Chapter 7. Phase One: Identifying Challenges
The first phase in the transformation to Intent-Based Networking (IBN) is to determine the state of the campus network and the organization. Because an Intent-enabled network, and thus a network based on Cisco DNA, has a number of requirements that must be met, it is important to determine whether it is possible to transform the existing network to IBN at all. Because the transformation has an impact on the organization, some changes need to be executed within the organization as well.
The first phase begins with performing an inventory on the state of the campus network and identifying the challenges that can either block or provide resistance to the transformation to IBN. The word challenges is chosen on purpose. Challenges can be solved; however, problems can remain problems for a lengthier period of time.
This chapter describes a number of steps that you need to execute to obtain information and identify challenges that need to be resolved. These challenges are prioritized and summarized in an action plan that will be used in the next phase. The following steps are described in this chapter:
Challenges in Day-to-Day Operations
IBN primarily describes how a campus network should be operated to meet the everincreasing number of connected devices and complexity. IBN can therefore also be seen as a new method of running network operations in the (campus) network. However, a number of challenges related to day-to-day operations can affect the success of a transformation to IBN.
Of course, all network engineers are familiar with the OSI layers of abstraction with the process of encapsulation and decapsulation that essentially form the basis of any network infrastructure. However, users and managers just view the network as a single element that is just as common as running water or electricity. Because users and managers only see a single network (users, for example, don’t know the difference between 4G and WiFi connections), an analogy can be used to explain that the network is actually a foundation for the applications.
Every organization can be seen as a building or a house, each uniquely built and designed. On the top of the building we see all the applications required for the business to be able to run. This could be Office 365, Google Mail, an ERP system like SAP, but also your office applications and a fileserver to store all your documents. It doesn’t matter whether these applications run on-premises, in the cloud, or a combination. It’s just the collection of applications that the organization uses in day-to-day operations. Figure 7-1 displays this enterprise building.
Figure 7-1 The Enterprise Seen as a Building
At the first layer of the building, where the employee or contractor resides who wants to get access to the enterprise applications, the physical connection to the corporate network is described. It is literally the physical cable (or wireless network) that is used to connect the endpoint to the corporate network. The second layer is the equipment to which the physical cable (or wireless connection) is connected. These are the network switches, wireless controllers, access points, and routers that comprise a campus location network. Although an endpoint can be connected to the network, there is still no access to the application. That is because four pillars are required to be able to access the applications.
The first required pillar is the Dynamic Host Configuration Protocol (DHCP). DHCP is used to dynamically assign IP addresses to connected endpoints. If DHCP is not working, there is no IP assigned to the endpoint and thus no connection to the applications. Often, DHCP is managed by the server team and not the network operations team.
Note
Although it is possible to statically assign IP addresses to endpoints, this is not a scalable solution, and many enterprises rely on DHCP to provide IP addresses to endpoints (which is also recommended for wireless endpoints).
The second pillar is the Domain Name System (DNS). This service translates domain names into the appropriate IP addresses, like a phone book. DNS is a service that runs on top of the IP network, but if DNS is not working, it is often blamed on the network. While the IP network is functioning and traffic can flow, it’s just that the phonebook is not working.
The third pillar is the WAN connection or Internet connectivity in the case of a cloud application. If the WAN or Internet is down, there is again no connection to the applications.
The last pillar is security, which should be integrated everywhere. Cisco Identity Services Engine (ISE), as network access control, or a firewall could block access to an application for any number of reasons. If these services are not available, again there is no connection to the network.
This explains, in a simplified way, that for users to connect so easily to the enterprise applications, many elements need to be in order. Today’s enterprise networks, however, despite their complexity, are so reliable (and invisible), most incidents are initially blamed on the network and specifically the campus network. Some examples of frequently reported incidents are
“I cannot access application X, but I could access it yesterday. It is definitely the network.”
“Application Y is slow; must be the network. It’s that uplink again that you mentioned three years ago.”
