Multiclouds have already arrived in enterprises. Intent-based networking is an emerging DevOps paradigm for simplifying, speeding, and improving management of multiclouds. This approach involves continuous optimization of availability, reliability, performance, security, and other infrastructure policy objectives.

Intent-based networking is not exactly a new management technology, but, rather, a unified DevOps framework for automating scalable, end-to-end deployment, optimization, and control of distributed systems and the applications and workloads running on them. At heart, this approach refers to tools and techniques for automating software-defined networking across hybrid, edge, and other multicloud environments.

Intent frames DevOps policy in the multicloud

Enterprises may implement intent-based networking in various ways, but it generally builds on the following core distributed-systems management principles:

  • Intent: Network planners automatically capture intent regarding the business and technology outcomes to be achieved through the network. They express this intent as policy that describes specific end-to-end network business and operational metrics, such as application service levels, network throughput, and security incident and event thresholds.
  • Orchestration: Network engineers automatically translate this policy into configuration profile code that prescribes how all involved physical and virtual resources may achieve the associated service levels and other metrics.
  • Monitoring: Network operators automatically monitor the state, status, and health of every physical and virtual components under their administrative control in a protocol- and transport-agnostic fashion.
  • Assurance: Network administrators automatically assure that the desired intent has been applied and that the associated business outcomes are being achieved. Automated tooling can execute corrective actions as needed to remediate issues such as blocked traffic and performance bottlenecks in real time.

AI delivers policy continuously across the multicloud

To ensure continuous integration and continuous deployment of applications and infrastructure across increasingly heterogeneous multiclouds, enterprises will need DevOps tools that incorporate intent-based networking, which has artificial intelligence (AI) at its heart. The tools should leverage AI to enable  flexible movement, monitoring, scaling, and transparency and the management of infrastructure and application components, data, workflows, metadata, and business logic.

Essentially, intent-based networking is an advanced form of AIOps. This refers to an emerging best practice that uses embedded machine learning and other AI models to make software-defined networks continuously self-healing, self-managing, self-securing, self-repairing and self-optimizing.  AI’s growing role in multicloud management stems from its ability to automate and accelerate many tasks more scalably, predictably, rapidly and efficiently than manual methods alone.

AIops becomes more completely automated when it uses data-driven statistical algorithms to capture intent as well as automate the downstream orchestration, monitoring, and assurance workloads. More multicloud management vendors are integrating AIOps with intent-based networking to enable this level of closed-loop automation that can radically boost the productivity of customers’ IT staffs.

Running AIOps over multicloud infrastructure vs. apps

One might divide the AIOps market into those vendors that leverage AI to automate management of multicloud infrastructure vs. those that primarily use it to automate development and release of the microservices that run in that infrastructure. One might also organize vendors by the extent to which they also automate the upfront intent-discovery process in that AI-driven pipeline.

In the infrastructure-focused camp, one must certainly place Cisco. It has implemented intent-based networking across its portfolio of hardware, software, and services for multicloud management, distributed data centers, and software-defined wide-area networks. It now supports the following key capabilities:

  • Enabling lights-out multicloud management: AI-driven intent discovery and management is a fully automated “NoOps” alternative to the traditional command-line interfaces that vendors have exposed for manually setting up and administering policies within the unique interfaces and syntaxes presented by individual networking devices. Recently, Cisco announced extension of intent-based networking to support management of data centers across a wider range of cloud and edge environments within its existing “Application Centric Infrastructure” software-defined wide-area networking architecture. The new “ACI Anywhere” environment is embedded in Cisco’s networking hardware products and enabled through its single-pane management tooling.
  • Extending up the multicloud application stack: Intent-based networking can extend from the physical infrastructure all the way up through the multicloud applicaton stack. In Cisco’s environment, this capability integrates with all hypervisors and container frameworks (including Kubernetes and OpenStack) on which applications are deployed anywhere on cloud, on-premises, and edge environments. It enables users to deploy, automate, scale, and manage workloads. It allows users to enforce consistent group-based policies on any applications across any combination of container, virtual machine and physical network that they provision to any cloud, on-premises, or edge environment.
  • Encompassing management of complex multiclouds all the way to the edge: The approach can also extend all the way to the cloud’s expanding edge. Recently, Cisco enhanced its HyperFlex family on hyperconverged infrastructure hardware solutions, enabling enterprise deployment of a consistent hyperconverged architecture across on-premises, hybrid cloud, and edge environments. The devices come equipped with embedded connectors to the cloud-based Cisco Intersight, which enables AI-driven IT operations management, data resiliency, and centralized lifecycle management capabilities. This capability enables HyperFlex Edge devices to be installed, configured, monitored, and optimized in fully automated, zero-touch fashion on HyperFlex Edge clusters.

