Micro Focus Network Operations Management Suite Supports SDN and Network Virtualization Engineering and Operations An ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) White Paper Prepared for Micro Focus December 2017 IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING
Table of Contents Executive Summary... 1 Network Operations Management by Micro Focus: A Network Monitoring and Automation Suite for the Modern IT Organization... 1 The Network Engineering and Operations Challenges of SDN and Network Virtualization... 2 The Importance of SDN-Ready Network Change and Configuration Management... 2 The Importance of SDN-Ready Network Availability and Performance Monitoring... 3 Micro Focus NOM Supports Next-Generation Networking... 4 Evolving NOM Fault and Performance Monitoring for SDN and Network Virtualization... 4 Evolving NOM Change and Configuration Management for SDN and Network Virtualization... 5 Micro Focus NOM: From SDN to the Software-Defined Data Center... 6 EMA Perspective... 7 About Micro Focus... 8
Executive Summary Software-defined networking (SDN) is no longer hype. Enterprises are evaluating, testing, purchasing and deploying the technology today. SDN adds new network elements, new abstractions, new protocols, and new device relationships to data center networks. To ensure that enterprises succeed with SDN, network management tools must evolve to support these new architectures. Network fault and performance monitoring tools along with network configuration and change management (NCCM) tools have an important role to play in future SDN engineering and operations. Many of the network management challenges that SDN presents to enterprises are addressable by existing tools, as long as those tools evolve to work with SDN. This white paper explores how network management tools should adapt to SDN. It also explores how Micro Focus Network Operations Management Suite is adapting to SDN and leveraging integrations within its core components, Network Automation and Network Node Manager, to offer enterprises a single state-of-the-art network management solution for their combined SDN, virtual and traditional networks. Network Operations Management by Micro Focus: A Network Monitoring and Automation Suite for the Modern IT Organization Before enterprises deploy next-generation technologies like software-defined networking (SDN) and network virtualization, they must first address a fundamental problem in their networking organizations. Network management tool sprawl is undermining enterprise network availability and performance. Thirty-four percent (34%) of network teams use 11 or more tools to monitor and troubleshoot their networks. Another 24% use 6 to 10 tools. 1 These organizations need to consolidate and unify their toolsets as much as possible. The average network operations team detects 60% of all network problems before end users are affected. They rely on end user complaints to alert them to the balance of problems. Unfortunately, organizations that use larger toolsets are less effective at network problem detection. Those that use 11 or more network monitoring and troubleshooting tools discover only 48% of network problems before end users are affected. On the other hand, organizations that use 1 to 3 monitoring and troubleshooting tools are much more effective. They detect 71% of all network problems before end users are impacted. 2 Many SDN vendors offer integrated, proprietary management tools, which only add to the existing tool sprawl with which network managers are struggling. Network Operations Management (NOM), an integrated suite of network monitoring and automation software from Micro Focus, addresses this tool sprawl issue. NOM combines two proven network engineering and operations systems into one integrated solution. Its chief components are: Network Node Manager (NNMi), a network availability and performance management solution; and Network Automation (NA), a network change, configuration, and compliance management solution. The NOM suite integrates user-guided workflows and correlates data across the two core capabilities, giving IT organizations a more efficient and effective toolset. The NOM suite provides visibility into topology, network health, and device configurations. It also delivers network traffic and performance management capabilities, which can suggest or even automate network configuration changes. It supports user-guided 1 EMA, Network Management Megatrends 2016: Managing Networks in the Era of the Internet of Things, Hybrid Clouds, and Advanced Network Analytics, April 2016. 2 EMA, Network Management Megatrends 2016: Managing Networks in the Era of the Internet of Things, Hybrid Clouds, and Advanced Network Analytics, April 2016. Page 1 Page 1
workflows for diagnostics, optimizing the network, managing capacity, and documenting and validating policy compliance. And NOM provides tools for automating and orchestrating infrastructure changes to infrastructure. More importantly, Micro Focus is continuously enhancing the NOM suite so that network managers can apply these capabilities to next-generation SDN and network virtualization technologies. The Network Engineering and Operations Challenges of SDN and Network Virtualization ENTERPRISE MANAGEMENT ASSOCIATES (EMA) research has found that the majority of enterprises have some form of SDN activity inside their networking organizations, including both hardware-centric SDN underlays (e.g., OpenFlow SDN) and software-centric network virtualization overlays (NVOs). Most enterprises are in the early stages of their SDN journeys. Sixty-seven percent (67%) are researching, evaluating, testing or piloting SDN underlays in their data centers, and 68% are doing the same with SDN overlays. 