3 Ways Network Managers Can Save Time with Intelligent Network Automation

Tanya: Thank you so much for joining our webinar today. We have Chanoch, who is our Director of Product Management, who is going to host our session today, which is titled Three Ways Network Managers Can Save Time with Intelligent Network Automation. And we’ve got some capabilities for all of you who are joining us today. You can chat any questions inside the chat feature on the webinar, and we will get to those questions either in the moment, or we’ll get to them at the end, and if we run out of time, then we will also follow up with you afterwards. And with that, I would like to introduce Chanoch who is one of the masters behind our entire platform, and he is probably one of the most knowledgeable people that I have met regarding network automation, and he’s here to share with you three of the use cases that we know network managers rely on the most to help them save time and accurately protect their network. So with that, I am going to pass it over to you, Chanoch. Here we go.

Chanoch: Thank you. Thank you, Tanya. I couldn’t present myself better. Okay, so thanks everyone for joining us today. So as the headline says, we wanted to give you some information about the automation capabilities of BackBox. We will delve today into three automation use cases. One is the disaster recovery capabilities of BackBox or how you back up and restore configuration on devices in network and security devices. The second use case will be a very interesting use case on how to upgrade your devices with BackBox, so OS upgrades and such patch upgrades. We will see an example of a Cisco IOS switch upgrade. And the third automation that I would like to show you today is a pretty new feature in BackBox tied into our Intellicheck feature that is called technical survey, that it’s kind of a more flexible way of our inventory or asset management feature that let you see hardware, software and configuration bits information on your devices. So, that will be the three automations that we will see today live at the demo, not just a presentation pages.

Chanoch: So, let’s start with disaster recovery. So, disaster recovery is one feature of BackBox. That’s something that we started with when BackBox started, and the problem there was that we encountered that enterprises, big companies, MSPs have more than one vendor usually. We are talking about five to 10 vendors on big companies, and it’s beginning to start to be a problem when you want to back up the configuration of devices. You have a lot of employees doing changes on the devices, and you want to back up the configuration that if something happens… When I’m talking about something happens, it’s usually two use cases. One use case is some employee made an error in configuration and now part of my company cannot reach some website or whatever, pass any information. And the other scenario that we are usually talking about is machine that got broken and now we are bringing an RMA machine, and I need to be up as as soon as possible. I don’t want to lose time, I don’t want to lose money.

Chanoch: So those are usually the two use cases, and I started to say that it’s starting to be a little bit problematic when you deal with a multi-vendor environment with a lot of vendors that you need to back up the configuration, and when you want to do this, you can find solutions from the vendor themselves that will do this, but then again, you are dealing with a lot of solutions that you need to manage, and we wanted to give one solution that goes automatically to those network and security devices. We’re always talking about network and security devices. That means firewalls and routers and switches and load balancers and IP telephony and Wi-Fi controllers, or whatever intermediate devices that our network information goes through them, and when you want to do this, it start to be a heavy administration job.

Chanoch: So, we went to customers. A lot of customers use their own homegrown script, and that’s not manageable as well. And the first thing that we did to supply this possibility for BackBox to go connect to the device according to what the vendor tells us that we should do on the device and back up the configuration. So, we do not invent anything, we just automate the process that the vendor says to back up the device itself. So if I’ll go now, to the devices page and you see here that I have in my lab some of the devices. But if we’ll go to a simple example like a Cisco switch, then I will be able to see the details on the device itself. But let’s not dwell on this. I want to see a backup that was done on the device. And you can see here in our lab, what BackBox was doing. We actually automate the process. We connect it to the device. In this use case, it’s an SSH connection. So we connect with SSH, with Telnet, FTP, TFTP, SCP, API of the device, whatever the device gives us to do a remote connection to it, BackBox can connect and grab the configuration. And here, you can see that we are connecting to the device. We do not hide anything so we can see exactly what are we doing during the backup of the configuration. And there are some more things that are done during the backup of the configuration itself.

