.

In light of DORA and NIS2 taking effect, it is integral that senior stakeholders within financial companies are aware of the considerations that must be taken to effectively comply with these regulations and adhere to them accordingly. A few of the key considerations for senior management to be aware of are as follows:

Navigate the cost of compliance

It is important for senior management within certain financial companies to consider that complying with regulations may accrue significant financial costs. This is particularly likely in small and medium-sized enterprises (SMEs). Becoming digitally resilient and implementing the necessary measures to meet DORA requirements may require a hefty investment in technology, resources and expertise. This may, however, prove small in comparison to the cost of a breach, incoming fine, loss of reputation or even customers.

Carefully assess maturity and capabilities

The maturity and complexity of a financial company’s governance and internal practices will affect the challenges it faces in complying with DORA. Companies with lower maturity profiles may need to invest more resources and effort to meet DORA’s requirements. At every maturity level, it is vital for senior management to conduct thorough evaluations of the current state, identify any existing gaps and allocate the appropriate resources for compliance.

Turning requirements into actions can be complicated

DORA introduces new compliance obligations and expectations for financial companies. It requires them to embed digital resilience throughout their operations, develop a Digital Resilience Strategy, implement a Digital Resilience Framework and address areas such as operational resilience testing, threat intelligence sharing and third-party risk management. Senior management must prepare themselves for the likely challenging undertaking of understanding the specific requirements and translating them into actionable steps across the wider business.

Ensure third-party service providers’ compliance

Financial companies often rely on third-party ICT service providers to support their operations. DORA also applies to these service providers, imposing additional compliance obligations and oversight requirements. Therefore, it is critical for senior management to verify that third-party providers adhere to the prescribed standards and align with DORA’s requirements, which may involve renegotiating contracts or conducting due diligence to ensure compliance.

Adhere to the compliance timeline

While the European Parliament has approved DORA, it is only set to enter into force in 2025. Conducting a thorough gap assessment, developing a roadmap and implementing the necessary changes can be time-intensive, particularly due to the complexity of the requirements and potential need for significant operational adjustments. Therefore, senior management must plan compliance efforts and resources accordingly to align with the designated timeframe.

How can CACI help?

With over 20 years’ experience in helping deliver effective IT and security strategies to financial companies, CACI can help you navigate the changes and challenges brought on by DORA. Our experienced security and compliance experts can bolster your understanding of your network assets, help you conduct maturity assessments, address compliance gaps regarding the fulfilment of DORA implementation requirements, and much more.

For more information, please read our recent whitepaper “Compliance with DORA and NIS2: Essential steps for UK financial companies”, which explores the impact of DORA and NIS2 on financial companies in the UK, key considerations for senior management and best practices for achieving compliance. You can also get in touch with the team here.

Using Cisco CE credits to recertify your CCNP or CCNA

Posted on: 15 November 2023

Following the recent announcement of Cisco creating its own Continuing Professional Development (CPD) scheme, the Cisco Continuing Education Program, it is now possible to recertify your CCNP or CCNA certification using an exam-free approach. With some studying and time applied, this can even be done free of charge! So, what are the credits you can earn for recertification and how do you go about earning them?

What is a CE credit?

Cisco Continuing Education Credits (CE Credits) is a programme that offers Cisco certification holders flexible options to recertify by completing a variety of eligible Continuing Education (CE) items. The programme is designed to help professionals stay up to date with the latest technologies and trends in the industry, including Python, network automation, NetDevOps and beyond. CE credits are similar in form to CPD points seen in other fields, and can be earned through the following means:

Attending online training courses in Cisco Learning Network
Taking online training courses in Cisco Digital Learning
Attendance of in-person events at Cisco Live conferences
Watching online webinars on Cisco Product Launches

How can you earn CE credits?

The amount of CE credits earned will depend on the type of activity and its duration. For example, you can earn 12 CE credits for a 14-hour Cisco course delivered via the Cisco Digital Learning platform or earn a generous 40-65 credits for attending a five-day Cisco instructor-led training course offered by authorised Cisco Learning Training Partners. You can also earn small amounts of “top up” credit here and there through ad-hoc, time-bound initiatives.

