Emerging Technology

An emerging standard at my company may require my team to adopt infrastructure/configuration as code practices, meaning they expect us to write code that automates the change on our behalf rather than performing the change manually.  Also required would be github version control.

The belief is that we'll be able to move faster, be able to document what was changed and by whom, and have a better capability to roll back bad changes.  They are very focused on cloud/container technologies, but voice tends to get swept up in these things since we're in the infrastructure category.

I'd like to hear from members who have adopted this practice and understand how it's working in your environment.  What configuration items have you been able to implement effectively and where does the model simply not work?

Currently, the best example I have is Ansible automation for routers and switches.  All of the network changes are done via code, with individual switch ports being configured via a web portal.  

I'm familiar with the APIs for System Manager User/Routing and for AES SMS, and the OSSI terminal and what they can do and how they can be coded.  I'm more interested in whether you've gone down this road, and if so how successful you've been, and what were the unlocks that enabled that success? (starting to sound like an IAUG session?)

I think University of Michigan and University of Washington may have some experience here...  

Thank you!

------------------------------
Tom Lynn
Forum Moderator
Principal Engineer
Nordstrom, Inc.
Seattle
------------------------------

Copying a reply I received by direct email:

Orvillo Hamilton of the Southern Company:

"Tom,

Interesting this topic has been brought,  Our IT department just formed a team with purpose of Automating mundane and daily task across out network infrastructure.   While there is quite a bit of solutions and ideas as it relates to Cisco I could hardly find anything for the Avaya platform.

We are looking into solutions involving Python, Ansible, Netmiko etc.  Would be interested to see some of the ideas on this forum


Orvillo"

------------------------------
Tom Lynn
Forum Moderator
Principal Engineer
Nordstrom, Inc.
Seattle
------------------------------

Original Message:
Sent: 07-08-2020 03:06 PM
From: Tom Lynn
Subject: Infrastructure/Configuration as Code (IaC/CaC)

An emerging standard at my company may require my team to adopt infrastructure/configuration as code practices, meaning they expect us to write code that automates the change on our behalf rather than performing the change manually.  Also required would be github version control.

The belief is that we'll be able to move faster, be able to document what was changed and by whom, and have a better capability to roll back bad changes.  They are very focused on cloud/container technologies, but voice tends to get swept up in these things since we're in the infrastructure category.

I'd like to hear from members who have adopted this practice and understand how it's working in your environment.  What configuration items have you been able to implement effectively and where does the model simply not work?

Currently, the best example I have is Ansible automation for routers and switches.  All of the network changes are done via code, with individual switch ports being configured via a web portal.

I'm familiar with the APIs for System Manager User/Routing and for AES SMS, and the OSSI terminal and what they can do and how they can be coded.  I'm more interested in whether you've gone down this road, and if so how successful you've been, and what were the unlocks that enabled that success? (starting to sound like an IAUG session?)

I think University of Michigan and University of Washington may have some experience here...

Thank you!

------------------------------
Tom Lynn
Forum Moderator
Principal Engineer
Nordstrom, Inc.
Seattle
------------------------------

I strongly believe in automation. From an Avaya infrastructure perspective I suggest looking at how System Manager integrates to Active Directory (also AADS). You can accomplish many of your MAC functions directly through AD. If you have a mixed environment (Cisco/Avaya/Microsoft) you may want to look at something like Starfish. Same principle across different vendor platforms and can be customized to match your workflow requirements. 

Avaya ASA/Terminal can also be used for some scripting automation.

I built a small application in VB.net which I use which wraps around SSH.NET/RenciSsh. Allows me to pull items which are not normally available via Avaya standard tools. For example I use it to list all the media gateways in CM using the OSSI terminal then log into each gateway, pull information, and put it into a database. Allows me to very quickly see if there are configuration issues. When the AES certificate expiration issue came up I used it in a similar fashion to login to the AES servers and look at what ports the clients were using and the certificate validity.

I would look at the web services component available on System Manager if you want to build something from scratch. Took about 20min to figure out how to connect.

Currently looking at the SBC API set to see about automating remote worker tasks such as URI groups.

------------------------------
James Middleton
Senior Technical Director
Carousel Industries
------------------------------

Original Message:
Sent: 07-08-2020 03:06 PM
From: Tom Lynn
Subject: Infrastructure/Configuration as Code (IaC/CaC)

An emerging standard at my company may require my team to adopt infrastructure/configuration as code practices, meaning they expect us to write code that automates the change on our behalf rather than performing the change manually.  Also required would be github version control.

The belief is that we'll be able to move faster, be able to document what was changed and by whom, and have a better capability to roll back bad changes.  They are very focused on cloud/container technologies, but voice tends to get swept up in these things since we're in the infrastructure category.

I'd like to hear from members who have adopted this practice and understand how it's working in your environment.  What configuration items have you been able to implement effectively and where does the model simply not work?

