Network assessments are the primary way organizations audit their networks. They were originally envisioned to provide an accurate view of the entire network and all its capabilities, but as networks have grown in size, the cloud has been introduced, and their complexity has risen, network assessments have been conducted less frequently and with far less depth than what is actually needed today to manage production IT service delivery. In fact, it could be argued that today's typical network assessments are done more for an audit and inventory review than for any production operations value.
As a result, it's common for organizations to only conduct network assessments every few years – often driven by compliance mandates – frequently spending hundreds of thousands of dollars on outside consultants who take weeks or months to conduct them. Even worse, the labor-intensive assessments being conducted today are typically based on representative sample data rather than comprehensive observation of the live network. What this means is today's assessments only provide a glimpse of the actual network as it was at some point in the past, not an accurate, up-to-date, detailed view.
And since this glimpse reflects a specific moment in time, today’s standard type of assessment quickly becomes obsolete as networks change, limiting the operational value of these labor-intensive assessments almost entirely.
What does a comprehensive network assessment look like?
Stepping back from how network assessments are conducted and viewed today, a network assessment could examine the design, performance, security, and operational status of network infrastructure to provide actionable insights on how to maintain the network. And if we eliminated the need for manual, labor-intensive execution and instead repeated the entire assessment every few hours or so, you would essentially be forming the foundation of a comprehensive outage prevention plan!
In this ideal world, network assessment would be a continuous and comprehensive process across the tens of thousands of assessment points that should be continuously studied in an enterprise. But getting there requires automation as it’s simply not possible to do this level of network assessment manually. With automation, network assessment can be transformed from an aged glimpse of the network to a dynamic outage prevention plan. It allows organizations to more broadly and deeply evaluate their networks to optimize performance, improve security, validate compliance, and, most importantly, ensure that the network consistently meets its business needs.
In particular, continuous network assessments provide a deeper, more comprehensive understanding of a network's operating conditions, enabling outage prevention when any of these conditions are detected and resolved proactively:
- Post-mortem analysis – enabling IT to assess whether similar issues exist elsewhere in the network following a network outage.
- Configuration drift – by enabling organizations to assess that their design and security policies are in effect as expected
- Operating status - including operational stability and performance
- Application delivery – by ensuring that the network has the required connectivity and performance as defined by the application architects.
- Network design – including routing, switching, overlay, and underlay
Specific examples of the kinds of network anomalies that should be part of the outage prevention plan include:
- Fault tolerance and failover – to ensure the resiliency plan is operational and available when errant conditions arise that require failover
- Network performance – including device/CPU memory, critical link utilization, link error, QoS design, and health
- Network compliance – verifying that the design of the network matches the intended configuration and has not drifted over time
- Security boundary and controls - checking these are in effect and preventing traffic from flowing where it is not allowed.
The key to more useful network assessments: No-code automation
No-code automation plays an indispensable role in continuous network assessment. It enables every subject matter expert, enterprise and network architect, security analyst, and application deployment specialist across the organization to describe and capture their list of conditions and behaviors that they expect from the network.
In aggregate, those “network intents” then form the basis for automated assessments that can be run continuously, on a schedule or on an event-driven basis. No-code enables institutional knowledge from subject matter experts to be transformed into assessment automation that can be automatically executed by the machine in minutes.
To combat the challenges of maintaining modern hybrid networks, IT must ensure business continuity and optimal performance on a proactive basis. Simply responding to trouble tickets and service requests is a losing game. Continuous network assessment offers the best way to get in front of this growing concern.
With automated assessments running frequently or continuously, the number and complexity of assessment points are limited only by the imagination and could quite easily look at the operating status of every device, verify access controls are in effect, and verify service delivery performance. And if this deep assessment was done often enough, say every day or so, it would detect operating anomalies long before production services would become degraded (since the root cause for nearly all outages can be traced back to human error that occurred long before the resulting incidents materialize). Simply put, continuous network assessment is outage prevention.
Song Pang is the SVP of Engineering at NetBrain.
Related articles: