How can companies cultivate a better approach to “object-based” network changes?
By changing the ways that IT assets are labeled and handled in architectures, companies can greatly improve the use of network “objects” to manage changes in enterprise systems.
Network objects, such as sets of rules for firewalls and virtual machines to implement network configurations, are critical resources, but over time, they can get lost or tend to clutter a distributed architecture.
One of the most fundamental ways to promote better network object handling is through naming conventions. Naming conventions add visibility to a system – when components or other objects are labeled according to their purpose and use, it's much easier to see what they are doing in a system and whether, for example, they should be migrated to a new platform or application, or not.
Other resources like description fields and metadata tags can also be helpful ways to label these IT resources and make sure that they are used properly within a system. Description fields can provide more digestible language specifying what specific network objects are, and what they are used for.
In general, better network administration will involve keeping detailed notes on what's being done around network object and migrations or other changes. Some think of this as a kind of “moving or packing list” – the idea that the company will have specific instructions and documents in place to help make the use of objects in changing architectures more transparent.
Another major example of better network administration is a better plan for decommissioning.
In decommissioning old applications or parts of an architecture, there is often the burden of identifying which network objects need to be decommissioned, along with the greater and more comprehensive parts of the system that are being done away with. If companies can’t successfully identify the resources they're using, they're not going to be able to achieve the kind of full and clean decommissioning that they want. Companies can use programmatic methods to identify resources, or they can use visual descriptors to manually clean up pieces of an application or system. Better decommissioning will aid in better network organization.
Less organization and less identification of network objects can lead to different kinds of IT “bloat” or “sprawl.” For example, adding a flood of applications without decommissioning old ones will quickly result in a lot of chaos and confusion. That's why the challenge of cleaning up networks is at least a two-part process: on the one hand, making sure everything is identified and labeled clearly, and on the other hand, making sure that protocols and processes provide clean system changes.