Q&A: Prasad Pammidimukkala on Integrated Network Management and Zero-Touch Provisioning
Zero-touch provisioning is finally happening, after years of discussion. With the power of Fabric Connect and Identity Engines, we’re able to help tackle the Bring Your Own Device trend and other needs easier than ever, while knocking out network downtime due to human error.
At ATF 2014, I sat down with Prasad Pammidimukkala, who heads up Product Management for Avaya stackable switches and wireless LAN and Identity Engines portfolios, to talk about what zero-touch provisioning is and how Fabric Connect makes it possible.
Mark: Prasad, you have over 20 years’ experience in the high tech industry including senior business development and product management and marketing roles at companies like Gridiron, Brocade and 3Com.
You had a presentation here called “The Introduction to Unified Access 2.0 with Avaya Fabric Connect.” What are some of the main trends that you see in BYOD in network access that are around that?
Prasad: Thanks, Mark, absolutely. If you think about the way we use our own devices, to get onto the network, you’ve got to connect the network.
Historically, that’s been done through a wired connection. However, if you just look around yourself, we see that network access technologies are becoming unified.
End users expect the same level of quality of access to their authorized resources regardless of whether they’re coming in wired or wireless.
Also, network administrators are demanding an integrated way of managing wired and wireless networks so that they can have a common set of policies for security, quality of service, etc., so much so that industry analysts such as Gartner and IDC stopped calling network access as wired and wireless separately.
They cover them in a unified way as unified access.
Mark: Has that affected the design of enterprise networks with these trends in wired and wireless access?
Let me just talk about a couple more trends in the access space.
We talked about network access becoming unified. There is one other trend around BYOD.
We all carry multiple devices. I have a smartphone, tablet, laptop and e-reader. These are all connected devices. I also have a wearable watch that measures how many steps I take and how I sleep. It analyzes my sleep patterns.
These, again, are connected devices and they’re coming to the BYOD realm.
We, as enterprises have moved past saying, “No,” to BYOD; it’s more a question of “yes” and how easy and seamless can you make the onboarding of BYOD devices, and more than anything else, securing your assets; corporate assets. Seamless onboarding and access to all your resources while protecting your corporate assets.
The last trend that we see is wireless LAN is becoming a primary access mechanism. Again, if you look at any tablets or smartphones, obviously, they don’t come with an Ethernet port and even MacBooks – the latest ones don’t have a built-in hardwired port.
Mark: Tell me about it. I had to buy a $39 bundle that I didn’t even know about.
Prasad: Exactly. Wireless truly is becoming a primary access mechanism. What does that translate to? What’s the implication of that?
Until now, we were using wired networks to connect and use our business-critical applications and mission-critical applications. Wired networks were delivering the service that they need.
Now with wireless becoming a primary access mechanism, wireless LAN automatically becomes mission critical. It needs to have and deliver the same level of performance, resiliency, availability, and manageability to be able to serve as the primary access mechanism.
Mark: The next generation of unified access is what we call “Avaya Fabric Connect” where we’re extending that Fabric out to the edge. Tell us a little bit about that.
Prasad: We’ve been getting tremendous response from customers on the benefits of Fabric connect. If you pause for a second and think about what Fabric connect gives you, it gives you automation in the core of your network so you’re essentially coming up with a hands-off core where you deploy once and then you don’t touch it again. All your provisioning of new services you do around the edge of that core.
Now, that reduces the number of configuration errors that will happen on a daily basis and bring down networks. People lose jobs when their networks go down due to somebody’s human error.
By automating the core, you’re getting that benefit of zero configuration errors due to human error. By extending it out closer to the edge, you’re extending that automation all the way to the edge. You no longer have to touch the core. You don’t have to touch the distribution layer. Now, all your provisioning gets done at the wiring closet.
What we’ve done is we’ve said, “Okay, Fabric is such a great thing and it’s giving us so many benefits from an integration perspective, automation perspective, performance and availability. Why not extend it even further? Why stop in the wiring closet?”
