January 2009 | Volume 12/ Number 1
Enterprise Network Management
By: Richard “Zippy” Grigonis
It’s true that there’s a hit parade of enormously-capable management packages that have undergone refinement for many years, such as IBM (News - Alert)’s Tivoli and HP OpenView (later called HP Software), and Nortel’s Enterprise Network Management System (ENMS) a single system that can work with all sorts of networks (wireless, wireline, voice/data converged, etc.) and which enables network administrators to identify and resolve problems and performance bottlenecks before they can disrupt network services such as multicast video and IP telephony. There are also many other smaller players out there who offer interesting, if perhaps more specialized, forms of enterprise network management.
The main theme here is that, as networks continue to grow in size and complexity, it becomes necessary to centrally visualize, monitor, troubleshoot and control them. Speaking as a former IT director who was in charge of 186 workstations, I can assure you that even simple asset management can be a nightmare.
Fortunately, there are companies that can come to the aid of today’s befuddled IT staff, such as ManageEngine (News - Alert) and their very successful enterprise management software, especially suited for the mobile environment (laptops, PDAs, etc.). ManageEngine Desktop Central is desktop management software that supports all Windows-based machines (laptops). It can track asset inventory (including hardware and software), manage software licensing, manage service pack and patch management, do remote desktop sharing, manage Windows configurations, and many other neat functions Yours Truly wished he had available many years ago.
The ManageEngine Asset Explorer is asset management software that supports both laptops and PDAs (for inventory). It can track asset inventory, including hardware and software manage software licensing and compliance manage contracts and purchase orders.
IP Addresses Here, There and Everywhere
One of the less-than-glamorous – though increasingly important – enterprise management activities concerns IP Address Management (IPAM). For example, Alcatel-Lucent (News - Alert)’s VitalQIP DNS/DHCP IP Address Management Software for the Enterprise helps enterprises efficiently configure, automate, integrate and administer IP services across a local or global network. It supports applications with millions of individual IP addresses and thousands of domains. The accompanying VitalQIP Appliance addresses the shift in the IPAM market towards appliances centering on increased reliability, manageability, scalability and security. VitalQIP can automate end-to-end management of IP addresses, increase efficiency with centralized management, seamlessly manage multi-vendor IP platforms, safeguard critical data.
BlueCat Networks (News - Alert) has also plumbed the depths of IP address issues. BlueCat’s Director of Marketing, Joseph Belsanti, says, “We were founded in 2001 by two brothers who had founded a previous organization and who experienced some frustrations when it came to DNS and DHCP. They felt they could build a better mousetrap and did so. Today, we do business in 32 countries and we serve over 850 Fortune 1000 companies worldwide. We do business in North America primarily through a mix of direct sales and the channel, primarily systems integrators.”
“We produce two ‘boxes’,” says Belsanti, “a rack-mounted DNS/DHCP server called Adonis and another rack-mounted IPAM server called Proteus (News - Alert). The units come in either a 1U or 2U-high form factor. We’re obviously a horizontal play in the marketplace. When it comes to enterprise network management and Internet telephony, VoIP is one of the key drivers for IPAM, though IPAM does have a number of other market drivers right now, such as virtualization, the countless number of wireless devices out there now looking for IP addresses, and finally IPv6, which is rearing its head in the marketplace. I suppose you could even add the various kinds of nontraditional IP devices now becoming IP-enabled – things such as IP security cameras, which are putting a strain on the networks.”
“We’ve had some tremendous success over the past few years in managing the new network fabric being rolled out over the IP network topology called IP Address Management, or IPAM,” says Belsanti. “The analogy here is that one never had reason to invent a carpet cleaner until there were carpets. Similarly, we’re now seeing a maturation of this marketplace in the network world, which is starting to manifest itself via a number of different players appearing and addressing how you can manage all of these many IP addresses. Given the current economic climate, outside of the typical discussions where enterprises are looking to do more with less and reduce the total cost of management per IP address and looking to consolidate things as a way of gaining economies of scale, one thing is very true about our marketplace – when you start to see mergers and acquisitions, and the consolidation of networks, suddenly the true expense of integration is on the tech side in terms of bringing these disparate network systems together. Therefore, as part of IPAM, IP reconciliation is a huge driver for us as organizations and enterprises are looking to help themselves gain that greater ROI in IT purchases, and to help them lower the cost of managing things per IP address in terms of consolidating the functions.”
