Network automation is an excellent way for organizations to speed up their practices and rapidly scale aspects of their networking processes, configurations, and testing. However, done incorrectly, network automation can also propagate major issues on a large scale; imagine a machine doing a task incorrectly over and over without supervision, spreading the mistake throughout your organization. Network automation can be a path toward improving the speed, resilience, quality, and intelligence of networks, but it’s important to do it properly from the outset, or you risk creating a bigger headache than you bargained for.
High-quality network automation tools are the key to ensuring your processes don’t go haywire, and there are numerous software solutions available for you to try. My recommendation is SolarWinds® Network Configuration Manager (NCM), a well-known, stable, and well-supported tool. It provides high-quality network and configuration automation, which is especially useful because tracking configurations by hand tends to be labor-intensive and error prone.
What Is Network Automation?
Network automation is the process of setting up software to automatically manage, configure, test, deploy, and operate network devices (whether they’re physical or virtual). It improves efficiency in large enterprises and can often reduce the operating expenses and human error associated with manual management. Manual approaches are becoming increasingly impossible with the growing number of devices in enterprises. Increasing IT automation is becoming essential for many businesses.
Some network automation tools allow network device mapping and device discovery, while others provide network configuration management, network resource provisioning, or capacity planning. Network automation can be primarily script-driven (i.e., using scripting and programming languages to execute tasks when a trigger appears) or software-based (also known as intelligent network automation). I’ll cover software-based tools today, as they can almost completely eliminate manual task performance.
Best Network Automation Tools
The purpose of network automation tools is to improve efficiency, reduce human error, and reduce operational expenses as a result. There are many types of tools for network automation. For both script-driven and software-based network automation tools, there are several kinds of platforms and interfaces.
There are also many open-source network automation tools, including Ansible, Puppet, and Chef. These are decent and widely used tools for certain use cases, but they don’t have the out-of-the-box capabilities, easy-to-use interfaces, and vendor support of tools designed specifically for enterprise use. I won’t go into these open-source tools, as they’re covered widely elsewhere, and there’s plenty of information about them already. Instead, I’ll cover tools specifically designed to act as enterprise-grade IT management platforms. Many of these network infrastructure vendors provide software-based platforms with network automation tools alongside other monitoring tools.
My top choice for network automation software is SolarWinds Network Configuration Manager (NCM). NCM is easy to install, use, and set up, and the interface is user-friendly. This means it’s simple to get started, and you have a complete network configuration automation system right at your fingertips.
NCM allows you to perform quick and widespread configuration changes, leveraging network automation to make these adjustments in bulk. Bulk adjustments save time and can reduce the human error involved in trying to complete this process manually. NCM also allows you to design change templates and configurations, which means you can roll them out automatically and apply them to new devices or push new configurations across hundreds or thousands of devices on an as-needed basis.
Additionally, NCM tracks and records your device configurations and alerts you if a change has been made. If a change results in issues, you can immediately revert the change or quickly troubleshoot. You can also see whether an unauthorized configuration change has been made. This tracking (alongside the use of internal security policies and standards) allows your organization to maintain compliance with regulations. NCM can also audit your device configurations to ensure they comply and alert you to any vulnerabilities, such as operating systems needing to be updated. It also integrates with the National Vulnerability Database, so you can be alerted when a known vulnerability is detected in your system. NCM can then roll out a bulk change to fix the vulnerability.
Finally, your device configurations can be backed up, managed, and restored through the platform, which means you can quickly revert to an old configuration if a fault occurs or restore from a backup if there’s a failure or error. NCM provides the most critical network automation features, and it’s a high-quality tool with out-of-the-box configurations and compliance reports to help you get things started quickly.
NCM is available to try free for 30 days on the SolarWinds website.
Kiwi CatTools® is a simple, yet powerful network automation and change management tool built with the needs of small business networks in mind. By making it easier to schedule automated device configs backups for routers, firewalls, and more, Kiwi is designed to help you avoid having to scramble to rewrite inline code if there are issues with network device configurations.
