Frequently Asked Questions
Think of NetYCE as your ultimate platform to support network staff with all their tasks related to network configuration, compliance & automation. Instead of logging into production devices, jobs can now be scheduled via the NetYCE platform. Engineers can choose to keep on doing what they do today (device based syntax changes) or use the enhanced NetYCE features to perform more 'smarter' and 'intended' jobs and scenarios, and deal with automatic rollback scenarios. One of our customers described NetYCE as the ultimate scripting engine that does not require any software development. We have made it easy for engineers to use in their day to day work.
Also included is a logical inventory database and a rich GUI and templating system. This means you can make planned changes, prepare migrations, perform reconciliations, keep track of your network administration and store all of your staff's engineering logic. Basically, all your network information and support processes in one place to prepare 'intended' changes before you deploy them. All this works seamlessly to keep your 'deployed' production network in sync with your intended changes.
You can use the platform to standardize and enforce design rules, design options, design logic and design changes down to the network. Here your design and automation logic can be modeled. NetYCE will automatically hand out all variables and parameters as per your design and keep a full administration of it. So no need for excel files and separate databases.
Finally, all this can be done via the GUI, but also via the NetYCE API. This will further streamline automation and orchestration with 3rd party systems such for IPAM, DHCP, DNS, OSS or other NMS systems.
NetYCE supports all major network vendors such as Cisco, Juniper, HPE, Avaya, Ciena, Huawei, Checkpoint, Fortinet, Palo Alto, Brocade and more. Each vendor module supports all devices within that OS 'family'. New vendors are added as we go along based on customer requests. The typical lead time for a new vendor module is 5-10 days.
In addition, NetYCE supports any vendor, API or cloud module developed by the Ansible Open Source community via the Ansible plugin. Or you can extend any Python code with the NetYCE scrip_exec plugin (see FAQ below). This allows you to have unlimited automation capabilities within a robust and secure enterprise platform.
Supported devices: https://wiki.netyce.com/doku.php/guides:reference:vendors:supported_devices
We add network vendors all the time! The only two criteria whether we can support a new vendor is how we get access to the device (either remotely via VPN or you send us one) and if it supports any CLI or API-based communication protocols. Devices that only support GUI-based configuration changes are more complex to automate. Please reach out to us to see what the options are.
Furthermore, many processes can already be optimized and automated without the need for a new vendor module. The vendor modules only deal with connectivity to the test & production devices (either virtual or physical). For any type of device, it's possible to create a new model in NetYCE (so without a supported vendor module) and use of all of NetYCE's functionality.
Perhaps you already have developed scripts yourself. These days most probably those are written in Python. It would be a shame not to reuse those. This is easy in NetYCE.
You can use scenarios to create your own scripts with a simplified scripting language. Simply combine the order and logic of any process you want to automate, all again fully integrated with the NetYCE database, templates, engine and process control.
These scenarios contain rich programming capabilities with extensive options and plugins without being a programmer. For more advanced users and Python developers any script can be called upon with the “script_exec” command. This supports command line arguments to pass on your variables and have NetYCE engine orchestrate execution of your scripts in a data-driven way. The same applies for scripts in other programming languages.
Once you put your logic and code in NetYCE, everything is now fully API enabled. Simply call upon the NetYCE API to orchestrate any changes in a controllable way.
The short answer is: they very much complement each other, whereby NetYCE solves Ansible’s challenge of managing complexity and control logic. A recent tweet of a network engineer working with Ansible for network automation summarizes this well. “You are the control logic”:
For the execution part (device communication), Ansible and NetYCE have the same goal: making sure the node ends up with the desired configuration. The difference is that Ansible uses text files where you need to include settings, nodes, groups, templates and playbooks etc. yourself. For smooth automation though, you need to build and glue together your own system to manage and integrate all these things. NetYCE takes care of this all.
One of NetYCE’ USPs is being able to automate any syntax you like. This can be Ansible playbooks with their own syntax, any vendor’s CLI format or even XML based text.
NetYCE’s powerful templates offer options such as parameter subscription, conditions, exceptions, chaining and many advanced functions to make your automation life easy.
