Backbox

What is Backbox?

BackBox is a purpose-built Network Automation Platform, automating both daily administrative tasks and large projects on thousands of networks worldwide. The platform allows you to automate the operations of network and security devices at scale, across networks of any size, without having to write any code. It also provides multi-tenancy support for service providers to ensure data privacy and network isolation across customers, if you are looking for network automation tools Backbox should be on your radar.

This post will talk about both the BackBox architecture and the most common use cases.

Architecture

The BackBox Network Automation Platform is composed of the Network Automation Manager and Network Vulnerability Manager. The entire platform is simple to install and maintain. Most customers are up and running, with device backups initiated, in under an hour.

The BackBox Platform scales to hundreds of network sites, and can connect to low-bandwidth remote sites to distribute the execution of automations. Files and data can be kept locally at remote sites or passed back to a central site. This option enables service providers to keep customer files onsite for when privacy regulation is a concern.

Automations are easy to understand because they’re presented simply as the commands administrators are familiar with from the CLI or API. New automations are easily created by typing in CLI or API commands into the BackBox interface or by working with the BackBox Automation Team.

How is this accomplished? Let’s look at the “under the cover” architecture. The following three elements represent a logical product architecture. When installing BackBox, you only need to maintain the central BackBox Server and any remote site BackBox Agents (distributed proxy automation servers) you wish to install.

It’s useful to understand these logical architecture elements to learn how BackBox achieves scale, performance, and simplicity.

Automation Engine

The Automation Engine is a purpose built, distributed engine that is designed to manage the execution of automations across the network. It’s built for scale and performance. When deployed it manages the automation queue, prioritization, and distributed parallel-execution.

There are optional distributed proxy BackBox Servers called “Agents” that can be deployed in any given implementation. BackBox Agents are often deployed to remote locations where there is limited bandwidth or where network routing requires specific control over how traffic is passed between locations.

Automations are then distributed between the main server and the Agents for execution. This serves a few purposes:
Scale. The central BackBox Server is not a bottleneck as the BackBox Agents are able to locally execute automations and communicate efficiently back to the server. Additionally, locations with limited bandwidth can still be served by the automation platform as the server-agent communication is optimized to reduce bandwidth needs between locations.
Performance. The server manages automations for execution on remote Agents, keeping the automation local to the network it’s being executed on. Additionally, automations can then be farmed out to Agents across the network for parallel execution.
Data sovereignty. Customers have the option of keeping data locally to their networks and only providing the results of the automation back to the central server. This provides flexibility both for data privacy and data ownership.

• Data privacy: Data privacy and compliance regulations may apply to the remote location different from the main location. A BackBox Agent ensures that each location can comply with its specific data protection laws.
• Data ownership. Service Providers can keep each customer’s data on a separate physical storage when logical data separation is not enough.

Automation Library

BackBox comes with over 3,000 prebuilt automations, with more added each release. These automations cover the gamut of requirements, from backups to OS updates, vulnerability management, compliance, and generic task automations

The Automation Library is the reason BackBox customers can get to value quickly, since many of the common automation use cases are addressed without having to create new automations. And automations are easily customizable. Simply clone an existing automation and make the changes using only the CLI or API commands you already use for administration.

Automation Builder

The Automation Builder is responsible for abstracting away the “scripting” from the automation intent, and is the reason that BackBox has a low cost of ownership relative to other automation solutions. There is no coding or scripting required to automate with BackBox.

If you can’t find a prebuilt automation to suit your needs, you can build your own using only the CLI or API commands that you already use for administration. No python, YAML, or any other scripting language required. Of course, if you’ve already invested in creating automations with a scripting language, BackBox can use those as part of the automations so that you don’t have to recreate any of the work you’ve already invested in.

Top Use Cases

The BackBox Automation Library contains over 3,000 pre-built automations including both simple task automations and pre-bundled common use cases. Of course, each of the pre-built automations are customizable and, if you need to, you can create new automations from scratch using the Automation Builder.

Let’s dig into the four most common use cases – network device backups, OS and firmware updates, vulnerability management, and compliance.

Network and security device backup

BackBox has built in automations to backup thousands of device types, including both security (firewall, IPS, load balancers) and network (router, switch) devices. The platform supports over 180 different vendors with thousands of devices supported out-of-the-box.

Backups are initiated by default upon discovery of the device. Each backup goes through a 5-step validation process to ensure backup integrity. The reliable backup process doesn’t just backup configuration files, but all the files (including the OS and licensing) needed to restore the device so that everything the administrator needs to restore devices is kept in a single location. Backup files can be stored wherever the administrator wishes.

Importantly, the restore process is simple. With a single-click, devices can be restored with each restore process pre-validated to ensure the continued integrity of the files to be restored.

Backups can be restored to bare-metal hardware in the event of an RMA or device failure. Once the device is reachable via an IP address, BackBox’ single-click restore can enable administrators to quickly replace failed hardware.

With BackBox, the backup process and tooling is consistent across device vendors in their network, simplifying the entire process and making sure that all files needed to restore devices are kept organized and in a single location (if that’s how you choose to keep the files).

OS and firmware updates

Updates are time-consuming and disruptive. BackBox includes prebuilt automations that allow for 100% hands-off completion of complex updates, including multistep updates and updates to high-availability pairs. Automation workflows enable pre- and post-checks as well as backups to be integrated into the update process, lowering the risk of disruption.

BackBox update automations also include the opportunity to move update files around separately from the update itself, minimizing the time spent after hours performing upgrades.

Vulnerability management

BackBox has uniquely integrated vulnerability and threat information into the automation platform to provide closed-loop vulnerability remediation. Using CVE information from NIST, along with other threat intelligence from CISA and elsewhere, BackBox maps the inventory to threat intelligence, provides risk scoring, and assists in the mitigation and remediation of known vulnerabilitie

Using the BackBox Network Vulnerability Manager, administrators no longer need to track CVEs manually and have an accurate mapping of inventory:vulnerability so that they can prioritize remediation efforts based on metrics-based vulnerability scoring. BackBox automates the whole closed-loop lifecycle and does it for you.

Compliance, audit, & remediation

Sometimes managing compliance is simply about preventing or repairing configuration drift. Other times, compliance is about keeping devices in line with organizational standards. BackBox makes it easy to get started on a compliance project or keep your network compliant whether you’re tracking your own standards or external regulations.

The larger the network, the more difficult it is to ensure compliance. For organizations with multiple large networks to manage, such as MSPs and MSSPs, the resulting complexity requires a powerful solution.

BackBox’s extensive Automation Library can automatically check your networks’ devices against critical parameters, generate, send, and archive reports detailing the level of compliance, and automatically remediate discrepancies (or open a trouble ticket in ServiceNow or other ITSM to await administrator confirmation).

In this way, BackBox allows you to easily achieve and maintain compliance with both external regulations (such as HIPAA, DISA STIGs, and CIS), as well as internally defined policy (such as password complexity), across networks of all sizes.

Conclusion

The BackBox Automation Platform has a purpose-built Automation Engine designed for enterprise performance and scale. As such, it has been tested to tens-of-thousands of devices, and we continue to push those boundaries with each new release.

BackBox is simple to install, with customers often up and running in under and hour. Using the built-in Automation Library, administrators have access to thousands of pre-built automations.

It’s simple to extend these pre-built automations, or to write new ones from scratch. There’s no need to write any python, YAML, or learn any proprietary scripting languages. Simply type in the commands as you would at the command line or through the API and the BackBox Automation Builder will do the rest. Of course, if you’ve already invested in writing your own scripts they can be easily incorporated into BackBox automations.

Backbox

Curious to learn more? Why not download a 14-day trial and check it out?