proteus - bluecat networks

Whitepaper

IPAM INTELLIGENCE: ALL ROADS LEAD TO PROTEUS

Use of this document

Copyright

This document and all information (in text, Graphical User Interface (“GUI”), video and audio forms), images, icons, software, design, applications, calculators, models, projections and other elements available on or through this document are the property of BlueCat Networks or its suppliers, and are protected by Canadian and international copyright, trademark, and other laws. Your use of this document does not transfer to you any ownership or other rights or its content. You acknowledge and understand that BlueCat Networks retains all rights not expressly granted.

Persons who receive this document agree that all information contained herein is exclusively the intellectual property of BlueCat Networks and will not reproduce, recreate, or other use material herein, unless you have received expressed written consent from BlueCat Networks.

Copyright © 2010, BlueCat Networks Inc. All rights reserved worldwide.

Publisher Information

Published in Canada — No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any human or computer language in any form or by any means without the express written permission of:

BlueCat Networks Inc.4101 Yonge Street, Suite 502Toronto, OntarioCanada M2P 1N6Attention: Product ManagerTelephone: 416-646-8400Fax: 416-225-4728E-mail: [email protected]: www.bluecatnetworks.com

This publication is provided as is without warranty of any kind, express or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.

All terms mentioned in this publication that are known to be trademarks or service marks are appropriately capitalized. BlueCat Networks cannot attest to the accuracy of this information. Use of a term in this publication should not be regarded as affecting the validity of any trademark or service mark. The trademarks, service marks and logos (the “Trademarks”) displayed are registered and unregistered Trademarks of BlueCat Networks, Inc. and others. Users are not permitted to use these Trademarks for any purpose without the prior written consent of BlueCat Networks or the third party owning the Trademark.

No Professional Advice

This document is for convenience and informational purposes only. This document is not intended to be a comprehensive or detailed statement concerning the matters addressed; advice or recommendations, whether scientific or engineering in nature or otherwise; or an offer to sell or buy any product or service. BlueCat Networks does not warrant or make any representations regarding the use, validity, accuracy, or reliability of, or the results of the use of, this website or any materials on this document or any website referenced herein. This document is intended solely for the use of the recipient. It does not institute a complete offering and is not to be reproduced or distributed to any other person.

ii | BlueCat Networks

IPAM Intelligence - All Roads Lead to Proteus™ | iii

Executive Summary BlueCat Networks is leading the market in 3rd generation IP Address Management and is defining it as IPAM Intelligence™. It explains in detail the urgency around moving from spreadsheets, homegrown, and legacy solutions to intelligent IPAM solutions.

The increasing numbers and types of network attached devices, the dwindling supply of available IP addresses, and the need for ‘always-on / always accessible’ corporate networks are driving requirements for sophisticated IPAM solutions. These solutions offer tools to monitor and control the IP address space, prevent address conflicts, reclaim and reallocate unused addresses, and predict address requirements, all in accordance with network governance policies. They are considerably more functional than the legacy IPAM solutions, spreadsheets and other ’homegrown’ systems that are commonplace today.

The features and functions that distinguish intelligent IPAM solutions from spreadsheets and other legacy products can be conveniently arranged in five value categories – the ‘Five Pillars of IPAM Intelligence’ : Management, Visibility, Integration, Continuity and Control.

iv | BlueCat Networks

Contents

Executive Summary �� iii

The Internet is Exploding �� 1

IPv6 Introduces New Complexity �� 2

Why Legacy Tools and Manual Processes No Longer Work �� 3

Limitations of Spreadsheets ��3

Homegrown Solutions ��3

Partial Visibility ��3

Inadequate Access Control ��3

Limited Automation ��3

Manual Processes Can’t Deliver Continuity ��3

The Introduction of Intelligent IPAM �� 4

Introducing The Five Pillars of IPAM Intelligence ��5

Management �� 6

Centralized DNS/DHCP Configuration ��6

Concurrent Management of IPv4 and IPv6 ��6

IP Address Tracking ��7

IP Modeling ��7

IP Reconciliation ��7

Workflow ��8

Self Provisioning ��8

Distributed Administration ��8

Multi-Core Architecture ��8

Asset Management ��9

Data Grouping ��9

Data Migration �� 10

Ease-of-Use �� 10

Integration �� 10

Support for Heterogeneous Environments �� 10

VoIP Implementations �� 11

Proteus API �� 12

Visibility �� 12

Real-Time Visibility into DNS and DHCP Services �� 12

IP Reconciliation �� 12

Mapping Devices �� 13

Audit Tracking �� 13

Monitoring �� 13

Logging and Reporting �� 14

Continuity �� 14

Data Integrity �� 14

High Availability �� 15

Data Restoration�� 15

Error and Data Checking �� 15

Appliance Level Redundancy �� 15

Service Level Failover and Load Balancing �� 15

Control �� 16

Delegated Access Control �� 16

Workflow �� 16

MAC Filtering �� 16

DHCP Class and Vendor Options �� 16

DNS Naming Policies �� 16

Audit Tracking �� 17

Authentication �� 17

Conclusion �� 17

IPAM Intelligence - All Roads Lead to Proteus™ | 1

The Internet is ExplodingIt is an IP Revolution.