“I cannot connect to the wireless network, and it’s not my computer because everything works at home.”
“I can’t log on to the computer; it is the network’s fault.”
“The wireless service is terrible. I only see 2 bars for 4G on my phone in the office. Please fix this.”
These and similar examples are quite common for many network operations teams. They face these types of issues frequently and probably spend quite a bit of time proving that not all incidents are network-related other teams should address the incidents related to application performance instead of the network operations team.
Besides the fact that the operations team spends quite some time disproving “it’s the network,” another aspect might play a role in the day-to-day operations. There has been a shortage of qualified staff for a long period of time (decades in the case of Europe). Besides a shortage of staff, the campus network has gradually grown in size and the connected devices. As the network is very invisible for many users and managers, chances are that the network operations team has not been growing in line with the growth of the network. The consequence is that the operations team is understaffed and trying to keep the network operational with too limited resources.
These two aspects together might indicate that the network operations team is under a lot of pressure and do not have time to look at alternatives, as they can be seen as firefighters continuously putting out fires in the foundation of the enterprise (refer back to Figure 7-1). They are too busy solving incidents and executing changes on the network (that take too long) and often must work overtime to update the switches because they are not allowed to do that during the day.
To determine whether IBN is a viable solution for a specific campus network, it is important to determine whether the preceding scenarios are applicable for the network operations team. If that is the case, then the network operations team will not have time available to perform extra changes or even consider changing the way they operate the network. This challenge (of being too busy) needs to be identified early on in the process so that appropriate actions can be taken to free up time within the operations team; otherwise, the network operations team will remain busy while the campus network continues to grow.
It is important to note that the network operations team should be engaged in the process of transformation to IBN as much as possible because most of IBN relates to their responsibilities.
Inventory
In most organizations the campus network is not being replaced very often. It is common to install the network equipment and keep it running for at least five years and for some network equipment even longer. Some enterprises, in fact, still operate with a wireless network that has not been changed since its initial operation, while the wireless access points have been superseded by three new versions. Other examples describe situations where switches were run in the default configuration. Determining the current state of the campus network requires performing a detailed inventory of the network infrastructure components within the campus network.
This inventory should be detailed and extensive and should also include information related to the capabilities for IBN. The output of this inventory should be registered with the help of the examples in Tables 7-1 and 7-2.
Table 7-1 Overview of Installed Hardware and Software
Device Family |
Device Type |
Device Name |
SW Version |
Update SW Required? |
Install Date |
Replacement Required? |
Replacement Moment |
Routers |
C2951 |
C1-RT01 |
15.2 |
No |
Jan 2016 |
Yes |
Jan 2021 |
Switches |
WS-C3650- 24PS-S |
C1-AS01 |
3.7 |
Yes |
Mar 2017 |
No |
|
Switches |
WS-C6509-E |
C1-DS01 |
12.2 |
N/A |
Oct 2014 |
Yes |
ASAP |
Wireless |
AIR-CT5508 |
C1-WS01 |
8.5 |
N/A |
Jan 2017 |
Yes |
ASAP |
… |
|
|
|
|
|
|
|
Table 7-1 is used to create a complete inventory of all campus network equipment and is validated against Cisco DNA and IBN readiness on both the software version as well as the hardware. For each device, an entry should be made and determined (in case of non-ready hardware) when the hardware is scheduled to be replaced. If there is no active lifecycle management (LCM) within the organization, that lack of LCM is a risk for the transformation, and a mitigation should be defined in cooperation with the appropriate stakeholders. If the campus network has multiple locations it can be convenient to add a column for the location name, as to be able to create an inventory impact overview per location.
Depending on the size of the campus network it is optional to aggregate the available data from Table 7-1 into an overview such as shown in Table 7-2.
