Frequently Asked Questions
Think of NetYCE as your ultimate platform to support network staff with all their tasks related to network configuration, compliance & automation. Instead of logging into production devices, jobs can now be scheduled via the NetYCE platform. Engineers can choose to keep on doing what they do today (device-based syntax changes) or use the enhanced NetYCE features to perform more 'smarter' and 'intended' jobs and scenarios and deal with automatic rollback scenarios. One of our customers described NetYCE as the ultimate scripting engine that does not require any software development. We have made it easy for engineers to use in their day to day work.
Also included are a logical inventory database and a rich GUI and templating system. This means you can make planned changes, prepare migrations, perform reconciliations, keep track of your network administration, and store all of your staff's engineering logic. Basically, all your network information and support processes in one place to prepare 'intended' changes before you deploy them. All this works seamlessly to keep your 'deployed' production network in sync with your intended changes.
You can use the platform to standardize and enforce design rules, design options, design logic and design changes down to the network. Here your design and automation logic can be modeled. NetYCE will automatically hand out all variables and parameters as per your design and keep a full administration of it. So no need for excel files and separate databases.
Finally, all this can be done via the GUI, but also via the NetYCE API. This will further streamline automation and orchestration with 3rd party systems such for IPAM, DHCP, DNS, OSS or other NMS systems.
NetYCE supports all major network vendors such as Cisco, Juniper, HPE, Avaya, Ciena, Huawei, Checkpoint, Fortinet, Palo Alto, Brocade and more, with each vendor module supporting all devices within that OS 'family'. New vendors are added as we go along based on customer requests. The typical lead time for a new vendor module is 5-10 days.
The vendor modules allow for SSH/Telnet/Netconf/API connectivity in a standardized and fully automated way. NetYCE takes care of committing changes, deals with error handling, backup and restore functionality etc. In addition, NetYCE supports any vendor, API or cloud module developed by the Ansible Open Source community using the NetYCE Ansible plugin. Or by using any Python code with the NetYCE script_exec plugin. This allows for unlimited automation capabilities within a robust and secure enterprise platform.
What makes NetYCE unique is that engineers are not restricted to any preconfigured settings. All engineering logic and device-specific OS capabilities are stored separately in NetYCE templates that can be easily managed by engineers including conditions, exceptions, logic, functions, multi-vendor support, etc. With this approach you are not dependent on the networking vendor and/or NetYCE to change the automation logic.For more detailed information, please check out the NetYCE Wiki:
Supported devices: https://wiki.netyce.com/doku.php/guides:reference:vendors:supported_devices
We add network vendors all the time! The only two criteria whether we can support a new vendor is how we get access to the device (either remotely via VPN or you send us one) and if it supports any CLI or API-based communication protocols. Devices that only support GUI-based configuration changes are more complex to automate. Please reach out to us to see what the options are.
Furthermore, many processes can already be optimized and automated without the need for a new vendor module. The vendor modules only deal with connectivity to the test & production devices (either virtual or physical). For any type of device, it's possible to create a new model in NetYCE (so without a supported vendor module) and use of all of NetYCE's functionality.
Perhaps you already have developed scripts yourself. These days most probably those are written in Python. It would be a shame not to reuse those. This is easy in NetYCE.
You can use NetYCE scenarios to create your own scripts with a simplified scripting language. Simply combine the order and logic of any process you want to automate, all again fully integrated with the NetYCE database, templates, engine and process control.
These NetYCE scenarios contain rich programming capabilities with extensive options and plugins without being a programmer. For more advanced users and Python developers, any script can be called upon with the “script_exec” command. This supports command-line arguments to pass on your variables and have NetYCE engine orchestrate the execution of your scripts in a data-driven way. The same applies to scripts in other programming languages.
Once you put your logic and code in NetYCE, everything is now fully API enabled. Simply call upon the NetYCE API to orchestrate any changes in a controllable way.
Both Ansible Tower and NetYCE are platforms for automation. The key difference is that Ansible Tower originated from server automation and therefore lacks many of the network capabilities. Needless to say, a network is so much more than (individual) devices and therefore requires additional ways to incorporate and manage parameters, dependencies, relations, and design specific logic. With Ansible, engineers are either forced to add all this logic in individual playbooks or become a software developer to integrate 3rd party tools, like inventory databases, ipam systems, workflow, jinja templates etc. In addition, Ansible playbooks do not support native CLI syntax automation. All this makes network automation challenging. As formulated in a tweet by a network engineer using Ansible: the engineer becomes the ‘control logic’ instead of the application”.