Chanoch: One of them, and it’s a very important thing that you will probably not find anywhere else, is the verification process. It means that we want to be sure that when we backup the configuration of the devices, we want to verify as much as we can that the configuration files are valid. And in the time of need, when I will want to restore them, the system will say that everything is okay, and I can restore them. So what are we doing? For example, if it’s a text-based configuration, BackBox can search for certain keywords in the configuration. If it includes, for example, a Cisco switch includes the word “and” in the end of the configuration, so we know we got the complete configuration. We do a size check. We know what a good size of configuration file should be. So, if we are checking this, we want to see that we got a good size. We didn’t get an empty file for example. Size deviation between backups.

Chanoch: If you’ve got a deviation of 30%, we want to be aware of it, or you to be aware of it. If it’s a compressed file, lets say I’m connecting now to a Check Point firewall and backing up the configuration, it’s a generated file, so it’s a compressed file, and I want to check that it’s not corrupted. A lot of time, we encounter a compressed file that are corrupted. And another thing is hashing before and after transmission to the device itself. So, all in all, we want to be sure that in the time of need, when you want to restore your device, everything will be valid, okay? So this automation, not only to automate the backup process itself, but also to automate the verification process. Two more things that happens, and I want to go over to the next automation, but it’s important to say that two more things that happened during the backup of the configuration is comparison of text-based configuration.

Chanoch: So if I want to go and see or to be alerted if there was a change between configuration, BackBox have the ability to automate this process and send me the changes that were made on the device. Another thing that is happening during and it’s important to the third automation that I will talk about today, it’s the inventory. So we want to collect information about the device every time that we connect. It’s hardware, software information that I want to collect and I want to go and check every time from scratch, this information. So if I have a maintenance window now that I need to do and operates on the devices or something like this, I’m able to do it pretty easy. If you were…

Tanya: Chanoch.

Chanoch: Yes?

Tanya: Chanoch, we’ve received a question.

Chanoch: Yes.

Tanya: How many devices can you connect simultaneously?

Chanoch: Okay, so BackBox, thanks Tanya. BackBox can connect simultaneously to 200 sessions at the same time. This is configurable. Of course, as more power as you give your BackBox via machine or wherever it’s installed, you can connect to more sessions, more devices. But concurrent automation that you can run by default is 200, okay? Thanks for the question. The last thing that I want to talk about, the disaster recovery, of course, is the restore procedure. When I want to restore configuration on device, I have two ways of doing so. One is to download the configuration files manually that I got during the backup of the device, and take them with the commendation on how to restore the device. And the second option of course, more matching to our automation realm is to do the restore automatically. So BackBox will go, we’ll check hashing of the files to see that nobody tempered with the files. And after you see that nobody tempered with the files, you can press on the restore button and BackBox will automatically go and restore the configuration on these devices.

Chanoch: So this ends our first automation use case. The disaster… The complete disaster recovery of the network and security devices from backing up the configuration to doing restore in devices. We talked about… I talked about the inventory and the need, for example, for maintenance windows, to know the inventory, to know the versions, because if I’m doing upgrades now on my devices, I usually need to know what is the process. What is the version that I’m in before I’m upgrading my device? In task automation, so that’s the second automation category that we do in BackBox, allows you to push configuration, push update files to multiple devices at the same time. Simple use cases will be, I want to change now passwords on dozens of devices. I want to add new access list to dozens of devices.

Chanoch: I have now new devices in my network that I want to onboard, and I need to configure on them basic information like banners, SNP configuration, login configuration, whatever I want to throw on the device, and instead of going to the device and doing so, I want BackBox to automate the process. So, that’s exactly the example of administrative activities and tasks that BackBox can do on your devices.

Chanoch: From there, we got the request from a lot of customers, and that’s a pain point for a lot of them today, to go and manage the upgrades of their devices. So, imagine a company now with 500 Cisco switches that a vulnerability was found, and now you need to upgrade your iOS version on a Cisco switch from version, let’s say, 15.1 to 15.2, and that’s a lot of time to do. If you take one person to do it, just the process, the human errors that you will encounter during the upgrade procedure, just going and connecting to those 500 switch which can take month of work. And we really wanted to help customers with this procedure and to automate it, and the dream is to automate it so it will maybe take one maintenance window to upgrade your devices.

Chanoch: But more than this, we wanted to be intelligent. We wanted… And the automation that we are doing today supposed to be intelligent, intelligent in a way that I want to verify that any automation that I do is working, and I want to get a notification to the end customer that’s saying, “Okay, I ran an automation, and I’m sure that everything is okay with it.”