How points contribute towards certificate renewals

The CE Credit process has some legwork to it, as CE Credit issuance isn’t automatic. The process roughly looks as follows:

Attend the training session, course or webinar for its full duration.
Note down the official course name, date when you began and date when you finished.
For online courses, you should expect to receive a completion certificate at the end, which is a PDF document with a certificate number in it. You’ll need this certificate validation code later on.
Log in to the Cisco CE Credit User Portal with your Cisco.com CCO account and click “Submit Items” in the top right side to enter the details of the training course, webinar or online learning you have completed.
Ensure you have the course name, start date, end date and certificate validation code and PDF version of the Completion Certificate to hand to submit.
Wait a few days for the credit status to change from “Pending” to “Earned” on the Cisco CE User Dashboard.

Within 24-48 hours, your CE Credits will then also show against your Cisco CertMetrics under Certifications -> Cert Status -> Pick your CCNP/CCNA Certificate -> View More. This shows the progress these points make towards the recertification, where the following table is handy to know:

Certification	Renewal Period	Renewal (CE Credit-only)	Renewal (Exam + CE Credit)
Associate (i.e. CCNA)	3 years	Earn 30 CE credits
Specialist	3 years	Earn 40 CE credits
Professional (i.e. CCNP)	3 years	Earn 80 CE credits	Earn 40 CE credits + Pass 1 Professional exam
Expert (i.e. CCIE, CCDE)	3 years	Earn 120 CE credits	Earn 40 CE Credits + Pass 1 Technology exam(OR)Earn 40 CE Credits + Pass 2 Professional exams(OR)Earn 80 CE Credits + Pass 1 Professional exam

Activity

Type

Credits

Expiration Date

Cost

Rev Up to Recert: Python

Online Videos

15 CE Credits

April 20 2023

£free

Cisco DevNet Associate Fundamentals

Online Course

48 CE Credits

April 30 2023

£99

How CACI can support your recertification process

If you need qualified Cisco professionals to help your business thrive, why not get in touch to see how we can help you fully utilise our talented CCNA, CCNP, CCIE and other vendor expertise for your business network.

Rethinking network management through Network as a Service

Posted on: 1 November 2023

Observability as a discipline distinct from network management is still in its infancy within the network engineering realm, with newer job titles such as Network Reliability Engineer (NRE) looking to extract the same organisational value that the more DevOps-aligned Site Reliability Engineer (SRE) provide to the more traditional SysAdmin space. Network as a Service (NaaS) is a new approach to network operations, which often distils down to two commonly accepted meanings:

An Operational Expenditure (OpEx)-led approach to procuring Managed Network Services and associated network hardware
A paradigm shift in the approach to network management away from legacy Network Management System (NMS) and associated Element Management System (EMS) lifecycle approaches

In this blog, we’ll focus on the latter, and how the formation of a NaaS Team – or Squad – can improve network observability and enhance your network infrastructure’s insight, uptime and value.. We’ll also touch on the former and larger shift from Capital Expenditure (CapEx) to Operational Expenditure (OpEx) Lifecycle Management approaches, and what this means for shifts in the IT and network industry.

Getting to the root of Network as a Service (NaaS)

“Oh no, not another ‘as a Service’ buzzword-fest…” I hear you say, and yes, in some respects, you would be sadly correct. However, Network as a Service (NaaS) has its roots firmly in the overall cloudification trend found elsewhere within the wider IT and cloud industry, only now having percolated down towards the steadfast realms of the hardware-centric network industry.

At its core, NaaS is about the following differentiators from other more asset-centric approaches:

Consumption of network infrastructure through flexible OpEx subscription-based models

Exploitation of cloud-based models such as Infrastructure Elasticity and Horizontal Scaling
Commoditisation of private WAN services (such as MPLS) into public WAN services (such as SD-WAN)
Centralisation of visibility of network insight into application-aware dashboards and telemetry systems

Ultimately, NaaS is more of an operational model than it is a consumption pattern. NaaS is chiefly about realigning thinking towards that of the upper layers of the OSI model in remembering that the objective of the network is to solidly underpin a complex soup of interconnected middleware, microservices, PaaS and SaaS dataverse ecosystems which eventually combine toward the aspiration of the modern Twelve-Factor App Manifesto.

Observability versus monitoring

Before we can dive into NaaS, we need to understand the difference in observability versus monitoring – or that is, focus on the Three Pillars of Observability which are:

Logs
Metrics
Traces

Each is distinct in its value and requirements in the art of observability, but in short, can be defined as:

Logs – The act of logging function or component-level activities to an off-system repository for later analysis.

