Automate to Innovate: Why the Key to Creative Networking Is Simply Doing Less
Cisco
It sounds obvious, but in order to see change, you must first make change. If you don’t take that all-important, courageous first step to disrupt your status quo, you won’t see any improvements.
Breaking out from the status quo was our reality at Tromsø kommune, one of the largest of Norway’s 400 municipalities. Battling stagnation is a common challenge at the municipal level here in Norway and also around the globe.
At Tromsø kommune, we’ve heavily supported our IT users for the past 15 years. A big part of that is due to the sheer size of our municipality: Tromsø kommune is home to 75,000 residents and, among them, 20,000 users we need to support. We assist them with a technical team of only 30 people. The main users we support are students, local healthcare governance, including elderly and emergency care, and even five smaller municipalities nearby.
We have a wide networking infrastructure: 300 sites with about 70,000 switch ports. With this many people to support, you have to configure the network based on where the user is and the roles they have been given.
Until recently, we've had to do everything manually. It was overwhelming. We supported legacy hardware and processes as we manually solved user issues. We weren’t able to renew any of our infrastructure or our software that supports the organization. We didn’t have the capacity to build the competencies to innovate and manage technology from this decade. Lacking the energy and means to innovate causes organizations to stagnate, no matter their industry or mandate.
Direct from Cisco Live: Automation Is the Answer
Everything changed for me when, five years ago, I attended Cisco Live in San Francisco. The internal Cisco IT team spoke about how they had to support more and more users with fewer and fewer people, and the answer to that was automation and self-service. It was a moment of clarity—the solution I’d been searching for. I kept automation in mind until I started at Tromsø kommune a year ago and saw the small size of the IT team.
I knew automation and self-service would be the only way we’d manage the load. That’s when we evaluated all our systems to decide whether we could upgrade. We quickly realized it would take much more work than initially thought.
Cisco not only gave me the idea for automation, but they were also the logical provider for automation and software-defined networking (SDN). The decision to choose Cisco was made even easier because Tromsø kommune had been a Cisco customer for 25 years. Cisco was also the only vendor that could deliver what we needed because of its multiple complementary solutions on access edge, data center, cloud, and identity management. It was the only company able to support us all the way from the client to the application. With that in mind, the choice was simple.
We use various Cisco solutions, but the two big ones we’re implementing right now are Cisco Application Centric Infrastructure (ACI) and Cisco Software-Defined Access (SDA).
At the end of the day, our story is all about automation. We had way too many issues doing cumbersome, manual tasks to solve small but important issues. More importantly, we also lacked the internal capacity and knowledge on how to build those solutions. Without Cisco to support and enabling that automation, change would have never happened.
A Global Policy: From Server to Server
The first example of our success is with Cisco ACI. The platform helps us by interconnecting and defining an application instead of keeping our 400 different servers and even more containers working independently of each other. We now define how we want an application—like the payroll system, for example—to work, in Cisco ACI.
Instead of manually configuring security policies, we simply define that payroll system in ACI. Then, we mark each and every payroll server to ensure it inherits that policy. After that, it starts to behave like a payroll server. People who are in a role that is allowed to access the payroll system are automatically able to connect to all of these servers, regardless if we have one or 100 of them. It’s all based on each server being in this application profile.
In the past, we had to manually do all of this interconnection and configuration between the different parts of the payroll system. Now, we just define an application profile, and that takes care of everything for us. If we have to add another 10 servers to the payroll system, we don't have to do a thing. We just mark it as a payroll server, and then it's all done.
Counting the Hours: Thousands Saved in Auto-Scaling Each Year
On the server side of it all, automation saves us about 3–4 hours every time we deploy a server, and we deploy, change or decommission 10–30 per week. That’s a massive amount of time to free up for my team. Automation also makes it easier for us to scale up and down—something that was too time-consuming before. In the past, we had to spend four hours just to scale up one server. Now, we can automatically scale.
During specific periods, such as an election, the system can automatically scale up the election support services instead of requiring my team to do a lot of preparation. Before Cisco, there was a risk of the system breaking if it wasn’t scaled up enough. With auto-scaling, the system can decide for itself based on its needs and load.
That also means the users get a better experience because the systems are more redundant and have a better capacity for handling high user traffic. Our monitoring is much better as a result. We're actually able to track to see if our systems are behaving in a way they shouldn't, which is an ability we didn't have before. Now, the infrastructure can actually fix itself if it sees that it's unhealthy, which gets rid of a lot of the issues we had to manually correct before, like support incidents.
Simplifying Security with Cisco ISE
On the security side, everything is now much easier thanks to identities. In addition to Cisco ACI and Cisco SDA, we use a solution called Cisco Identity Services Engine (ISE) that handles employee identities, which are managed through our database in a different system. Once you're an employee in Tromsø kommune, you're given appropriate system access.
We build our security model based on identities and applications. Instead of keeping track of 70,000 different IP addresses for all the different locations and sites, we now just define the identity of the role. If we open a new site with a lot of new users, we don't have to do anything security-wise because we use Cisco ISE to define the users from the roles and policies we already have.
If a new employee is hired in a nursing role, for example, we make that note and add them into our previously defined roles since we already have the security policy in place for a nurse. We don't have to add, remove, or modify anything at all. That saves us a lot of time as well because Cisco ISE connects to our Microsoft Active Directory and our employee registry. This means the Cisco network knows if you're anything from a nurse or an IT employee to an accountant or a politician.
Cisco is probably the only vendor that can deliver on all these areas simultaneously. We have solutions that go all the way down to the client-facing side, and we have solutions going all the way up until the applications stack. You need them to speak the same language to establish an almost “global” policy spanning the entire infrastructure. We get all of that with Cisco.
From the Old World to the New World: Experiencing the Difference
Both our IT team and our end users have experienced a world of difference since we've automated our systems. We get much fewer incident and support tickets to deal with, despite our users scaling at a high rate. We can see that people are a lot happier to work with these new systems, despite some initial skepticism, which is natural when transitioning to a new way of working.
We're building automated self-service solutions for users, so they can modify their identity and order new services from us, which the infrastructure handles automatically. They can reset their passwords through an app, which gives my team time to actually do creative work. It’s had a pretty big impact on morale. People on my team are changing their attitudes already.
My colleagues are experiencing huge decreases in their administrative burden. We feel like we’re on the path to reducing the time we spend on generic operations by at least 70%.
Through automation, we’ll still provide incredible support to our end users, but with less effort from my team. This means we’ll free up enough time that we can get people working full-time on innovation. We’ve never been in a place where our employees can focus all of their efforts on the future, so it’s an exciting time for us. By devoting their time to what’s next, it means we’ll never again be stuck in the past.
A Glimmer of Innovation on the Horizon
In the future, we want to potentially build our own innovation garage, and try to develop our own solutions with a sort of Google-type vibe. We've been innovating full time for the past year already, and we want to scale up that team because it’s important to us.
Now, we see that glimmer on the horizon—we see a reality where the grass is greener on the other side. Our employees are more optimistic because they know there’s a better world out there thanks to automation. Working for the government isn’t exactly known for being an ideal environment for innovation and cutting-edge industry best practices, but that’s changing. No other entity in Norway—public or private—is on the path to managing their IT like we are. That makes us a leader in our field, so we want to set a good example for others to join.
The first step is a leap of faith. To paraphrase Einstein, the definition of insanity is to do the same thing over and over again, expecting a different result. In order to experience change, you need to make it happen yourself. In our case, the answer was automation. It could be the same for you, too. If only you’re ready to take that first step.