IP addresses are one of the most critical resources that need to be managed in any network. Every networked application and device -- from e-mail and Web connectivity to file storage and networked printers -- depends on IP and requires address assignment. That presents a big enough challenge, but it's becoming an even bigger challenge as new core services like VoIP and mobile networks increase IP address assignment needs, requiring more robust allocation, classification, and tracking of addresses. This is known collectively as IP address management (IPAM).
IPAM can enable administrators to eliminate network conflicts and outages, track critical assets and ensure network security by providing reports based on a wide range of parameters, including IP address status (dynamic, static, available, reserved, etc.), hostnames, MAC address, and DHCP lease data including lease date/time, time left on lease, time of last renewal, and more.
Having real-time access to IPAM data is increasingly important for any network administrator or security officer. For example, the ability to immediately access information such as IP addresses in use, when they were allocated, which devices they were assigned to, and who is using them is critical to identifying potential network abuse or security breaches by internal or foreign users. In addition, as network access control (NAC) systems become more widely deployed, IPAM plays a key role in facilitating and monitoring enforcement of policies, like validating that operating system and anti-virus software is current before assigning an IP address and granting access to the network.
Most companies have been operating without a formal IPAM strategy, and many are now realizing they can no longer afford to go without. But finding the right solution means doing some homework, since no single approach is the answer to every company's IPAM needs. Prospective customers should start by getting familiar with new IPAM solution options.
There are three approaches to implementing IPAM. The vast majority of companies rely on manual documentation of IP address usage in home-grown spreadsheets. This approach may be acceptable for very small companies that are experiencing only modest growth, are not implementing wireless, VoIP, RFID or other new technologies, and that use fixed addressing (versus DHCP) for all devices. But for most other organizations, especially those that are looking to introduce new IP-based devices and services over time, spreadsheets are no longer an acceptable approach. It simply isn't possible to manually update a spreadsheet to account for every time a device is added or a DHCP address is issued or renewed. A spreadsheet with incorrect and outdated data isn't worth much more than no spreadsheet at all.
At the other end of the spectrum are large-scale, comprehensive software-based IPAM solutions that have been used by very large companies, those with frequent mergers or spin-offs, and by service providers. These solutions typically comprise a dedicated IPAM application and dedicated database at a central site, as well as DNS and DHCP servers at remote sites. Server configurations and address management reports are generated at the central site, while the remote servers communicate via agents with the central site to exchange configuration and DNS and DHCP data.
Each approach has its advantages and disadvantages. An Excel spreadsheet, for example, offers simplicity and, essentially, zero investment in hardware and software. But on the downside, even small companies might eventually find this option insufficient, because IP address assignment and usage is simply too critical and too dynamic to be left effectively unmanaged.
Large-scale systems offer a range of benefits in terms of functionality and customization capabilities, and they can be integrated with other key enterprise applications, such ERP and CRM. And, they're highly scalable -- some of today's comprehensive solutions can handle more than 1 million addresses. But nothing comes for free, and dedicated IPAM systems typically require significant up-front investment and substantial ongoing investments in skilled people for administration management.
Between these two extremes is an integrated appliance approach to IPAM pioneered by the company Infoblox. This approach can bridge the functionality and complexity gaps between the two previously existing options. Appliance-based IPAM products clearly provide a huge improvement over spreadsheets and offer many enterprise-class capabilities. Admittedly, they don't provide all of the capabilities found in the high-end, large-scale IPAM systems deployed by the largest enterprises and service providers. But appliance-based IPAM systems can be very easy to deploy and manage, inherently secure, and very cost-effective, bringing much needed IPAM functionality within reach of most enterprises across a wide range of size and budget limitations. In the end, companies large and small need to consider IPAM as a requirement for a modern network, especially as new applications are increasing IP address demands. There are many resources, including systems integrators, VARs, and organizations like my own and Infoblox, that can help you do this. Do not delay -- determine your organization's IPAM strategy today.
About the author:
Dawn Bedard is vice president of technology at Vaticor. Vaticor provides tools and services to help monitor and support IP infrastructure. Bedard is responsible for Vaticor research and development and for operational rollout. She holds a BS from Texas A&M and MS in bioengineering as well as an MBA from Rennselaer Polytechnic Institute.
This was first published in January 2006