Internet usage is exploding, as an ever-increasing number of endpoint devices require network connectivity. Some of the new technologies driving the growth in IP networking and the demand for IP addresses include:

▪ Voice-over IP (VoIP) handsets have existing IP address space. Many telephony systems have been converted to VoIP and these systems are expected to maintain the high availability associated with the traditional public switched telephone network (PSTN). Supporting IP services like DHCP and TFTP are critical if VoIP is to deliver the ‘dial-tone’ reliability users have come to expect from the PSTN.

▪ Mobile Computers and other wireless devices significantly increase IP address consumption and network monitoring challenges.

▪ Deployments of virtual machines scaled horizontally provide organizations with an optimal method for managing specific services and applications, yet increase the number of IP addresses in use.

▪ Radio Frequency Identification (RFID) tags hold the promise of tremendous efficiencies in enterprise supply chain management, improving inventory tracking and management. As cost of RFID tags continues to fall, they become economically viable for a wider range of lower cost goods. RFID systems ultimately connect to an IP backbone, significantly and consequently increasing consumption of IP addresses.

▪ IPv6 will introduce new complexities. Issues in transitioning from IPv4 to IPV6, and management of a dual stack of IPv4 and IPv6 addresses are two factors that will drive demand for IPAM.

As the size and complexity of the IP address space increases, planning, allocating and tracking IP addresses becomes increasingly difficult. In fact, IP address management (IPAM) is becoming a growing challenge for many organizations. Primitive IPAM solutions, which employ spreadsheets, homegrown solutions or legacy applications to manage IP addresses, simply do not offer the sophisticated features required to support modern organizations in their efforts to stay connected and avoid downtime.

COMPLEXITY

IP C

ON

SUM

PTIO

N

Wireless

Virtualization VoIP

RFID

IPv6Implementation

IP Addresses are consumed differently and the complexity deter-mines how they will drive the need for IPAM.

2 | BlueCat Networks

IPv6 Introduces New ComplexityWith the growing number of network-attached devices, we are exhausting our supply of IP addresses. With nearly 85% of addresses already in use, experts believe that if current trends continue, addresses will run out by 2011.1

Not surprisingly, governments around the world are mandating public and private sector organizations to adopt the IPv6 protocol in order to prevent IP address exhaustion. In 2005, the United States Office of Management Budget (OMB) issued Memorandum M-05-22 that stated: “by end of June 2008, the network core of all federal agencies will become IPv6 compliant.”2 The European Commission has also issued a statement indicating that all companies and public sector institutions in the European Union (EU) should be IPv6 compliant by 2010. The expectation is that 25% of all Internet activity in the EU will have migrated to IPv6 by that time.3

Over the next several years, organizations will need to focus on implementing IPv6 to take advantage of the latest applications and services, and remain competitive in the Internet landscape. The transition from IPv4 to IPV6 is yet another factor driving requirements for more capable IPAM solutions. The length of IPv6 addresses (eight fields of up to four hexadecimal digits) alone precludes spreadsheets and homegrown tools from being workable IPAM solutions in the future – there’s simply too much room for human error in the data entry process.

It is anticipated that initial transition from IPv4 to IPV6 will occur on the external IP space and then ripple inward to the private network space. It is also expected that many networks will remain a hybrid of IPv4 and IPv6 — some with very different architectures. While one can assume that most organizations will have similar structures for IPv4 and IPv6, there will be key differences. For example, IPv6 uses the Global Unicast addressing system that defines unique device addresses that are routable across the Internet. Global Unicast addressing is very different from Network Address Translation (NAT) designs implemented in most IPv4 networks, which use private, non-routable address spaces inside the organization with external endpoints using the public address space. Clearly these issues impose new demands on IPAM systems.