An example might be a Syslog showing the last reboot of a Linux or NOS Daemon or Service, such as NTPd for System Clock.

Metrics – The performance of the infrastructure-aligned components within the system, as typically observed over a time-graphed basis.

An example might be a CPU utilisation monitor, showing that the processor has crept up to 78% utilisation over the last ten minutes.

Traces – The ability to debug low-level sub-component and function activities to derive context of whether a piece of software code is working as prescribed.

An example might be a trace within a Python function, showing that the error being caused by Netmiko is because a SSH session to a Cisco router dropped out at v1.99 instead of expected SSHv2.

These differ somewhat from traditional monitoring approaches like Network Management Systems (NMS), which have typically only focused on the Metrics pillar and have superficially referenced the other two pillars. What observability has done to traditional monitoring is comparable to the movement happening from the NMS to the NaaS arena— moving the management concern “up the stack” to focus on higher-level abstraction objectives and away from lower-level hardware-led concerns.

Understanding NaaS as an approach

NaaS is a conceptual change in network consumption as a going concern. Rather than worrying about the network layer as a discrete concern, the network is positioned as part of the wider technology stack – often up to and including the application layer – that is services. While this may sound trivial, it is a huge step change in how Enterprise and Service Provider (SP) Networks run when contrasted against the current de facto practices. NaaS can be simplified as being a “cloud model” – not in the sense that it must be operated and hosted within Public CSPs – but more in the ideas associated with cloud operational models, including Service Elasticity, OpEx-led billing, Horizontal Scaling and API-first integrations into wider ecosystem concerns.

Benefits of the NaaS approach

The main benefit of NaaS is flexibility and adaptability to changing technical stack conditions. Where a legacy NMS-led approach might falsely report “All clear; the network is fine” because metrics are clean and green, a newer NaaS-led approach might instead report “Problems detected in latency experienced by the application due to MTU clipping” because the upper-level traces and logs collectively indicate an issue to a latency-sensitive service bus-based application.

The true strength of NaaS lies in its alignment of the network layer to cloud, DevOps and observability practices to enable the monitoring, management and tracking of the network as if it were just another IaaS or PaaS component of the overall application stack.

How CACI can help you add NaaS to your IaaS and PaaS

With several years of network management and enterprise network operations experience, the CACI Network Services team is ideally positioned to help you transition from NMS to NaaS. Contact us today to see how we can help your business fully shift towards the observability promise as delivered by a NaaS approach to network operations.

Everything you need to know when choosing between DevOps & ITIL

Posted on: 11 October 2023

DevOps and ITIL are two different approaches to managing IT services. DevOps is a philosophy that focuses on improving software deployment whereas ITIL is a highly structured model built to boost productivity and supply IT teams with statistics. DevOps emphasises speed and delivering new features and updates as quickly as possible, while ITIL prioritises managing and improving existing services. So, how do you know which one is right for you and your business?

DevOps killed the ITIL star?

While some people believe that DevOps is replacing ITIL or vice versa, the truth is that both approaches can work together. In fact, combining the two can actually lead to high productivity and improved workflow. To successfully combine DevOps and ITIL, it’s important to establish a common framework for collaboration between teams.

When deciding which approach to use for network management, you must consider the problems you’re having and the goals you want to reach. If your organisation values speed and agility in delivering new features, DevOps may be the better choice. On the other hand, if your organisation values stability and reliability in managing existing services, ITIL may be more appropriate.

Benefits of DevOps

DevOps offers several benefits over ITIL, particularly in terms of speed and agility:

DevOps emphasises collaboration between development and operations teams to improve software delivery speed and quality.
By breaking down silos between teams, DevOps can help organisations achieve faster time-to-market for new products and features.

Another benefit of DevOps is that it brings cultural transformation, improving the speed and quality of how software is developed and delivered. This is achieved through automation, continuous integration/continuous deployment (CI/CD) and feedback loops. Enhanced collaboration and experimentation that comes with DevOps can lead to greater innovation and creativity.

In contrast, ITIL focuses on process, standardisation and metrics. While these are important aspects of IT service management, they can sometimes lead to a rigid approach that may not be well-suited for fast-paced environments. ITIL also tends to be more focused on control than on agility.

How CACI can help you choose the right approach

Ultimately, you don’t need to choose between DevOps and ITIL as they can complement each other. The decision of which approach to use depends on the specific needs of an organisation, as combining both approaches can lead to high productivity and improved workflow.