Chanoch: So if we go into the example of an iOS upgrade or any OS upgrade on network and security devices, there are a few things that I would like to check. The first thing that I would like to check is what is the version that I’m currently on? I want to check that after the upgrade, I actually upgraded with the version that I wanted. The second thing that maybe I would like to check is if I have enough disk space. I’m sending now a new OS file to the system. I want to check that I have enough disk space before I do it. If not, I would like to get a notification that says, “Listen, you don’t have enough disk space.”

Chanoch: Another thing that I would like to do, if possible, by the vendor, is to allow rollback. So, in Cisco example, in the iOS upgrade example, I have an option to do this with boot system commands. The boot system commands allow me to say, “Okay, boot from the new OS, but if something is wrong, I’m doing a backup of the boot system to the former OS that I had on the switch.” So this allows me in this upgrade process to do a rollback when something is happening, and if I send the wrong file or selected the wrong file to send to the machine and something is not working, so even if I’ve selected the wrong one, the device will boot with the former OS and nothing will happen. So that’s something that we consider intelligent when we are doing, and when we are executing tasks.

Tanya: So, Chanoch, we just got a question. Can you run a chain of tasks? So, you just described a lot of things that were happening potentially at the same time, so if one thing is failing or moving forward, and you want to start another task, do you have to wait, or can you move forward?

Chanoch: That’s a great question. So, I’ll give a scenario. So, that’s why it’s a good question, because a lot of times, customers tell us, “I want to upgrade, but first I want to back up my device,” or “I want to extract some information,” or “I want to change configuration before the upgrade.” So let me chain task in a way that I can execute a task, let’s say a task that changes configuration of something before I’m doing the upgrade, because I require it for the upgrade itself, and then if everything is okay, and I finished doing the task, run the upgrade. So definitely, it’s possible just to show where you do it today. So if I’ll go to add a new task job, you can see that I have in mode that it’s saying Enable Task Chaining, and if I choose the correct task, I’m able to create a chain of tasks that will be dependent on each other, okay? So that’s a very good question and the capabilities that we have are out of the box. Thanks for the question.

Chanoch: Let’s move to the task itself. If I choose now, and that’s a quick way of running tasks in BackBox, and I’m choosing an iOS upgrade on a device, so I can choose the task that I want to run, I can choose a server IP of BackBox, or I need to choose the server IP of BackBox. I choose the file itself to do the upgrade, okay? So here is a file, an iOS file to do the upgrade, and then I’m just selecting the device that I want to do the upgrade on, and running this task. Okay, this is something that we call quick tasks to run on-demand tasks on devices, but you also have an option, and a lot of our customers using the option to do scheduled tasks, what we call task job, to run those tasks later at 10:00 PM, 12:00 PM when it will less interfere with the work that is done on my network. So, it’s definitely an option to run the job later. So, another thing that I just wanted to mention, when you want to do the upgrade, maybe I’ll show the upgrade itself, but you need to select the file that you want to upgrade it with, and this is done by uploading a file to our file repository.

Chanoch: Just a quick, because we don’t have a lot of time, but just a quick showing the log of this upgrade task, they all go to the history, and I just did an upgrade today. So, you can see an upgrade process that was done on the device. Again, it’s a full log of what we have done in the upgrade process itself, and basically, we are connecting to the device, you can see in the end that I got an upgrade success, but if I’ll go, you can see that I’m looking at the file name and checking the size that I mentioned before, and checking what is the size that I have available, transferring the file, doing the upgrade process, and then trying to connect to the device until its reboot, and I see that I got to the device itself. You can see that I see what is the new version, and only if I actually upgraded to the version that I wanted, I get an upgrade success message into notification into my email or SIM servers that tells me that this process is good and done.

Chanoch: So, that summarized our task automation. The third and last use case that we wanted to talk today is about Intellichecks and about technical survey. So Intellicheck, again, it’s our BackBox preemptive monitoring on the devices that can check operational statuses, security, audits, benchmarking, health, by checking performance deviation and doing capacity planning, all of these can be done with our amazing Intellicheck feature. And one of the things that we added not so long ago was a technical survey capability. A technical survey capability means that customers told us you have a great asset management capability, it’s a dynamic inventory, every time that you connect to my device, you take this information from scratch, you give me… You saw in the device, one of the tabs in the device, you saw hardware and software information that we got on the device itself, but I want more, okay? Customers, that’s good that they always want more.

