Two-thirds of enterprises employ full-stack DDI

EMA research found three distinct stages of DDI maturity, with 65% of enterprises realizing the value of a full-stack DDI solution. Is yours one of them?

Two out of three enterprises realize the value of a full-stack DDI management platform.

Is yours one of them?

DNS, DHCP, and IP address management (IPAM) provide the core services that enable network communications. DDI is often used as an acronym to describe the integration of these three core components of networking into one management solution.

A mature DDI strategy is essential to taming complex enterprise networks. But it turns out that enterprises can vary widely in their approach.

A recent survey conducted by Enterprise Management Associates (EMA) of 227 IT professionals from medium and large enterprises (more than 2,500 employees) across North America and the United Kingdom about the state of their DDI services found three distinct stages of maturity:

  • Nearly 65% of enterprises employ a full-stack DDI management platform
  • Nearly 32% of enterprises fall in the middle, using a using a commercial IPAM solution that integrates third-party DNS services into an overlay
  • 3.5% take an immature, do-it-yourself (DIY) approach using spreadsheets or open-source software

How does your organization stack up?

65% of enterprises realize the benefits of a full-stack DDI management platform with an illustration of one person pulling another up a hill

This post will highlight EMA’s new findings about enterprises’ approaches to DDI. Specifically, it will delve into:

  • The most critical requirements for DDI solutions
  • What each DDI maturity stage entails
  • Factors that drive the quest for mature DDI solutions
  • Tips for ensuring your enterprise’s DDI strategy is successful

The most important requirement for DDI solutions: security

As the threat of DNS attacks continues to grow, 59% of survey respondents deemed security their top requirement when looking for a DDI solution. Sought-after features include both DNS security protection and monitoring, such as support for the DNSSEC protocol or a DNS firewall to filter and block malicious activity.

Cloud support was the secondary priority at nearly 46%. This includes the ability to manage IP address space in multi-cloud or hybrid cloud environments, and to deploy and manage DNS services for cloud-based applications and networks.

Ease of use, scalability, compliance, and resiliency round out the other top requirements for DDI solutions.

The stages of DDI maturity, explained

EMA’s research uncovered three stages of DDI maturity.

Stage 1: DIY

A DIY approach to DDI is the least mature strategy. It relies on spreadsheets or open-source software for IPAM and free or open-source software for DNS and DHCP services. DIY solutions are fractured, with no central visibility or authority. Because they rely on manual administration, they don’t scale well and they are prone to errors.

“We had an unstable and difficult-to-manage legacy environment that was based on OpenDNS,” a network engineer with a Fortune 500 aerospace and defense company told EMA. “It was garbage. It was not centrally located. We had no single pane of glass view. It was all command-line. It was unstable and difficult to manage.”

Stage 2: IPAM Overlay

Pie chart of the state of DDI maturity for DIY, commercial IPAM with DNS overlay, and full-stack DDI platform

This is a middle ground of maturity that involves using a commercial IPAM tool that integrates with a third-party DNS service. IPAM establishes an overlay across the DNS servers. It becomes the control plane for DNS, managing and monitoring changes and coordinating them with IP address space management.

It’s a step up from Stage 1, sure, but it’s not without challenges. Many IPAM overlay users rely on Microsoft DNS, a free service bundled with Active Directory. EMA found that 71% of IPAM overlay users who reported a technical issue with Microsoft DNS ended up experiencing a security breach as a result of that issue.

Stage 3: Full-stack DDI management platform

A full-stack DDI management platform is the most mature approach, with a fully integrated solution from a single commercial vendor. It typically offers the best scalability, control, and security. Automation works consistently across all layers of the DDI stack.

However, it can be challenging for some organizations to reach Stage 3. Their overall IT infrastructure is decentralized, with no central authority responsible for architecture decisions. And the presence of shadow IT virtually guarantees the persistence of third-party DNS services.

Factors that drive the quest for DDI solutions

EMA explored both what drives organizations to invest time or money in mature DDI solutions, as well as what triggers enterprises to shift from DIY to commercial solutions.

Reasons to invest time or money in DDI solutions

More than 61% of respondents said cloud transformation is the reason behind investing time or money in mature DDI solutions.