Table 7-2 Aggregated Overview of Campus Network Hardware
Device Family |
Device Type |
Total Switches |
IBN Ready |
Remarks |
Switches |
WS-C3650-24PS-S |
40 |
Conditional |
Max 3 VNs* |
Routers |
C2951 |
2 |
No |
|
Switches |
WS-C6509-E |
3 |
No |
End of life |
Wireless |
AIR-CAP2602I |
200 |
No |
End of life |
Wireless |
AIR-CT5508 |
2 |
No |
End of life |
… |
|
|
|
|
*IP Base of the Catalyst 3650/380 provides maximal 3 virtual networks (or VRFs); switches running IP Services (ending with E in the SKU) can have maximal 64 virtual networks. |
||||
The aggregated overview in Table 7-2 can be used to determine the impact of creating an IBN-ready infrastructure. Because some switches might have to be replaced, it is possible that some steps of the transformation to IBN will be delayed. The primary cause for this is that financial administrations dictate that investments need to be depreciated over multiple years. It means that an investment last year needs to last for at least two or often four years. It is possible to replace sooner, but it means that the organization is willing to accept a financial disinvestment of the previously made investment.
The inventory should be a “living” document, so as soon as a network device is replaced with other hardware, the inventory should be updated. Also, based on this inventory, it is recommended to get a strategic decision from stakeholders that if hardware is to be replaced, whether due to failure or in normal lifecycle management, the new hardware must be IBN ready.
Level of Standardization
Another element that needs to be identified is the level of standardization. One of the principles behind IBN is that the specifics for an application or policy are pushed onto the network when it is required using predefined blocks of configuration (either CLI or model-based). There is a direct relationship between the level of standardization in the existing campus network and the success factor for IBN. In other words, when there is no standardization, it is not possible to automate changes on the network and thus enable IBN, whereas if there is a high level of standardization using standardized components, these components can easily be configured using automation.
As such, the level of standardization needs to be determined for several aspects of the campus network. Only those elements of a network that are standardized can be automated and thus be deployed onto the network when the intent is required. As a campus network design and its implementation consist of several components, the identification of automation level should occur for those different components as well. The following sections briefly describe each component.
Existing and Up-to-Date Wired Campus Design
If a generic campus network design exists that is applied to all campus locations, that in itself is a huge level of standardization. This means that the design (and thus the configuration) of each campus location is similar with the exception of location- or device-specific elements, such as management of IP settings, hostnames, and possibly local network function services such as DHCP and DNS. It is, of course, important to validate not only the availability of a campus design, but also whether the design has been kept up-to-date and implementations are consistent with the design.
Wireless Design
The same principle is applicable for the wireless design as well. Is a wireless network design available? Are the SSIDs used in the campus network consistent and preferably the same? Are the wireless parameters, such as guest network services, corporate wireless access, and possibly other wireless networks such as IoT and BYOD incorporated in the design? Is the design up-to-date and is the wireless network implemented accordingly? Are there specifics, like a deployment with FlexConnect or special VLAN use cases?
Shared Switch Configuration
Based on the common campus network topology, the switches on a campus have distinct roles and functions, such as access switches, distribution switches, and possibly core switches. Regardless of the role of the specific switches in a campus network, the configuration itself can be divided into three types of configuration:
Specific port configuration: This can be unique per switch but is commonly different between access, distribution, and core switches.
Layer 3 configuration: Contains all IP configuration for VLANs and the required routing to the core or the WAN router. This configuration is typically found on the distribution and core switch.
Generic (or global) configuration: Contains the hostname, Spanning Tree configuration (if applicable), other Layer 2 technologies such as CDP or VTP, management access control, Syslog, NTP, enabled services, control plane policing, and so on. This should all be in a highly standardized configuration similar across all types of switches. A standardized generic switch configuration can benefit in composing templates for the automation within the campus network.
It is important to identify what level of standardization has been applied to these types of configuration across all switches. A high level of standardization will greatly benefit a transformation to IBN because IBN relies heavily on standardized configurations.