1OECD. (2008) Internet Address Space – Economic Considerations in the Management of IPv4 and the Deployment of IPv6. Retrieved June 3, 2008 from http://www.oecd.org/dataoecd/7/1/40605942.pdf2Executive Office of the President – Office of Management and Budget (2005) Memorandum for the Chief Information Officers. Retrieved June 3, 2008 from http://www.whitehouse.gov/omb/memoranda/fy2005/m05-22.pdf3EUROPA Press Release (2008) An unlimited source of Internet addresses to be on stream in Europe by 2010. Retrieved June 3, 2008 from http://europa.eu/rapid/pressReleasesAction.do?reference=IP/08/803&format=HTML&aged=0&language=EN&guiLanguage=en

IPv4 IPv6

AdoptionNetworkMixedIPv4 IPv6

With Adonis and Proteus your networks can support IPv6 both in parallel with and independently of IPv4.


Why Legacy Tools and Manual Processes No Longer WorkLegacy IPAM management tools and manual management processes simply do not meet the needs of organizations experiencing explosive growth in IP connected devices. This section highlights some of the deficiencies in legacy IPAM solutions.

Limitations of Spreadsheets

Within many small and medium-sized companies, network administrators track IP addresses using spreadsheets. Every time new addresses and networks are allocated or modified, an administrator manually updates the spreadsheet. Management practices based on spreadsheets are prone to human error in configuration. One conflicting IP address or assignment can disrupt network services. Spreadsheets used to monitor network IP usage have limited abilities to track large amounts of data in multi-user environments. They simply do not scale to meet enterprise requirements.

Homegrown Solutions

Recognizing the need for automation in some form, and to keep administrative efforts in check, many companies have developed in-house tools to allocate and track IP addresses. While these tools alleviate some of the administrative burden, they’re typically unsophisticated and do not address the breadth of enterprise requirements. For example, organizations need to monitor critical events and set up the corrective mechanisms to address them. Integration of event management into an in-house IPAM solution is clearly an ambitious undertaking.

Partial Visibility

Spreadsheets and homegrown solutions offer only limited visibility to the state of your network. These implementations usually fail to provide sufficient information to track and audit changes – ’who made the change’, ‘when did it happen’, and ‘from where it was made’. This creates frustration when configuration issues cause outages, particularly for those who have to figure out what was changed and when. The problem is exacerbated in multi-user environments where administrators’ visibility to changes is virtually zero (the lack of visibility in such environments is one of the reasons these systems typically do not scale).

Equally important for publicly traded companies and those in regulated industries are the emerging IT governance regulations included in Sarbanes Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA),

the Gramm-Leach-Bliley Act (GLBA) and other legislation. IPAM reporting and auditing features are necessary to demonstrate

compliance with regulations. These features allow administrators to state with confidence who had access to what IP addresses and when, and assess the consequences of such access.

Inadequate Access Control

Many IPAM services are manually configured through disparate management systems, command line methods, or simplistic server-centric tools. Often, these methods contain few if any measures to prevent or restrict access on a granular level.

The lack of granular access control limits change management to a select few (typically senior administrators), as there is no means to extend restricted functionality to less experienced users. Without access control comes the problem of too many administrators changing the same data concurrently. This configuration problem can cause service outages and business disruption. A granular approach to IP management allows for individual or group administrative access rights on a hierarchical basis, that establishes who can make changes, what can they change, who can approve such changes, and when such changes can take effect.

Limited Automation

An effective IPAM solution should provide automated means to create, deploy, track and reconcile IP addresses. Spreadsheets have no automation and homegrown systems have few if any automated functions. They offer little or no automation for creating and maintaining configurations for IP services.

Many solutions that address a single aspect of IPAM, such as DNS or DHCP, provide little insight into the overall management objective since the data is localized and isolated from the system at large. IPAM systems need to address how a DNS or DHCP allocation can be captured and processed correctly, not only from the service side but also from the management perspective. Organizations using spreadsheets to manage IP addresses lack the ability to update their data dynamically based on DDNS or DHCP lease events, and therefore do not get a real-time view of their network.

Manual Processes Can’t Deliver ContinuityAn outage in the IP services layer can cause many segments of a network to fail and force applications into a disconnected state. IP services configured manually are prone to human error and can be unreliable as a result. Some networks topologies do not separate IP services and DNS/DHCP services thus creating a larger case for failure since these systems have very different means for manage-ment and reliability.

Many business systems, like Active Directory®, will not function without the underlying IP services like DNS. It is important therefore to provide redundant and separate service layers to minimize the impact of a device failure.


The Introduction of Intelligent IPAMVendors began introducing second generation IPAM solutions over a decade ago. These software solutions were IP-oriented, but were complex and oftenincluded an expensive licensing model.

