With Richard Hyatt, CTO and co-founder of BlueCat Networks, network appliance vendor.
Question: How do business requirements like VoIP implementations and IPv6 compatibility affect IP Address Management (IPAM) efforts?
Hyatt: The industry is seeing an increasing trend whereby organizations that are adopting VoIP are realizing that their IP allocations are doubling overnight. These companies are using standard spreadsheets or home-grown applications to track network use and IP allocation. With the addition of VoIP tracking, allocating IP space is becoming increasingly difficult.
IPv6 poses a different problem. The IPv4 name space limits the number of unique IP addresses to 4 billion, while IPv6 provides an exponential increase in the number of available IP addresses. Tracking these unique IP addresses becomes an even bigger, more daunting task -- a challenge that a spreadsheet will certainly not solve. IPAM solutions are database-driven management frameworks that enable organizations to model, track and administer IP policies and then translate them seamlessly into working DNS and DHCP configurations on a distributed network. These solutions will help organizations to implement VoIP, ENUM and other services like RFID across large geographically dispersed networks at a substantially reduced cost. IPAM will also provide organizations with the ability to manage, administer and track mixed networks with both IPv4 and IPv6 seamlessly.
Question: What are the network security implications of this type of increased network complexity?
Hyatt: The challenges are no longer just about securing a DNS server from zone transfers or providing wireless access through DHCP. The challenges are now: "How do I manage my IP infrastructure to provision all the mission-critical applications while providing secure network access control, complying with industry regulations and implementing a self-documenting network?" It is easy for an organization to throw resources at solving these problems but this requires individuals from multiple IT disciplines within an organization to collaborate on an ongoing basis. In theory, this should work well in a centralized topology, but multinational or national enterprises and governments must manage a distributed network efficiently and point-based solutions become ineffective and leave an organization vulnerable to exploitation. Applications such as VoIP, Unified Communications, RFID and IPv6 are drivers for the growing complexity of the network, but the real security implication is the distributed nature of networks. There needs to be a unified approach to management, monitoring, secured authentication (NAC) and accessing enterprise IP networks.
Question: How have IPAM solutions matured; what are the most significant changes and how do they relate to the issues above (VoIP, IPv6)?
Hyatt: IPAM is no longer a tool that is only accessible by carriers. IPAM has evolved over the last five years and is now emerging as a mainstream requirement for enterprise customers. Existing solutions that are focused on DNS and DHCP configurations are inadequately designed. Organizations now require a multi-cored approach that enables administrators to model network topologies to service business or regulatory needs (SOX, HIPAA). A multi-core IPAM solution will then translate these business policies into workable and error-free DNS and DHCP configurations. VoIP, IPv6 and RFID are emerging drivers for the demand of IPAM but there are many multi-modal communications applications that will continue to push IPAM into mainstream business.
This 3 Questions originally appeared in a weekly report from IT Business Edge.