Ansible playbooks can therefore be (re-)used, managed with full version control and called upon via the NetYCE Ansible plugin, so playbooks get generated automatically including all device specific information in a standardized way. All with the added value of NetYCE's GUI, integrated inventory, flexible workflows, approvals, role-based access, logging, easy API orchestration and many more.
Simply said: no matter the differences or similarities, they can work together. You can call upon existing playbooks from NetYCE or even integrate them and therefore storing that information in our database. The scenario command to use is “ansible_exec”.
And of course, you don’t need to use Ansible. Engineers can simply automate their native CLI commands with NetYCE’s internal engine and vendor modules (see also below the question on vendor modules).
In summary, you can choose your preferred method for automation without glueing things together yourself. For more information, check this blog: Why Ansible and Python are not enough for enterprise network automation.
Templates are the main item to keep track of over time. Version control is the integrated solution to do so. All changes are stored in the database and the status is represented as “production”, “planned” or “historic”. Of course these are tagged with the user who changed them.
The same is on the roadmap for the scenarios, since these are used more and more for a multitude of tasks.
Network engineers can create as much different vendor templates as they want to store any vendor-specific configuration- and engineering design logic. The NetYCE templating system offers many extra features to manage configuration generation in a smart way. E.g. by using parameter substitution (from the NetYCE database or via API), using relationships or conditionals and many additional functions (to e.g. count or calculate things).
NetYCE differentiates two types of templates. First, there are the 'Configuration templates' to automatically generate configurations (full or partial). These configuration templates can be organised in a hierarchical tree structure, calling upon smaller templates with specific functions (VLAN's, ACL, port, etc..). As these templates can be made smart, they can be reused throughout the entire network and will generate specific outcomes per device/customer/etc.
Second are the 'Parsing templates' that can be used to retrieve specific information from production devices (using command parsing) or its configurations (config parsing). These templates can be used in combination with the job scenarios to validate changes on production nodes 'at run time' when deploying the intended/desired change.
From a process point of view, the NetYCE platform is set up in such a way that you (can) first prepare changes before you deploy anything into production and that what gets built is fully compliant with your design. So you prepare your intended state of the network, based on your design rules and then deploy it to production with automatic validation. This is done by combining the three layers within NetYCE: 'Design', 'Build', 'Operate'.
The 'Build' layer lets you prepare any type of change. You then use the 'Operate' tools to deploy your intended changes to production. Within the 'Operate' tools, you (can) then use 'scenarios' (to be used in combination with each job) to validate production settings as these might be different to what you expect. So to guarantee that nothing gets broken in production, the scenarios let you define how to automatically roll-back when some criteria are not met.
To guarantee that whatever gets built within the NetYCE database is based on your (high- and low-level) design rules, you (can) use the 'Design' tools. Here you set the rules to auto-populate parameters (e.g. handing out IP addresses or VLAN numbers) and automate any sequential number of engineering steps that you could also do through the GUI (or API).
To guarantee intent, these 3 layers are used in combination, whereby the 'Design' set-up is typically configured once for each network.
Also, these layers can be used separately. So just use the 'Operate' or 'Build' tools. This all depends on your use desired case, experience and/or maturity level as an organization.
To be able to identify who did what over time is key. Everyone needs their own account. These can be added as local accounts supporting a variety of controls to confirm to, like length and variety of passwords over time.
A connection to a central LDAP (Lightweight Directory Access Protocol) is also possible, integrating your users with the existing environment. There are many options to control who has which type of access, explained on the very detailed LDAP integration page. The LDAP integration includes Microsoft Active Directory (AD) as well.
The authentication is of course not only applied to the GUI, but also to the API.
All of the users belong to groups, to simplify access control.
You can deploy NetYCE is a variety of architectures.
- Single Server, running both the FrondEnd and BackEnd servers on one physical or virtual machine
- Dual Server, High Availability mode with a hot standby of a second server
- Distributed architecture, splitting the FrondEnd server from the BackEnd servers. BackEnd servers will run in High Availability mode and you can add multiple FrondEnd servers depending on the scale you need or depending on your security requirements (per domain). Each FrondEnd server can be configured to deal with thousands of jobs each if needed.