Much of this AIOps functionality is also found in Cisco Crosswork Situation Manager, which embeds AI for intelligent, adaptive, and automated management of hybrid, mesh, and other complex cloud deployments.

To a lesser degree, VMware is also implementing a limited type of AIops for multiclouds, though it’s not clear whether they intend to provide the automated intent discovery features needed to build out a closed loop. Last August, VMware announced the preview of “Project Magna,” an R&D initiative is developing an AI-driven edge-to-edge virtualization environment to power adaptive security in what they call a “self-driving data center.” Project Magna relies on AI to be embedded in hundreds of Internet of Things control points and integrates with the adaptive micro-segmentation of VMware’s NSX multicloud networking environment. It will leverage edge-node AI to learn normal application behavior, use  that knowledge to lock down compute and network resources, and adapt to continuous change in cloud-native application so that it can adjust edge-node microservices’ attack surfaces in an automated, nondisruptive fashion.

As regards those vendors that primarily use AI to automate development and release of the microservices for multiclouds, IBM springs to mind most readily. As can be seen from its recent product announcements at Think 2019, IBM is becoming a multicloud AI DevOps pipeline vendor par excellence. At the event, the company launched new solutions for planning, migrating, integrating, securing and managing applications and workloads across any public or private cloud, any on-premises IT environment, and any Kubernetes cluster.

Architecting the multicloud planes behind AIOps

In terms of an infrastructure management capability, the vendor also launched the new IBM Services for Multicloud Management for self-service acquisition and management of IT resources across multiple cloud providers, on-premises environments, private clouds, legacy infrastructure and container environments. This solution includes:

  • an automation plane that orchestrates deployment of services of different types and from different vendors to be integrated easily and made available to consumers;
  • an operations plane that enables infrastructure and operations administrators to monitor and maintain systems, including legacy infrastructure, private cloud, public cloud and container environments;
  • an integration plane with the ServiceNow Portalto enable purchasing, orchestration, configuration, monitoring, maintenance and cost governance of cloud services and solutions from multiple providers.

Though IBM Services for Multicloud Management is a strong tool for its core use cases, it stops short of being an AI-driven intent-based networking offerings. Though it has a centralized policy definition tool and integrates with Watson AI Engine to interpret and analyze structured and unstructured IT data for multicloud management, it lacks the ability to automatically infer business intent in order to create policies for multicloud deployment, monitoring, and control. Nevertheless, it can support automatic discovery and remediation of multicloud security vulnerabilities, detect suspicious traffic, and drive continuous event monitoring, application-aware firewalling, intrusion prevention, anti-malware, and URL filtering.

In a broader sense, any infrastructure as code (IaC) solution may be used as sthe foundation for AIops in general or intent-based networking specifically. IaC drives DevOps around the deployment of functional platform components within complex distributed cloud environments. The methodology does so in the same way one manages such application components as code builds, machine images, containers, serverless functions, and security code.

As a multicloud management approach, IaC eliminates the need for IT professionals to touch physical IT platforms, access cloud providers’ management consoles, log into infrastructure components, make manual configuration changes, or use one-off scripts to make adjustments.

As an alternative to traditional IT change-and-configuration management, IaC involves writing templates—a.k.a. “code”—that declaratively describe the desired state of a new infrastructure component, such as a server instance, virtual machine, container, orchestrated cluster, or serverless functional app.

Within IT management tooling that leverages underlying DevOps source control, the IaC template drives the creation of graphs of what the cloud infrastructure codebase should look like. The tooling then looks for deficiencies in deployed code and fixes them by deploying the end-to-end code, so that the end-to-end deployed infrastructure converges on the correct state. Conceivably, the upfront code/policy capture in IaC could be automated with AI.

However, this automated-code-generation capability isn’t yet found in such cloud IaC tools as AWS CloudFormationAzure Resource ManagerGoogle Cloud Deployment Manager) or in third-party DevOps vendors whose solutions address diverse public, private, hybrid, and multi-cloud deployments (e.g., TerraformSaltstackJujuDockerVagrantPalletCFEngineNixOS).

IaC is a fast-evolving segment of cloud-native DevOps. For a discussion of IaC’s role in building hybrid serverless applications, please check out this Wikibon note that I published late last year.