The NetYCE platform was built from the ground up for automating networks. You can use Ansible playbooks and integrate with the Ansible engine while NetYCE takes care of the complexity. This means you can (re-)use Ansible playbooks with version-controlled templates. But it also allows the automatic generation of standardized playbooks with inventory data and design logic that is easily managed elsewhere in the NetYCE platform. All with the added value of NetYCE's GUI, integrated inventory, flexible workflows, approvals, role-based access, logging, easy API orchestration and many more.
In summary, Ansible and NetYCE complement each other whereby NetYCE solves the challenge of managing complexity. It’s not the engineer anymore but the application that stores your ‘control logic’, in a structured and transparent way. This allows you to automate many more use cases that can be managed easily. For more information, check this blog: Why Ansible and Python are not enough for enterprise network automation.
Templates are the main item to keep track of over time. Version control is the integrated solution to do so. All changes are stored in the database and the status is represented as “production”, “planned” or “historic”. Of course these are tagged with the user who changed them.
The same is on the roadmap for the scenarios, since these are used more and more for a multitude of tasks.
Network engineers can create as much different vendor templates as they want to store any vendor-specific configuration- and engineering design logic. The NetYCE templating system offers many extra features to manage configuration generation in a smart way. E.g. by using parameter substitution (from the NetYCE database or via API), using relationships or conditionals and many additional functions (to e.g. count or calculate things).
NetYCE differentiates two types of templates. First, there are the 'Configuration templates' to automatically generate configurations (full or partial). These configuration templates can be organised in a hierarchical tree structure, calling upon smaller templates with specific functions (VLAN's, ACL, port, etc..). As these templates can be made smart, they can be reused throughout the entire network and will generate specific outcomes per device/customer/etc.
Second are the 'Parsing templates' that can be used to retrieve specific information from production devices (using command parsing) or its configurations (config parsing). These templates can be used in combination with the job scenarios to validate changes on production nodes 'at run time' when deploying the intended/desired change.
From a process point of view, the NetYCE platform is set up in such a way that you (can) first prepare changes before you deploy anything into production and that what gets built is fully compliant with your design. So you prepare your intended state of the network, based on your design rules and then deploy it to production with automatic validation. This is done by combining the three layers within NetYCE: 'Design', 'Build', 'Operate'.
The 'Build' layer lets you prepare any type of change. You then use the 'Operate' tools to deploy your intended changes to production. Within the 'Operate' tools, you (can) then use 'scenarios' (to be used in combination with each job) to validate production settings as these might be different to what you expect. So to guarantee that nothing gets broken in production, the scenarios let you define how to automatically roll-back when some criteria are not met.
To guarantee that whatever gets built within the NetYCE database is based on your (high- and low-level) design rules, you (can) use the 'Design' tools. Here you set the rules to auto-populate parameters (e.g. handing out IP addresses or VLAN numbers) and automate any sequential number of engineering steps that you could also do through the GUI (or API).
To guarantee intent, these 3 layers are used in combination, whereby the 'Design' set-up is typically configured once for each network.
Also, these layers can be used separately. So just use the 'Operate' or 'Build' tools. This all depends on your use desired case, experience and/or maturity level as an organization.
To be able to identify who did what over time is key. Everyone needs their own account. These can be added as local accounts supporting a variety of controls to confirm to, like length and variety of passwords over time.
A connection to a central LDAP (Lightweight Directory Access Protocol) is also possible, integrating your users with the existing environment. There are many options to control who has which type of access, explained on the very detailed LDAP integration page. The LDAP integration includes Microsoft Active Directory (AD) as well.
The authentication is of course not only applied to the GUI, but also to the API.
All of the users belong to groups, to simplify access control.
You can deploy NetYCE is a variety of architectures.
- Single Server, running both the FrondEnd and BackEnd servers on one physical or virtual machine
- Dual Server, High Availability mode with a hot standby of a second server
- Distributed architecture, splitting the FrondEnd server from the BackEnd servers. BackEnd servers will run in High Availability mode and you can add multiple FrondEnd servers depending on the scale you need or depending on your security requirements (per domain). Each FrondEnd server can be configured to deal with thousands of jobs each if needed.
See picture below:
In short, NetYCE doesn't do network discovery on its own. There are different ways to achieve network discovery.
Network discovery is one of the key functionalities of monitoring tools. So if you have an existing network inventory either from monitoring tools or any such tool, NetYCE can import the device database from it in CSV format.
What if I don't have any network inventory?
Then, NetYCE can be integrated with network discovery tools like netdisco to accomplish this.
Yes, NetYCE supports zero-touch provisioning.
NetYCE needs to be pointed as TFTP server using option 150 in DHCP server.
The unique configuration for the host is determined by any of the factors like serial number, mac address. It is an on-demand config generation using the build information(templates, domain values).
Here is the tech-talk about the ZTP, besides a demo, this also discusses One-touch provisioning for devices which do not have ZTP capability.
