|
|
 BackBox Presented at Networking Field Day 31 |
BackBox, a network automation platform, was introduced at Networking Field Day 31. The platform simplifies automation tasks, making it accessible to network professionals without specialized programming skills. BackBox offers features like automated upgrades, CIS compliance automation, and access management, catering to various network management needs.
Follow on Twitter using the following hashtags or usernames: #NFD31
Introduction to BackBox with Josh Stephens
Watch on YouTube
Watch on Vimeo
Since this is BackBox’s first appearance at Networking Field Day, we’ll start with an introduction to BackBox. We’ll discuss the company’s history, our vision for the future, and our approach to network and security device automation.
Josh Stephens, the CTO at BackBox, along with Senior Product Manager Perry Greenwood, began by introducing BackBox. BackBox is positioned as a user-friendly network automation platform that doesn’t require specialized programming skills, making it accessible to a wide range of network professionals. This approach is significant considering a survey indicated that many network engineers understand the necessity of automation but feel underconfident in executing it. BackBox addresses this gap by simplifying automation tasks, thereby reclaiming time for network operations teams.
Founded in Israel in 2009, BackBox transitioned from an MSP to developing its own network automation products. With a particular emphasis on managing firewalls initially, their product portfolio has evolved to include comprehensive network automation solutions like backups, upgrades, and configuration management across over 180 vendors. Following their Series A funding, BackBox relocated their go-to-market headquarters to Dallas, Texas, while keeping R&D in Israel. The company serves around 600 customers and manages over 100,000 networks globally, with a strong presence among service providers and MSPs.
To exemplify their capabilities, Stephens highlighted a case study involving a large nonprofit health system in Houston that struggled with security and performance issues due to outdated UC environments. BackBox’s customization allowed seamless management, upgrades, and backups for their network, underscoring the platform’s effectiveness. Additionally, financial services provider TravelX, operational in 70 countries, used BackBox to manage network configurations and mitigate drift issues, showcasing BackBox’s impact on complex, multi-vendor environments. The presentation ended with a discussion highlighting the broader industry challenge of merging network expertise with coding skills and how BackBox’s user-centric design addresses this gap effectively.
Personnel: Josh Stephens, Perry Greenwood
BackBox Programmability with Perry Greenwood
Watch on YouTube
Watch on Vimeo
The presentation by Perry Greenwood, Senior Product Manager, and Josh Stephens, CTO at BackBox, focuses on the company’s programmability, APIs, and integrations. They describe two key aspects of programmability: extending scripts and integrating with outside services or homegrown systems. Perry showcases the IntelliTrack scripts, which are device-aware and capable of both automation checks and remediation. A notable feature of these scripts is their ability to handle dynamic variables for tasks like configuring NTP servers, which allows for flexibility and customization based on regional or system-specific needs. The presenters explain how these tasks can be scripted using familiar tools and commands, like curl or Python, and are built upon an extensive library of over 2,300 pre-built automations.
The session also addresses the use of APIs within BackBox. Their API documentation, accessible through swaggers, includes both external APIs, which remain static, and internal APIs, which may change. They demonstrate adding devices to BackBox using an API with a CSV file, which simulates the integration with third-party systems such as CMDB or ServiceNow. This method supports scenarios where users prefer avoiding internal firewall scans and instead directly provide device data. Furthermore, the speakers highlight the capability of the API to handle various tasks such as kicking off workflows, checking job statuses, and pulling logs, essentially enabling any GUI function to be performed via API. They emphasize that a significant portion of their users utilize these API integrations for their network management and automation needs.
The presentation concludes with discussions on IPv6 support in BackBox, which is fully native, allowing operations on IPv6-only networks. They also touch on the use of out-of-band management networks and how BackBox can be integrated in such setups. Additionally, they mention the challenges and solutions related to managing overlapping IP addresses in MSP networks or during mergers and acquisitions. For addressing these issues, BackBox employs remote agents that facilitate automation and discovery tasks, demonstrating their robust support for complex and large-scale network environments.
Personnel: Josh Stephens, Perry Greenwood
Automated Upgrades with BackBox
Watch on YouTube
Watch on Vimeo
BackBox offers a network automation platform which supports multi-vendor environments and aims to simplify OS upgrades across various network devices. With built-in automations for 47 different platforms, BackBox can handle complex updates, even for devices not initially included, thanks to a supportive professional services team that can tailor solutions for customers. The platform does not rely on extensive Python knowledge and can be operated using simple Linux and CLI commands. This accessibility ensures that network administrators can create and schedule upgrade tasks without needing deep programmability skills.
A major benefit highlighted in the presentation is the ability to schedule upgrades to minimize disruptions during off-peak hours, such as late at night. Additionally, BackBox allows for notifications and alerts, ensuring administrators can sleep through most upgrade processes unless an issue arises requiring their attention. The platform is flexible, capable of handling intricate upgrade schedules, high-availability (HA) clusters, and performing pre and post-upgrade checks to ensure system integrity. These features streamline maintenance tasks and reduce the need for manual interventions, contributing to a more efficient and reliable network management process.
Further integration with ticketing systems like ServiceNow and monitoring solutions allows for seamless change management. This ensures that any scheduled changes are tracked, which helps in maintaining a clear communication channel for network operations centers (NOCs). The automation capabilities extend to executing complex multi-step upgrades, checking resource availability, and incorporating risk intelligence data to address security vulnerabilities, making BackBox a comprehensive tool for network administrators aiming to maintain system up-to-date while ensuring security and operational efficiency.
Personnel: Josh Stephens, Perry Greenwood
CIS Compliance with BackBox
Watch on YouTube
Watch on Vimeo
During the presentation at Networking Field Day 31, Josh Stephens and Perry Greenwood from BackBox highlighted the importance of automating compliance workflows to simplify network management for various compliance standards such as PCI, HIPAA, and STIG. They emphasized that many organizations currently depend on Excel sheets for compliance management, which is not the most efficient method. Therefore, BackBox has invested in developing CIS compliance automation features for several major platforms including FortiGate, Checkpoint, Cisco, F5, and Juniper. This automation aims to cover as much of the compliance process as possible, particularly focusing on CIS level 1 and partially on level 2, which tends to require more manual processes.
The demo showcased BackBox’s IntelliChecks functionality, designed to run compliance checks across various devices. For instance, Checkpoint has a 90% coverage for CIS level 1 compliance with BackBox, while FortiGate achieves 100% coverage for level 1 and 60% for level 2 due to its robust CLI capabilities. These compliance checks are based on industry-standard benchmarks that are frequently utilized in various regulatory frameworks. BackBox’s IntelliChecks allow users to define network-specific variables, ensuring that each network’s unique requirements are met. The results from these checks can be generated into detailed reports which can be exported into formats such as Excel or HTML, facilitating easier communication of compliance status within organizations.
Furthermore, BackBox offers additional functionalities like access management, targeting junior IT personnel who might require oversight during network changes. This feature logs and records all commands and session activities, providing a robust audit trail. It supports both CLI and web sessions, enhancing the auditability and security of network operations. This is particularly useful for managed service providers (MSPs) and large network operations teams, enabling them to track changes efficiently and pinpoint the source of network modifications. This end-to-end capability from compliance automation to detailed recording and auditing creates a comprehensive toolset for maintaining network security and operational integrity.
Personnel: Josh Stephens, Perry Greenwood