The Itential Platform
The agentic operations platform for infrastructure teams.
Platform Overview
CAPABILITIES
DEVELOPER RESOURCES
Our Customers
See why top organizations choose Itential
Learn More
INDUSTRIES
CASE STUDIES
Customer Stories
Lumen’s Network Automation Journey: From Manual Workflows to AI-Assisted Autonomy
Customer Stories
How Southern California Edison Is Automating the Grid for an AI-Driven Future
Latest News
Itential unveils FlowAI, delivering agentic orchestration for infrastructure operations.
Learn More
Company
Partners
Featured Partner
KNOWLEDGE HUB
Explore all Resources
SEARCH BY TYPE
FEATURED RESOURCES
Analyst Reports
451 Research: Autonomous, Governed AI for Enterprise Infrastructure Operations
Blogs
Why Agent Sprawl Is the Next Script Sprawl
Podcasts
Operator to Agent Manager: Network Engineering’s Future | Ship AI
Itential logo
Blogs

Secure Mediation & Translation: How Itential MCP Enables Controlled AI-Infrastructure Integration

Headshot of Joksan Flores, Principal Solutions Engineer at Itential, advancing infrastructure automation through AI-driven orchestration with 10+ years of networking architecture experience at Cisco.
Joksan Flores
Principal Solutions Engineer

Executive Summary

The Itential Model Context Protocol (MCP) Server, combined with the Itential Platform, implements a comprehensive security architecture that ensures AI systems never have direct access to infrastructure. Every AI request flows through a structured mediation layer that validates, translates, and controls execution – providing full traceability while maintaining strict boundaries between AI interfaces and infrastructure operations.

The Security Challenge

As organizations adopt AI-powered automation, a critical question emerges: How do we enable AI assistants to manage complex infrastructure without exposing systems to uncontrolled access? The answer lies in secure mediation – a protective layer that sits between AI systems and production infrastructure.

Architecture Overview

The Itential MCP implements the open Model Context Protocol specification, providing a standardized communication framework between Large Language Models (LLMs) and the Itential Platform. This architecture ensures that AI systems interact with infrastructure through controlled, auditable channels rather than direct API access.

Core Security Components

  • Protocol Implementation: Implements MCP specification with stdio and HTTP transports, providing standardized tool discovery and execution interfaces.
  • Authentication & Authorization: JWT-based authentication with JWKS lookup for MCP client-to-server connections. HTTP Basic Authentication and OAuth 2.0 client credentials flow for MCP server-to-platform connectivity.
  • Client Mediation Layer: Custom PlatformClient wrapper with automatic service discovery, standardized HTTP methods, and comprehensive exception handling.

How Mediation Works

Every AI request follows a five-step security flow:

  1. AI Request Reception: AI assistant formulates natural language requests, which MCP clients translate into structured tool calls arriving via stdio or HTTP transport.
  2. Authentication & Validation: Server validates JWT tokens from MCP clients, validates request structure against tool schemas, and type-checks parameters.
  3. Translation to Platform Operations: Tool functions map AI requests to specific Itential Platform API endpoints, with the service layer translating generic requests into platform-specific operations.
  4. Controlled Execution: Platform client executes API calls with proper authentication within authenticated user permission context, capturing results for AI consumption.
  5. Response & Logging: API responses are wrapped in standardized Response objects, all exchanges are logged with configurable verbosity, and results return to the AI assistant in structured format.

The AI never directly calls the Itential Platform API – every interaction flows through the mediation layer.

Security Boundaries

No Direct Infrastructure Access

The MCP enforces strict separation between AI systems and infrastructure across four distinct layers:

  • AI Layer: Natural language requests, unstructured intent
  • MCP: Structured protocol, validated tool calls, authentication
  • Itential Platform: Authorized API operations, workflow orchestration
  • Infrastructure: Network devices, cloud resources, services

Multiple Authentication Layers

Three authentication boundaries ensure proper access control:

  1. MCP Client → MCP Server: JWT verification with JWKS support
  2. MCP Server → Itential Platform: Basic Auth or OAuth 2.0 client credentials
  3. Itential Platform → Infrastructure: Platform-managed device credentials and API keys

Each layer maintains its own authentication context, preventing credential exposure across boundaries.