Today’s ‘always-on / always accessible’ network infrastructures are considerably larger and more complex than those of 10 years ago. They are expected to deliver quality of service that far outstrips decade-old requirements. Without question, IP address management is more challenging, and the need for more sophisticated IPAM tools and processes has emerged. Fortunately, we are witnessing a transition from second generation IPAM to intelligent solutions offering new capabilities required to meet modern day network administration requirements. These solutions offer leading-edge technology and innovative designs to dynamically manage IP addresses and their associated data.

The management of the IP address space now becomes dynamic in sharing network-described IP data, and reconciling this data with DNS/DHCP servers. Enabling DNS and DHCP tools to exist in tandem allows for a dynamic engagement of domains and IP addresses that defines, deploys, and tracks IP ranges and properties.

In summary, IPAM can best be described as an abstraction layer that models out domains and networks with the purpose of planning, tracking, and managing IP addresses and their associated data. This ecosystem can be defined as network objects and services including DNS and DHCP, devices, unique object identifiers, and user-defined identifiers that automatically integrates each other’s existence for data propagation, continuation, and network based data-source sharing.

An IP revolution is exactly what is going on in the network administration industry today. It is a revolution that enables IPAM to be a more effective, scalable tool for managing network growth without incurring additional head count. IP address management is not a new concept, but it has materially evolved. It came into the forefront over a decade ago, but is now going through a revolution by liberating network administrators to delegate with confidence— empowering other network administrators to make changes to the network infrastructure within pre-prescribed policies and guidelines based on access rights. Within this context, IPAM Intelligence gives birth to access rights, network event notification, reconciliation of IP addresses over the entire network, data restoration, IP auditing tools, and naming policies.

The demand for a sophisticated IPAM brings with it new requirements for management services, including:

▪ Workflow management4

▪ Granular policy administration;

▪ Automatic IP discovery and reconciliation;

▪ Monitoring of remote appliances;

▪ Restoration of any deleted data pertaining to domains, networks or IP addresses;

▪ Quick navigation functionality to view entire networks;

▪ Network event notification;

▪ Enforcement of corporate naming policies; and,

▪ Accurate modeling of network domains for the purpose of anticipating requirements for IP addresses

Intelligent IPAM solutions embody these features and functions and much more. They offer services to ensure high availability and continuity of network services, such as database backup and restoration, clustering with data replication and automatic failover, data checking, system monitoring, auditing and reporting.

4‘Workflow management’ allows senior administrators to delegate responsibilities to local administrators who are permitted to make changes to the network infrastructure within pre-prescribed guidelines based on access rights.

Proteus administration screen.


Introducing The Five Pillars of IPAM Intelligence

As organizations continue to consume IP addresses, they require more sophisticated IPAM solutions. The features and functions that distinguish intelligent IPAM solutions from legacy tools can be summarized in five categories – the ‘Five Pillars of IPAM Intelligence’:

▪ Management - streamlines the management of your IP infrastructure;

▪ Integration - leverages your existing network assets;

▪ Visibility - enables you to see and do more with your IP data;

▪ Continuity - ensures your IP infrastructure is always available; and,

▪ Control - allows you to control your IP address space and delegate control when required.

The five pillars provide a framework for evaluating your next generation IPAM system. With the growing volume complexity of IP addresses under management, organizations must implement IPAM solutions with comprehensive features in each pillar.

Summarized in the following table, the Five Pillars provide a framework for evaluating next generation IPAM solutions. The Pillars and their underlying features are the cornerstones of BlueCat’s Proteus IPAM appliance.

Centralized • DNS/DHCP

Concurrent •Management of IPv4 and IPv6

IP Address •Tracking

IP Modeling •

IP Reconciliation •

•

Self Provisioning •

Distributed •Administration

Multi-Core •Architecture

Asset •Management

Data Grouping •

Data Migration •

Ease of Use •

Real-time •visibility into DNS/DHCP Services

IP Reconciliation •

Mapping Devices •

Audit Tracking •

Monitoring •

Logging and •Reporting

Support for •Heterogeneous Environments

Windows •Management Agent

VoIP •Implementations

APIs •

Data Integrity •

High Availability •

Data Restoration •

Error and Data •Checking

Appliance Level •Redundancy

Service Level •Failover and Load Balancing

Delegated •Access Control

•

MAC Filtering •

DHCP Class and •Vendor Options

DNS Naming •Policies

Audit Tracking •

Authentication •

Management IntegrationVisibility Continuity Control


ManagementOne of the most important aspects of any IPAM system is its efficacy in managing your IP addresses, name space and DHCP services while reducing your total cost of ownership. The goal of every system should be to achieve centralized management with distributed services.

