White Paper
All contents are Copyright © 2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 11 of 15
Once these templates are developed, they can be set up within configuration management tools
and allow rapid deployment and configuration baseline/auditing to verify networkwide compliance
of the devices to the template.
This seems like an obvious solution. It is a simple high-value function that will ultimately save a lot
of rework by the network engineering team and increase productivity.
Service Provisioning
Extending the idea of architectures and standards as well as configuration templates is called
service provisioning. Based on the architecture work and resulting design standards, service
provisioning is about using the commonality in the network and creating generalizations.
With this paradigm, projects become very similar and are about providing network access, whether
it is for remote office staff or for a server; a network is about providing and controlling access.
To support this, interface configuration templates, which can be easily deployed to network
elements, can be developed to provision access for a PC, a phone, a server, or an access switch.
These templates can be set up as configuration tasks in tools so that engineers can deploy them
more easily. Over time as confidence is established, this work can be delegated to the server or
data center teams for server ports or to the desktop team for PC ports.
This capability will extend the productivity of the team and release resources to continue working
on architectures and be more proactive with the capacity management of the network.
Automation
Automation provides a solution for scaling operations specifically in the area of resourcing. Going
forward, there is little choice to use tools for automation. To handle the size of the network, hiring
some additional resources may be required, but network engineering resources are difficult to find
and hire, and without these additional resources, it is simply not possible to manage a large
network, and important operational functions won’t be completed. This is where automation
provides a solution to this problem.
Automation has one other problem: people need to gain confidence in the tools and the required
processes; otherwise moving towards automation cannot happen. To assist a simple process of
testing, gaining confidence is a key factor.
Integrated Confidence Building and Impact Mitigation
For an example, consider a software upgrade to all remote routers in the network. A software
upgrade of approximately 2500 devices is required to be completed ASAP; the risk business
impact needs to be mitigated as much possible.
The idea here is simple; mitigate risk, and control the rollout of the software, reducing the
probability of software causing problems or the tools causing problems.
The metaprocess for the above example would be as follows:
1. A Cisco PSIRT is published.
2. The configuration management system assists in identifying affected devices, 2500 routers,
and the proposed resolution.
3. The vulnerability management process is instigated, the impact is verified, and a resolution to
upgrade the routers is proposed.
4. The software is certified by the New Product Certification process.