In the first installation of this three-part series on IPAM strategies, we explored the DNS, DHCP, IPAM trifecta. In part two, we explore various paths -- some costly
and others free -- to creating an IPAM environment.
Moving to an IP address management (IPAM) environment that is integrated with DNS and DHCP is ideal, but it can be costly. However, there is a wide range of IPAM strategies that begin with free tools and could be expanded to software with more capabilities and is economically priced, and then eventually, to more costly hardware with a very wide range of features.
You can't buy love, but you can purchase improved IPAM service, which will mean reduced help desk calls and more peaceful weekends.
Free IPAM software to the rescue, almost
If you are on a very tight budget or your operation is still small enough, you might consider the many free IPAM tools available. Most are open source projects hosted on SourceForge or Google for Windows and Linux. IPplan, GestióIPand OpenIPAM are the most well-tended, while others, such as Sauron, don't pass the test for popularity or freshness, in my opinion. With these products, there are tradeoffs; some are better suited to certain tasks like scanning, while others are better at DHCP scope management or reservations. None offers support, but they are free for download and experimentation.
Commercial vendors also offer free tools, which provide some of the functionality of their paid products. For example, SolarWinds IP Address Tracker provides unlimited IP-address scanning. These tools can make troubleshooting and basics such as scanning much easier -- something spreadsheets can never do.
Because free tools and open source projects don't offer complete DDI, you'll still need something -- probably spreadsheets -- to glue things together. In that case, you can use a little macromagic to at least make them smarter. Powershell can teach your spreadsheets some new tricks by providing decent DHCP management objects. With a little work, you can script the configuration process on remote DHCP servers. Still though, you're just prolonging the inevitable -- the need to acquire higher-grade technology.
Special mention: Microsoft Server 2012 IPAM tools
Microsoft IPAM has come a long way with the release of Server 2012. The basic DNS and DHCP services underneath are largely unchanged, but they're now managed in a Metro-oriented user interface (UI) to make it easier to operate Microsoft-based networks.
Though improved, it remains in the free tool category because of some basic limitations. For example, it makes certain assumptions about the completeness of your Microsoft adoption, with AD-centric authentication and Group Policy as a backbone. For example, DHCP and DNS servers may be managed in a relatively harmonious environment, but multiple AD trees aren't supported. Its RDP-based console isn't ideal for a team to share, and subnet management delegation and reporting is fairly basic. The biggest limitation, of course, is that there is no support for Cisco or other vendors. From Microsoft's perspective, it's a clever sweetener for Server 2012 adoption.
Find budget for a commercial DDI package
You can't buy love, but you can purchase improved IPAM service, which will mean reduced help desk calls and more peaceful weekends. There are two types of commercial IPAM products: software overlay and hardware appliance. In general, the software solutions are designed to work with the hardware and DDI services you already have, while the appliance solutions replace your existing DNS and DHCP infrastructure.
IPAM software is great for most environments
In addition to lower costs, software-based IPAM tools are designed to harmonize the environment you already have. They provide single-point visualization and control of distributed DDI services, tolerating DNS and DHCP servers running in less-than-ideal topologies. Evaluation and migration from current solutions are generally low-risk, quick to set up and free to try. The best packages offer complete DNS, DHCP and IPAM features, such as robust scope management, scanning, neighbor discovery, alerting, reporting, capacity planning and other features across multiple vendors.
More Fast Packet blogs
Blogger Keith Townsend warns to embrace network virtualization
SDN washing, the new cloud washing
Do cloud application performance tools work?
Additional features, such as automated split-scope configuration and duplicate subnet management, are even better and a plus for branch offices. SolarWinds IP Address Manager, Men and Mice and ManageEngine are leaders for software-based IPAM products. I'm of course partial to SolarWinds, so ask your admin friends for their opinions too.
IPAM appliances: Big iron for big challenges
If your IPAM environment is very large or you have complex processes that can't be managed with software, appliance-based IPAM solutions from vendors such as Infoblox and BlueCat may be a fit. In general, they replace your existing DNS and DHCP infrastructure with proprietary appliances, concentrating IPAM service delivery and management into a single system.
With these systems, be prepared to commit for the long term. First, they are designed to support the most complex IPAM environments, and they are priced accordingly. Complexity may be somewhat reduced because contracts will typically include professional services, on-site installation and consulting. Second, as with any DDI solution, you must be able to migrate to new technology without business interruption. Make sure you have a detailed plan for the replacement of your existing IPAM services as you switch your infrastructure to the new technology.
Hopefully this overview of IPAM tools got you thinking about the possibility of greatly improving your IPAM capabilities. The best news is mature products are available today which can substantially improve the reliability of your network and dramatically reduce your IT help desk headaches.