Many companies struggle where to get started. Unless customers have a specific use case in mind, we take them on a network automation journey. A journey that aligns with some of the key challenges most companies face. These are:
- How to get control over configuration changes happening in my network?
In less than an hour, we set-up NetYCE to back-up your production configurations automatically when changes happen. This allows you to keep track of any change and go back in time to see exactly when something was changed.
- Is my network configured correctly?
This can be easily validated with automated network compliance tooling. We use our library of market standard rules (e.g. CIS compliance and vendor hardening reccomendations) to benchmark your network. Or we create specific policies and rules to validate your design rules against the running configs. The outcome is either a report or an automated process that runs in the background to notify you of any non-compliance issue that needs mitigation.
- What network changes can be automated?
Of course, any non-compliance issues resulting from step 2 can be easily fixed by using automated jobs. But many more tasks can be automated. Basically, any task that engineers perform manually can be translated into easy configurable jobs, templates and workflows, all with smart logic so you can re-use as much as possible. We organize workshops to get you started.
- How to achieve an enterprise solution for network automation?
Once you start automating more and more tasks, it becomes important to organize all your data, logic and rules in a transparent and easily manageable way. We help to structure your data in the NetYCE database, organize all your logic in smart templates and drive implement design rules for standardization. The end result is a system that is fully transparent for engineers to use and scalable to implement any use case you want.
NetYCE solves many problems that Service Providers and Enterprise customers face today:
- Improving time to market for new services and deploying changes in seconds
- Zero touch deployments for new network devices, updates or automated integrations
- Guaranteed first time right changes, whether this is for one device or many thousands
- Improve network quality by enforcing compliance. 'As designed = as deployed'
- Enable agility, whether this is easy replacements, migrations or deploying design changes
- Automation and Orchestration of many types of network changes
- Automated integrations with 3rd party NMS applications
- Knowledge management, - Sharing and Collaboration
- Delegation of change control to help-desk staff or even end-users
- Free up skilled resources for projects and NetDevOps tasks
- Develop new services and business models
- Reduce overall TCO
We offer Network Automation as a Service: a pay-as-you-go model with a low barrier to start, guaranteed success and without large upfront investments or vendor lock-in. Both the NetYCE platform and our network (automation) experts are offered on a subscription basis.
The software is a monthly subscription based on size of the network and usage of software. You can start without long term commitments. DevNet expects are offered based on your specific needs, ranging from a few days for a project or several days per month to assist you with your automation journey.
With this model, you can start immediately without vendor-lock in or risk. You get the NetYCE automation platform & support bundled with experienced DevNet consultants who build and maintain solutions that fit your business. Or train your staff on the job for a smooth knowledge transfer. You simply choose.
First, it is important to know that the NetYCE platform can be downloaded and installed from anywhere in the world. We pride ourselves for our 'one code base' policy, meaning that all customers run the same code base. So software support is quick and simple. Depending on the service contract we can provide 7x24 support. Installations and upgrades can be done by your own staff or by a local partner. Simply download the latest patch or update from our wiki, upload it to the NetYCE platform and you are ready within seconds.
Second, and most important piece of support is training and consultancy. As each network is different, the requested use cases and maturity levels might be different. That's why we provide tailored digital training classes. We typically train engineers on the job during the first project so they can see the platform's capabilities and know how to take it further with only remote application support.
NetYCE is currently based in Asia (Mumbai, Bangalore, Singapore), Europe (Amsterdam) and we have partnerships to support customers in USA and LATAM.
There are many aspects that come into play when you're trying to automate your network. So we get it that this topic might be overwhelming. Over the last 15+ years, we have seen many networks and dealt with hundreds of questions. So there is a good chance that we can address them.
We have conference calls, zoom sessions and demos all the time with customers around the world. Just reach out to us via [email protected] and we will set an appropriate time to meet.
Check out the following resources:
No. Intent-based networking software helps to plan, design and operate networks. SDN is an architecture for networks. Intent-based network software can “drive” a network that is either SDN-based or non-SDN based (see also Andrew Lerner, Gartner analyst).
Normal automation solutions typically do not
a) translate what to how
b) mathematically validate that desired intent is being met and
c) continuously ingest a broad set of real-time network state indicators.
A good intent-based networking system will embed advanced automation, but you can do advanced automation without Intent.
Most likely, no. It will simplify things that humans do including validation. It will automate configurations tasks and dynamically remediate. But you need humans to input data into the system. It will certainly shift resources away from mundane networking tasks. There will be less reactive trouble tickets but more proactive notifications to be tended to. Also, with the impending explosion of IoT devices, we will need a better way to manage environments, because current manual and non-automated practices likely won’t scale. Intent certainly helps here.
You have a question that is not listed here?
Please send us an email at [email protected] and we will get back to you right away!