Intent Based Networking: Turning Intentions into Reality

Monday, July 16, 2018

Avishai Wool

259aa33b32fc31717e8a18f2dc9edc19

Wouldn’t it be great if IT teams and network managers could simply outline, at a high level, what they want their enterprise networks to do, and then technology would automatically implement the changes across their infrastructure to make it happen?  That’s the promise of intent-based networking (IBN):  using machine learning and automation to provision and manage networks and enforce security policies automatically – without network administrators having to perform the operational tasks of actually making it all work.

First identified as the next big thing in early 2017, the industry really started taking note when Cisco announced its IBN portfolio in summer 2017. The portfolio provides an intuitive system “that constantly learns, adapts, automates and protects, to optimize network operations”, thereby replacing traditional, manual IT processes.

Cisco isn’t the only company looking to develop IBN solutions: other vendors, including Juniper and Veriflow, are also developing IBN solutions, while a number of IBN start-ups are also emerging.

Assessing IBN maturity

As such, it’s easy to see why IBN is appealing to enterprises:  it has the potential to ensure the needs of the business are quickly translated into an infrastructure that supports its specific requirements, and thus accelerate business innovation – all while making IT processes more efficient and easy to manage.  So what intent-based networking options exist today? Let’s take a look at some of the available solutions.

Orchestration: At a basic level, it is possible to automate heterogeneous, networks without intent and understanding, using an orchestration system to automate the configuration of firewalls and routers to some degree.

Early-stage dedicated IBN solution:Organizations can utilize one of the many intent-based products offered by one of emerging IBN technologies. However, while these solutions offer more advanced IBN capabilities, in their current maturity they have limited automation capabilities.

IBN in a single vendor environment:t it may be worth considering a full IBN implementation with one specific vendor, such as VMware NSX or Cisco ACI. This will enable an organization to integrate IBN with its own network fabric.

While there are a number of options available today, IBN technology is not yet mature enough to be fully implemented across an entire enterprise network. However, it is possible to put in place the building blocks required for IBN adoption, by aligning IT more closely with the needs of the business.

Intent on security

A key example of this is in network security. Network security policy management (NSPM) solutions already deliver on IBN’s promise of enabling faster application delivery – without compromising the organizations’ security or compliance postures.

An NSPM solution can automatically discover and map applications, including the network connectivity flows that support them, as well as identify the security policies associated with the connections, across a heterogeneous enterprise environment (on-premise networks, SDN and cloud).

With this capability, the NSPM solution enables business application owners to request network connectivity for their business applications without having to understand anything about the underlying network and security devices that the connectivity flows pass through. The application owner simply makes a network connectivity request in their own application-centric language and the NSPM solution automatically understands and defines the technical changes required directly on the network security devices. As part of this process the NSPM assesses these change requests for risk and compliance with industry and corporate regulations and, if the risk is low, it automatically implements them directly on the relevant security devices, and then verifies the process – all with zero touch.

Thus, normal change process requests can zip through—from request to implementation—in minutes, with little to no involvement of the networking team. Manual intervention is only required if a problem arises during the process, or if a request is flagged as high risk. As such, from a network security perspective,the potential of IBN can already be achieved with the right security policy management solution.

The future’s bright, the future’s IBN

IBN is undoubtedly an exciting advancement in networking, enabling IT teams to provision and configure networks a lot faster and in a much more secure way, with far fewer resources.  

By utilizing an NSPM solution, which enables application owners to express the business intent and then receive a continuously maintained, end-to-end path for their application connectivity provisioning, organizations are well placed to drive IBN initiatives in their organizations. 

About the author: Professor Avishai Wool is the CTO and Co-Founder of AlgoSec.

Possibly Related Articles:
34046
Firewalls Enterprise Security
security policy intent-based networking IBN Network security policy management NSPM
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.