Access Port Configuration
Traditionally, the campus network is configured per access port. Some companies adhere to a strategy of shutting down unused ports completely and only configure a port when needed, while others configure the port in a default VLAN with a default policy. The port can be enabled or disabled in the latter case. For the transition to IBN, all access ports will have the same port configuration, as the specifics are configured only when the connected device is known and the proper policy (or Intent) can be applied. A standard port configuration, applicable to all ports, is therefore recommended as a high level of standardization.
Uplink Standardization
Although this could be part of the generic switch configuration, are the uplinks from the access switch to the distribution switch standardized to a single port channel? Is a default port channel used for the communication to a local wireless controller, if applicable? The standardization of uplinks provides a metric of how standardized the current campus network is. The benefit of standardizing the uplink to, for example, PortChannel1, whether it consists of 1, 2, or 4 links, makes troubleshooting and configuring technologies like IP-Device Tracking much easier.
VLAN Configuration Consistent and Identical Across Locations
VLANs are used to logically isolate different types of devices on a physical network. If the VLAN numbering is unique per location, this would mean that there is a limited level of automation for VLAN assignment, and it would be nearly impossible to standardize for an Intent-enabled network. If the VLAN numbering is consistent and identical across all locations, however, whether for endpoints connecting to the network, native VLANs, or management traffic, this would be a huge benefit in the transformation to an Intent-Based Network.
Use Case: VLAN Standardization Across Branch Locations
SharedService Group has deployed a single SSID for all employees to use. Based on the identity of the endpoint, the VLAN override function is used to place that specific endpoint in the correct VLAN.
The choice for a single SSID was not only for configuration simplicity, but also to keep the number of broadcasted SSIDs to an absolute minimum.
As a single SSID is used with certificate authentication, it is possible for SharedService Group to centrally push the wireless settings via an Active Directory group policy. This means that the managed workstations are, once correctly imaged and bound to the Active Directory, automatically connected to the wireless network when the workstation detects the wireless SSID.
This central policy was highly standardized, and the different employees could work without problem. However, when employees started to move more frequently between offices and an employee visited a foreign office, the device could not connect to the network. The employee could manually override the wireless connection to the available guest services, but after a short period of time the connection was lost.
The cause of this problem was related to the VLAN assignment in combination with the group policy. The workstation assumed that as the SSID was available, it was at one of the corporate locations and thus the required connection. However, when that employee was visiting a location and the specific compartment for his business unit (VPN) was not configured at that location, the endpoint was successfully authenticated and placed into a VLAN that did not exist and was not connected. Therefore, the workstation could not connect to the network. The employee could manually select the guest network, but once the enterprise SSID was seen again, the workstation automatically attempted to connect to the corporate SSID and again was unable to receive an IP address, which created the assumption it was DHCP-related.
Eventually, SharedService Group decided to deliver all VPNs to all locations to solve this problem and allow employees to truly be mobile and work from any office.
This use case showcases the power of standardization of VLANs and how to use them. It allowed for a standardized configuration of the wireless network and made for easier changes. However, if the workstation that uses the network acts differently than expected, there could be two solutions. One is to override the VLAN numbering for each location, creating a less-standardized approach and thus a more complex environment. The second solution is to extend the VPNs to all locations, so that the wireless network remains standardized. The organization wisely chose the latter. The first option is valid but has consequences and can become a greater challenge when transforming to an IBN-enabled network.
Standardized Configuration Across Locations
The last task is used to determine whether the configuration of the wired and wireless network components is consistent across all locations of the campus network. In other words, does the configuration between two campus locations only differ in hostnames and IP addressing, or are there more differences?
These components can individually be scored on a level of automation, with a score of 1 for no standardization (or no answer) but up to 5 for full standardization (or confirmation). Table 7-3 provides an overview of the components and a method to note the score of the component.
