Understanding Internet Protocol Address Management (IPAM) All You Need To Know About IPAM We currently live in an IP dependent world; the explosion of IP enabled devices such as smartphones, laptops, tablets and other random devices in the workplace has made today’s enterprise networks more dynamic and complex. If an organization does not have the […]
All You Need To Know About IPAM
We currently live in an IP dependent world; the explosion of IP enabled devices such as smartphones, laptops, tablets and other random devices in the workplace has made today’s enterprise networks more dynamic and complex. If an organization does not have the right tools in place to handle this demand, managing the network can become a nightmare. Immediate access to accurate network information is important to an organization’s success and the only way to ensure the network is reliable, secure and well maintained is through Internet Protocol Address Management (IPAM).
What is IP Address Management?
Internet Protocol (IP) addresses are valid assets to an organization and just like any other asset, they need to be properly managed. IPAM refers to an IT discipline that mainly involves auditing, monitoring and centralized management of IP address spaces and subnet usage. They replace home grown applications such as spreadsheets and provide insight into the inventory of assignable IP addresses.
The Importance of IP Address Management
Ignoring the significance of getting a proper handle on IP addresses can lead to catastrophic consequences. Even small organizations find ways of keeping track of their IP address information (mostly in spreadsheets). IP addresses are critical resources that have to be managed if the network is to function efficiently. Every networked application and device (from networked printers and file storage to e-mail and web connectivity) largely depends on IP; this means that they require address management.
Below are reasons why every organization, both small and large, should manage their address space;
I. Quicker access to detailed network information: using IPAM, administrators can track crucial assets, eliminate network outages and conflicts and guarantee network security by availing detailed reports based on different parameters; these parameters are inclusive of MAC addresses, hostnames, IP address status (reserved, available, static, dynamic, etc.) and DHCP lease data such as lease date/time, time of last renewal, time left on lease, and more.
II. Enhanced Network Security: IPAM data such as the IP addresses being used, the devices assigned to them, and when the space was allocated enables administrators or security officers to identify security breaches or network abuse by foreign or internal users. IPAM can also be used to enforce policies, like operating system validation and checking whether the anti-virus software being used by a device is up to date before it is granted network access or assigned an IP address.
III. Regulatory Compliance: Mandates such as Sarbanes-Oxley have set out stricter controls for IPAM that require network administrators to monitor and control who has access to what and from where. For example, an organization may be required to produce a detailed log of which users or devices had leases for a specific IP address over a specified time period in the event they are served with a SOX-related subpoena.
IV. IP Address Duplication: occurrences where two devices are assigned the same IP address are common in the absence of IPAM. Since most PCs use DHCP to get IP addresses, this is not a common problem on user subnets. However, servers are assigned static addresses that are usually hardcoded into the server’s configuration. When two different servers are assigned the same IP address, both of them might become unreachable.
V. Subnet/ IP Address Recovery: Recycling of Unused IP assignments is important. However, it can be quite difficult to establish whether a subnet is currently in use or not. IPAM not only helps you find out, but it can also assist in the aggregation of recovered subnets into larger blocks.
Implementation of IP Address Management
There are two main approaches to implementing IPAM.
1. Manual Documentation
Most small companies rely on home grown spreadsheets to manually document IP Address usage. However, it is important to note that this approach is only acceptable in very small companies that are not implementing RFID, VoIP, wireless or other new technologies, and that use fixed addressing (as opposed to DHCP) for all computers. If an organization wishes to introduce new IP-based services or devices over time, manual documentation will no longer be a viable option.
Advantage
Manual documentation using spreadsheets offers simplicity and zero software and hardware investment.
Disadvantage
This approach is generally insufficient and IP address usage and assignment is too dynamic and critical to be left effectively unmanaged.
2. Software based IPAM
For large organizations with several networks and just as many DHCP and DNS servers involved in the delivering of IT services, software based IPAM becomes a necessity rather than a luxury. The software based solution is comprised of the IPAM solution alongside a dedicated database located at a central site and DHCP and DNS servers located at remote sites. Address management and server configurations reports are both generated at the central site, as the remote servers communicate with the central server via agents in order to exchange DHCP, DNS and configuration data.
Advantage
Software based IPAM solutions offer a wide range of advantages in terms of customization capabilities and functionality. On top of that, they can easily be integrated with other enterprise applications such as CRM and ERP.
Disadvantage
Dedicated IPAM systems usually require a large upfront investment and later substantial ongoing investments in skilled personnel.
Factors to Consider Before Implementing IPAM
1. The first thing you need to consider is the ease of integration with your current network systems like NMS, DNS, and DHCP. If the systems are not properly synchronized, errors are likely to occur.
2. Another basic factor to consider is the ease of use. If the system is easy to use then task performance is likely to become quicker and more efficient.
3. Lastly, cost is also a noteworthy consideration. You can opt for high end dedicated appliances or free open source systems. It is also important to note that the more you pay the less training and maintenance you have to do.
Author: Gabriel Lando