BlueCat Networks’ Proteus™ appliance achieves this goal through concurrent usage, distributed administration, restrictive roles and a web-based interface. Proteus’ multi-core design allows multiple administrators to manage similar or disparate parts of the network space from different points. For example, a user who is familiar with the name space can manage the IP portion via the DNS interface, where another user might want to manipulate DNS names from the IP side.

Within this multi-core design, deployment roles and options allow network administrators to model their IP and name space as an abstract system without confusing users with underlying deployment or configuration intricacies.

Centralized DNS/DHCP Configuration

Proteus provides a robust IPAM solution that centralizes all DNS/DHCP configurations, across multiple platforms within the organization, including Windows servers and BlueCat’s own Adonis appliances.

All changes made to DNS, DHCP or IP inventories are made through a web-based interface and then logged to Proteus’ powerful relational database. This provides advanced audit capabilities and gives administrators the ability to undo any network change at a moment’s notice.

Most DNS and DHCP systems make their changes immediately in the production environment. In the case of Microsoft, these changes might be replicated to other domain controller servers within minutes with Active Directory’s integrated DNS. These methods of management scale poorly and leave the organization with invalid data and pockets of the network without proper connectivity.

Proteus can schedule network configuration changes so that they can occur during maintenance windows rather than during normal business hours. The appliance provides a “staging” or “holding” area that allows senior administrators to review and approve configuration changes before they are deployed or rendered active.

Concurrent Management of IPv4 and IPv6

With Proteus, your networks can support IPv6 in parallel with and independently of IPv4. Proteus provides tracking for both IPv4 and IPv6 data for systems on the network, with the ability to tie both

DNSDHCP

DHCP DNSIP

Multiple users configuring DNS & DHCP services.


addresses together to a single entity in the system to provide a tracking mechanism for dual stacked clients.

Organizations can plan for the future and confidently deploy their IPv6 networks when needed, knowing that Proteus can take them to the next level.

IP Address Tracking

IPAM solutions are responsible for maintaining accurate data on IP inventories and their related allocations through DNS and DHCP. Organizations must have real-time data about IP address allocation by configuration, zone and subnet while also tracking host names, MAC addresses, port data and more. In large networks, resolving accessibility issues becomes increasingly challenging, especially when multiple locations are involved. At any time, your network administrator might need to access information of IP addresses in use, when they were assigned, what devices are consuming the address, and the network or subnet. Having this level of visibility greatly reduces network abuse, increases network management efficiency, and enhances network security.

Proteus’ purpose-built user interface, auditing and reporting tools lead the IPAM market in IP tracking technology, enabling network administrators to monitor all network configuration changes in real-time. With spreadsheets, network administrators simply cannot track IP allocation at this level of granularity, let alone keep up with the dynamic updates.

IP Modeling

Proteus allows administrators to model different IP address spaces within an organization, including IANA IP grants, as well as any and all private spaces. You can model your public, corporate, private and lab spaces with tools that track, partition, resize, move and split IP network space. In addition, Proteus network templates allow you to pre-design your networks according to your business requirements. You can create one or more network templates that include settings such as non-standard default gateway addresses, DHCP ranges, host record data, and DNS and DHCP deployment options. These templates save you from manually configuring hundreds or thousands of networks.

Proteus allows you to manage overlapping IP spaces through the creation of separate Proteus configurations. This powerful feature allows you to manage the IP spaces of separate entities without conflict or issue. For example, in the event of two companies merging, IT administrators can maintain separate conflicting IP infrastructures that can co-exist while the IP integration process is planned and deployed. For another example, consider an Internet Service Provider who manages 20 different customers. Each customer’s IP space can exist in its own Proteus configuration without interfering with others’ spaces. Another major benefit of Proteus’ configuration feature is that it allows system administrators

to plan and deploy to a parallel testing environment – which mimics a production environment – without interfering with production servers and IP addresses.

IP Reconciliation

With Proteus, administrators can reconcile modeled IP address information with the current state of their network. Reconciliation can be defined for a block of address space or on a specific network.

IP reconciliation uses automated, scheduled network discoveries to track actual IP usage on the network and reconcile this to the data within Proteus. This allows administrators to unearth reclaimable IP addresses (those no longer in use on the network) as well as discover addresses in use that have not been provisioned by Proteus.

The scheduling mechanisms allow for routine scans that can better determine the addresses in use, as well as ad-hoc scans when irregular network behavior is suspected. Best practices in IP reconciliation allows for the detection of:

▪ Reclaimable IP addresses – IP addresses no longer in use on the network but are still allocated in the IP database;

▪ Unknown IP addresses – IP addresses which exist on the network but are not authorized (e.g. a manager who attaches a wireless router to support extra staff ); and,

▪ Mismatched IP data – IP addresses which exist in both the IP database and on the network, but do not match, as in the case of new MAC addresses being used with old IP addresses due to a hardware refresh.

