Business Assurance with Continuous Network Verification

Whether in an enterprise, a service provider, or a government agency, the network has a challenging mission. It has to provide the organization with an agile platform to adapt to changing business needs, from delivering content to rolling out new services to leveraging cloud computing. And it has to provide a dependable platform, free from outages and vulnerabilities.

If the network falls short of those goals, then it can directly interfere with the organization’s ability to quickly take advantage of new market opportunities, or can lead to costly security incidents.

But achieving a network that is both agile and dependable is not easy, because the infrastructure is increasingly complex. That complexity comes from scale, new technologies from software-defined data centers to hybrid cloud, and highly multi-vendor environments with inconsistent visibility across them. And management procedures still often involve manual spot-checking, or simply taking a wait-and-see approach by monitoring the network post-change. Put a complex environment together with manual management and the result is that we’re not in a good situation on either front: changes are slow, and still come with the risk of a change-induced incident.

So here’s the key question: Given that the organization’s broader success depends on the network, how can we assure that the business intent – such as resilience or security of the network – was actually carried out through design and implementation? And even if initially implemented correctly, is the intent being met all the time?

Aligning the Business Goal with Network Reality

For inspiration, let’s step out of networking for a moment and take a look at software engineering. Teams that need rapid improvement of software for their users have turned to agile development methods and the DevOps approach. DevOps teams integrate small changes into the codebase frequently with automated validation and automated deployment into the infrastructure in a closed loop. These automated processes of continuous integration and continuous deployment help ensure the software meets its goals.

Today, building and operating a large, modern network is a lot like developing a distributed software application in complexity – but historically networking teams have lacked the technology to match that complexity. Veriflow is meeting that need by allowing network teams to extend the benefits of DevOps software development methodology into the network. The technology, called Continuous Network Verification, was pioneered by Veriflow’s founders. This patented approach understands the high-level business intent and uses mathematical analysis inspired by the field of formal verification to automate the process of validating whether the intent matches the reality of an implementation. Furthermore, network verification can continuously provide that assurance throughout ongoing operation of the network.

For example, the organization may desire to verify that:

  • All critical services in the data center are available to remote sites, across multiple paths.
  • A segment of the network that needs to maintain regulatory compliance, spanning a hybrid cloud and on-premises databases, is fully isolated.

The Veriflow software will give assurance that a change has met all end-to-end intent, or will pinpoint any flaw and provide examples showing the cause.

Business Value of Continuous Network Verification

  • Improves agility by speeding daily change with the assurance that business intent aligns with reality, and positioning the network for evolution across diverse and changing technologies
  • Improves dependability by eliminating change-induced outages and vulnerabilities due to human factors
  • Reduces costly OpEx typically associated with manual mapping, validation and compliance tasks

Predicting the Future Across Technologies and Amid Rapid Change

How is verification different than just monitoring traffic? Nearly every organization monitors its network, typically by sampling ongoing flows, events, or logs. But that’s not enough to catch problems as the enterprise deploys changes, because it’s fundamentally reactive: it only sees problems after user traffic is experiencing them (or after attackers are exploiting vulnerabilities!). The goal of Continuous Network Verification, in contrast, is to predict the future – all possible data flow behavior, network-wide allowing for a truly proactive posture in preventing network outages and vulnerabilities.

Our recent announcements deepen this capability. Veriflow’s new Preflight capability lets engineers verify access control changes prior to deployment. With CloudPredict (read my co-founder Matt Caesar’s blog for more details on CloudPredict), Veriflow now provides modeling and assurance into virtual networks in the cloud, and hybrid architectures unifying the cloud and on-premises infrastructure – because the business’s goals depend on all this infrastructure working together correctly and securely. Throughout the process, engineers can isolate issues due to change with Dynamic Diff, to see what has changed across a period of time. And with Intent Inference, organizations can get an immediate value from verification without even having to explicitly define the business goal.

Together, this technology leverages a DevOps approach for the network, continuously assuring that intent matches reality in a closed loop – network-wide, across diverse technologies, and amid continuous change. That mathematically rigorous link between the high-level business intent and the messy reality of implementation and operation provides real business value and empowers the network to become more agile and dependable.

We’re incredibly excited about both what our technology can offer immediately for real, complex, brownfield networks, and also how it can help organizations position themselves to evolve over time. If you’re interested to learn more about how Continuous Network Verification can provide you business assurance read our whitepaper Network Verification: Key to Providing Business Assurance. You can also check out our on-demand event at Network Field Day 16 where we sat down with twelve networking gurus to dive into this very topic or request a live demo and see for yourself.