Currently, the best example I have is Ansible automation for routers and switches.  All of the network changes are done via code, with individual switch ports being configured via a web portal.

I'm familiar with the APIs for System Manager User/Routing and for AES SMS, and the OSSI terminal and what they can do and how they can be coded.  I'm more interested in whether you've gone down this road, and if so how successful you've been, and what were the unlocks that enabled that success? (starting to sound like an IAUG session?)

I think University of Michigan and University of Washington may have some experience here...

Thank you!

------------------------------
Tom Lynn
Forum Moderator
Principal Engineer
Nordstrom, Inc.
Seattle
------------------------------

Hi James,
What you describe is pretty much where we are, using automated tools to pull information and document current state and make bulk changes.  I agree with AD if the program is mature and the database is clean.  This is where most of our day to day changes occur, but our AD has issues. There's some work coming up to address the system of record for user phone number and if we can fix that then System Manager AD automation looks very attractive. We've also recently attacked messaging with LDAP bulk changes.

Like you, I've been able to use OSSI to automate changes and pull information to graphically depict the logical relations between our network regions for configuration management and to perform bulk change tasks.  We use postman to automate porting of DIDs using the System Manager routing API and to perform SOAP calls to AES.  We generally dip down to OSSI for things the AES SMS api doesn't touch.

We're being asked to go beyond this level of automation, though.  We're to adopt common devops toolsets in use by the rest of the organization.  The closest in-use design pattern that shows promise is Ansible/Git, which allows me to access/admin linux servers via CLI, but so far doesn't speak to g4x0 gateways. 

Orvillo mentions Netmiko, but my investigation so far shows that it relies heavily on modules written to specific vendor equipment (Avaya is missing from their list).

Ansible may be able to transact OSSI commands/results using the expect module, though.  If so, and we retired G4x0 media gateways then Anisble may be able to provide sufficient coverage. Until we can retire G4x0 gateways, we may have to rely on Python/Paramiko (upon which NetMiko is built).

Ultimately, they want an automation easy button for DR scenarios if our team can't be reached when things go wrong.


------------------------------
Tom Lynn
Forum Moderator
Principal Engineer
Nordstrom, Inc.
Seattle
------------------------------

Original Message:
Sent: 07-15-2020 06:18 AM
From: James Middleton
Subject: Infrastructure/Configuration as Code (IaC/CaC)

I strongly believe in automation. From an Avaya infrastructure perspective I suggest looking at how System Manager integrates to Active Directory (also AADS). You can accomplish many of your MAC functions directly through AD. If you have a mixed environment (Cisco/Avaya/Microsoft) you may want to look at something like Starfish. Same principle across different vendor platforms and can be customized to match your workflow requirements.

Avaya ASA/Terminal can also be used for some scripting automation.

I built a small application in VB.net which I use which wraps around SSH.NET/RenciSsh. Allows me to pull items which are not normally available via Avaya standard tools. For example I use it to list all the media gateways in CM using the OSSI terminal then log into each gateway, pull information, and put it into a database. Allows me to very quickly see if there are configuration issues. When the AES certificate expiration issue came up I used it in a similar fashion to login to the AES servers and look at what ports the clients were using and the certificate validity.

I would look at the web services component available on System Manager if you want to build something from scratch. Took about 20min to figure out how to connect.

Currently looking at the SBC API set to see about automating remote worker tasks such as URI groups.

------------------------------
James Middleton
Senior Technical Director
Carousel Industries

Original Message:
Sent: 07-08-2020 03:06 PM
From: Tom Lynn
Subject: Infrastructure/Configuration as Code (IaC/CaC)

An emerging standard at my company may require my team to adopt infrastructure/configuration as code practices, meaning they expect us to write code that automates the change on our behalf rather than performing the change manually.  Also required would be github version control.

The belief is that we'll be able to move faster, be able to document what was changed and by whom, and have a better capability to roll back bad changes.  They are very focused on cloud/container technologies, but voice tends to get swept up in these things since we're in the infrastructure category.

I'd like to hear from members who have adopted this practice and understand how it's working in your environment.  What configuration items have you been able to implement effectively and where does the model simply not work?

Currently, the best example I have is Ansible automation for routers and switches.  All of the network changes are done via code, with individual switch ports being configured via a web portal.

I'm familiar with the APIs for System Manager User/Routing and for AES SMS, and the OSSI terminal and what they can do and how they can be coded.  I'm more interested in whether you've gone down this road, and if so how successful you've been, and what were the unlocks that enabled that success? (starting to sound like an IAUG session?)

I think University of Michigan and University of Washington may have some experience here...

Thank you!

------------------------------
Tom Lynn
Forum Moderator
Principal Engineer
Nordstrom, Inc.
Seattle
------------------------------