Table 7-3 Inventory Table for Level of Standardization
Component |
Level of Automation (1–5) |
Existing campus network design |
|
Campus network design up-to-date |
|
Campus implemented according to design |
|
Existing and consistent wireless design |
|
Wireless design up-to-date |
|
Wireless implemented according to design |
|
Generic switch configuration |
|
Access port configuration |
|
Uplink standardization |
|
VLAN configuration consistent and identical across locations |
|
Standardized configuration across locations (factor 2) |
|
Although the scoring is not scientifically or statistically approved, it does provide a quick insight into which component could pose a challenge to transform the campus network toward IBN. A score of 4 or higher means that the component is standardized, and it is relatively easy to transform the network for IBN.
Maturity Level of an Organization
It might sound strange, but the maturity level of an organization can tell a lot about how successful any change will be. The maturity level has nothing to do with the age of an organization but is measured along aspects such as people, process, technology, and documentation. The maturity level of an organization provides insights into whether and how a network can be transformed to IBN. The maturity level namely provides information, at an abstract level, about how the organization is documented, whether it is working with or without procedures, how it embraces a vision, and other insights.
A number of frameworks are available that describe the level of maturity of an organization. Control Objectives for Information and related Technologies (COBIT) by ISACA is an extensive framework that provides control objectives for IT governance and IT management. The COBIT 4.1 version of the framework has a maturity model that is useful in this phase. Within this model are five levels of maturity defined that are used and referred to throughout the control framework. Without going into the details of this framework, these levels do provide a good view of how mature the IT within an organization can be. The following sections describe these levels.
Level 1: Ad Hoc
At this level, every IT-related action is executed on an ad hoc basis. If a new computer or switch is required, the computer that best fits the purpose for that task at that moment will suffice—usually procured at the local computer store around the corner. In general, level 1 organizations have a wide diversity of devices and no standardization within the entire IT infrastructure.
Level 2: Repetitive But Intuitive
At level 2, things start to improve. IT departments do not just arbitrarily select a switch or computer, but standardize on vendors and specific switch types, and start to repeat a number of IT operations. As an example, each switch is configured consistently with a proper hostname, IP address, and consistent VLAN(s). So if a switch is to be replaced, the IT department procures a switch in the same series and configures it based on the configuration of another switch. In general, the IT department is doing the repetitive tasks in the right way, but they know they’re doing it the right way with limited to no documentation. Responsibilities within the IT department are also unclear.
Level 3: Defined
At level 3, the intuitive controls from level 2 have been documented. There is a level of documentation in relation to design and operation of the IT infrastructure. The organization starts to identify risks and document them, although not completely in a managed methodology and taking a measurable approach. The organization has defined and documented its processes and responsibilities.
Level 4: Managed and Measurable
At level 4, the IT processes are not only defined, but include version control and have specific checkpoints within those procedures to allow external auditors to check that the processes and procedures have been executed correctly. Also risks to the operation of the business, from an IT perspective, are identified, documented, and possibly mitigated.
For example, a change procedure for the network infrastructure contains a quality check and needs approval from the change advisory board before the change can be executed. It is common for organizations that have ISO9001/9002 standards to have these kinds of procedures in place. Also, at this level, there is a vision and strategy related to the IT department, including vendor strategy and lifecycle management.
Level 5: Optimized
Although level 4 provides the identification of risks and controls to mitigate them, there might still be a way to bypass those procedures or controls. At level 5, there are alerts if controls are being bypassed, and management programs are established to continuously improve the risks, mitigations, and procedures. The IT organization actively practices internal control and risk management.
COBIT Framework Summary
In summary, the COBIT framework contains a huge number of controls and questions on a number of aspects within IT (such as procurement, backup, operation, and so on) that assist professionals to determine the maturity level of an organization and how that level can be raised if required. It is, of course, not required to perform a full COBIT audit for the transformation to IBN.
However, the IBN perspective (inherently) assumes a certain level of maturity of an enterprise. As an example, using design documents and having a technical architecture (or even being in the process of having or setting up an enterprise architecture) quickly moves an organization to a level 3 or level 4 of maturity.
