|
Exponential growth of networks combined with the complexity introduced by IT initiatives e.g. VoIP, Cloud computing, server virtualization, desktop virtualization, IPv6 and service automation has required network teams to look for tools to automate IP address management (IPAM). Automated IPAM tools allow administrators to allocate subnets, allocate/track/reclaim IP addresses and provide visibility into the networks.
Here are some examples of what a typical IPAM tool can do:
Most of the organizations use manual spreadsheets and home grown tools to accomplish these activities. At first look any automated IP address management solution seems like a vast improvement over status quo and ease of procurement and pricing become the prime deciding factors. However, as thousands of IPAM users would testify, an automated IP address management system is becoming increasingly critical to most of the IT initiatives. A well thought out IP address management automation solution will likely pave the way for more complex IT initiatives.
Here is a list of seven MUST HAVE attributes of an IP address management system:
1. Discovery and reporting of end devices, infrastructure and linkages between the two
A good IP address management automation solution can capture information in various ways including data import, lease information from DHCP servers and static IP assignments; an automated discovery remains the most useful one. Here are the things to look for when comparing discovery capabilities of various solutions:
2. Single pane of glass view of both physical and virtual infrastructure
Dynamic nature of virtualization and cloud computing environments can impact day to day IT tasks. Specifically, it is hard to track connectivity between virtual machines and the physical network infrastructure. A good IPAM solution is able to track the linkage between the virtual machines and physical infrastructure as they are created, moved and shutdown. Here are some of the actions you will be able to take if your IPAM system provides this information:
3. Historical connectivity data and reporting
A good IPAM solution maintains historical connection data. This comes in handy when trying to investigate security and compliance issues. Specifically, IPAM system should be able to answer simple questions like, which device had this IP address yesterday? Which devices connected to the datacenter switch4 on the day of security breach? Where all a specific device has been connecting on my corporate network?
4. Visual appeal
A picture is worth a thousand words. This is more so evident when dealing with reports containing thousands of lines on information with devices and all their attributes. A good IPAM solution will provide highly graphical components to provide you insights into network usage, IP address distribution and state of IP addresses, location and connectivity between network infrastructure components etc. Visual elements speed up tasks and decisions.
5. Role based management
If you have an organization of people with varying levels of skill sets and responsibility, it is important that your IPAM system provide ability to assign roles accordingly. E.g. a helpdesk technician may have privileges to assign static IP addresses in a few specific subnets; a network admin in a branch office may have entire control over the subnets in the branch office; a troubleshooting engineer may only have read-only access to the IPAM connectivity data etc. This capability will go a long way in ensuring that a few expert level administrators are not the only ones dealing with these requests. Additionally, good auditing and rollback capabilities are required to ensure that configuration errors can be tracked and rolled back.
6. DNS/DHCP integrated
A good IPAM solution works closely with the underlying DNS and DHCP systems and receives updates as leases are handed out and DNS records are updated to ensure it has the most up to date information as new devices join the network, DNS records get changed and updated. In the absence of this capability, your IPAM system will not learn of any IP conflicts in your network e.g. someone connects to your network and assigns a static IP address to the device which in fact is part of a DHCP range and could potentially be leased to another device by the DHCP servers, thus causing an IP conflict and connectivity issue.
7. Customizability and integration
An IP address management system does not exist in a vacuum. Typically, IP address management related tasks are part of a larger system and hence IPAM is just part of a workflow. A competent IP address management system should provide easy integration with rest of the IT systems e.g. server provisioning systems, cloud provisioning systems, request tracking systems etc.
Sponsored byCSC
Sponsored byWhoisXML API
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byRadix
All very good points. The largest problem that IPAM solves is to provide instant, accurate visibility into the addressing of the network from the organization wide network schema to the individual addresses and devices. However, you have to select wisely from the many IPAM options available so that you avoid the pitfall of merely stacking applications and services on top of independent components. This approach merely adds administrative complexity to a problem that is already insidious.
A better approach is to select a solution that combines an IPAM platform with unified administration features & client services with vendor-driven Managed Services. This will go a long way towards keeping complexity at bay. This combination provides the simplicity you expect with a purpose-built platform with the expertise of the vendor so that you do not have to build that expertise in-house. The result is a resilient system actively maintained by the people who know the solution best — all the while leaving you in control of your strategic information.