Taking IP address management to the next level
From chaos to clarity
IP address management for a given set of IP addresses, consist in maintaining an up-to-date view of the IP address space. More specifically, IP address management consists in the controlling and tracking of the allocation of IP addresses and IP address blocks: which addresses, or blocks are free for assignment, and which IP addresses have been assigned, and on whose authority.
By its very nature, effective IP address management must include information from the DNS and DHCP servers connected to the network. The DNS servers associate devices, or hostnames with IP addresses, while DHCP servers handle the automatic assignment of IP addresses. In fact, a unified, updateable view of the information from these two data sources would go a long way towards establishing an enterprise wide IP address management system.
The image below depicts a typical scenario for a large distributed enterprise, before deploying the Men & Mice Suite
DNS, DHCP and IP address management before deploying the Men & Mice Suite.
In the picture above the blue boxes represent the different tasks and duties carried out by the group of professionals, responsible for managing the IP address space. The enterprise is using a number of DNS servers, both Microsoft and BIND, which is not uncommon. The network also includes a number of DHCP servers, which must be managed, and the administrators are using some home grown means for maintaining a view of the IP address space.
Two things are immediately noteworthy here:
-
The four different tasks involve the use of four different interfaces and systems. For example, the management and configuration of the BIND servers is done via text files, and requires a high-level of expertise, while the management of the Microsoft DNS servers is typically done through graphical management interface, which is designed for the management of individual DNS servers.
-
Synchronization issues and lack of overview. Management of the DNS, IP address space and DHCP needs to be synchronized. Change in DNS or DHCP must be reflected in the IP address management tool, and vice versa. These resources and services are managed by different groups using different systems, which can and often leads to misconfigurations and serious problems, such as loss of e-mail and other mission critical network services.
Another problem, facing the administrators, is the handling of common everyday tasks, such adding or removing a printer or a workstation. The administrators have no way of delegating authority for such tasks in a secure manner. It is unacceptable to grant too many users the privileges to access the DNS and DHCP servers to do the necessary changes. The administrators are therefore forced to manage such tasks centrally, which again leads to long lead times and inefficient use of resources.
To resolve all the manageability issues, the enterprise decides to deploy the Men & Mice Suite. This results in the following greatly simplified picture of the network:
DNS, DHCP and IP address management with the Men & Mice Suite
Two things are immediately noteworthy here:
-
Clear and integrated view. Instead of four different interfaces, and four different modes of operations, the network administrators are now presented with one consistent interface, which enables them to manage DNS, DHCP and the IP address space in a unified manner. The Men & Mice Suite handles the synchronization between the different components automatically.
The Men & Mice Suite, further allows the administrators to define arbitrary subdivisions of authority over the network's DNS and DHCP services, and delegate authority for everyday tasks, such as adding a printer or a workstation, in a secure way. The Suite provides a special "self-service" web based interface which locks the users down according to their defined access rights. The web interface provides a "sandbox" environment, ensuring that the user won't do anything which could generate error or problems.
|
