Why automating software image management (SWIM) matters
Like many network administrators, you’ve probably come to dread the process of upgrading your company’s device software.
Most IT organizations still do this manually – a tedious process in which a network engineer must remain tethered to a computer while completing several detailed steps:
- Identifying the correct code, or “golden image”
- Submitting a change request
- Obtaining a copy of the golden image via File Transfer Protocol (FTP)
- Pre-staging the code on devices
- Upgrading the devices
- Making sure the configuration change was properly executed
- Closing out the change request
Manual upgrades also invite several potential problems:
- The risk that a harried engineer could grab the wrong image — or FTP the right image to the wrong devices
- Time lost while spending up to five minutes to upgrade each device (up to eight hours for 100 devices)
- Increased time of exposure to security vulnerabilities due to the slow upgrade process
- Stressed-out engineers, who often must perform upgrades on weekends because they’re so time-consuming
- Multiple windows for different device upgrades, which could cause incorrect devices to be upgraded
With these challenges in mind, IT organizations are typically reluctant to perform frequent upgrades. When pressed for time, they tend to delay their upgrades, making changes once a quarter or even less often. These compliance issues may leave their organizations exposed to security vulnerabilities.
That’s why Cisco IT turned to automation.
A better way: Cisco DNA Center SWIM automation
Cisco IT is now automating many steps in the device software upgrade process using the software image management capability in Cisco DNA Center (see Figure 1).
The Cisco DNA Center platform lets us take charge of the network, optimizing our network investments and allowing us to respond to changes and challenges faster and more intelligently. Within Cisco DNA Center, SWIM enables us to store all our unique software images according to image type and version for the devices in our network. We’re able to view, import, and delete software images, as well as push software images to the devices in our network.
5 benefits of activating Cisco DNA Center SWIM automation
- Improved compliance: It’s now faster for our engineers to ensure that our software images are continually, reliably, and consistently updated with the latest golden image. That means we can achieve higher levels of compliance and reduce the occurrence of vulnerabilities and variability in our network.
- Time savings: Once we activated Cisco DNA Center SWIM, we were able to make time-consuming network provisioning a thing of the past. For example, it automatically pre-stages the golden images on devices a few days before the upgrade. This virtually eliminates the risk of an engineer grabbing or transmitting the wrong image. Cisco DNA Center SWIM saves us a considerable amount of time and reduces the possibility of error.
- IT experience: Our network admins appreciate that they now face fewer repetitive and menial tasks that can cause boredom and reduced job satisfaction. As a result, they can apply their skills to more challenging tasks and projects that are perceived as adding greater value and are more innovative.
- Ease of upgrade: By making it easier to carry out upgrades, we can take advantage of the latest available network software features and capabilities with greater velocity.
- Reduced risk: We have lessened the risk of the network being compromised by considerably reducing the number of images on our devices and keeping them more current. This lowers the associated risk of the network being compromised.
But by how much? And what other measurable benefits does Cisco DNA Center SWIM deliver?
Cisco analysis: SWIM improves compliance, accelerates upgrades, improves engineer experience
To answer these questions, the Cisco Digital Enterprise Solutions and Customer Zero teams compared, recorded, and measured software upgrades in two nearly identical Cisco buildings: one (in Chicago, Illinois) using the manual upgrade method, and the other (in North Sydney, Australia) employing Cisco DNA Center SWIM. Based on the results, the team created a business value case showcasing operations improvements.
Here’s what we found (see Figure 2 for complete details):
- Improved compliance with less risk: Cisco DNA Center SWIM drove a 97% reduction in code vulnerabilities on Cisco Catalyst 9000 products, resulting in improved compliance and decreased exposure to risk. Shorter change windows are especially valuable for upgrades that need to be implemented quickly to remediate a security vulnerability. By helping ensure that IT infrastructure remains current thanks to frequent, fast upgrades, SWIM also lessens security exposure by eliminating unnecessary or outdated software images. In our analysis, it reduced the average number of software images from 12 to 1 for Cisco Catalyst 9000 products.
- Significant time savings: SWIM cut the typical software upgrade time by 59% – from 177 minutes using the manual approach, to 73 minutes with SWIM.
- Enhanced IT experience: Because SWIM does not require active monitoring during upgrades, it reduced “active engineering time” by 92% – making the entire process less tedious and stressful for network engineers. An easier, automated upgrade process limits the potential for errors, while giving engineers more time to develop innovative new capabilities that generate key business outcomes.
The bottom line: Cisco has benefited from Cisco DNA Center SWIM in multiple areas, both tangible and intangible. These include improving the security posture of the company with fewer security vulnerabilities, enabling improved compliance; faster, easier upgrades for engineers, resulting in greater job satisfaction and reduced stress; and the ability for engineers to reallocate their time to higher-value activities, with more time to develop capabilities that benefit the business.
Our analysis clearly shows that Cisco DNA Center SWIM has the potential to automate and transform the device software upgrade experience.
Learn more about our journey to an advanced network
architecture by clicking through our interactive journey map