Cygna Labs
Book a Demo
shield

Strengthen your organization’s cybersecurity posture with software solutions from Cygna Labs

  1. Home

  2. Blog

  3. Automate your DDI to Accelerate IT services delivery

Automate your DDI to Accelerate IT services delivery

Arno Therburg

Arno Therburg

Feb 17, 2022

Automate your DDI to Accelerate IT services delivery

Automation is among the key motivators for implementing an IP address management (IPAM) system. With the ubiquitous adoption of Internet-based technologies engendering IP networks over which nearly all of your applications communicate, it makes sense to simplify and minimize resource impacts for such networked applications and corresponding support. This IP convergence provides financial, efficiency, and productivity benefits in and of itself, but it also escalates reliance on and ensuing scrutiny of IP network performance, resiliency and integration into key business processes.

DDI is Foundational To Your Network

Underpinning this IP convergence is your DHCP-DNS-IPAM (DDI) foundation. Email, web, application servers need IP addresses and DNS names. User laptops, mobiles, and other devices need IP addresses. Cloud virtual machines or containers need IP addresses and DNS names. Literally every device you need to connect to your network needs an IP address; and if users need to reach it by name, it also needs a DNS name. With no IP address or DNS name, there is no network. Clearly it behooves IT engineers to deploy reliable, performant, and resilient IPAM components to supply IP addresses and DNS names in each of these instances.

Reliability implies that IPAM be not only available when needed but accurate in its capability. When you need to instantiate of virtual machine on VMware for example, you need to rely on a corresponding IPAM function to be available, yes, but also supply an IP address that is unique and relevant to the subnet on which the virtual machine is provisioned. If you maintain IP address inventory in a spreadsheet, reliability necessitates availability of the spreadsheet owner to open and update the file and that this update process has been performed judiciously so no duplication of IP addresses erroneously results.

Performance in DDI components essentially requires that DDI is not inhibiting or worst case, halting the process underway. For example, if my spreadsheet owner happens to be out to lunch or away on business or vacation, will you be able to obtain an IP address and DNS name in a timely fashion to instantiate ten containers within two minutes? Agility is an IT hallmark, particularly in today’s multi-cloud world, and DDI processes provide a key ingredient to achieving agility. Likewise, DDI resilience is critical to supporting availability of alternative methods, e.g., a secondary spreadsheet owner, in order to perform DDI functions in the face of an “outage” or unavailability of a necessary component.

While expression of the spreadsheet-based DDI technique may be trite, it’s illustrative of the requirements for reliability, performance and resilience. Your DDI system must meet these requirements to facilitate the efficiency, agility and manageability of your diverse network. Use of standard protocols such as DHCP for automating address assignment where relevant, and DNS for name resolution, enable you to use stock reference implementations of these protocols. In auto-configured environments such as in IPv6, IoT or public cloud networks, an IPAM system must provide visibility through various forms of discovery and/or through API-integration during the process, e.g., particularly for cloud instantiations.

A centralized DDI system serves as the heart of such a diverse network, enabling consistent and accurate tracking of IP address and DNS assignments. Automated deployment of DHCP and DNS server information to distributed DHCP and DNS servers, appliances or containers streamlines the process, promotes agility, and reduces potential errors in entering common information into multiple systems, e.g., a spreadsheet, DHCP server configuration file and a DNS interface. Use of a DDI REST API with programmable workflows also embeds foundational DDI functions within broader IT workflows such as automated server builds, container swarm deployments or virtual machine instantiations.

A Single Holistic DDI Perspective Across Your Diverse Network

By leveraging these protocols and DDI system capabilities, you can streamline your IP address and DNS name assignment processes across your variegated IP network, streamlining overall service delivery. Inserting these capabilities into your orchestration workflows enables incorporation of the critical DDI functions within corresponding workflows. IPControl, the IPAM solution from Cygna Labs Diamond IP includes intra-IPAM automation of IP block management, subnets and DHCP/DNS configurations, and it also provides a full REST API. Our Cloud Automation Appliance (CAA) provides an DDI orchestration engine which enables you to define inter-system workflows with a drag-and-drop web user interface. We supply several sample workflows for public cloud interfaces such as Azure and AWS, as well as a full suite of DDI API components that may be simply inserted into your workflows.

A simple REST call to your CAA can render the provision of a subnet in AWS while updating IPControl or the discovery of resource groups, locations, virtual networks and virtual machine IP addresses from Azure for bootstrapping or synchronizing corresponding DDI data in IPControl. These sample workflows, components, and user-definable workflows and components facilitate adaptation and automation of IP and DNS assignments in accordance with your network and your methods of operation.