We’re extending it into the wireless access points as well as to the endpoints. These are third-party switches that may not be Fabric-capable and also endpoints like laptops and tablets when they connect the switch infrastructure.
Essentially, it recognizes them, authenticates and authorizes them automatically and provides them access to the services they’re entitled to. All of this is happening with zero touch from a configuration perspective. That’s why we’re calling it “the automated campus” or “automated edge” where you get zero-touch provisioning.
Mark: We’ve been talking about zero-touch provisioning for years and years and years. That was something that Jean Turgeon always was striving for: zero touch, just make it work. Make it work.
I think it’s always been a challenge because, at some point or another, you’ve got to put some intelligence in here. This is allowing that intelligence to come right from the device.
Prasad: That’s right. Fabric provides you that intelligence.
Now, when we talk about zero-touch provisioning, it is truly, literally zero-touch provisioning. You can take a switch that comes default out of the factory, open up the cardboard box, power it up and connect it to an uplink port into the northbound switch which is a Fabric-capable switch. This brand new vanilla switch can discover that it’s connected to a Fabric Connect network and downloads its configuration and automatically provisions itself.
When we talk about zero-touch provisioning, it’s truly zero-touch provisioning. Having said that, some amount of configuration has to happen prior to the switch getting plugged into the network.
That happens in a centralized place through our Identity Engines or it’s managed by skilled personnel as part of the design and deployment of the network.
You’re not relying on either not-so-skilled administrators that are in the branch offices and in locations where high skills are not easily found, thus reducing the chance of errors propagating through a network.
Mark: There’s got to be an ROI there because you’re certainly making best use of labor dollars where you need that skilled set.
Prasad: Yeah. One other thing, if you talk about remote offices again, where you’re deploying access point for wireless access, in traditional environments, you typically have to go pay someone to climb up on a ladder and put the access point there.
Now, that labor is not that expensive. However, where the expensive labor comes in is when you have to have a networking expert go out there, configure IP information, configure VLAN’s, configure access policies, etc. with Fabric being extended all the way to the access point.
You literally have someone attach the access point to the ceiling and then they take an Ethernet cable, plug it into a port on a switch and from then on all the configuration happens automatically.
You’re essentially onboarding access points with zero touch and then any endpoints like tablets or smartphones or laptops that connect to that access point will also get automatically provisioned into the right virtual services networks through Fabric Attach and Fabric Connect.
Mark: Now I think that’s a revolutionary behavioral change in network design and network deployment and it just opens up a whole host of things that can now happen automatically because all of that is happening.
Not only do you have the money and savings and resources and deployment, but you’ve just got the intelligence that’s there. It’s got to simplify your trouble shooting as well.
Prasad: It does. If you look at traditional architectures again, you have different pieces of the network being cobbled together in a way using gateways or some translation protocols in between. When you have a single end-to-end Fabric that’s running a single protocol, you’re troubleshooting becomes all that much simpler.
An analogy that I’ve seen being used, let’s say you have a plumbing situation, if you have a single pipe end-to-end, you can see from one end to the other really clearly. If there’s a blockage, it’s very obvious. Whereas if you have a lot of joints and things are going through different paths, it’s not that easy anymore to troubleshoot. It’s a very simplistic example, but that’s essentially how this equates to.
Mark: Plumbing is an excellent example of how to explain networks to people because it’s something they can see and visualize. It’s just got the exact similar characteristics in almost everything I’ve seen. It always comes back to plumbing.
Thanks very much for sitting down and talking to us today. Very interesting stuff and some real-world applications of all this great technology we’re dealing with.
Want more technology, news and information from Avaya? Be sure to check out the Avaya Podcast Network landing page at http://avaya.com/APN. There, you will find additional podcasts from industry events, such as Avaya Evolutions and INTEROP, as well as other informative series by the APN staff.
Thanks for stopping by and reading the Avaya Connected blog on E911. I value your opinions, so please feel free to comment below or, if you prefer, you can email me privately.
Public comments, suggestions, corrections and loose change is all graciously accepted 😉 Until next week. . . dial carefully.
Be sure to follow me on Twitter at @Fletch911