See picture below:
In short, NetYCE doesn't do network discovery on its own. There are different ways to achieve network discovery.
Network discovery is one of the key functionalities of monitoring tools. So if you have an existing network inventory either from monitoring tools or any such tool, NetYCE can import the device database from it in CSV format.
What if I don't have any network inventory?
Then, NetYCE can be integrated with network discovery tools like netdisco to accomplish this.
Yes, NetYCE supports zero-touch provisioning.
NetYCE needs to be pointed as TFTP server using option 150 in DHCP server.
The unique configuration for the host is determined by any of the factors like serial number, mac address. It is an on-demand config generation using the build information(templates, domain values).
Here is the tech-talk about the ZTP, besides a demo, this also discusses One-touch provisioning for devices which do not have ZTP capability.
NetYCE solves many problems that Service Providers and Enterprise customers face today:
- Improving time to market for new services and deploying changes in seconds
- Zero touch deployments for new network devices, updates or automated integrations
- Guaranteed first time right changes, whether this is for one device or many thousands
- Improve network quality by enforcing compliance. 'As designed = as deployed'
- Enable agility, whether this is easy replacements, migrations or deploying design changes
- Automation and Orchestration of many types of network changes
- Automated integrations with 3rd party NMS applications
- Knowledge management, - Sharing and Collaboration
- Delegation of change control to help-desk staff or even end-users
- Free up skilled resources for projects and NetDevOps tasks
- Develop new services and business models
- Reduce overall TCO
We offer Network Automation as a Service: a pay-as-you-go model with a low barrier to start, guaranteed success and without large upfront investments or vendor lock-in. Both the NetYCE platform and our network (automation) experts are offered on a subscription basis.
The software is a monthly subscription based on size of the network and usage of software. You can start without long term commitments. DevNet expects are offered based on your specific needs, ranging from a few days for a project or several days per month to assist you with your automation journey.
With this model, you can start immediately without vendor-lock in or risk. You get the NetYCE automation platform & support bundled with experienced DevNet consultants who build and maintain solutions that fit your business. Or train your staff on the job for a smooth knowledge transfer. You simply choose.
First, it is important to know that the NetYCE platform can be downloaded and installed from anywhere in the world. We pride ourselves for our 'one code base' policy, meaning that all customers run the same code base. So software support is quick and simple. Depending on the service contract we can provide 7x24 support. Installations and upgrades can be done by your own staff or by a local partner. Simply download the latest patch or update from our wiki, upload it to the NetYCE platform and you are ready within seconds.
Second, and most important piece of support is training and consultancy. As each network is different, the requested use cases and maturity levels might be different. That's why we provide tailored digital training classes. We typically train engineers on the job during the first project so they can see the platform's capabilities and know how to take it further with only remote application support.
NetYCE is currently based in Asia (Mumbai, Bangalore, Singapore), Europe (Amsterdam) and we have partnerships to support customers in USA and LATAM.
There are many aspects that come into play when you're trying to automate your network. So we get it that this topic might be overwhelming. Over the last 15+ years, we have seen many networks and dealt with hundreds of questions. So there is a good chance that we can address them.
We have conference calls, zoom sessions and demos all the time with customers around the world. Just reach out to us via [email protected] and we will set an appropriate time to meet.
Check out the following resources:
No. Intent-based networking software helps to plan, design and operate networks. SDN is an architecture for networks. Intent-based network software can “drive” a network that is either SDN-based or non-SDN based (see also Andrew Lerner, Gartner analyst).
Normal automation solutions typically do not
a) translate what to how
b) mathematically validate that desired intent is being met and
c) continuously ingest a broad set of real-time network state indicators.
A good intent-based networking system will embed advanced automation, but you can do advanced automation without Intent.
Most likely, no. It will simplify things that humans do including validation. It will automate configurations tasks and dynamically remediate. But you need humans to input data into the system. It will certainly shift resources away from mundane networking tasks. There will be less reactive trouble tickets but more proactive notifications to be tended to. Also, with the impending explosion of IoT devices, we will need a better way to manage environments, because current manual and non-automated practices likely won’t scale. Intent certainly helps here.
You have a question that is not listed here?
Please send us an email at [email protected] and we will get back to you right away!