Why not get in touch to see how we can help your business fully utilise both DevOps and ITIL to run your IT infrastructure and ITSM practice.

Strengthen your cyber security credibility through certification

Posted on: 6 July 2023

Cyber security continues to be of paramount concern for businesses of all sizes and industries. Protecting sensitive data, ensuring business continuity and building customer trust are crucial aspects of maintaining a competitive edge. But that’s not the whole story.

While improving cyber security measures are undoubtedly important, your business also needs to show credibility in being able to protect your systems and data to reassure your customers and partners. A great way of showing commitment to cyber security is through applying for recognisable certifications such as Cyber Essentials or ISO 27001.

Business benefits of certification

A Technical Roadmap to Cyber Security
Certification provides you with a framework of technical requirements that will safeguard your company from cyber threats. By working towards achieving these requirements, you’ll have a ready-made roadmap of what you need to put in place to greatly improve your cyber security posture. Even if you don’t end up going for the credential after all, it can still be a useful exercise to look at the requirements when setting your cyber security strategy.

Unlock New Business Opportunities
Many organisations now require their business partners to adhere to specific cybersecurity standards before engaging in collaborations. These often require you to demonstrate your high security standards through certification, opening the door to new business prospects and partnerships. So certification gives you a competitive advantage with these organisations and will position your company as a trusted and reliable partner in the market.

Demonstrate Cyber Security Commitment
Demonstrating your cybersecurity readiness by obtaining certifications like Cyber Essentials show your commitment to protecting sensitive data and maintaining a secure operating environment. This demonstration can build trust, enhance your brand image and help retain customers.

How to get started

As a holder of Cyber Essentials and Cyber Essential Plus certification, CACI are well-equipped to guide you through the process of becoming Cyber Essentials certified. We have cyber security experts who can perform a comprehensive risk assessment to identify and advise you on your cybersecurity needs – Find out more about our cybersecurity capabilities today.

CACI also has a range of other capabilities in Network Services – take a look at what else we offer.

Note:
About Cyber Essentials – NCSC.GOV.UK

Threat Management: Best practice for your business

Posted on: 1 June 2023

In my previous blog articles, I highlighted the most significant cybersecurity threats faced by businesses in 2023 and debunked five prevalent misconceptions surrounding threat management. Moreover, I emphasised that safeguarding against cyber threats demands an ongoing commitment rather than a singular investment. In this concluding blog post, I will outline the best practices to ensure the safety of your business.

Why is Threat Management so important?

Before we go into the best practice of Threat Management, let me explain its importance. The variety of threats has significantly increased and attack strategies have become more complex across the globe. Your Security Operations Centre (SOC) teams must prioritise cybersecurity capabilities and implement a practical Threat Management framework.

If a data breach can be detected sooner the blast radius can be significantly reduced, cutting the financial cost substantially and reducing any fines imposed. According to the data breach report published by IBM in 2022, companies can save more than £960K if they can detect a data breach in 200 days or less.

Therefore, an effective Threat Management plan is essential for your company to have the best chance of quickly detecting and responding to threats.

What’s the best practice for Threat Management?

Threat Management requires seamless integration between people, processes and technology to stay ahead of emerging threats and security risks. Here’s some advice on what you need for each element.

People – Establishing a cybersecurity culture
Your C-suite executives and Board members play a crucial role in establishing a cybersecurity culture. By formulating a governance structure and proactively communicating their expectations to the employees, leaders and managers can motivate them to learn the risks and cooperate with your company’s cybersecurity strategy.

Processes – NIST Cybersecurity Framework
I recommend the NIST Cybersecurity Framework (CSF 1.1) to help you effectively manage the threats. This is a set of guidelines published by the U.S. National Institute of Standards and Technology to mitigate cybersecurity risks for organisations. According to a survey in 2021, almost 48% of respondents said they were using this framework standard to map their control system. Furthermore, NIST will launch a new and more significant update to the Framework, CSF 2.0, in early 2024 to keep pace with technology and threat trends, integrate lessons learned and move the best practice to common practice.

CSF 1.1 comprises five primary functions: Identify, Protect, Detect, Respond and Recover. These functions are not intended to form a sequential path but are performed in parallel, forming an operational culture that addresses the dynamic cybersecurity risk.

Credit: N. Hanacek/NIST

Identify – This is the fundamental function for effectively using the Framework. Your SOC teams should thoroughly understand your business resources and risks. The activity categories include Asset Management, Business Environment, Governance, Risk Assessment and Risk Management Strategy.