Proteus’ discovery module uses a non-invasive method to ‘walk the network’ using layer 2 information. This is achieved by processing SNMP information through the routers without using a flood of ping requests. The discovery process can detect routable networks, default gateways and port information.

Administrators typically define IP reconciliation policies that discover IP allocation information over several, periodic network sweeps. The discovered IP allocations are compared to the allocation state maintained in Proteus to identify addresses that are misaligned, which may indicate reclaimable IP space, unauthorized addresses or updated IP information.

The reconciled information can also indicate dynamic allocations that do not match their states inside the DHCP service. This can be used to identify a machine that might have hijacked a reserved address.

Since many networks have mobile users, the IP addresses reported during a single network discovery might not be an accurate representation of the network, which is why Proteus includes the ability for scheduled network discoveries on a periodic basis. This


allows Proteus to build a baseline of data overtime that will help the administrator to make a more educated decision in identifying and eliminating erroneous data.

Once the network has been discovered, administrators can determine what actions should be taken. Proteus does not automatically process discovered data since administrators should determine whether the information should be incorporated into the system or not. There are different types of resolutions available depending on how addresses were allocated and what information the network discovery yielded. For example, a static address will get processed differently from one allocated by DHCP.

Administrators can filter and sort data to focus on specific areas of interest. Once an administrator has chosen an action to reconcile, changes are made to the IP information and the audit trail is updated, as with all Proteus operations.

Workflow

Users typically work on many different parts of the IPAM infrastructure and usage patterns can be viewed based on the type of user. For example:

▪ Power users can focus on building or merging networks;

▪ Help desk staff can focus on adding DNS records to the external name space; and,

▪ Network engineers can focus on making changes to the DHCP settings on the network.

For many organizations, opening up access to all types of administrative users can cause potential issues. Not all administrators have the level of skill required to properly manage DNS and DHCP. Junior administrators can introduce configuration changes that can cause errors leading to a service outage.

Proteus facilitates delegation to any type of user through Workflow, which provides an approval mechanism for any configuration change made on the system. Both users and configuration objects can be made workflow-enabled. Any change made by a workflow user or to a workflow object must be approved by a senior administrator before being added to the system. This helps to safe guard the system against configuration mistakes by requiring changes to be approved before they are implemented into the system.

Self Provisioning

Proteus’ self-provisioning feature extends the capabilities of workflow. In many organizations, the majority of IP network administration goes into granting requests for new IP addresses, networks and DNS hosts. Proteus introduces a set of self-provisioning tools that can integrate with a web-based portal or with your existing change request tools.

These tools transfer simple network administration to the network users by empowering them to make their own IPAM requests. Such requests are automatically added to Proteus, with real-time notification to an administrator, who can then approve or deny the requests. By automating these arduous tasks, Proteus drastically reduces the time and effort spent managing the IPAM system and the IP space it controls.

Distributed Administration

To provide a centrally-managed environment for distributed administration, Proteus offers a web-based interface. This lightweight interface allows access to the Proteus system from any location, regardless of the administrators’ platforms [or underlying processing requirements].

Many other systems support rich clients, which work well for small numbers of administrators but create issues for concurrency and platform compatibility. They also require additional software to be installed on an administrator’s desktop. This restricts which system administrators can make changes, preventing them from making changes away from their desk or when out of office.

Proteus avoids this through its AJAX-enabled web interface that provides the benefits of a rich client without additional overhead and compatibility issues. Administrators can connect to Proteus systems with any standard web browser, without the need for additional software or plug-ins, and allowing them to connect from anywhere inside or out of the office.

Multi-Core Architecture

Proteus’ revolutionary multi-core architecture separates the distinct IPAM aspects yet unifies them so that they can be managed separately, or as one.

The multi-core architecture looks at leverage points between cores of data and establishes a relationship between them – creating an additional layer of information. These data cores can include MAC addresses, IP inventory, DNS / DHCP database information, devices and subnet allocation data stores.

Most second-generation IPAM products – even ones that claim to be third generation – are primarily IP focused. The limitation of an IP centric, single-core design is that there is not necessarily a direct correlation between IP addresses and DNS entries. As organizations embrace IPv6, a multi-core architecture becomes even more important since these relationships become more complicated. For example using the multi-core approach, the host DNS record can be linked simultaneously to both IPv4 and IPv6 addresses, thus expressing the correct and intended relationship. This differs from the single-core model where separate relationships are kept and there is no concept of a unified host record between the two address spaces.