3 Early adopters of SDN would prefer that their pre-existing management tools support SDN. As with any new technology, very few enterprises will rip and replace all of their legacy infrastructure to install SDN. Instead, most early SDN deployments will take place in mixed environments, where legacy and SDN infrastructure are integrated. IT organizations will want the infrastructure management tools that they use to manage legacy networks to work with these new SDN architectures. Otherwise, they would have to maintain multiple management tool stacks, which would only complicate operations. Enterprises will need to adapt their network engineering and operations tools to SDN, especially NCCM solutions and network monitoring solutions. EMA Recommendation: Enterprises should evaluate the roadmaps of their network engineering and operations software vendors to ensure that their existing tools will be able to manage software-defined networks and network virtualization. Network managers should look for evidence that vendors are investing in support of these new technologies. An ability to manage at least some critical aspects of leading SDN and network virtualization technologies is a good indicator. The Importance of SDN-Ready Network Change and Configuration Management While SDN technology makes network infrastructure more programmable, it does not ensure the enforcement of configuration and compliance policies. A Cisco APIC controller, for instance, defines traffic flows on switches; it does not audit the configuration files on those switches. NCCM tools which support SDN, however, serve this essential function. Furthermore, the SDN controller is, itself, a network device whose configuration must comply with corporate polices. Given that the SDN controller can centrally program the data-forwarding decisions of an entire SDN-based network, it is vital that NCCM tools can impose configuration and policy controls on these new network elements. In fact, EMA research has found that 32% of early SDN adopters need their NCCM tools to integrate with SDN controllers. 4 In an SDN environment, it will be especially critical for an NCCM platform to manage controllers. Controllers have the ability to push changes to switches automatically. To ensure that change and configuration policies are enforced, NCCM tools must be able to manage SDN controllers. 3 EMA, Network Management Megatrends 2016: Managing Networks in the Era of the Internet of Things, Hybrid Clouds, and Advanced Network Analytics, April 2016. 4 EMA, Managing Tomorrow s Networks: The Impacts of SDN and Network Virtualization on Network Management, December 2015. Page 2 Page 2
Clearly NCCM tools have an important role in these new networking environments. If properly adapted to work with SDN technologies, NCCM tools can help an enterprise enforce network configuration and compliance polices in dynamic and programmable networking environments. Furthermore, configuration management will play an essential role in specific SDN use cases, such as the software-defined data center (SDDC). In an SDDC architecture, all infrastructure and software components of a data center are abstracted into pools of resources that can be programmatically allocated to applications and services on demand. EMA research has found that enterprises consider configuration management a key enabler of SDDCs. Thirty-nine percent (39%) of SDDC-adopting enterprises are investing in configuration management tools to support SDDC initiatives. When EMA asked research participants to identify the most important aspects of an SDDC operation, the number two response (46%) was best-practice, repeatable configurations of software and infrastructure for workload deployment. 5 Adaptable networks make this possible. In terms of network management, SDN can deliver some of these capabilities to an SDDC. NCCM must fill the gap. While SDN centralizes and automates the provisioning of network connectivity and other network services, other elements of network operations will remain manual without a tool like NCCM. For instance, an NCCM tool will manage firmware updates and device configurations on switches in a Cisco ACI fabric, while the Cisco APIC controller focuses on setting and monitoring network policies on those switches. Also, most organizations start small with SDN and grow their deployments over time. SDN technology will coexist with legacy network solutions in data centers for several years. Network managers will require NCCM tools that work across both environments and provide a unified operating model The Importance of SDN-Ready Network Availability and Performance Monitoring Network availability and performance monitoring is a mature, well-understood technology in traditional networking environments. Its ability to model and understand the health and performance of individual network hardware devices has long been the first line of defense for administrators tasked with troubleshooting their networks. However, the growing use of SDN and network virtualization technologies challenges performance and availability monitoring platforms. SDN and network virtualization introduce a wide variety of new architectures that add new components and relationships to the network, bringing more dynamic change as well. The paradigm shifts from overprovisioning the network to right-sizing it, with rapid and elastic resizing. Hypervisors have introduced virtualized network connectivity that must be discovered, managed and monitored. This virtualization has also driven an architectural shift in data centers. The hierarchical, scale-up approach to data center networking (server access, aggregation, and core) has been replaced in many cases with a scale-out, flatter, leaf-and-spine architecture that is more complex from a management perspective. Furthermore, SDN, in its various flavors, redefines the roles and functioning of network hardware in these leaf-and-spine environments. Network monitoring platforms, for instance must be able to model and manage SDN controllers. They must also monitor the health and performance of virtual network functions (VNFs) like load balancers and firewalls, most likely in a heterogeneous, multi-vendor environment 5 EMA, Obstacles and Priorities on the Journey to the Software-Defined Data Center, January 2014. Page 3 Page 3