If an enterprise is on level 1 or level 2 with regards to anything network-related, the chances of successfully transforming to IBN are slim to none. The risk of starting on the journey and having to change that journey every month because there is no consistent vision or strategy is just too high.
Therefore, part of this phase is to objectively determine the maturity level of the organization and decide whether an increase is required before moving toward technological change. Table 7-4 provides an overview of sample questions and the maturity level they correspond to if the answer is affirmative.
Table 7-4 Questions and Related Maturity Level
Question |
Maturity Level |
Does the enterprise embrace a single vendor strategy for procurement of IT? |
3 |
If so, is there a single vendor strategy for hardware and software for campus networks, such as Cisco Systems? |
4 |
Is there a form of lifecycle management of network devices and software (other than replace if broken) available? |
2–3 |
Is this lifecycle management documented? |
3–4 |
Is documentation of the campus network available? |
3 |
Is the documentation up-to-date and being kept up-to-date? |
4 |
Are change procedures documented? |
3 |
Are changes documented? |
4 |
Have there been discussions on availability? |
2–3 |
Did the discussions result in requirements and procedures? |
3–4 |
Does the organization hold ISO 9001/ISO 9002 certification? |
4 |
Is there an IT architecture available? |
4 |
And is it followed? |
4–5 |
Does the enterprise use IT management processes, such as ITL, PRINCE2, or others? |
3–4 |
Does each network administrator have its own account, or is a shared account used? |
2–3 |
Is role-based access control implemented, or is every IT staff member administrator? |
3–4 |
Does the enterprise have a strategy and vision in relation to how IT can service and benefit the business? |
4 |
Based on the answers of the questions in Table 7-4, it is relatively safe to guess at which maturity level the organization is. If most, if not all, questions are answered with yes, then the organization is between level 3 and level 4. If an organization is at level 1 or 2, it is important to first bring the organization to at least maturity level 3 before transforming the campus network to IBN because the chance of a successful transformation will be slim.
Stakeholders
The transformation to an IBN-enabled campus network is a strategic decision. Chances are that the transformation to an IBN-enabled campus network will not only take a considerable amount of time but will probably also bring extra costs and downtime as required changes are implemented. Although the desire to transform might be initiated from a network operations or network design team, or an IT manager, it is important to identify the stakeholders who can and will support such a long-term strategy in transformation.
Stakeholders are all responsible persons (or departments) within an organization that have either an interest in this strategy or are affected by the execution of this transformation. As the campus network touches many aspects of the organization, it is important to identify stakeholders for business operations, technical, architectural (if applicable), and financial level.
It is important not only to identify those stakeholders but also involve them in the decisions that you need to make for the transformation. They should be informed, and preferably the key stakeholders should also support you in the process of this transformation of the campus network.
A method to register and document the identified stakeholders within the organization is the RACI (Responsible, Accountable, Consultative, Informed) matrix. A RACI matrix is commonly used to visualize for specific tasks (or business processes) who is responsible for executing the task, who is accountable (only one is accountable), who provides support to the task (Consultative), and who needs to be notified of the output of the task (Informed). The same principles can be used within this step to document the identified stakeholders, both formally and informally. Use the Consultative and Informative columns for identified influencers. Table 7-5 provides a sample matrix that can be used.
Table 7-5 Sample Matrix of RACI Model
Task/Process |
Responsible |
Accountable |
Consultative |
Informative |
Remarks |
IT department |
IT team |
CTO |
CSO, CFO |
|
|
Security |
SOC team |
CSO |
CTO |
|
|
Budget |
|
|
|
|
|
Procurement of hardware |
|
|
|
|
Important to know if specific stakeholders influence hardware selection and procurement. |
… |
|
|
|
|
|
Primary business process |
… |
… |
|
|
|
Besides identifying these stakeholders, it is important to communicate why the transformation to IBN is needed and how you want to achieve that transformation. Explain why a big-bang transformation might fail and inform them of your balanced choices.