“In addition to IP reconciliation, IPAM also encompasses workflow, enforcing naming policies, and having end user-defined fields for IP addresses, which we’re also seeing happening in the marketplace,” says Belsanti. “When we engage with our customers and with enterprises, they tell us that there are two ‘buckets’ of data within an IP network. First, there’s the data that resides with the DNS/DHCP server, whereby you have the ‘Yellow Pages’ if you will, lining up IP addresses with domain names, and then dishing out the IP addresses accordingly. But now what we’re starting to see – which is the interesting part within the enterprise – something that’s been talked about for years: the emergence of the convergence of IT processes and business processes. In fact, when the research people such as Forrester (News - Alert) no longer talk about IP in terms of being Information Technology; instead, they talk about Business Technology or BT. We see this manifesting itself within the marketplace very concretely because we now see enterprises in the spirit of doing more with less and being more ‘business-enabled’ and wanting to attach all kinds of data to the average IP address. This is as true about VoIP as anything else. They’re not only interested in the MAC [Media Access Control] address or Ethernet Hardware Address [EHA] [a quasi-unique identifier assigned to most network adapters or network interface cards by the manufacturer for identification]. They now want to start associating other data with the IP address.”
Belsanti elaborates: “For example, in the VoIP scenario there’s all sorts of information you can tack on: Who’s phone is it? What’s the employee number? What department are they in? What GL code should be bill that phone to along with the expenses off of that phone? And so forth. Also, in conjunction with an IP address management solution, companies want to comply with IP governance and local and international security and privacy policies by being able to identify, monitor, report and produce a good audit trail to determine who had what IP address and when. That takes us back to IP reconciliation, because there are several things which enterprises consider doing when they start reconciling IP addresses. For example, administrators will go out and take a look at their SQL database residing on a network server somewhere or in a racked appliance such as ours, and they’ll ask, ‘Okay, how many IP addresses to I have registered?’ Let’s say for argument’s sake they have 10,000 registered. The next thing they’ll do is periodically perform a network discovery. Three things can then happen: First, the database will indicate that they have 10,000 IP addresses, but when they actually run a network discovery, they might tally 15,000 addresses. Why 5,000 extra addresses? Is it because department projects were allocated IP addresses and when the projects were terminated, nobody ever told IT, so the addresses were never reclaimed? Is it because during this economic climate there were business units that downsized and nobody told IT? Or is it because the sales manager bought a wireless router, threw it over the ceiling tile of his office and is now providing IP addresses to his sales team simply because he couldn’t be bothered to communicate with IT and have them officially and properly allocate IP addresses to his staff? And is that a potential security breach?”
“Second, the SQL server database may tell you that you have 10,000 IP addresses but when you run a network discovery you discover there are only 5,000 available,” says Belsanti. “It could be that the database is simply out-of-date. The third scenario is that the numbers all match up – 10,000 addresses listed and 10,000 appearing in the discovery process, but the data associated with those addresses have changed. So an IP address may be associated with a particular MAC address, but the network discovery reveals that the MAC address is incorrect. Was there a technology refresh? Or is somebody spoofing that particular IP address and therefore you need to go back and figure out if somebody is hacking the system. So there are many interesting things happening involving IPAM and IP reconciliation.”
“Another big issue relates to workflow,” says Belsanti, “particularly with organizations as they start looking at the newly matured abstraction layer that has appeared in the enterprise. We all talk about doing more less and squeezing more ROI out of IT investments, but when it comes to managing the network and managing IP addresses in the network, what enterprises need to do is to ensure that they have the right tool for the right job and the right resource in that tool. For example, sometimes you might have a very expensive systems administrator doing nothing but setting up a new domain server, or a new FTP server, and of course that could have been delegated out to a sub-administrator or a junior administrator. With workflow enablement, enterprises are now able to delegate and have central administrators or ‘super administrators’ who can pass on specific network tasks to others, and have that work stay resident in a ‘sandbox’ or ‘holding area’ and then once the work is complete, the central administrator can review the finished task and then push ‘Go’ so that the work goes ‘live’ right then and there, otherwise unscrutinized work could potentially take down the entire network. That’s another big area in IPAM.”
Micromanage Your Network Today
One can spend an infinite amount of time studying the intricacies of any large network, the theories behind them and the many tools that can analyze and manipulate them. At some point you’ve got to make a decision.
Personally, I’m waiting for the U.S. government to scrap the Social Security system and assign us all IP addresses. It sounds far-fetched now, but it will sound quite reasonable in 20 years or so. IT
The following companies were mentioned in this article:
Alcatel-Lucent – (www.alcatel-lucent.com)
BlueCat Networks – (www.bluecatnetworks.com)
IBM – (www.ibm.com)
ManageEngine – (www.manageengine.com)
Today @ TMC
ITEXPO West 2012
October 2- 5, 2012
The Austin Convention Center
The World's Premier Managed Services and Cloud Computing Event
Click for Dates and Locations
Mobility Tech Conference & Expo
October 3- 5, 2012
The Austin Convention Center
Cloud Communications Summit
October 3- 5, 2012
The Austin Convention Center