Looking for an IPAM solution? There’s something you should know.

IPAM tools alone do not solve the underlying issues with decentralized network infrastructure systems such as Microsoft DNS and BIND.

If you’re in charge of IP address management (IPAM) and you’re still using Microsoft DNS or BIND, you’re probably looking for an IPAM solution.  That’s because Microsoft DNS and BIND don’t provide a centralized repository to view and manage the allocation of IP space.  The most common solution out there (if you can really call it an IPAM solution at all) is a spreadsheet – manually keeping track of which IP addresses are assigned and which blocks are still available.

For complex networks spanning multiple geographical regions, hybrid cloud environments, and business units, manual IPAM is a nightmare.

Using an IP address spreadsheet simply isn’t a viable long-term solution.  It doesn’t scale. It practically invites manual errors and overlaps which can bring down the network.  Accountability is difficult.  Role-based access is impossible.  Data aggregation and reporting capabilities?  Forget it.

Just IPAM or a full DDI solution?

Once you realize that a fully-fledged IP address management tool is necessary, another question naturally arises:   Is there a way to avoid the severe challenges of keeping track of IP address space without a full DDI solution?

We get this question a lot.  We’ve also seen customers who have tried IPAM on its own and those who decided to go all-in with DDI.

Here’s what we know and what we’ve learned:  As we’ve captured in our eBook “The Cost of Free”, IPAM tools on their own can be helpful as a short term band-aid. But they do not solve the underlying problems inherent in decentralized network infrastructure systems such as Microsoft DNS and BIND.  Attempting to deal with IPAM without touching DNS or DHCP basically highlights the same problems inherent in so-called “overlay” DDI solutions, where only certain portions of the network infrastructure are truly fixed.

It’s not that IPAM tools are ineffective.  It’s that they’re missing the other two-thirds of the equation.

Think of it like what happens when you paint a single room in your house – suddenly all the other rooms look shabby by comparison.  When you use IP address management software in isolation, suddenly integration with DNS and DHCP becomes the problem.  These three core network functions are inextricably tied together.  It only makes sense to tackle them all at the same time.

IPAM tools = half a loaf?

In quite a few network teams, organizational politics are behind the IPAM-only push.  DNS, DHCP, and IPAM functions are controlled by separate groups.  They compete for resources, prestige, and control over network architectures.  Sometimes, their support budgets are separated too – purchasing and implementing a complete DDI solution would require a complicated bureaucratic and financial arrangement which nobody’s willing to broker.  In these cases, using just an IPAM product looks like “the best we can do”.

IPAM is usually the first step in a longer journey, whether you realize it up front or not.

We get it:  IPAM may be the most glaring problem you face right now.  DNS spreadsheets are a terrible way to manage networks.  And maybe looping DNS and DHCP into the equation doesn’t seem to make sense right now – for organizational, budgetary, or network architecture reasons.

But trust us, we’ve seen time and time again that customers who deal with IPAM and don’t consider the follow-on effects on DNS and DHCP end up creating more work in the long run.  The data from the core DDI elements belong in a single source of truth and should be part of the same workflows, not scattered between different architectures and methodologies.

Tactical and strategic considerations

Dealing with DDI in one motion is partially a matter of tactical efficiency.  Maybe tasks like getting rid of the IPAM spreadsheets, managing your IP address usage, and deconflicting your IP address pools are your first priorities. But it makes sense to tackle adjacent best practices such as implementing DNSSEC, creating a system to manage IPv4 and IPv6 addresses, and locking down the security of your DNS servers and DHCP servers at the same time.

Housecleaning is best accomplished across the core infrastructure layer rather than piece by piece.

Yet there’s also a strategic aspect to all of this which can’t be addressed with IPAM on its own.  What business goals are you looking to drive through your core network infrastructure?  What can you use DDI data to accomplish at a strategic level?  How can these systems lay the groundwork for tighter security, more efficient networks, and support for initiatives like cloud, automation, virtualization, and more?

If you play your cards right, rationalizing DDI systems and data can be the first step in a much more profitable journey – one in which DDI powers your business initiatives rather than slowing them down.  With a single source of truth for DNS, DHCP, and IPAM – where each element is part of a unified system – you can build the powerful capabilities today’s networks require through automation, DNS security, and higher-level functions such as traffic steering.  None of this can happen if IPAM is going one direction but DNS and DHCP are still stuck in the dark ages of decentralized architectures and manual processes.

Making the leap

If you’re trying to make the mental leap from dealing with immediate challenges around planning, tracking, and managing IPAM to thinking about the full DDI solution, you’re certainly not alone.  That’s why we’re here to walk you through it.  BlueCat has been through this journey with countless of satisfied customers.

DDI integrates DNS DHCP and IPAM into one solution

Perhaps just as importantly, we’ve seen a lot of customers who are dissatisfied with the IPAM-only approach.

We’ve seen them go from the high point of getting those immediate business challenges taken care of. Then we see them go down to the low point of realizing that the rest of their DNS and DHCP management practices now have to catch up.

Whether you’re considering just an IPAM solution and need some additional data points, or have already gone down the IPAM-only road and need some strategic advice on how to widen your strategic approach, we can certainly help. Our DNS experts can provide examples from our large customer base and talk you through the best practices of core infrastructure management.

If it’s your turn to move from internet protocol address space to something bigger, let us suggest a look at our DNS infrastructure best practices guide. There are some great ideas in there which will get you thinking about the trade-offs associated with different architectures and approaches.

An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Get fast, resilient, and flexible DDI management with Integrity 9.6

With Integrity 9.6, network admins can get support for new DNS record types, architect and configure multi-primary DNS, and automate IP assignments.

Read more

Deepen your security insight with Infrastructure Assurance 8.3

BlueCat Infrastructure Assurance 8.3, with an enhanced analytics dashboard, including interactive widgets and top 10 alerts, is now available.

Read more

Security, automation, cloud integration keys to DDI solution success

Only 40% of enterprises believe they are fully successful with their DDI solution. Learn how to find greater success with new research from EMA and BlueCat.

Read more

Our commitment to Micetro customers and product investment

From CEO Stephen Devito, a word on BlueCat’s ongoing commitment to supporting Micetro customers and Micetro’s evolution as a network management tool.

Read more

Seven reasons to rethink firewall monitoring and boost automation 

With BlueCat Infrastructure Assurance, you can better protect your network with automated alerts and suggested remedies for hidden issues in your firewalls.

Read more