Last updated on May 23, 2023.
Two out of three enterprises realize the value of a full-stack DDI management platform.
Is yours one of them?
DNS, DHCP, and IP address management (IPAM) provide the core services that enable network communications. DDI is often used as an acronym to describe the integration of these three core components of networking into one management solution.
A mature DDI strategy is essential to taming complex enterprise networks. But it turns out that enterprises can vary widely in their approach.
A recent survey conducted by Enterprise Management Associates (EMA) of 227 IT professionals from medium and large enterprises (more than 2,500 employees) across North America and the United Kingdom about the state of their DDI services found three distinct stages of maturity:
- Nearly 65% of enterprises employ a full-stack DDI management platform
- Nearly 32% of enterprises fall in the middle, using a using a commercial IPAM solution that integrates third-party DNS services into an overlay
- 3.5% take an immature, do-it-yourself (DIY) approach using spreadsheets or open-source software
How does your organization stack up?
This post will highlight EMA’s new findings about enterprises’ approaches to DDI. Specifically, it will delve into:
- The most critical requirements for DDI solutions
- What each DDI maturity stage entails
- Factors that drive the quest for mature DDI solutions
- Tips for ensuring your enterprise’s DDI strategy is successful
The most important requirement for DDI solutions: security
As the threat of DNS attacks continues to grow, 59% of survey respondents deemed security their top requirement when looking for a DDI solution. Sought-after features include both DNS security protection and monitoring, such as support for the DNSSEC protocol or a DNS firewall to filter and block malicious activity.
Cloud support was the secondary priority at nearly 46%. This includes the ability to manage IP address space in multi-cloud or hybrid cloud environments, and to deploy and manage DNS services for cloud-based applications and networks.
Ease of use, scalability, compliance, and resiliency round out the other top requirements for DDI solutions.
The stages of DDI maturity, explained
EMA’s research uncovered three stages of DDI maturity.
Stage 1: DIY
A DIY approach to DDI is the least mature strategy. It relies on spreadsheets or open-source software for IPAM and free or open-source software for DNS and DHCP services. DIY solutions are fractured, with no central visibility or authority. Because they rely on manual administration, they don’t scale well and they are prone to errors.
“We had an unstable and difficult-to-manage legacy environment that was based on OpenDNS,” a network engineer with a Fortune 500 aerospace and defense company told EMA. “It was garbage. It was not centrally located. We had no single pane of glass view. It was all command-line. It was unstable and difficult to manage.”
Stage 2: IPAM Overlay
This is a middle ground of maturity that involves using a commercial IPAM tool that integrates with a third-party DNS service. IPAM establishes an overlay across the DNS servers. It becomes the control plane for DNS, managing and monitoring changes and coordinating them with IP address space management.
It’s a step up from Stage 1, sure, but it’s not without challenges. Many IPAM overlay users rely on Microsoft DNS, a free service bundled with Active Directory. EMA found that 71% of IPAM overlay users who reported a technical issue with Microsoft DNS ended up experiencing a security breach as a result of that issue.
Stage 3: Full-stack DDI management platform
A full-stack DDI management platform is the most mature approach, with a fully integrated solution from a single commercial vendor. It typically offers the best scalability, control, and security. Automation works consistently across all layers of the DDI stack.
However, it can be challenging for some organizations to reach Stage 3. Their overall IT infrastructure is decentralized, with no central authority responsible for architecture decisions. And the presence of shadow IT virtually guarantees the persistence of third-party DNS services.
Factors that drive the quest for DDI solutions
EMA explored both what drives organizations to invest time or money in mature DDI solutions, as well as what triggers enterprises to shift from DIY to commercial solutions.
Reasons to invest time or money in DDI solutions
More than 61% of respondents said cloud transformation is the reason behind investing time or money in mature DDI solutions.
The migration to hybrid cloud or multi-cloud environments adds complexity, because the network team loses centralized control over DDI services. A mature DDI solution with cloud support, especially for multiple cloud providers, can help the network team regain control.
We are trying to automate more mundane tasks in DDI so our engineering team can focus on more important things.
Nearly 56% of respondents said that they had invested because of a network or IT automation initiative. Network automation isn’t possible without DDI services. For example, when an automation tool initiates a new virtual machine in a data center or the cloud, it will need to assign that server an IP address and domain name.
“We had too many things we were doing manually with our small staff. We were spending an hour a day just doing DNS entries. Now, we have ServiceNow integration,” a senior network engineer with a Fortune 500 retail company told EMA. “We are trying to automate more mundane tasks in DDI so our engineering team can focus on more important things.”
The third-most cited investment factor at nearly 48% was a security incident.
Four triggers for the shift from DIY to commercial solutions
EMA also found four key drivers for enterprises that make the shift from DIY to enterprise-grade solutions.
First, 63.5% of research participants cited security requirements as their motivation for maturing their approach. Commercial DDI products offer robust administrative security capabilities, such as role-based access control. Moreover, DDI vendors are increasingly adding security features and products. Indeed, more than three-quarters of respondents reported that they are using a DNS security solution.
Second, nearly 51% of respondents cited cloud complexity as a trigger for commercial DDI investment.
Close behind, more than 48% cited operational efficiency as their motivation. Network engineering expertise is in short supply, and IT organizations need their engineers to spend less time on manual tasks.
Finally, 47% of organizations invest in commercial DDI because they need effective integration with other IT solutions. In fact, nearly 87% of research participants currently integrate their DDI solutions with an IT service management platform like ServiceNow.
Ensure your DDI success
EMA’s research illuminated four key tips to ensure your DDI strategy is a success:
Dump your DIY. The first step in a successful approach to core network services is to adopt commercial products. DIY simply won’t cut it.
Avoid common business pitfalls. People outside the networking world don’t often understand the importance of DDI solutions, so it can require extra effort to win budget support for DDI from upper management. And more than 42% of organizations lack personnel with DDI expertise; teams must hire smart people with a good foundation of technical skills and train them up.
Align technical teams with IT management. EMA found several examples of executive IT management and technical experts holding very different perspectives on the state of DDI in their organizations.
Design with cloud support and integration in mind. Network teams should design their DDI for multi-cloud and hybrid cloud environments as well as integration with security monitoring and IT service management tools.
How does your enterprise measure up? If you’re not among the 65% employing a full-stack solution, don’t get left behind.
Want to read more about the report? Learn how cloud, automation, and security drive the pursuit of DDI solutions.
Want to know more about DDI maturity at small and medium enterprises in Europe, the Middle East, the Asia-Pacific region, and Latin America? Read the international version of the report and learn how automation is the No. 1 driver of DDI investment.
New regional investments in sales and technical expertise will help customers tame network complexity
BlueCat Cloud DNS Service is a cloud-hosted external authoritative DNS service integrated seamlessly with BlueCat Address Manager.
In this impact brief, EMA explores how the acquisitions of Men&Mice and Indeni strengthen BlueCat’s position as a leader in the DDI market.
With a multi-service architecture, BlueCat Edge SPv4 now supports simultaneous add-on modules for security, networking, cloud, and branch offices.