Tool-Level Access Control

The MCP implements granular access control through a comprehensive tagging system with 11 tag groups including system, configuration_manager, devices, operations_manager, adapters, applications, automation_studio, gateway_manager, integrations, lifecycle_manager, and workflow_engine. This enables role-based configurations:

# Platform Administrator - System monitoring only 
itential-mcp run --include-tags "system,adapters,applications"  

# Network Operator - Device operations only 
itential-mcp run --include-tags "devices,configuration_manager"   
                 --exclude-tags "adapters,applications"

Translation Layer

The MCP translates unstructured AI intent into structured platform operations. When an AI requests “Check the health of the platform and restart any failed adapters,” the MCP tool get_health retrieves platform status through parallel authenticated API calls, the response is parsed to identify failed adapters, and restart_adapter is called for each failed adapter with validated adapter IDs and proper API endpoints.

The service layer provides high-level abstractions over raw API calls, handling pagination automatically for large result sets, managing external service execution (Ansible, Python scripts, OpenTofu), and validating data against JSON schemas for stateful resource CRUD operations.

Logging & Traceability

The MCP implements multi-level logging (DEBUG, INFO, WARNING, ERROR, CRITICAL, FATAL) for complete traceability. All inbound AI requests are logged with timestamps, tool invocations recorded with parameters, API responses captured with status codes, and error conditions logged with full context.

Authentication events track JWT verification attempts, platform authentication success/failure, and authorization decisions. Performance metrics capture request processing times, API call latencies, and service execution duration. The audit trail tracks user actions through authentication context, tool usage patterns, infrastructure changes, and compliance-relevant events.

The logging system manages multiple logger hierarchies (itential_mcp, ipsdk, FastMCP/fastmcp) with configurable propagation for troubleshooting.

Real-World Use Cases

Platform Health Monitoring: AI assistant monitors platform health through validated MCP tool calls, identifies failed adapters, and requests restarts – all operations flow through validated, logged tool calls without direct API access.

Network Device Configuration: AI requests device configuration updates through MCP tools that validate configuration data against device schemas, translate to Configuration Manager API calls, and maintain full audit trails – AI never has device credentials or direct device access.

Workflow Orchestration: AI executes complex multi-step automation workflows by triggering validated workflows through MCP tools, with the Itential Platform orchestrating all infrastructure operations using platform-managed credentials while providing job tracking visibility.

Best Practices

Organizations should implement the principle of least privilege by configuring tool access based on actual requirements, use OAuth 2.0 client credentials for production deployments with credentials stored in secure vaults, deploy MCPs in management networks with TLS for all transports, enable comprehensive logging with monitoring of authentication failures and unusual tool usage patterns, and conduct regular security reviews of tool access configurations and authentication logs.

Conclusion

The Itential MCP provides robust security tooling for an architecture that enables AI-powered automation while maintaining strict control over infrastructure access. Through comprehensive mediation, structured translation, and complete traceability, organizations can confidently deploy AI assistants for network automation without compromising security.

Key security principles include no direct access (AI systems never directly access infrastructure), structured communication (all interactions follow MCP protocol standards), multiple layers of authentication and authorization, complete traceability with full audit trails, and flexible deployment supporting various transport mechanisms and authentication methods.

By implementing these security controls, the Itential MCP provides a safe, auditable bridge between AI capabilities and infrastructure management.

Additional Resources

Itential MCP GitHub Repository

Model Context Protocol Specification

Itential Platform Documentation

Headshot of Joksan Flores, Principal Solutions Engineer at Itential, advancing infrastructure automation through AI-driven orchestration with 10+ years of networking architecture experience at Cisco.
Joksan Flores
Joksan Flores is a Principal Solutions Engineer at Itential. Joksan’s passion for putting both systems and software together led him to spend 10 years as a Networking Architect at Cisco prior to Itential. Throughout his career, Joksan has supported enterprises and service providers with massive customer bases to solve their IT challenges, designing cloud peering connectivity, WAN, and data center networks. While helping organizations solve complex network challenges, Joksan has always found ways to leverage automation – either by devising methods to make work more streamlined or by helping customers achieve their project goals faster. Today at Itential, Joksan focuses on advancing infrastructure automation through AI-driven orchestration, helping organizations navigate the journey from experimental AI assistants to autonomous operations.
Keep Learning

The Latest in Agentic Operations

Blogs
From Operator to Agent Manager: What Network Engineers Become Next
Read more
Podcasts
The End of Handwritten Network Configs & the Rise of the Agent Manager | IT Visionaries
Listen now
Blogs
Python, Meet the Canvas: What’s New in Itential Platform 6.4
Read more
Blogs
Claude Mythos Is Not the Watershed, Your Infrastructure Operating Model Is
Read more
Customer Stories
How a Tier 1 Telecom Built Agentic Service Provisioning with Itential
Read more
Get Started

Agentic infrastructure operations starts here.

See how Itential connects AI reasoning to governed execution across your entire infrastructure.

Talk to our Experts