Published: April 2022
Cisco IT builds and runs a gamut of technologies for employees, partners, and customers. While each technology serves its own specific purpose, the most value is attained when separate technologies work in concert to transform operations and improve user experience. Ultimately, Cisco IT aligns well with the old phrase, “The whole is greater than the sum of its parts.”
Application Programming Interfaces (APIs) can measure the synergy between discrete technologies. This is an essential part of deriving the value of the “whole,” and comparing this value to that of each individual technology. Cisco IT is then able to gain greater visibility into operational data while reducing errors and risk, allowing for more time spent on higher-value activities.
APIs simplify operations and improve innovation by enabling service management and operations applications to exchange data and functionality easily and securely. As a result, APIs help fulfill the vision of “smart connected products.” Smart connected products are expected to usher in a new era of competition by integrating IT. Key capabilities of these products include monitoring, control, optimization, and autonomy.[i]
Once considered just a component of technical domains, APIs are now viewed as a vital contributor to business growth. McKinsey estimates that up to $1 trillion in value could be at stake through the redistribution of revenues across sectors and ecosystems.[ii]
“Because APIs link organizations and technologies in ecosystems, they’ve become an indispensable competitive weapon,” says Manny Garcia, Automation Lead Engineer.
The following three examples explore how Cisco IT is using APIs to uncover significant value and identify additional opportunities for the company’s business units.
The first example of API use looks at how Cisco IT built an integration through ServiceNow IT Service Management and IT Operations Management to replace a legacy monitoring system.
Here is a bit of context: Cisco IT uses ServiceNow IT Service Management (ITSM) / IT Operations Management (ITOM) to help optimize the impact, speed, and delivery of IT services. Various relationships are built out in the configuration management database and service management to understand how services are interconnected – and if they are performing well for end users.
Cisco IT deployed Cisco ThousandEyes for Internet and cloud visibility in 2020, migrating from a previous monitoring system that was focused on monitoring applications from within data centers. ThousandEyes employs a combination of active and passive monitoring techniques – plus real-time internet outage detection – to deliver deep insight into user experience across applications and services. Though ThousandEyes has many use cases, its “hidden gems” for Cisco IT are its Cloud and Enterprise Agents, which can be used by IT departments to create tests that generate performance and availability metrics, as well as end-to-end network visualizations for applications or services from anywhere in the world. ThousandEyes also offers browser synthetics that simulate end-user interactions with applications for detailed analysis of application behavior. For the first time, Cisco IT is able to test all the on-premises, cloud applications, and SaaS services it supports from both inside and outside the network.
ThousandEyes’ ability to understand the performance of both the application and its underlying network has provided Cisco IT with much deeper visibility into services. When issues arise, the end-to-end network path can be analyzed to detect what is happening, including how related functions such as BGP, DNS, and CDN may be affecting network behavior. As result, it’s much easier to determine whether a problem is related to a specific service or its underlying network.
Based on this highly positive experience, Cisco IT decided to build an API-driven integration with ThousandEyes, to replace the previous monitoring system. Cisco IT conducted the entire effort without the application teams having to touch anything; the API allowed for a “transplant” of ThousandEyes tests virtually overnight to gain more data visibility than ever before.
The integration uses services and relationships built out in ServiceNow IT Service Management (ITSM) / IT Operations Management (ITOM). These configuration and service management databases help optimize the impact, speed, and delivery of IT, and the relationships built through them help Cisco IT understand how services are interconnected — and if they are performing well for end users. These services and relationships forgo the need for application teams to ever have to log in to ThousandEyes. Ultimately, the information can be used by all teams responsible for operations, no matter where they are.
Without requiring the application teams to do anything, Cisco IT can test and better understand applications and services around the world. These unified, discrete tools used for IT operations management have simplified processes within Cisco IT and proven that “if you build an integration, you double your value.”
Change is a constant in networking: software upgrades, changes in policy, and physical changes in the network happen every day. The ability to make high-quality changes — and track their impact — is essential. In the past, however, doing this type of work was a struggle. Teams particularly had challenges with making changes and conducting “pre- and post-checks” to validate changes were working as intended.
Legacy thinking was a big challenge – partly because APIs have only recently become ubiquitous in the network, and partly because the previous approaches to automation were very different.
One of the previous approaches to automation was automating through “human activities.” This would automate the process of manually typing line after line of commands, which was time consuming and error prone. However, automating work like this was hard. The process often involved “expect scripts,” with new changes leading to new scripts. It was inefficient to spend time testing and fretting over syntax; dozens of hours went into understanding the subtle differences in Command Line Interface (CLI) output between platforms rather than focusing on outcomes. Because of the fragile nature of these scripts, getting to the point where they could be trusted took a tremendous amount of time. Focusing on the wrong things slowed the ability to innovate.
The other automation approach was “fire and forget.” In this scenario, all commands used to perform a change or set up a basic device configuration were worked out beforehand. There was some beauty to this approach — it was simple and idempotent. Changes could be made quickly, with repeatable results. Unfortunately, it wasn’t very surgical — after a few years, it was necessary to remove several “no” commands from the Domain Name System (DNS), logging, trap servers, and whatever else had changed in the network.
In the last few years, however, APIs and Software Development Kits (SDKs) have allowed DevOps teams to leverage libraries like Genie, which provides standardized solutions for many problems that occur in everyday programming. IT professionals can be surgical in their changes, specifically targeting a configuration without needing to spend time managing connections, sending commands, and parsing their output. As a result, there is more time to focus on completing higher-value work related to outcomes. And Cisco IT is continuously injecting more automation into the process — there are more scripts to run beforehand and afterward to validate that the change worked, and to apprise affected engineers about the outcome. Ultimately, less code is being written and the team is delivering better quality.
“From a business perspective, APIs are helping manage the balance between risk and reward,” says Garcia. “The more high-quality changes that are performed, the more the organization is willing to accept those changes.”
In many ways, this new process has transformed CLI into an API.
Another big development that has occurred over the past few years is that workflows are run within a controller – more specifically, within Cisco Catalyst Center, a powerful network controller and management dashboard that enables movement from “caring about a device” to “caring about our service.” Thanks to controllers, assurance and change don’t start at the device level anymore. Instead, it’s the client, the location, the service, or some other construct that aligns to the service.
With changes based on the service rather than a list of devices, it’s simpler to manage individual devices. Workflows do much of this work. These workflows often contain dozens of discrete steps to make a change and verify that it is completed. Just a handful of API calls are needed to deploy a policy to a network, upgrade a device at a site, or check for compliance. For example, instead of Cisco IT having to build pre- and post-checks and make changes manually when conducting software upgrades, the team can call a simple API within a controller to do the work instead.
This controller-based approach removes the challenge of configuring individual “boxes” (devices). Instead, a network is being configured.
“This new paradigm supports Cisco’s concept of ‘intent-based networking’: define your intent once, deploy everywhere, and then focus on your service,” says Garcia. As such, it’s critical to configure things correctly to evaluate how applications are performing on the network.
These three examples showcase the many forms of value that APIs are delivering for Cisco IT. In addition to enabling new data insights, greater productivity, and better quality, APIs are improving engineers’ overall work experience. Rather than having to perform tedious tasks, engineers can focus on higher-value activities that drive innovation.
For more information, please refer to the following links:
[i] Michael E. Porter and James E. Heppelmann, “How Smart, Connected Products Are Transforming Competition,” Harvard Business Review, November 2014
[ii] Iyengar, et al., “What It Really Takes to Capture the Value of APIs,” McKinsey Digital, September 12, 2017