Protect – Your SOC teams need to develop and implement appropriate safeguards to ensure the delivery of critical services. This function encompasses activities in Identity Management and Access Control, Awareness and Training, Data Security, Information Protection Processes and Procedures, Maintenance and Protective Technology.

Detect – This function refers to the activities to identify the occurrence of a cybersecurity event on a timely basis. The activities are categorised into Anomalies and Events, Security Continuous Monitoring and Detection Processes.

Respond – Make sure your SOC teams develop an action plan to respond to detected cyberattacks and other cybersecurity incidents. They can create activities around Response Planning, Communications, Analysis, Mitigation and Improvements.

Recover – This is a critical function to ensure business continuity in the event of a cyberattack. Your SOC teams can plan activities in Recovery Planning, Improvements and Communications for cyber resilience plans.

Technology – Leveraging different tools and new technology
Other than the threat management tools that I introduced in the last blog, your SOC teams can leverage various technologies such as Artificial Intelligence, Machine Learning, behavioural analysis, prediction tools and Internet of Things modules to automate parts of the Threat Management process. This can help ensure your data integrity and prevent any holes in your cybersecurity systems.

Conclusion

The success of a comprehensive Threat Management strategy hinges upon the active involvement of all your colleagues, beginning with your organisational leaders. By fostering a robust cybersecurity culture within your company, you can ensure that your colleagues receive thorough training and grasp the significance of cybersecurity. Through the seamless integration of streamlined processes and cutting-edge technology, your company will be able to swiftly identify threats and respond proactively, thereby fortifying information security and bolstering business continuity management.

How CACI can help

CACI has cybersecurity experts who can improve your business’s protection levels. Our capabilities include Zero Trust Network Architecture, Threat Analytics, Systems Hardening and Network Analytics. We can also perform a risk assessment to advise you on your cybersecurity needs. Find out more about our cybersecurity capabilities.

Notes:
[1] Cybersecurity standards usage control systems 2021 | Statista
[2] Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (nist.gov)
[3] Quick Start Guide | NIST
[4] Cost of a data breach 2022 | IBM

How do you start implementing Zero Trust Network Architecture?

Posted on: 30 May 2023

In my previous blog posts titled “Why do we need Zero Trust?” and “What are the benefits & challenges of implementing ZTNA?,” I discussed the rationale, benefits, and challenges associated with implementing Zero Trust Network Architecture (ZNTA). Now, the question arises: how can we effectively put the Zero Trust Model into action? In this concluding instalment of CACI’s Zero Trust series, I will provide a concise overview of the necessary steps to advance ZTNA implementation.

The Zero Trust Network Architecture deployment cycle

Below is a typical deployment cycle as created by the U.S. National Institute of Standards and Technology. Before you bring ZNTA to your company, you need to first assess your system and user inventory and then perform a business process review to understand the current state of your operations.

After creating the initial inventory, you should put in place a regular cycle of maintenance and updating as well as continuing to evaluate your business processes to progressively improve your architecture.

The Zero Trust Maturity Model

As I said in my previous blogs, Zero Trust is a transformative journey and you must invest considerable time and resources to build a mature Zero Trust Network Architecture. The model below shows you a gradient of Zero Trust implementation across five distinct pillars, where minor advancements can be made over time towards optimisation. It can be described using three stages, with increasing levels of protection, detail and complexity of adoption. All these descriptions are used to identify maturity for each Zero Trust technology pillar and to provide consistency across the maturity model:

Traditional – Manual configurations and assignment of attributes; static security policies; pillar-level solutions with coarse dependencies on external systems; least-function established at provisioning; proprietary and inflexible pillars of policy enforcement; manual incident response and mitigation deployment.

Advanced – Some cross-pillar coordination; centralised visibility; centralised identity control; policy enforcement based on cross-pillar inputs and outputs; some incident responses to predefined mitigations; increased detail in dependencies with external systems and some least-privilege changes based on posture assessments.

Optimal – Fully automated assigning of attributes to assets and resources; dynamic policies based on automated/observed triggers; assets have self-enumerating dependencies for dynamic least-privilege access (within thresholds); alignment with open standards for cross-pillar
interoperability; centralised visibility with historian functionality for point-in-time recollection of
state.

