Agencies can alleviate problems with intent-based networking

Eric Stuhl, the director of enterprise networks and security for Force 3, makes the case for software-defined networking to help agencies modernize their networ...

Federal agencies currently face numerous enterprise networking challenges, including modernization, the skills gap and network sprawl. To be successful, agencies must leverage new technology to create a modern network solution that can handle the different types and sheer volume of devices they have connected to their networks every day.

Current network problems

Think of an enterprise network as the foundation of a house. Many agencies have strong foundations that were built years ago, and while they are fundamentally sound, they are not adapted to meet the demands of the modern environment. These networks haven’t been updated or adjusted to the needs of the recent digital transformation. The digital landscape requires agencies to do business in new ways and achieve results using new tools.

One current challenge facing agency networks is modernization. Agencies across the federal landscape are working with aging hardware and legacy technology. This older equipment was designed with one purpose in mind: To send information from point A to point B. Unfortunately, most networks were created before the explosion of video and the increased demand for high bandwidth and speed. Today’s networks must adapt as technology continues to evolve. Identifying and efficiently allocating scarce resources to address the systems that need the most attention can be overwhelming to understaffed IT teams.

Network sprawl is another issue. The number of devices and non-compute resources connected to federal networks is growing exponentially. In addition to traditional computing devices, an agency might have anything from medical devices to IoT bases that connect in, and they need to be able to understand, protect, and provide a framework for all of them. It’s a challenge to manage this proliferation of devices in an efficient fashion. As a result, chief information officers are finding it difficult to manage and maintain their massive networking footprint.

Enter intent-based networking

With intent-based networking, a network administrator defines a desired state of the network through automation and software-defined methodologies. This allows agencies to shift the burden away from overloaded network administrators, who can then proactively define how their networks should operate. It puts a layer between the network infrastructure and the users who want to access it.

At its core, intent-based networking moves away from the traditional configuration of a network to include an abstraction layer that generates a policy, usually a controller, which acts as the “brains” of the network. This controller stores an infinite amount of technical details on how to configure each individual piece or part of the network, so users and administrators no longer have to do that manually.

How intent-based networking benefits agencies

Software-defined access offers end-to-end automation and cross-platform orchestration. This allows agencies to create a centralized management system where they can develop and enforce consistent network policies, including implementing and managing a single security policy across all access points.

The automation and orchestration that comes with intent-based networking will also save time and limit redundant tasks. Agencies can reduce their margins of error, strengthen their security posture, deliver service more quickly and spend more time on strategy and innovation.

Agencies often choose to start implementing intent-based networking for mobility to reduce unnecessary human troubleshooting efforts. This allows them to securely manage all of their internet of things devices and proactively control user experience for both employees and guests.

The wide-area network (WAN) is another area where agencies will realize benefits like increased stability. Many agency’s WANs are variable, with connections to broadband, 4G LTE and MPLS circuits. Managing all of them as a whole is complicated.

A software-defined WAN helps agencies reduce costs by migrating away from legacy transport methods. It also helps limit the complexity of failover operations and offers zero-touch deployment in remote offices. A software-defined WAN offers application-aware link selection and helps agencies move to a truly active-active model with any number of links.

How to get started

The first step is to assess the infrastructure as a whole to determine where you can make the most impact. For example, if there’s a spot lagging behind in terms of development or modernization, then start by updating that area. It’s also a good idea to identify a smaller area of the network to pilot the changes before implementing them across the entire network. For a software-defined WAN, identify three-to-five sites, move them over to the new technology, build out the underlying templates and control plane, and then see the benefits from the software-defined environment. This will provide an understanding of the methodology of how to move away from legacy technology for the rest of the network and demonstrate the potential impact of this upgrade.

It’s also a good idea to roll out these changes at the edge of the network rather than the core, either in a lab environment or in a resilient area of the network that could withstand an outage during the process without compromising the agency’s mission.

Once an underlying framework is in place, with policies to drive the network, expanding the network becomes as simple as adding resources under the control of that software-defined environment. Look for regions that will provide the most return on investment, find the areas at risk and adapt those into the new environment. This will ensure continued growth and enhanced stability and security of the agency’s mission.

Eric Stuhl is the director of enterprise networks and security for Force 3.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.