Model-Driven DevOps for NetOps: Transforming DoDIN Cyber Operations with Network Infrastructure as Code (IaC)
By Andrew D. Stewart
April 21, 2022
Model-driven Dev-Ops  represents a game-changing digital transformation approach for NetOps to deliver enhanced network infrastructure orchestration, optimization, agility, flexibility, and resiliency – the result: a DevOps-Driven Mission Intent-Based Infrastructure. Just as agile DevOps efforts transformed application development and created more responsive and timely mission outcomes, DevOps for NetOps is a critical next step in meeting today’s and, more importantly, tomorrow’s mission-driven demands. Adopting this approach in our culture and our engineering approach to NetOps will enable military cyber professionals to finally begin operating the network like a mission platform.
Why now? With the capabilities and power enabled by modern software defined networking (SDN), it is possible to leverage greater abstraction of the network infrastructure as a collection of Application Programming Interfaces (APIs). Applications can now render the network into infrastructure-as-code (IaC). Simultaneously, with industry implementation of “digital twin” technology, the real-time digital model counterpart of complex physical objects, has dramatically transformed and accelerated manufacturing design-to-production capabilities and improved complex entity simulations and insights. Using this same approach for a network infrastructure, enables the establishment of a “network infrastructure digital twin” to enhance the ability to develop, test and dynamically deploy critical infrastructure updates, changes, and optimizations at scale. DevOps for NetOps is not the goal; enabling DevOps for the network to enable Mission Transformation is The Goal.
The Future is Now
The network is fundamental to connect users, devices, applications, data, and services no matter where they reside—from edge to cloud; however, much of network administration has not changed meaningfully in 30 years. As digital services are delivered more frequently through adoption of DevOps for software development that focuses on services or applications, gaps and weaknesses are quickly identified in the supporting hybrid cloud network infrastructure. Network operators face increasing pressure to move faster – often at the sacrifice of fundamental, scalable network architecture and security best practices – while at the same time, they are being held responsible to help mitigate risks and respond to threats. This challenge demands a cultural shift – requiring a DevOps mindset inclusive with network infrastructure.
The demand for new features and faster delivery of services, has driven the need to develop software and applications faster—thus, driving the rapid virtualization and “cloudification” of IT infrastructure. Failure to transform to a DevOps approach for network infrastructure aligned with the Continuous Integration/Continuous Deployment (CI/CD) process is not an option. A model-driven DevOps approach enables network operators to maneuver the network at machine speed through a deliberate process which: 1) Encapsulates the network as a data model; 2) Renders a data model of the network into a “digital twin;” 3) Enables repeatable synthetic testing; and 4) Provides the means to automatically deploy network changes (employ network maneuver) at machine speed in response to increasing application-driven data demands, evolving mission needs, and following the Cyber Commander’s Intent — fighting in and winning the day in Cyber. This vision must be understood so that the impediments to change can be addressed.
What is it?
DevOps is often used as a term to describe a specific outcome. However, it is really an evolving organizational strategy used to deliver better value and mission outcomes. In context of this paper, DevOps will be described as a combination of culture, tools, and processes aimed at: accelerating delivery of new services, improving the scale of services, improving the quality of services, and lowering risk when done deliberately. A model-driven DevOps approach is a structured way to enable network automation at scale built on data models. This has been proven to address challenges and perceptions
around complexity, standardization, and manual operations. Most APIs are driven by data models, but the most common model-driven APIs for network devices use the Network Configuration (NETCONF) protocol with Yet Another Next Generation (YANG) data models. NETCONF pushes the data models encoded in Extensible Markup Language (XML) over a secure transport layer and gives us several operational advantages over command line interface (CLI), including:
Realizing Change and Transforming the Mission
By committing to following a DevOps Roadmap and understanding the supporting DevOps for NetOps fundamentals, NetOps teams must re-evaluate how they operate network infrastructure – today! The physical network cannot be the bottleneck for digital mission transformation – it must be an enabler. Applying a DevOps Roadmap for network infrastructure can be undertaken in five (5) deliberate steps that are aligned with the CI/CD process:
 Carter, Steven and King, Jason. Model Driven DevOps. 1st ed. Hoboken, NJ: Pearson Education, 2022.
About the Author
Andrew D. Stewart is a National Security and Government Senior Strategist at Cisco Systems, Inc. He has been with Cisco for the last 4 years after retiring from almost 30 years in the U.S. Navy where he last served as the Chief of Operations for Fleet Cyber Command/U.S. TENTH Fleet. Andy also served as the Commanding Officer and Program Manager for the Navy Cyber Warfare Development Group (NCWDG). He is a graduate of the Sellinger School of Business, Loyola University Maryland and the Cybersecurity and Policy Executive Program from the Harvard Kennedy School. He is also a graduate from the Naval Postgraduate School Monterey, CA, the United States Naval Academy, the National Defense University, and the Naval War College