Network performance and availability monitoring platforms must not only model and manage these new SDN components. In order to provide a complete picture of network health in the data center, the monitoring platforms must also recognize and track the relationships between SDN components as well as handle the higher rates of network change and dynamism brought on by programmable architectures. Network monitoring technologies must adapt by enhancing their abilities to abstract the network, both at a device level and at an architectural level. They must be able to understand and correlate the health of individual components on a single network element to these abstractions, whether the abstractions represent discrete functions on a device or services that run over an SDN fabric or legacy technologies. They must form tighter connections to NCCM technologies, such as the integrated capabilities seen in Micro Focus NOM suite. Furthermore, given the dynamic nature of network virtualization and SDN, these monitoring platforms must be more automated in how they adapt to change and alert administrators about network problems. Micro Focus NOM Supports Next-Generation Networking Given the wide variety of SDN and network virtualization technologies currently on the market, managing a network element by element will no longer be a viable option. The network fabric becomes an essential configuration object. Management tools will need to offer more meaningful abstractions to define and manage such networks. With these new requirements in mind, Micro Focus is continuously updating and enhancing the NOM suite, with the ability to manage and monitor networks from a highly abstracted point of view. This strategy makes the NOM platform more adaptable to multiple proprietary and open architectures. Evolving NOM Fault and Performance Monitoring for SDN and Network Virtualization Micro Focus has boosted NOM s ability to model and monitor abstract components of network infrastructure within both physical and virtual network elements. For instance, Micro Focus has enhanced NOM s ability to model the individual components and interfaces of a physical device. NOM can apply this model to the higher-level abstractions introduced by SDN and network virtualization. This model serves as the foundation for managing the overall software-defined network, and it includes an understanding of how SDN controllers, physical devices, virtual switches, and virtual appliances work together to create end-to-end network services. A Cisco APIC controller, for example, can define an abstract network flow that comprises individual ports on multiple switches. Micro Focus NOM can discover, present, correlate, and drive root-cause analysis across such abstractions. Micro Focus NOM supports multiple vendors to SDN, including Hewlett Packard Enterprise (HPE) and Big Switch Networks OpenFlow controller-based networks, Viptela SD-WAN, VMware s NSX SDN solution, and Cisco s Application Centric Infrastructure (ACI) SDN solution. As enterprises adopt SDN in their data centers, the network becomes a mixed physical and virtual fabric, with Layer 2 7 functions proliferating as VNFs. Most network and fault management platforms have their roots in hardware-centric monitoring and management. In a software-defined, virtual environment, these monitoring platforms need a clear line of sight throughout the virtual network stack. Furthermore, these management platforms need to understand the service chains that application flows traverse across these mixed physical and virtual network environments. Without this service chain intelligence, a management platform cannot map application dependencies across the virtual and physical topology and identify where controls are implemented. The network becomes a collection of services, which must be managed as such. Page 4 Page 4
As these application flows traverse both physical and virtual elements, SDN controllers or cloud orchestration systems will sometimes be used to coordinate their paths. An SDN controller, for instance, might program the switch fabric to identify and take action on an application flow. The controller might also integrate with a virtual application delivery controller to insert Layer 4 7 services, such as application acceleration or load balancing, into the flow. Other deployments of these mixed fabrics could be more limited. An SDN overlay, for instance, could control application flows across the virtual network elements, but it might lack integration with the physical network elements. Network fault and performance management platforms must have visibility into both virtual and physical elements, with an awareness of the relationships between these elements and with visibility into the application flows that traverse them end-to-end. Micro Focus NOM monitors and manages virtual infrastructure and VNFs from leading vendors, including HPE, F5 Networks, Riverbed, Palo Alto Networks, Cisco, Citrix, and VMware. Its integrations with SDN and cloud orchestration platforms allow it to model, monitor and manage network service chains that use these technologies. Evolving NOM Change and Configuration Management for SDN and Network Virtualization NCCM platforms have replaced low-level scripts to helped enterprises keep up with frequent change in their networks, prevent configuration errors from creating