You should not just inform them once, but inform them periodically about progress and decisions. Keep those decisions at the level of the stakeholders, so that they will feel that you understand their concerns, and they will appreciate the effort and will more likely become part of the process. Their involvement is important to getting and keeping support during the journey. The chances are that at some moment in time an unforeseen disruption might happen or extra funding might be required for a big step.
In conclusion, identifying and involvement of stakeholders will assist in a smoother journey and keep commitment and involvement as to why the transformation is required.
Prioritize
As Rome wasn’t built in a day, the same is applicable for this phase. At this stage all kinds of information and challenges have been identified, whether they are organizational, lack of IBN-ready hardware, or resource issues. It will be impossible to fix all challenges at the same time, so there is a need to prioritize the identified challenges.
Prioritizing the solutions for identified challenges can be very difficult as the priorities might also change over time. However, a valid strategy can be applied in the prioritization of identified challenges, when the challenges are measured over the hierarchical aspects: chance of success, time, commitment, and budget.
The chance of success aspect is used to determine how successfully the existing network can be transformed to IBN. If the chance of success is greatly reduced by the identified challenge, then those challenges should be solved first.
Commitment is the second aspect that can be used to prioritize the challenges. If the organization lacks commitment for a transformation to IBN, then no resources, time, or budget can be made available. Lack of commitment also decreases the chance for support in executing mandatory changes that could impact the business.
The factor time is another aspect. This aspect is not intended for the time required to solve a challenge, but the available time to solve any challenge. If no time or resources are available, then it will be impossible to solve any other identified challenge.
The last but not least aspect is that of budget. Budget can determine whether certain challenges can be solved quickly or not at all—for example, a premature replacement of hardware or hiring extra staff to relieve the workload on the network operations team.
These aspects can then be used to prioritize the identified challenges of the previous paragraphs. Table 7-6 provides an example of how this can be applied.
Table 7-6 Prioritized List of Identified Challenges
Priority |
Identified Challenge |
Arguments |
1 |
Low maturity level of organization |
The organization has too low a maturity level. Too much is executed on an ad hoc basis; therefore, the enterprise first needs to mature and work via documented procedures. Risk of failure for IBN is too high. |
2 |
Stakeholders |
Not all stakeholders see the benefit of IBN; this will be a risk to get commitment on changes and other decisions to be made. |
3 |
Too high workload in network operations team |
The network operations team is too busy solving incidents, the software on the switches is not up-to-date, and changes are executed at the last minute. |
4 |
Hardware in network needs to be updated |
End of life hardware is found in the network. With a lack of commitment and lack of budget these devices will not be replaced. |
5 |
Level of standardization |
As much is executed ad hoc, there is no central design and guidelines. Each campus location turns out to be unique. |
Action Plan
The last step of phase one is to bundle all collected information into an action plan. The information obtained from the previous paragraphs is not only the identified challenges; the information also is implicitly a readiness scan of the campus network infrastructure and the enterprise. The action plan is used as a guidebook for getting support and approval of actions to be executed in phase two of the process. The action plan is a deliverable for this phase. Therefore, it is recommended to use a fixed format for that action plan that will contain at least the following sections.
Management Summary
The action plan should contain a management summary that describes briefly why the transformation to IBN is needed and how ready the organization is for the journey to Intent-Based Networking. A short, prioritized list of identified challenges for that journey is provided in the management summary with a proposal on the first actions to be taken.
If, based on the identified challenges, decisions are to be made by management, a decision list would need to be included in the management summary as well, to allow management to provide enough information to make the appropriate decisions. A management summary is typically one page—a maximum of two pages—long and contains the call for action (decision) for management to take. It is a great method to maximize the time available by executives for them to make validated decisions.
Analysis
In this section, the collected information from the different aspects, such as maturity level of the organization, identified stakeholders, and level of standardization is provided. At the end of each aspect, the identified challenges are described in a table and a recommendation on how to solve those identified challenges is included.