Unlike other technologies which are ‘all or nothing’ capabilities, Zero Trust is an extendable spectrum of capability. I know some companies may find it hard to reach the ‘Optimal’ stage because they must invest far more resources than they are comfortable with. Even though their technological capability may be mature enough, their IT team also needs to be upgraded and end-users educated in parallel. Technology and company culture are interdependent.

How CACI can help

CACI has cybersecurity experts who can improve the protection levels of your business. Capabilities include Zero Trust Network Architecture, Threat Analytics, Systems Hardening, Network Analytics and Next Generation Firewalls. We can perform a risk assessment to advise you on what cybersecurity you need.

Together, we can rethink your cybersecurity strategy in this cloud-first world – have you incorporated Zero Trust Model as part of your plan? To build the future of trust from ‘zero’, have a read of our Zero Trust Model whitepaper where we cover everything in this blog series and more. Download your copy now.

Notes:
[1] Zero Trust Network Architecture (nist.gov)
[2] Zero Trust Maturity Model (cisa.gov)

The Benefits & Challenges of Zero Trust Network Architecture

Posted on: 23 May 2023

In my last blog, I explained the reasons for transforming to a Zero Trust Model. In this next blog of CACI’s Zero Trust series, I’ll explore some of the benefits and challenges to implementing Zero Trust Network Architecture (ZTNA) in your business.

Benefits of implementing Zero Trust Network Architecture

ZTNA not only improves your network security, but also enhances your business processes and protects your end-users. A few of the ways in which you and your business can benefit from Zero Trust include:

Your Network

– Secure remote connectivity
Traditional on-premises architecture cannot support remote access at scale. ZTNA allows more remote users to securely connect to your company network via multi-factor authentication (MFA).

– Secure cloud adoption
ZTNA enables the classification of access rights on the cloud so that only authorised users can access your selected assets

Overall Security

– Improved data protection
You can secure confidential data by implementing least-privileged access control and strict user authentication. This minimises the blast radius in any data leakage incident.
– Protection against threats
Any configuration changes are automatically triggered and analysed for suspicious activities in ZTNA, keeping down the overall risk exposure.

User Enablement

– Enabling a global workforce
ZTNA sets up your network infrastructure so that global employees and business contractors can access your company network safely via a Virtual Protected Network (VPN).
– Optimised customer experience
ZTNA allows your customers to securely access any confidential data and to complete transactions anywhere by verifying their identities.

Challenges to implementation

Transforming to modern technology is always easier said than done. There are a few common hurdles to overcome in order to complete the Zero Trust journey:

‘Implicit trust’ in the legacy system

A few of my clients’ legacy systems still rely on ‘implicit trust’, which conflicts with the core principles of ZTNA. Some of their upper-layer applications are built from older protocols or conventions from when the public internet was a trustworthy space. These dated applications have been bolted onto security and data encryption layers since the evolution of technology.

You’ll need an appetite for bold change and significant investment to transform to ZTNA, and it won’t be built in one day! Most companies operate in a hybrid Zero Trust or perimeter-based mode while they make the transition.

No standardised frameworks for component creation

There are no standardised frameworks for creating commoditised Zero Trust components. Different frameworks are suggested by governments or experienced IT consulting companies based on their knowledge and experience. For instance, there are many competing products for user authentication, such as Microsoft Active Directory, Okta, Azure AD and OneTrust.

Insufficient workforce support

I’ve spoken to some companies that have admittedly not invested enough in their networking and security. This led to a lack of leadership support and security experts to drive their transformation to Zero Trust.

If this is the case in your business, you can partner with an IT outsourcing provider that will advise you on the best fit Zero Trust framework and equip you with a team of security experts to help you get there. We have some top tips on how to find the right IT outsourcing partner which you might find useful.

How CACI can help

CACI’s team of cybersecurity experts can help you improve the protection levels of your business, from Zero Trust Network Architecture, Threat Analytics, Systems Hardening, Network Analytics and Next Generation Firewalls. We perform a risk assessment to advise you on the comprehensive cybersecurity you need.

We also have experts in Cloud Network on-ramp Connectivity, such as Microsoft ExpressRoute, AWS Direct Connect, GCP Cloud Dedicated Connect and SASE/SdP/VPN technologies like Zscaler and Tailscale.

Stay tuned for my final blog, where I’ll be sharing some efficient ways to implement ZTNA. If you’d like the whole story, take a look at our Zero Trust Model whitepaper where we cover everything in these blogs and more. Download your copy now.