A multi-core approach allows administrators to configure IPAM data in the core that they are the most familiar with. DNS administrators are able to configure DNS changes and automatically update the IP address space - as host records are created, the core responding IP addresses are reserved and marked in use. Similarly DHCP administrators are able to configure DHCP changes and automatically update the DNS and MAC spaces - as IP address are assigned or reserved, host names and MAC addresses can be automatically created and assigned. Any change to one core will automatically make the appropriate changes in any related core.

In addition to the relationship between the various cores, another important aspect of the multi-core design is its ability to map deployment roles and options onto various portions of the data. Deployment roles contain information about how an object should be deployed including the server and any additional parameters. Roles are inherited down throughout a core to eliminate the need of repeating and introducing inconsistencies from human error. For example, an administrator can create a set of deployment roles at the DNS view level and all sub-domains underneath will automatically inherit the roles. Some configurations will require additional parameters that might span several servers. For these situations, deployment options can accommodate deploymentspecific data for a particular object.

As with roles, child objects will inherit deployment options where applicable, and Proteus allows administrators to accomplish tasks that would be very mundane under a manually configured system. This is achieved by Proteus’ ability to determine the most optimal placement of configuration information during the deployment process. These additional layers of abstraction allow users to primarily focus on the data, while administrators can put the correct mechanisms in place so that deployment is as intended.

Asset Management

Proteus allows organizations to track the host name, MAC address and port for any IP address, as well as additional data around an asset. Data, such as serial numbers, departments, employee owner and other information, can prove invaluable to an organization when tracking assets, troubleshooting or locating systems. User Defined Fields provide unlimited opportunities for customizing your managed objects by allowing you to add fields to virtually anything Proteus manages. For example, by adding the appropriate user defined fields to the IP address object, you can track the IP address based on its serial number, physical location or VLAN. In this way, Proteus can track objects such as IP hosts in different ways, allowing you to categorize and filter objects to meet specific business goals.

Data Grouping

Most IPAM information is represented in a hierarchical structure and navigated through drill downs, tree interfaces or decomposition. Proteus’ multi-core design incorporates a method for identifying objects that can be traversed laterally rather than via the traditional drill down approach.

Proteus’ Object Tagging feature allows users to apply contextual labels to multiple objects to create a unique navigation pattern and grouping structure. For example, users might want to group network equipment by geographic location. Administrators can define the tag structure for geographic zones, and then define child tags that describe the desired structure. Users can then apply tags to an object to define the relationship that will allow them to traverse the objects outside the traditional parent-child model. For example, one can immediately display – “show me all the printers in NY building B on the 3rd floor”.

Data Migration

As you transition from spreadsheets or homegrown solutions to an Intelligent IPAM solution, you need tools to migrate data from the old system to the new, in a manner that is simple and error free. Without such tools, the volume of data and its relationships can make data migration an arduous task.

Proteus simplifies data migration by using a purpose-built import engine that migrates data from structured XML. This format can

IPv4

DNS

Host

Host

Host

IPv4

IPv6

IPv6

Single Core

Multi-core

Single Core vs. Multi-Core for representing a DNS host record with IPv4 and IPv6 addresses.


represent most data objects in Proteus and can be composed of several different modules to provide finegrained migration.

Ease-of-Use

Ease-of-use is one of the many features that differentiate BlueCat’s products from competitive offerings. With the benefit of customer feedback and the company’s own expertise, BlueCat’s products are designed to improve the user’s over-all IPAM experience.

Features such as next available address/network and event notification reduce the time and effort required to carry out daily tasks. Next available address/network allows administrators to easily allocate new addresses and provision new networks with the click of a button. No more searching through hundreds of networks and addresses to find available resources. Event notification helps to keep administrators aware of issues before they become problems. As events occur on Proteus, administrators are instantaneously notified via email or SNMP to ensure that issues are detected and corrected proactively.

IntegrationMany organizations embraced ’best of breed’ products in the late 1990s. Unfortunately, best of breed products did not necessarily integrate with one another. Today, enterprises need to leverage their current network investments and deliver IPAM capabilities across their existing infrastructures seamlessly. They need to centralize all dynamic DNS/DHCP services across multiple platforms within their organizations – this capability is integral to an intelligent IPAM solution.

A major drawback with spreadsheets and homegrown solutions is that they don’t provide visibility into dynamically allocated addresses. They are disparate from your IP allocation tools, such as DHCP. The problem is exacerbated as more and more services are standardizing on DHCP for IP allocation (almost every operating system enables DHCP out-of-the-box). Consider also that wireless networks and VoIP devices all utilize DHCP for address assignment. Without integration between your DHCP server and IPAM tool, you end up with only pieces of DNS and DHCP – none of which give you a complete picture of IP usage on your network.

