What is Network Orchestration?

Network orchestration is a set of actions that allows enterprise network administrators to centrally control and manage the sprawling, multi-cloud networks of today’s enterprises

It takes considerable influence from software-defined WAN (SD-WAN) network management architecture, which uses centralized controllers to build network policies and push them to remote SD-WAN routers. Network orchestration applies this concept to the entirety of an organization’s multi-cloud or hybrid networks.

This allows for policies to be uniform across the entire network, regardless of specific service or microservice.

Network Security Demo Learn more

The Importance of Network Orchestration

Before the days of software-defined networking, all network setup was done manually.

Manual Network Setup

This was condensed into Moves, Adds, and Changes (MACs): any piece of routine maintenance or ongoing task, upgrading a single network switch, or re-commissioning servers from one location to another, required a fairly in-depth manual process.

Admins would have had to:

  • Re-write business needs into network configuration syntax
  • Implement it
  • Monitor the network so nothing unexpected occurs

Key to the manual process of managing the large-scale network was the IT team, who was left to keep an eye on the entire, interlocking whole: not just exhausting but incredibly messy, it was all too common for manual updates to risk network stability and leave holes in its defenses.

Real-Life Example

Let’s compare the differences between approaches directly: say a particular application needed a new VLAN set up. With MAC, an IT/network team would need to build the VLAN by logging into each router and configuring it to allow access. Interacting with each command-line interface, admin teams must type hundreds of commands until a group of device types passed traffic the way they should.

Choosing which routers to configure according to the organization’s pre-existing topology would consume a considerable amount of time and labor.

A Modern Approach to Network Administration

Network orchestration doesn’t just grant a more centralized and automated approach – but directly contributes to tighter network security and more efficient controls.

Real-Life Example

A network orchestration platform automatically detects the ideal network topology and business requirements for the new VLAN. It sends API calls to each device, before performing an automatic transaction across all relevant private clouds or public clouds.

Plus, because it has built-in intelligence about the surrounding network, it’s able to give network admin an immediate picture of:

  • Configuration options
  • Users
  • Devices
  • Traffic patterns

… all within the new VLAN.

In the MAC era, this sort of information was difficult to establish (we’ll touch on some examples later), and the understanding of an enterprise’s network was often patchy between different network admin staff.

Network orchestration is vital for the real-time changes organizations often need to make within complex networks.

Better Security

Network orchestration adds a layer of abstraction to network configurations: rather than going into the CLI, orchestration tools can take business intent – ie ‘wind up these pieces of infrastructure for this project’ – and conduct it according to your industry’s best practices.

This is vital for rapidly-growing organizations – those that host diverse sets of user groups and those focusing on network segmentation. Thanks to their minute control over finer network details, network orchestration allows teams to focus on rapidly:

  • Deploying
  • Verifying
  • Managing updates and changes

For instance, when setting up a new user account within a network, the orchestration platform would take the high-level input, configure the necessary settings according to a user’s access group, and set up the necessary chain of routers, firewalls and servers, so the new user can access everything they need.

By ensuring each new device’s security settings, the organization builds its resilience with each user – and sets a solid foundation for next-gen firewall rules.

How Network Orchestration Works

Here’s how a network orchestration platform works in practice:

  1. Network admins identify a high-level objective (such as ‘Reset the OSPF process on four routers’)
  2. The orchestration platform validates the exact business intent and starts to produce the necessary configuration syntax (such as a ‘clear ip route’ command).
  3. The controller then identifies the relevant network parameters it needs to adhere to and remediates any network service conflicts.
  4. The tool makes the necessary changes, while continuously auditing the surrounding architecture to ensure the original business intent is adhered to.
  5. If step number 3) can’t be achieved safely, it rolls back to pre-request changes.

To achieve this, network orchestration demands two key network components: the first is a network controller, the second is programmable network devices.

The Network Controller

Today’s network controllers lie at the end of a development chain: their first iteration was the Element Management System, or EMS, which grouped specific areas of network devices. While they helped monitor and manage certain aspects of a network, their limits quickly became apparent:

They weren’t able to holistically control any parts of the network, and it wasn’t uncommon to have a handful of EMSs per network. EMSs eventually gained a wider degree of functionality – integrating with higher-level apps via northbound APIs.

And yet, they were limited to smaller bundles of devices. Eventually, the shift from purely physical networking to cloud and virtualized options led to SDN controllers, which actively control the flow of packets between relevant, cloud-based network devices.

The network controllers within a network orchestration platform can be thought of as expanded versions of SDN and EMS controllers – extrapolated across layers 7 to 4, they give network-spanning overviews of hybrid and multi-cloud environments.

Programmable Network Devices

Network programmability is the ability for resources to be deployed, managed, and troubleshooted via software.

It’s why network orchestration is so tightly interwoven with Network Function Virtualization (NFV) – it’s this software base that has granted sprawling networks never-before-seen accessibility.

  • The controller interacts with programmable network devices via a southbound API interface.
  • The southbound API allows it to alter network paths and optimize traffic flow.
  • The northbound API exposes each device’s network functionality.

This bidirectional process is key to efficient network orchestration.

Secure Every Network with Quantum from Check Point

Quantum Smart-1 is a network orchestration platform that collates users, workloads, applications, and firewalls into one. Reach newfound depths in your network visibility, and put this understanding to good use with automated incident response and access controls.

Gain network growth without the growing pains, and apply unified security policies to all environments with Quantum Smart-1’s single infrastructure – made even more efficient with multi-domain management and a user-friendly interface.

Book a demo to see it for yourself, or check out the whitepaper to deep-dive into its unique capabilities.

Check Point Network Security

Check Point Infinity

Cyber Security Management

Get Started

Check Point Network Security

Check Point Infinity

Cyber Security Management

Related Topics

Network Management

Network Security Architecture

Network Security Best Practices

Top Network Security Issues

Network Security

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK