With the rise of network complexity, including cloud architecture, implementing DNS, DHCP, and IP address management solutions is ever more challenging.
DNS, DHCP, and IP address management (IPAM) provide the core services that enable network communications. DDI is often used as an acronym to describe the integration of these three core components of networking into one management solution.
However, new research from Enterprise Management Associates (EMA) surveying 333 IT professionals in North America and Europe on the state of their DDI strategies found that:
- Only 40% of enterprises believe they are fully successful with their DDI solution; and
- Nearly 49% believe they have room for improvement in their DDI solution.
In this post, we’ll explore EMA’s findings on the most significant challenges enterprises face to implement a successful DDI solution. Then, we will examine three key approaches that EMA’s research identified can lead to greater success. These are:
- Stronger DNS security;
- Automated workflows and API integrations; and
- Integrated cloud IP address management.
Finally, we’ll touch on how BlueCat can help you get the most out of your DDI solution.
Challenges to a successful DDI strategy
According to EMA’s research, successful implementations of DDI technology typically lead to increased network resilience, enhanced IT productivity, and reduced security risks. But EMA also found numerous business and technical issues that can undermine an organization’s overall DDI strategy.
Network complexity a top issue
The top issue, affecting nearly 28% of respondents, is network complexity. Large enterprises were more likely to struggle with network complexity.
Problems with data quality and governance, skill gaps, and resistance to change are the main secondary challenges. Budget problems are also significant. Data quality was especially a headache for multicloud companies. The CIO’s suite was very unlikely to recognize problems with change resistance. But DevOps and network operations personnel both pointed to it as a top issue.
“The main issue we had was training people to get off spreadsheets and start using a tool dedicated to IPAM,” a project manager with a Fortune 500 energy and chemical company told EMA. “They’re always going around it. Old habits are hard to break.”
Siloed DNS services
One of the core value propositions for implementing a DDI management solution is integration across core DNS, DHCP, and IP address management components. If an IP address change is implemented via an IP address management tool, then that is coordinated across DNS and DHCP as well. This ensures consistent addressing across network infrastructure.
The most successful users of DDI technology were twice as likely as all other organizations to describe IP address management and DNS integration as very important. Multicloud architecture makes this integration even more of a priority.
The main issue we had was training people to get off spreadsheets and start using a tool dedicated to IPAM.
However, despite the wide recognition that this integration is important, nearly 54% acknowledged that they still have some DNS services that are siloed from their IP address management tool. Another 9% admitted that most of their DNS services are siloed. Only 36% of enterprises have managed to integrate their IPAM tool with all of their DNS infrastructure.
Best practices to overcome barriers to success
EMA’s research uncovered dozens of best practices for how IT organizations can improve their design and management of DDI services and overcome these challenges. Furthermore, three key areas—in DNS security, automation and API integration, and cloud management—stood out as critical avenues to overcome challenges and see greater success with a DDI solution.
Success key No. 1: Stronger DNS security
A broad and growing array of cyberattacks used against DNS makes DNS-based security a significant priority. Indeed, 35% of survey respondents indicated that security features are the top requirement for DDI solutions.
EMA research found that DNS hijacking was the most pressing concern for organizations, with 28% of respondents citing it. DNS hijacking involves using incorrectly resolved domains to redirect users to malicious sites. DNS tunneling, which involves exfiltrating data via DNS, followed as a secondary concern.
Measures to secure DNS infrastructure
DNS firewalls offer additional security by inspecting DNS queries between endpoints and blocking suspicious ones. EMA research revealed that 47% of research respondents have deployed a DNS firewall and another 41% are implementing a solution.
Furthermore, 91% of organizations are using DNSSEC, although only 47% use it extensively. DNSSEC is a technical best practice to authenticate DNS queries and responses by using cryptographic digital signatures.
Other types of measures enterprises employ to secure DNS infrastructure include automatic security policies that prioritize DNS security threats, DNS policies implemented in standard firewalls or other intrusion detection systems, and monitoring and analysis of DNS query logs in security incident and event management (SIEM) tools.
Less than a third are fully confident in DNS security
Despite all this effort, less than 31% of EMA survey respondents are fully confident in the security of their DNS resources. Only 54% are somewhat confident. Confidence in one’s DNS security correlates very strongly with overall feelings of success with DDI technology.
A discrepancy of note, however: EMA found that IT executives were twice as confident in DNS security as middle management and technical personnel. This suggests that people working closest with DNS are seeing a number of security risks that CIOs are missing.
Success key No. 2: Automated DDI workflows and API integrations
DDI solutions play a number of roles in network automation.
Automated workflows within a DDI solution
First, many enterprises rely on automated workflows within a DDI solution to streamline operations for core network services.
Indeed, 99% of respondents indicated that they automate at least one workflow when managing network services with a DDI solution. There are two clear priorities: to automate the process of network and cloud infrastructure discovery and to automate DHCP and DNS server deployment and configuration.
Network source of truth for automation tools
Second, the data contained within a DDI solution is essential to broader network automation tools. Network teams often reference this data to plan and implement changes to their networks via third-party network automation tools. Many IT organizations refer to their DDI solution as a “source of truth” for network automation.
As evidence, EMA found that nearly 89% of respondents consider their DDI solution to be a source of truth for network automation.
Over 39% of respondents believe their DDI solution is a very good source of truth. And 52% believe it is somewhat good, with room for improvement. According to EMA, overall success with DDI technology correlates strongly with whether a DDI solution is a very effective source of truth for network automation. Once again, much of the optimism comes from IT executives, while technical personnel are more skeptical.
Satisfaction with API integrations
Finally, APIs allow network teams to customize DDI solutions, automate them, and integrate them with other systems. Nearly 83% of respondents told EMA that their DDI solutions have APIs available. For organizations that use APIs, the main priority is to enable automation.
For example, by integrating a DDI solution with third-party network automation tools, it can serve as a source of truth for that automation tool.
However, less than 44% of respondents who have APIs available are fully satisfied with them. Larger enterprises, which have more engineering resources capable of using APIs and more use cases to pursue, were the least satisfied.
EMA’s research found that API satisfaction is extremely important to overall success with DDI solutions. Indeed, 70% of successful DDI professionals were completely satisfied with their APIs, but only 17% of unsuccessful DDI professionals felt that way.
API dissatisfaction correlated directly with problems with quality, complexity, and documentation. This suggests that these issues have strong impacts on whether organizations can effectively use APIs. Quality issues, such as errors and broken tools, were the most significant, at 30%.
Success key No. 3: Integrated cloud IP address management
Many cloud teams adopt DDI technology in their public cloud environments without the involvement of the core DDI team. EMA found that 44% of DDI teams believe they don’t have enough influence over how DDI is implemented and managed in the public cloud. (Past EMA research has explored the divide between cloud and network teams. Nearly three out of four enterprises struggle to realize the full value of cloud because of this issue.)
Subsequently, this lack of involvement leads to fragmentation of core network services across cloud and on-premises networks. Further, according to EMA, DDI teams that lack adequate influence over cloud are more likely to report that their overall DDI technology strategy is less successful.
At a minimum, IP address management tools are especially critical. EMA found that 79% of enterprises integrate their on-premises IP address management solution into their cloud environment to manage IP address space. Organizations with multicloud environments are even more likely to integrate it.
Nearly half of respondents identify centralized visibility and control as the most important need that IP address management solutions must address in public cloud environments. Respondents who are most successful with their DDI are the most likely to desire this capability. Close behind are enhanced security measures for IP address management, such as role-based access control, and streamlined IP address tracking and usage monitoring.
Similarly, for DNS management solutions, enhanced security is the top concern. The second is scalability to handle increases in DNS traffic, followed by easy management and updating of DNS records.
Find complete DDI solution success with BlueCat
No matter your stage of network modernization, BlueCat can help you get the most out of your DDI solution. With BlueCat, centralized management of your core DDI infrastructure gives your complete visibility and control of all of your DNS traffic.
With BlueCat’s offerings, you can leverage DNS to detect threats and reduce security risks. You can accelerate innovation with automated DDI workflows and integrations with third-party applications. And you can embrace hybrid cloud with end-to-end visibility and control of IP addresses across your on-premises and cloud estate.
Ready to discover what new heights of success you can reach? EMA’s report, DDI Directions: DNS, DHCP, and IP Address Management Strategies for the Multi-Cloud Era, explores the state of the DDI technology market in depth. It also provides full lists of recommended best practices in areas like ensuring DNS security and implementing multicloud architecture. Download the full report today.