Kiwi CatTools supports the backup activity via TFTP using its built-in TFTP server, which makes it easier to back up configuration files, improves efficiency and control when deploying config changes in bulk, and simplifies rolling back to previous, good configurations. These automatic backups can also be set in custom time intervals to not disrupt prime business hours. Kiwi CatTools includes native device support for dozens of IPv4 and IPv6 device manufacturers, including but not limited to Cisco, HP, 3Com, Enterasys, F5, Huawei, and Juniper.
Kiwi CatTools can also automate network alerts to send email reports when it detects configuration changes on devices, so you can track unauthorized device config changes and possible security risks. You can also use Kiwi to view and analyze changes between configurations, like comparing startup and running configurations or current device config and most recent backup, either in the console or report to inform your troubleshooting efforts. You can try Kiwi CatTools for yourself free for 14 days.
ManageEngine Network Configuration Manager is another excellent choice of network automation software. It works on a script-driven basis, using templates called “Configlets.” Configlets help the user execute commands to change passwords or enable SNMP, access control list commands, or other configuration changes. Template Configlets are already a part of ManageEngine Network Configuration Manager when you install it, but you can also add them manually if you need to customize something.
Configuration change scripts can all be automated using something called “Script Execution Mode.” This includes commands requiring user confirmation, and they can be automated even if there’s a delayed response after command execution or if you want to change the order in which scripts are executed. You can schedule all kinds of configuration tasks however you choose, and Configlets can be set up to prevent work from being repeated. You can schedule tasks to run hourly, daily, weekly, monthly, or as needed. When a Configlet is executed, you’ll receive an email notification.
It also includes tools for real-time change management, user activity tracking, and compliance auditing. You can test out a free trial of ManageEngine Network Configuration Manager for up to 30 days.
Lan-Secure Configuration Center is a network management tool designed to allow you to automate configuration rollouts, run backups, monitor the history of configurations, and restore old configurations. It’s a vendor nonspecific tool and is specifically designed to be used in a multivendor device environment. It operates by using Telnet, SSH shell protocols, and SNMP protocols.
It can be run manually or automatically, and you can set it to run at specific dates or times. Lan-Secure Configuration Center includes automatic auctions such as command execution, sending SNMP traps, or notifying you by email when configuration changes are made. With reporting, logging, and exporting capabilities, this is a good basic tool.
Lan-Secure offers their enterprise version priced on a per-switch basis, but you can try a free trial of Lan-Secure for up to 30 days.
BMC provides numerous network monitoring and operations management tools, but TrueSight Automation for Networks is specifically designed for network configuration management and automation. You can use this tool to roll out broad configuration changes and roll them back or change tracking when necessary. It works using a policy-based approach with templates, customized rule sets, and integrated change management. With preconfigured policies designed to match up with regulatory requirements, you can also ensure your compliance needs are met.
TrueSight Automation for Networks includes threat remediation tools—such as automated vulnerability management and response—and uses the NIST National Vulnerability Database to identify vulnerabilities and update devices.
TrueSight Automation for Networks is a high-quality tool with many features, but it’s not as user-friendly as it could be. There’s no way to take the entire system offline or trial configurations, which can lead to a complex process of rollouts and rollbacks. It’s much easier to link with enterprise systems than tools such as Chef and Puppet, but it definitely requires some scripting experience to get started.
Though BMC offers free trials for some of their products, it appears they don’t offer one for TrueSight Automation for Networks.
Choosing an Automation Tool
Looking at all these options may seem a little overwhelming. However, the best approach is to consider whether the tool is designed for your purpose. Are you looking for something for enterprise-grade IT management, something for a small business, or something to test out? Tools such as Ansible, Puppet, and Chef are well-known, but they take time to set up and may not be suitable for a business needing tools they can use from the get-go.
The best network automation tools should always be easy to use. For enterprise-grade IT management, my top recommendation is SolarWinds Network Configuration Manager: they’ve provided solutions in the field of network automation for a long time, and they know what they’re doing. In addition, NCM integrates well with other SolarWinds products, allowing you to set up a full system for your organization without much effort.
*As of October 28, 2020