Raising the Bar on IP Address Management (IPAM)
As IPv6 rolls out, IPAM is becoming a core component of any IT operations strategy.
Last week the industry celebrated World IPv6 Day and it started me thinking about what kind of impact IPv6 will have. We're closer than we ever have been before from moving IPv6 from this visionary thing way out in the future to something real that organizations need to deal with. Combine this with the other factors such as an explosion in endpoints from M2M, unified communications, tablet computing and data center automation, and it moves IPAM from being a nice-to-have to a need-to-have for IT departments.
Back in the day, when I was an engineer, IPAM was used by the largest or most disciplined organizations, but many of us managed by spreadsheet. Managing by spreadsheet wasn't the best idea but it worked when we were using v4 addresses, the number of IP enabled end points was less than 1 to 1, and our infrastructure was static. Today the number of devices per worker is easily 3 to 1 and some estimate it to be as high as 7 to 1. Even at the low end that's a 300% increase. Virtualization, data center automation and mobility mean that our IP addresses are on the move as well, which makes tracking them very difficult to near-impossible. Lastly, IPv6 addresses are much longer and more difficult to deal with than IPv4 ones. It’s definitely time for IPAM.
IPAM though isn't the easiest thing to evaluate. It's not like an Ethernet switch where you look at the port density or a server where you measure by process and memory. IPAM is a broad solution that can help organizations track, manage, allocate and reclaim IP addresses. It should also provide some advanced features like integration with the DHCP and DNS systems. So here's what I consider the critical components of an IPAM solution that can help manage this virtualized, consumerized and mobilized world we find ourselves in today.
* Unified view of physical and virtual resources. The IPAM tool needs to be able to track the linkage between the physical infrastructure and virtual machines in real time as they are invoked, moved and then shut down. Additionally, virtual desktop infrastructure (VDI) management should be part of IPAM by being able to trace performance issues from the desktop through data center.
* High availability solution. Once organizations start using IPAM, they will find it an indispensible tool. Given that, any solution must have a high availability option to ensure continuous operations
* Discovery engine capable of finding all IP devices as well as the relationship between them. This isn't as simple as it sounds and includes capturing information such as VLANs, device OS and a wide range of vendor support (there’s more to networking than Cisco).
* Custom reporting capabilities. Everyone loves reports but then everyone finds them limiting and wants to be able to tweak them for their own organization’s purposes. The IPAM solution should allow network managers to look at any information they like with the depth that they like. For example, it's not enough to just show all the devices on a switch. Let me see all my Blackberries currently connected to the Voice VLAN.
* Integrated DNS and DHCP. This is very important for troubleshooting purposes. Real time updates from the DNS and DHCP servers ensure that the IPAM solution has the most up-to-date information available. Then, if something changes, such as an update to a DNS record, a static IP address is assigned or new devices join the network, problems such as address conflicts can be avoided.
* Graphical user interface. Trying to manage anything by correlating thousands of lines of data is difficult to say the least. This is the reason network management systems developed GUI root cause front ends. A customizable, graphical front end can quickly show address distribution, utilization, location information and the relationship between connected devices.
* Historical information. We live in a world of scrutiny, compliance and regulation. IPAM is about more than the here and now. It can play a key role in understanding when a certain device joined a network, where a device has moved from and to and other things that can aid network managers in understanding the past.
* Role-based access. IPAM is a tool that can be used across the IT department. Help desk workers, branch administrators, high level engineers and even IT managers can utilize the information in the IPAM system. To accommodate the unique needs of these groups, the IPAM solution needs to be able provide the people accessing the system the information they need, and then not allow access to functions they do not need.
Home grown tools and spreadsheets were sufficient in the past but the world is changing and IT needs to change with it. IPAM used to be thought of as a niche tool but I think it's becoming a core component of any IT operations strategy.