Posted by: James Murray
when relevant content is
added and updated.
Internet Protocol Address Management (IPAM) allows the IT department to track IP address deployment throughout the organization. If you come from the world of Windows and Active Directory (AD), you know that Windows comes with its on system for tracking IP addresses throughout a windows forest. For most small and medium size businesses this is more than adequate. What happens though as the organization grows. Enterprise businesses begin buying other businesses. These businesses may or may not have the same server and hardware platforms. As the business grows, buying other businesses new platforms need to be added the network mix of servers, routers, VPN, phone systems, cell phone systems. Some of these systems are not necessarily willing to talk with one another. The one thing they have in common is each device needs an IP Address.
IPAM systems are designed to solve this problem by centralizing DNS (Domain Naming System) and DHCP (Dynamic Host Configuration Protocol) for large networks. Imagine a billion dollar company buying a 500 million dollar company. Instantly the management teams of the various companies need to work together. Unfortunately the AD forests, Server systems and VPN’s are not talking to each other. Nor will they probably ever be able to talk. Imagine too that the newly purchased company has cell phones integrated with their entire system will the buying company lucky to just see email. When connecting the two organizations, with common private IP addresses, duplicate IP’s becomes a big problem. Haven’t 1000’s of duplicate IP’s that need to be figured out is even worse. Yet if the two companies can’t work together, they are losing money. It’s an IT Management nightmare
What the IPAM system is designed to do is to take over the DNS and feed the correct IP addresses to the entire organization. While windows DNS talks best to Windows systems, IPAM systems talk with everyone. I’ve been looking most recently with Proteus. In addition to managing the IPv4 addresses Proteus and other systems allow central control, planning and management of the IPv6 environments for all IP systems. When I was studying IP addressing everyone was taught IP sub-netting. It became a matter of pride to be able to sub-net in one’s head. With IPv6 that’s just not possible or reasonable to expect everyone to do this. Instead one set of experts can plan and manage the IPv6 for everything in the Enterprise world. Proteus has a GUI interface that is not too hard to pick up with 20 or so hours of practice.
There are a lot of advantages. For one thing it reduces the points of failure in complex networks. This means less downtime. As long as there is redundancy build into the IPAM system. A few years back I was working on a banking system that was using AD to manage security for their online banking customers. This was the first time I’d seen Active directory run without DNS. It was a security issue that reduced the points of failure for the system. An IPAM system would be able to manage the DNS in separate trees without the same levels of security risk.
Another customer I worked with was selling a mobile VPN system. Tracking customers as they maintained the same IP number, but move from location to location on the same VPN, was a difficult problem for small networks. For larger, international networks, it was difficult to manage centrally in real time. With an IPAM like Proteus, these mobile VPN problems are solved as a part of the IPAM solutions.
As network continues to grow in complexity, it may require that smaller and smaller networks will benefit from an IPAM system. While Microsoft has a strong dynamic DNS system as part of it’s network operating system. Still an IPAM takes this to a much higher level.