Exponential growth of networks combined with the complexity introduced by IT initiatives e.g. VoIP, Cloud computing, server virtualization, desktop virtualization, IPv6 and service automation has required network teams to look for tools to automate IP address management (IPAM). Automated IPAM tools allow administrators to allocate subnets, allocate/track/reclaim IP addresses and provide visibility into the networks.
Here are some examples of what a typical IPAM tool can do:
- Create a subnet for a new branch office
- Assign a new static IP address to the new printer
- Reclaim IP addresses as older servers are decommissioned
- Keep accurate record of IP assignments and associated data e.g. MAC addresses, OS type, switch port connectivity etc.
- Discover devices on the network and update data
Most of the organizations use manual spreadsheets and home grown tools to accomplish these activities. At first look any automated IP address management solution seems like a vast improvement over status quo and ease of procurement and pricing become the prime deciding factors. However, as thousands of IPAM users would testify, an automated IP address management system is becoming increasingly critical to most of the IT initiatives. A well thought out IP address management automation solution will likely pave the way for more complex IT initiatives.
Here is a list of seven MUST HAVE attributes of an IP address management system:
1. Discovery and reporting of end devices, infrastructure and linkages between the two
A good IP address management automation solution can capture information in various ways including data import, lease information from DHCP servers and static IP assignments; an automated discovery remains the most useful one. Here are the things to look for when comparing discovery capabilities of various solutions:
- Richness of discovered data: Does the IPAM system capture attributes like device OS, switch port it is connected to, VLAN etc.
- Ability to report and view data when needed: Can your IPAM solution generate reports like, all Windows devices running on VLAN 2 connected to switch 4? Can you see all your printers organized by building and the floor they are in? Answers to these types of questions are required when troubleshooting difficult problems.
- Broad vendor support: This is an often overlooked aspect of discovery. Most IPAM vendors support discovery of Cisco equipment. However, networks contain infrastructure components from multiple networking vendors. Unsupported networking equipment will leave holes in your IPAM database. When making comparison make sure that a broad set of networking vendors’ switches and routers are supported.
2. Single pane of glass view of both physical and virtual infrastructure
Dynamic nature of virtualization and cloud computing environments can impact day to day IT tasks. Specifically, it is hard to track connectivity between virtual machines and the physical network infrastructure. A good IPAM solution is able to track the linkage between the virtual machines and physical infrastructure as they are created, moved and shutdown. Here are some of the actions you will be able to take if your IPAM system provides this information:
- Figure out what VMs (and corresponding applications) will be affected if a top of rack switch is brought down for updates
- Figure out if a VM is facing performance issues since it just migrated to an ESX server connected to a slower switch port.
- Trace network performance issues for a virtual desktop user all the way from the data center to the desktop.
3. Historical connectivity data and reporting
A good IPAM solution maintains historical connection data. This comes in handy when trying to investigate security and compliance issues. Specifically, IPAM system should be able to answer simple questions like, which device had this IP address yesterday? Which devices connected to the datacenter switch4 on the day of security breach? Where all a specific device has been connecting on my corporate network?
4. Visual appeal
A picture is worth a thousand words. This is more so evident when dealing with reports containing thousands of lines on information with devices and all their attributes. A good IPAM solution will provide highly graphical components to provide you insights into network usage, IP address distribution and state of IP addresses, location and connectivity between network infrastructure components etc. Visual elements speed up tasks and decisions.
5. Role based management
If you have an organization of people with varying levels of skill sets and responsibility, it is important that your IPAM system provide ability to assign roles accordingly. E.g. a helpdesk technician may have privileges to assign static IP addresses in a few specific subnets; a network admin in a branch office may have entire control over the subnets in the branch office; a troubleshooting engineer may only have read-only access to the IPAM connectivity data etc. This capability will go a long way in ensuring that a few expert level administrators are not the only ones dealing with these requests. Additionally, good auditing and rollback capabilities are required to ensure that configuration errors can be tracked and rolled back.
6. DNS/DHCP integrated
A good IPAM solution works closely with the underlying DNS and DHCP systems and receives updates as leases are handed out and DNS records are updated to ensure it has the most up to date information as new devices join the network, DNS records get changed and updated. In the absence of this capability, your IPAM system will not learn of any IP conflicts in your network e.g. someone connects to your network and assigns a static IP address to the device which in fact is part of a DHCP range and could potentially be leased to another device by the DHCP servers, thus causing an IP conflict and connectivity issue.
7. Customizability and integration
An IP address management system does not exist in a vacuum. Typically, IP address management related tasks are part of a larger system and hence IPAM is just part of a workflow. A competent IP address management system should provide easy integration with rest of the IT systems e.g. server provisioning systems, cloud provisioning systems, request tracking systems etc.
Written by Steve Garrison, Vice President of Marketing at Infoblox