IT Organizations need to handle, safe, and get audited on their IT belongings. The span of domains cowl a number of completely different product units with completely different working programs by nature, and the groups are tasked to create a cohesive asset administration framework. An instance is a monetary establishment which is topic to the FFIEC steering, which requires them to have the ability to conform to an audit construction that requires managing their belongings and software program.
A second instance is the NIST publication 1800-5 on IT Asset administration that describes a framework for managing belongings in a company. Various organizations might undertake NIST as their safety framework.
Within these frameworks, the NIST and FFIEC steering don’t name out “Cisco Equipment” or “Microsoft software”, “Virtual machines”, or “Firewalls” in a vacuum. IT Administrators and safety groups aren’t tasked with stock and patch administration of simply their load balancers, servers, switches, or routers.
IT Administrators and their management are tasked with understanding, patching, and securing all of their IT infrastructure. From the bodily to the digital, from the endpoint to the cloud. Thus any single device wants to have the ability to match right into a framework to have the ability to merge collectively completely different programs in a cohesive method that’s able to managing a number of working programs and vendor implementations.
The function of this weblog is to indicate how this may be carried out virtually utilizing various Cisco {hardware} and software program, and the framework would bolt in to some other third celebration and supply purposeful, straightforward to make use of code, that may create a single asset administration desk for merchandise within the Cisco portfolio.
We do that by integrating ACI, Multiple DNAC, Meraki, Intersight, and SD-Wan platforms right into a single desk which could be cross referenced after which pushed, into Service Now. We do that utilizing accessible DevNet sandboxes as of 11/2022. There can be a reference on how this may be reconciled and pushed into Service Now (in order that the system of file could be up to date following software program modifications, or reconciled).
This is purposeful code, which is simple to run in opposition to actual sandbox environments, and could be validated and repurposed to your surroundings.
While we can not management third celebration merchandise and the way they combine, the framework would enable for different tools which assist Rest API to create a state desk for stock asset administration. The framework is somewhat easy: seize the stock from various programs utilizing REST API, and normalize to a constant checklist of all belongings in these programs. From there, you’ll be able to replace Service Now or one other system of file.
The downside we try to resolve is additional elaborated in NIST 1800-5, of the a number of frameworks a buyer could also be required to audit in direction of, and the truth that its not so simple as simply operating a single vendor’s report, when your chargeable for a complete ecosystem of distributors and merchandise.
So lets get to it!
What is created is a Google Colab pocket book, which lets you take and validate the code. This is feasible as a result of we’re utilizing cloud sandboxes hosted in DevNet and our cloud platforms. If you’ve by no means used Colab earlier than, it’s a Jupyter pocket book within the sky that’s as straightforward to run as clicking a button. It additionally permits me to simply share with you, so you’ll be able to see for your self the way it works.
You can get a learn solely copy of the code right here: We will stroll by way of it beneath.
https://colab.research.google.com/drive/1DMfB_FfWPEIDggYawtJgmskLJmkVzqyM?usp=sharing
The very first thing you wish to do, is take a look at what it says on the prime. What is shared is a learn solely copy, and to play with it, you need your individual editable copy. So you wish to put it aside, by going to File/Save a replica to drive.
The subsequent factor to have a look at is there are sections, at a excessive degree, its damaged down into
- Getting Meraki stock
- Getting SD-Wan stock
- Getting DNAC (and multi controller instance… this multi controller is also ACI domains, or Meraki networks)
- Getting Intersight stock
- Getting ACI Inventory
- Merging all of them togther
- Optional: Updating ServiceNow instance. (be aware, this makes use of a developer occasion which will likely be inactive by the point you learn this, it’s purposeful, get your individual developer occasion and use the URI at developer.servicenow.com)
Each of those sections could be ran as a bunch, by mousing over “7 cells hidden”, or you’ll be able to broaden every part and take a look at code, and what it’s doing. You can click on the run button beneath, OR broaden the part. This reveals the Meraki stock.
We then go and get the data from SD-Wan, and Intersight, we go into all of the teams and seize info and retailer them in tables, we’ve got created the beneath tables :
- sdwan_inventory_df -> Data Frame with particulars from SDWAN
- meraki_inventory_df -> Data Frame with particulars from Meraki
- dnac_inventory_df -> Data Frame with particulars from DNAC
- intersight_inventory_df -> Data Frame with particulars from Intersight
- aci_inventory_df -> Data Frame with particulars from ACI
Each of those knowledge frames embrace particulars from stock, and we wish to simplify it for the concise desk. We scale back the quantity of fields in every desk, and rename them so they’re constant. For instance, natively ACI calls hostnames in mannequin format, as fabricNode.attributes.title. Intersight calls Hostname “HostName”. We simply simplify this.
Reduce the Intersight desk to only a few columns,
intersight_inventory_simple_df=intersight_inventory_df[[‘DataSource’,’SerialNumber’,’HostName’,’ModelNumber’,’Ip.Ip’,’Version’]]
Rename these columns to a constant format:
intersight_inventory_simple_df.rename(columns={‘SerialNumber’:’Serial’,’HostName’:’Hostname’,’ModelQuantity’:’Model’,’Ip.Ip’:’IP Address’,’Version’:’Version’}, inplace=True)
After concatenating all these tables, we’ve got a list checklist with a listing which we will use to audit or replace our system of file.
Summary
Creating a framework in which you’ll bolt in and implement various programs is key to the roles IT wants to have the ability to present given the span of their remit. Cisco gives easy API frameworks for all of our product units, from gadget primarily based to controller primarily based, from compute to switching, DC to campus. The function of this weblog was to offer purposeful code to have the ability to be evaluated simply (utilizing colab and devnet), taken, and modified as wanted. This purposeful code is a stepping stone to adopting automation processes to your surroundings. Please attain out if there are any questions on this!
Extra Credit : Merging into ServiceNow
We do that in three phases, we get the prevailing stock knowledge from service now, we examine in opposition to our manufacturing knowledge (principally a diff on system of file vs manufacturing), then we will replace our system of file.
A use case being, after upgrading SD-Wan you’ll have your entire units on a software program model which might not be in service now. You can replace it utilizing this logic.
As was talked about earlier, this code won’t run if you end up reading this as my developer occasion goes inactive after 24 hours and is decommisioned after 2 weeks. You can get your individual, and also you want solely change the URI and authentication headers, to make this work. You do that at developer.servicenow.com. This will present you your URL to make use of, and you may both compute your authentication string utilizing python library or glean it from Postman by placing in your authentication, then changing to python code.
We create a Diff utilizing a SQL be part of,
And then we push the Diff.
Share: