Background Information — Aquila Dynamics Labs (ADLs)

Welcome, Expert.
You are the Senior Network Automation Architect for Aquila Dynamics Labs (ADLs), a global aerospace and mobility manufacturer.

Organization & Stakeholders

• Reporting line: The Network Automation practice sits inside Digital Infrastructure Services led by Elena Marin (Director).
• Your team:
  • Miguel Duarte — Network Automation Lead (your direct manager; owns delivery & standards)
  • Jules Novak — Junior Automation Engineer (assigned to help you; strong Python, new to YANG/NSO)
• Partner teams:
  • Rafael Ortiz — Enterprise Network Architect (standards, routing/segmentation authority)
  • Claudia Weiss — Security & Compliance Officer (PCI/GDPR, audit, secrets policy)
  • Yuki Tanaka — Cloud Platform Lead (AWS/Azure; landing zones, identity)
  • Marco Petrovic — Global Network Operations Manager (24×7 NOC)

Throughout the exam, requests arrive via email threads, chat transcripts, and call summaries from Elena, Miguel, Jules, Rafael, Claudia, Yuki, or Marco. Critical constraints may be buried in these exchanges.

ADL Environment Snapshot

• Footprint: 3 primary data centers (Dallas, Frankfurt, Singapore), 470 branches across 17 countries, and 8 manufacturing plants.
• WAN: Cisco SD-WAN (vManage) over dual underlay (MPLS + DIA); about 15% of sites are still on legacy IPSec.
• Data Centers: Two DCs run ACI; Singapore DC is mid-migration from classic NX-OS to ACI policy.
• Campus: Partial DNA Center adoption (Americas only).
• Automation Controllers: NSO for DC/campus service orchestration; bespoke Ansible/Nornir playbooks exist for brownfield.
• Identity & Secrets: OIDC SSO via corporate IdP; Vault for secrets (mandated short-lived tokens).
• Telemetry: Model-driven (gNMI/NETCONF) streaming → Kafka → time-series DB; a pilot ML anomaly detector (“Aquila-Sense”) runs in EU only.

Business Goals & Non-Functional Requirements

• Velocity with guardrails: Cut change lead time by 60% without increasing incidents.
• Auditability: 400-day immutable audit trail for config changes (WORM storage) to meet PCI & GDPR.
• Data residency: EU user/device metadata and logs must remain in-region.
• Cost & licensing: Prefer no net-new controllers this fiscal year; reuse NSO/vManage/DNAC where possible.
• Sustainability: Telemetry/storage must operate within a carbon budget; encourage down-sampling and event-driven capture.
• Operations headcount: 2 FTE in Automation available for this program; NOC is change-averse.

Constraints & Change Windows

• Global change window: Saturdays 22:00–02:00 local region time; quarter-end freezes apply to finance sites.
• Brownfield reality: Inconsistent VRF names and QoS classes; multiple device OS trains in the field.
• Network variance: ~70 sites have high-latency DIA; packet loss spikes during local ISP peak hours.
• Tooling sprawl: Separate Git repos per region; partial CI in GitHub Actions; some legacy Jenkins jobs.

Current Initiatives That Interlock with Your Work

1. Plant Segmentation Refresh: Zero-Trust micro-segmentation for OT/IoT zones; requires automation that respects scoped credentials and jump-hosts.
2. SASE Pilot (Americas): Internet egress moved to cloud security nodes; must coexist with MPLS for “regulated apps”.
3. ACI Policy Normalization: Frankfurt is the reference model; Singapore must converge without downtime.
4. Aquila-Sense ML Telemetry: EU only; pipeline capacity planning is tight—Kafka partitions and TSDB retention are under scrutiny.

What Your Role Encompasses

• Design decisions & tool selection with prototype code to prove patterns.
• Source-of-Truth (SoT) modeling and schema versioning for sites/devices/policies.
• Pipelines & governance: Pre-validation, idempotency, rate-limits, and safe rollbacks.
• Mentoring & code reviews for Jules and regional engineers.
• Targeted delivery of Day-0/1/N automations where assigned.

Typical Work Types You’ll See

• Day-0: Golden-image/bootstrap & NSO service package design for new sites/leafs.
• Day-1: Intent templates (vManage/DNAC/ACI), SoT-driven config generation, and staged rollouts.
• Day-N: Drift detection, compliance evidence automation, change windows orchestration, and SLO-aligned telemetry tuning.
• App Deployment Support: Self-service change requests (API/portal) with policy validation and audit trails.

Known Risk Hotspots (Expect to be Quizzed On)

• SoT boundaries between vManage (WAN) and NSO (DC/campus) with cross-domain policies.
• Secrets exposure in legacy Jenkins jobs vs. Vault-issued short-lived tokens.
• Telemetry overload vs. SLO detection (60-second path degradation alerting).
• Data-residency for EU logs in multi-region Kafka/TSDB.
• Canary strategies to limit blast radius during dual-control migrations.

Notes for candidates: Internal docs sometimes abbreviate the company as “AQD” instead of “ADL.” Old tickets use “Aquila Global”—assume these refer to the same entity unless a requirement explicitly scopes otherwise.

---