Two-thirds of enterprises employ full-stack DDI – BlueCat Networks

Two-thirds of enterprises employ full-stack DDI – BlueCat Networks

Two out of three enterprises realize the value of a full-stack DDI management platform.

Is yours one of them?

DNS, DHCP, and IP address management (IPAM) provide the core services that enable network communications. DDI is often used as an acronym to describe the integration of these three core components of networking into one management solution.

A mature DDI strategy is essential to taming complex enterprise networks. But it turns out that enterprises can vary widely in their approach.

A recent survey conducted by Enterprise Management Associates (EMA) of 227 IT professionals from medium and large enterprises (more than 2,500 employees) across North America and the United Kingdom about the state of their DDI services found three distinct stages of maturity:

How does your organization stack up?

This post will highlight EMA’s new findings about enterprises’ approaches to DDI. Specifically, it will delve into:

As the threat of DNS attacks continues to grow, 59% of survey respondents deemed security their top requirement when looking for a DDI solution. Sought-after features include both DNS security protection and monitoring, such as support for the DNSSEC protocol or a DNS firewall to filter and block malicious activity.

Cloud support was the secondary priority at nearly 46%. This includes the ability to manage IP address space in multi-cloud or hybrid cloud environments, and to deploy and manage DNS services for cloud-based applications and networks.

Ease of use, scalability, compliance, and resiliency round out the other top requirements for DDI solutions.

A DIY approach to DDI is the least mature strategy. It relies on spreadsheets or open-source software for IPAM and free or open-source software for DNS and DHCP services. DIY solutions are fractured, with no central visibility or authority. Because they rely on manual administration, they don’t scale well and they are prone to errors.

“We had an unstable and difficult-to-manage legacy environment that was based on OpenDNS,” a network engineer with a Fortune 500 aerospace and defense company told EMA. “It was garbage. It was not centrally located. We had no single pane of glass view. It was all command-line. It was unstable and difficult to manage.”

This is a middle ground of maturity that involves using a commercial IPAM tool that integrates with a third-party DNS service. IPAM establishes an overlay across the DNS servers. It becomes the control plane for DNS, managing and monitoring changes and coordinating them with IP address space management.

It’s a step up from Stage 1, sure, but it’s not without challenges. Many IPAM overlay users rely on Microsoft DNS, a free service bundled with Active Directory. EMA found that 71% of IPAM overlay users who reported a technical issue with Microsoft DNS ended up experiencing a security breach as a result of that issue.

A full-stack DDI management platform is the most mature approach, with a fully integrated solution from a single commercial vendor. It typically offers the best scalability, control, and security. Automation works consistently across all layers of the DDI stack.

However, it can be challenging for some organizations to reach Stage 3. Their overall IT infrastructure is decentralized, with no central authority responsible for architecture decisions. And the presence of shadow IT virtually guarantees the persistence of third-party DNS services.

EMA explored both what drives organizations to invest time or money in mature DDI solutions, as well as what triggers enterprises to shift from DIY to commercial solutions.

More than 61% of respondents said cloud transformation is the reason behind investing time or money in mature DDI solutions.

The migration to hybrid cloud or multi-cloud environments adds complexity, because the network team loses centralized control over DDI services. A mature DDI solution with cloud support, especially for multiple cloud providers, can help the network team regain control.

Nearly 56% of respondents said that they had invested because of a network or IT automation initiative. Network automation isn’t possible without DDI services. For example, when an automation tool initiates a new virtual machine in a data center or the cloud, it will need to assign that server an IP address and domain name.

“We had too many things we were doing manually with our small staff. We were spending an hour a day just doing DNS entries. Now, we have ServiceNow integration,” a senior network engineer with a Fortune 500 retail company told EMA. “We are trying to automate more mundane tasks in DDI so our engineering team can focus on more important things.”

The third-most cited investment factor at nearly 48% was a security incident.

EMA also found four key drivers for enterprises that make the shift from DIY to enterprise-grade solutions.

First, 63.5% of research participants cited security requirements as their motivation for maturing their approach. Commercial DDI products offer robust administrative security capabilities, such as role-based access control. Moreover, DDI vendors are increasingly adding security features and products. Indeed, more than three-quarters of respondents reported that they are using a DNS security solution.

Second, nearly 51% of respondents cited cloud complexity as a trigger for commercial DDI investment.

Close behind, more than 48% cited operational efficiency as their motivation. Network engineering expertise is in short supply, and IT organizations need their engineers to spend less time on manual tasks.

Finally, 47% of organizations invest in commercial DDI because they need effective integration with other IT solutions. In fact, nearly 87% of research participants currently integrate their DDI solutions with an IT service management platform like ServiceNow.

EMA’s research illuminated four key tips to ensure your DDI strategy is a success:

Dump your DIY. The first step in a successful approach to core network services is to adopt commercial products. DIY simply won’t cut it.

Avoid common business pitfalls. People outside the networking world don’t often understand the importance of DDI solutions, so it can require extra effort to win budget support for DDI from upper management. And more than 42% of organizations lack personnel with DDI expertise; teams must hire smart people with a good foundation of technical skills and train them up.

Align technical teams with IT management. EMA found several examples of executive IT management and technical experts holding very different perspectives on the state of DDI in their organizations.

Design with cloud support and integration in mind. Network teams should design their DDI for multi-cloud and hybrid cloud environments as well as integration with security monitoring and IT service management tools.

How does your enterprise measure up? If you’re not among the 65% employing a full-stack solution, don’t get left behind.

Images Powered by Shutterstock