Developers at ISS had moved to adopt a DevOps model, which requires an agile infrastructure that can handle constant changes. Networking was becoming a bottleneck to the speed of business. “We were not even close to being agile enough until we started really adopting some of these automation processes,” Jabro said.
Security, too, fueled ISS’ deployment of NSX. “We have a very heavy developer community at my company, and shadow IT is happening all over the place,” Jabro said. “So going with a product like NSX, to be able to really lock down our security posture inside while still allowing them the ability to spin up VMs in the environment and have automatic firewall rules in place to allow them to be as accessible as they need, right off the bat, is a huge deal for us.”
What to automate?
“When you think about the number of steps that occur between the time a VM is initially built to something that is in the end deployed with a network and a firewall – the hardest part is nailing down everything you have to do to get to that point,” Pietrewicz said. Processes can entail hundreds or even thousands of steps that cross roles, departments and systems.
The University of New Mexico has gotten to the point where it can deploy VMs with a base firewall rule set and a base network as part of the blueprint, Pietrewicz said. But the work isn’t done. A plethora of tech choices leads to more operational challenges.
“Where you used to have one or two options for firewall, now you have thousands. Tags and policies can go in any kind of direction,” Pietrewicz said. “When somebody says, ‘I need this port opened on this machine to this group of IPs,’ the number of tags, and the general flexibility of the product is making it so that right now, we are still trying to figure out exactly what our operations looks like, after that initial deployment. We keep having to bring everybody back in the room together to have the conversation – our security team, our platforms team, our network team – ‘what are we really doing here?’”
Greater standardization is imperative and can smooth deployment hurdles.
Going through the process of automating certain network options made it clear to IT leaders at IHS Markit that they needed to standardize more things in the environment, said Andrew Hrycaj, senior network operations specialist at IHS Markit, an information and analysis firm based in London.
“When you have to bring an automated component into your network, into your infrastructure, and you continually have to punch these things out, it forces you to create standardized processes so that people will follow them,” Hrycaj said. “And then, it creates a well-defined service offering. If your developers, your security – if everyone knows what they will get out of your infrastructure, then there are less questions.”
Sign up for CIO Asia eNewsletters.