outages, and enforce compliance policies to reduce security vulnerabilities. The programmatic and abstracted nature of SDN infrastructure will require NCCM tools to adapt in a variety of ways. First, the centralized network programmability introduced by an SDN controller makes the network far more dynamic. Therefore, bad configurations are implemented and propagated at even faster rates than before. The NCCM system s ability to track and manage these frequent network changes becomes more critical. Furthermore, SDN overlays add a software-based network layer on top of the physical network, and NCCM tools must be able to manage configuration and compliance in both layers. NCCM must understand the relationships between the new virtual and physical elements of an SDN architecture, especially when assessing policy compliance in these new networks. The programmatic nature of SDN allows for performance-driven adaptation. A controller can dynamically add new bandwidth and new flows to support increasing application demands. The Micro Focus NOM suite features a driver program in which Micro Focus adds new device support in its NCCM on a bimonthly basis with driver-pack releases. In addition, NOM already supports a variety of virtualization technologies that are integral to many SDN implementations, and it has the ability to manage many virtual switches, virtual network appliances, and hypervisor management platforms, including VMware and Cisco vswitches. Micro Focus also supports configuration management of VMware NSX overlay software. From an SDN underlay perspective, Micro Focus NOM offers change and configuration control over Big Switch and HPE OpenFlow controllers and the APIC controller in Cisco s ACI solution, giving it deep and broad configuration and change management control over core SDN technologies, complementing the SDN controller s functions. Together with its fault and performance management component, NOM understands the relationships between the different elements of SDN networks, which is critical for modeling how configuration changes will affect network services and network security. Page 5 Page 5
Micro Focus NOM: From SDN to the Software-Defined Data Center SDN is just one of many architectural phenomena impacting network operations and overall data center operations in enterprises today. Many enterprises are also adopting the concept of the software-defined data center (SDDC), an architecture in which all the infrastructure and software elements of a data center are abstracted into pools of resources that can be orchestrated on demand for applications. SDN is a key enabler of SDDCs. Together, both SDN and SDDC architectures present new challenges to network operations that network management tool vendors must address. Micro Focus is also a leading provider of SDDC orchestration solutions, adding to its NOM network-centric management offering. According to EMA research, ensuring network performance is the number one concern of enterprises adopting SDDC architectures. 6 Enterprises identified troubleshooting and monitoring across physical and virtual networking as the third biggest challenge in SDDC environments. Additionally, EMA research has found that many early adopters of SDN are struggling with troubleshooting and maintaining visibility into these new networks. To ensure that network operations teams can support these new architectures, network performance and fault management platforms must also be designed to support SDN and integrate with broaderfocused SDDC solutions. SDDC architectures, in particular, will heavily rely on network virtualization software, and management tools must support them. Micro Focus NOM has evolved to meet these new requirements. As mentioned above, NOM provides visibility into VMware virtual switching infrastructure and VMware NSX overlay software, to provide operational monitoring and control across physical and virtual networks. To date, approaches to SDDC operations have been very server-centric, which can result in suboptimal networking. Network management tools that provide visibility into SDN and network virtualization and integrate with broader SDDC management solutions, will give network managers the functionality they need to help optimize the placement and balancing of workflows. The NOM suite s NCCM capabilities are also evolving to support SDDC architectures. Network function virtualization (NFV) is a major use case of SDN. It involves the abstraction of hardware appliances such as firewalls, load balancers, and routers as software appliances and the dynamic insertion of these VNFs into the network fabric. NCCM tools need to be able to manage these virtual appliances. More importantly, NCCM tools need to be topology-aware so that they can control the configuration and compliance of these VNFs as software-defined networks automatically provision them for application performance optimization, elephant flow mitigation, distributed denial-of-service remediation, and other use cases. Micro Focus NOM is aware of relationships between the virtual and the physical elements, ensuring that its NCCM component can document and audit the configuration changes brought on by SDN s rapid provisioning of flows in these particular use cases. This NCCM intelligence is also contextually available in NOM s fault and performance management workflows, further streamlining SDDC operations. This reduces the complexity for users, especially in network operations, where dealing with new technologies is often a challenge. While many of these VNFs are integrated into Layer 2 and Layer 3 SDNs, enterprises need end-to-end management, not just a service insertion point. This requirement stretches beyond NCCM platforms to network performance and fault management tools. These management tools need to work collectively 6 EMA, Obstacles and Priorities on the Journey to the Software-Defined Data Center, January 2014. Page 6 Page 6