The migration to hybrid cloud or multi-cloud environments adds complexity, because the network team loses centralized control over DDI services. A mature DDI solution with cloud support, especially for multiple cloud providers, can help the network team regain control.

We are trying to automate more mundane tasks in DDI so our engineering team can focus on more important things.

Nearly 56% of respondents said that they had invested because of a network or IT automation initiative. Network automation isn’t possible without DDI services. For example, when an automation tool initiates a new virtual machine in a data center or the cloud, it will need to assign that server an IP address and domain name.

“We had too many things we were doing manually with our small staff. We were spending an hour a day just doing DNS entries. Now, we have ServiceNow integration,” a senior network engineer with a Fortune 500 retail company told EMA. “We are trying to automate more mundane tasks in DDI so our engineering team can focus on more important things.”

The third-most cited investment factor at nearly 48% was a security incident.

Four triggers for the shift from DIY to commercial solutions

EMA also found four key drivers for enterprises that make the shift from DIY to enterprise-grade solutions.

Bar graph of four drivers for enterprises to shift from DIY to enterprise-grade DDI solutions

First, 63.5% of research participants cited security requirements as their motivation for maturing their approach. Commercial DDI products offer robust administrative security capabilities, such as role-based access control. Moreover, DDI vendors are increasingly adding security features and products. Indeed, more than three-quarters of respondents reported that they are using a DNS security solution.

Second, nearly 51% of respondents cited cloud complexity as a trigger for commercial DDI investment.

Close behind, more than 48% cited operational efficiency as their motivation. Network engineering expertise is in short supply, and IT organizations need their engineers to spend less time on manual tasks.

Finally, 47% of organizations invest in commercial DDI because they need effective integration with other IT solutions. In fact, nearly 87% of research participants currently integrate their DDI solutions with an IT service management platform like ServiceNow.

Ensure your DDI success

EMA’s research illuminated four key tips to ensure your DDI strategy is a success:

Dump your DIY. The first step in a successful approach to core network services is to adopt commercial products. DIY simply won’t cut it.

Avoid common business pitfalls. People outside the networking world don’t often understand the importance of DDI solutions, so it can require extra effort to win budget support for DDI from upper management. And more than 42% of organizations lack personnel with DDI expertise; teams must hire smart people with a good foundation of technical skills and train them up.

Align technical teams with IT management. EMA found several examples of executive IT management and technical experts holding very different perspectives on the state of DDI in their organizations.

Design with cloud support and integration in mind. Network teams should design their DDI for multi-cloud and hybrid cloud environments as well as integration with security monitoring and IT service management tools.

How does your enterprise measure up? If you’re not among the 65% employing a full-stack solution, don’t get left behind.

Want to read more about the report? Learn how cloud, automation, and security drive the pursuit of DDI solutions.

Want to know more about DDI maturity at small and medium enterprises in Europe, the Middle East, the Asia-Pacific region, and Latin America? Read the international version of the report and learn how automation is the No. 1 driver of DDI investment.

Published in:

An avatar of the author

Rebekah Taylor is a former journalist turned freelance writer and editor who has been translating technical speak into prose for more than two decades. Her first job in the early 2000s was at a small start-up called VMware. She holds degrees from Cornell University and Columbia University’s Graduate School of Journalism.

Related content

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Get fast, resilient, and flexible DDI management with Integrity 9.6

With Integrity 9.6, network admins can get support for new DNS record types, architect and configure multi-primary DNS, and automate IP assignments.

Read more

Deepen your security insight with Infrastructure Assurance 8.3

BlueCat Infrastructure Assurance 8.3, with an enhanced analytics dashboard, including interactive widgets and top 10 alerts, is now available.

Read more

Security, automation, cloud integration keys to DDI solution success

Only 40% of enterprises believe they are fully successful with their DDI solution. Learn how to find greater success with new research from EMA and BlueCat.

Read more

Our commitment to Micetro customers and product investment

From CEO Stephen Devito, a word on BlueCat’s ongoing commitment to supporting Micetro customers and Micetro’s evolution as a network management tool.

Read more

Seven reasons to rethink firewall monitoring and boost automation 

With BlueCat Infrastructure Assurance, you can better protect your network with automated alerts and suggested remedies for hidden issues in your firewalls.

Read more