Action List
The prioritization of the identified challenges is used as input for this section. The prioritized list is amended with proposed solutions and a planned date for when that solution could be implemented. For example, if some hardware is not IBN ready, the solution could be to wait until lifecycle management has replaced the equipment and automatically the network becomes IBN ready. This could be a valid choice if other identified challenges require effort as well and could be executed in parallel.
Table 7-7 provides an example of such an action list. The action list should be as detailed as possible, including all items that need to be solved.
Table 7-7 Example of Action List Format
Identified Challenge |
Ready |
Remediation Is |
Planned Date |
Maturity level of organization |
No |
Document procedures and define a vendor strategy. |
2 months after approval |
Network designs available |
No |
Write design documents. Change network to follow design. |
3 months |
IBN-ready equipment |
No |
Replace wireless infrastructure. |
1 year |
Decision List
If, based on the collected information, specific decisions are to be made by management, these should be collected and bundled in a decision list. The decision list should provide enough information to allow management to make decisions that enable the transformation to IBN with the appropriate business case. For example, if a decision that needs to be made is in case of campus network hardware replacement, the organization needs to select IBN-ready equipment.
Estimated Timeline
This section of the action plan contains an estimated timeline for when the identified challenges could be solved.
The action plan is the final step of the phase and, once signed and approved by management, is the end of this phase. The action plan is used as masterplan or guidebook for some of the actions to be executed in phase two of the journey toward Intent-Based Networking.
Summary
The first phase in the transformation to IBN is all about getting information about the state of the campus network and the organization. IBN places a number of requirements on the campus network as well as the organization, because IBN is based on the Cisco Digital Network Architecture. To be able to successfully transform, it is important to know how the current network relates to IBN and what challenges might need to be solved to successfully move toward IBN.
To achieve this, a number of steps need to be executed and challenges related to these steps need to be determined:
Challenges in day-to-day operations: IBN is primarily a method for how a campus network can be operated. This is primarily a responsibility for the network operations team. Although it is common to have project teams execute changes on an infrastructure and at project delivery hand the changed situation over to operations, this does introduce the risk that the project will not be accepted by operations because the team is too busy or just will not accept that new tool or solution. IBN must become a true part of network operations, and to do so, the operations team needs to have time and resources available to make steps on the journey. It is therefore important to identify challenges in the day-to-day operations that can hinder that transformation.
Inventory: An inventory needs to be executed on all existing network devices used in the campus network. It is important to know whether both the hardware and the software are capable of running an Intent-enabled network.
Level of standardization: IBN is based on a high level of automation. Automation can only occur if the design and configuration of the campus network, both wired and wireless, are standardized. In this step, the level of standardization is determined.
Maturity level of an organization: Although it might sound odd for a phase within a technical transformation, the maturity level of an organization can be used to determine whether a transformation to IBN is possible from an organizational perspective. It also provides insight into how mature the organization is in relation to processes, documentation, and quality in general. IBN is a perspective on the Cisco Digital Network Architecture, and that poses a certain expectation on the maturity of the organization.
Stakeholders: Last but not least, it is important to identify the stakeholders. As the transformation to IBN will incur changes in configuration, potentially replacing hardware, there will be business-impacting changes. Identifying the correct stakeholders beforehand and obtaining their support are critical for the success of transformation.
Once all steps are executed, a number of challenges have been identified. It is impossible to solve all challenges at once; therefore, a prioritization process is used to determine the order in which these challenges need to be solved. The prioritization is based on aspects like chance of success, commitment, time, and budget.
All collected data will be bundled in an action plan. The action plan contains the collected data, the identified challenges with recommended solutions, a detailed action list, a planning of those actions, possibly a list for decisions to be made on the management level, and a management summary. The action plan is essentially the deliverable of this phase and provides insights into the current state of the campus network and which challenges need to be solved to transform the campus network into an Intent-Based Network. Once the action plan is adopted and approved by management, the action plan is used in the next phase.