Chanoch: And what they wanted to see is some… Let’s say more information about the device, let’s say, what connections do I have open in the device, do… Is it open with ICMP, SSH, HCTP? What configuration are… Parts are done on the device? Do I have, let’s say, multi-context configure? What are the licenses? Do I have quality of service configured on the device? Is there an AHA configured on the device itself? All this information, customers wanted to get in a report, wanted to say, Okay, here, I’m taking this report to my management and saying, this is information, everything is according to the company policy. Everything is configured as expected, and of course, if not, I can take care of it. But I need some collector, of course, it’s BackBox to do this automation, to connect to my devices and take this information. What we did here now is, is the ability… And you see here like, 30 something out of the box technical survey fields that you can collect from your devices.

Chanoch: We give the ability to customize it. Every automation in BackBox can be customized, and we wanted also to give the possibility for the customers to add new fields that say, I want to have… I don’t know, I don’t have the SNMP configuration here, and I want to have another field that is listing my SNMP configuration on all the devices. So, definitely there is a possibility here to add new bits of information from the configuration that I can gather from the devices. And then, I would look… So if I’ll go to the devices page and go, let’s say, for one of the firewalls in my lab. And I can go to my technical survey tab, and here is the collected information that I gathered from my devices. Just to mention, this is for one device, I can of course get a report in our reporting system for all the devices, I don’t need to go for each device one by one. I can also have flexibility on what I want to include in the report or not. Let’s say I have here, I don’t know, 20 parameters, okay? That I can see on the devices, but I want to go through the management and show only 10 parameters, so I can definitely select it in the report…

Chanoch: You know what, I will show it in a second. But let’s go over in what I can see here. So, I have the field, the display name, I can see banners configured on this firewall, if HA is configured or not, what is the host name of the device? If I have an ICMP connection, interfaces that I have on this device. If I have IPv6 configured, licenses, logging information, multi-context, the OS version, quality of service if configured or not, the routing table, that’s very useful. Serial numbers that I have on the devices, ACS, UTM capabilities and so on, VPN information and so on. So, a lot of information gathered automatically from my device, that makes a wonderful report in one place to show all the information on the devices. In the end, you can go, as I said to the reports and select the technical server report. And here what’s nice is that you can choose the displayed columns, so I choose just this device, just the check point device, I can choose 100 devices, it doesn’t matter.

Chanoch: But I can choose the device that I want, I can choose what displayed columns I want to see on the device itself, so it is very flexible. And in the end, when I will activate this report, and of course this report can be sent to my email together, but in the end, I will get all this information in the report about this device with all the gathered information. So again, a great information that is part of our Intellicheck features, that go grab information about the devices to any maintenance window and in need of the management to know information about the devices. A great feature that helps you with the day-to-day activities. I think that’s it. That we cover… We’re right on time, we covered the three use cases that we wanted to talk about. Tanya, do we have some more questions?

Tanya: There was just one question about the availability of an API.

Chanoch: Great, okay, that’s a great question. So, if we go here and look in the upper right corner of BackBox, we have an API reference. We built the API in a way that everything that you saw today running backups, running restore, running task to upgrade your devices, running Intellichecks, anything can be called with an API, restful API that you can run from a third party software, it can be… You know, we got use cases from ticketing systems, and we got use cases from inventory systems like, CMDB and so on that you need to grab information from BackBox, you need to fill in, or somebody open a case that you need to do now an upgrade on the device or to backup a device, everything, every automation, every action in BackBox can be done with the API. Great, anything else Tanya?

Tanya: That was all that came in, we’ve got one inquiry that we will forward to the support team, and other than that, thank you so much for everyone who participated today, we’ll be sending out a recording before the end of the week.

Chanoch: Thanks everyone.

Tanya: Thanks Chanoch.

Chanoch: Bye-bye.

By | 2021-12-02T16:29:33-06:00 December 2nd, 2021|Blog|