to manage virtual network function lifecycles, from provisioning and configuration to compliance to monitoring and troubleshooting and, finally, de-provisioning. These tools must also work with broader orchestration platforms or use APIs to ensure that they are aware of changes imposed on the network by platforms like OpenStack. The network engineering and operations components of Micro Focus NOM are tightly integrated. As Micro Focus adds more support for SDN and NFV, this integration will enhance the lifecycle management of VNFs in SDDCs and SDNs. Micro Focus NOM can already document and audit changes made to virtual load balancers and firewalls, for instance, and then it can track the health and performance of the components and interfaces on these virtual appliances. The NOM suite can manage the entire lifecycle of VNFs, from spinning up to managing, monitoring, and spinning down of functions. Third-party orchestration platforms are increasingly instantiating VNFs in SDDCs. The exploration of integrations with these orchestration platforms will help put these new network functions under management, apply security and service quality policies, and ensure compliance. EMA Perspective Adoption of SDN and the use cases it enables, including SDDCs and NFV are growing. A sizable minority has already deployed the technology in production, either in the data center or in the widearea network in the form of a software-defined WAN. These early adopters have revealed how critical it is for network management tool vendors to adapt to SDN. As EMA research has found, enterprises are turning to SDN for better business agility and simplified operations to support new business initiatives. The programmability of SDN, for instance, can allow the network to rapidly support new revenuegenerating applications. However, adding a new tool stack for managing these new architectures is counterproductive to the whole exercise. More management tools translate into increased operational complexity, which counteracts the agility gained by these new architectures. Network monitoring and network change and configuration management tools have an important role to play in future SDN engineering and operations. With the arrival of new network elements, new network abstractions, and new technologies like Cisco APIC, these tools must adapt. Solutions must be able to manage and audit the configurations of all elements of an SDN architecture and of traditional network architectures. They must be able to monitor new network elements like SDN controllers and adapt to work with virtualized network elements that previously existed only in hardware form. They must understand the relationships and dependencies within new SDN architectures and develop policy languages that can be shared and integrated with other management platforms, to ensure network operations and engineering teams have a common toolset that can provide a complete picture of these automated and abstracted networks. SDN also enables a much more rapid acceleration of technology adoption by disrupting the long hardware-refresh cycle. They must be able to understand the new relationships among the networks elements inside a software-defined network as well the relationships that the SDN infrastructure has with traditional networks. The NCCM and network monitoring capabilities of Micro Focus NOM support both traditional and core SDN technologies today and provide a roadmap for supporting emerging SDN architectures and helping to accelerate their successful adoption. As Micro Focus adapts the NOM suite to and for the future, enterprises will have a tried and true end-to-end network management toolset that will allow them to optimize and manage their growing SDN networks, as they replace existing infrastructure over time. Page 7 Page 7
About Micro Focus Micro Focus is a leading global enterprise software company uniquely positioned to help customers extend existing investments while embracing new technologies in a world of Hybrid IT. Providing customers with a world-class portfolio of enterprise-grade scalable solutions with analytics built-in, Micro Focus delivers customer-centered innovation across DevOps, Hybrid IT, Security and Risk Management, and Predictive Analytics. For more information visit www.microfocus.com/networkmgt or www.microfocus.com. About Enterprise Management Associates, Inc. Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst firm that provides deep insight across the full spectrum of IT and data management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help EMA s clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise line of business users, IT professionals, and IT vendors at www.enterprisemanagement.com or blogs.enterprisemanagement.com. You can also follow EMA on Twitter, Facebook, or LinkedIn. This report in whole or in part may not be duplicated, reproduced, stored in a retrieval system or retransmitted without prior written permission of Enterprise Management Associates, Inc. All opinions and estimates herein constitute our judgement as of this date and are subject to change without notice. Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. EMA and Enterprise Management Associates are trademarks of Enterprise Management Associates, Inc. in the United States and other countries. 2017 Enterprise Management Associates, Inc. All Rights Reserved. EMA, ENTERPRISE MANAGEMENT ASSOCIATES, and the mobius symbol are registered trademarks or common-law trademarks of Enterprise Management Associates, Inc. Corporate Headquarters: 1995 North 57th Court, Suite 120 Boulder, CO 80301 Phone: +1 303.543.9500 Fax: +1 303.543.7687 www.enterprisemanagement.com 3637.112917 Page 8 Page 8