Support for Heterogeneous Environments

An intelligent IPAM solution is able to manage IPAM services in heterogeneous environments. Many environments are mixed and need to be managed to meet organizational IT objectives. Proteus provides integrated solutions to manage both Windows DNS/DHCP services and BlueCat’s own Adonis DNS/DHCP appliances, providing the ability to manage a heterogeneous environment.

With the introduction of Active Directory in Windows® 2000, Microsoft introduced DNS as a critical component of its new directory platform. This sparked an ongoing point of contention

Microsoft Windows DNS/DHCP

Proteus IPAM Appliance

Adonis DNS/DHCP Appliance

Adonis DNS/DHCP Appliance in XHA

Proteus with mixed Adonis and Windows environments.


between the network services and domain layers with many split between BIND on UNIX or Microsoft DNS.

BlueCat Adonis DNS/DHCP appliance

The BlueCat family of Adonis DNS/DHCP appliances can be managed from the Proteus IPAM appliance to provide a robust, appliance-based replacement for UNIX or Windows-based DNS and DHCP services. Adonis appliances are available in a number of hardware configurations designed to meet a variety of organizational needs. The Adonis XMB™ platform provides robust, highly available DNS and DHCP services at the branch level, while the Adonis 1750R™ offers hardware redundancy for mission critical services. Adonis appliances can be distributed across your network and centrally managed by Proteus. They reflect dynamic changes in their environments, which are incorporated into the Proteus database in real-time.

Proteus Management Agent for Windows

The Proteus Management Agent for Windows (PMA) is used in environments where Microsoft DNS and/or DHCP require IPAM integration. Specifically designed for the Windows environment, this .net-based solution provides similar functionality for the managed services available on the Adonis appliances. This solution eliminates the need to replace existing hardware and services on Windows servers, while providing a management solution that is lacking in the current Windows DNS/DHCP interface.

Users can choose to run PMA in the short term, with the intent of transitioning their services onto appliances, or continue to invest in Microsoft’s DNS/DHCP solution.

As with the Adonis appliance, the Agent updates Proteus with the latest dynamic changes. Users familiar with the Microsoft DNS/DHCP environment recognize that all changes made through the Microsoft Management Console (MMC) interface are immediate, which can result in loss of connectivity if bad data is introduced. This process is rather unforgiving and in the case of DNS, changes can be cached for several hours. Proteus alleviates this issue by allowing deployments to be scheduled, thus allowing administrators to choose if and when changes go live. Once PMA is implemented, all changes to Microsoft DNS and DHCP services are handled by Proteus. MMC is no longer needed.

VoIP Implementations

With the recent introduction of VoIP, many organizations increased their IP address consumption significantly. A 200% to 300% rise in the number of managed IP addresses is not uncommon. These major increases were largely due to the fact that IP phones require two network addresses.

Administrators utilizing tools like spreadsheets or in-house

applications to manage IP addresses ran into scale problems during the early stages of VoIP rollout. Others who used IPAM tools licensed by IP address found themselves forced to increase their budgets so that the rollout could continue.

From an IPAM perspective, implementing VoIP involves three major components:

Specialized DHCP Options

Assigning IP addresses to handsets can be done statically, but dynamic assignment using DHCP is most often preferred. This requirement alone prompted many organizations to re-examine their existing DHCP infrastructures, as DHCP shifted from a normal network service to a critical infrastructure element. Voice applications require “dial tone” services and when an organization has hundreds or thousands of IP phones that can be powered on at the same time, high availability via both clustering and DHCP failover greatly reduces downtime. Proteus’ DHCP implementation allows for quick configuration of DHCP failover as well as scope splitting for Windows environments. In addition, Proteus’ user interface supports several options specifically introduced for DHCP and VoIP.

TFTP Image Files

Once a handset has an IP address, DHCP provides the boot file image name that will be used to initialize the handset. Using information provided in the DHCP options, the handset locates the TFTP server and downloads the specified boot image. Management of these files, including deployment, creation, and revision, is managed through the Proteus user interface. Using TFTP Deployment Roles, Proteus can determine which servers will contain TFTP repositories and will replicate the files as needed.

By centrally managing these services, and deploying to a distributed number of locations, it is simple for an administrator to make changes and roll them out to a number of TFTP servers simultaneously. In the event of a rollback scenario, the administrator can simply change the boot image file and redeploy without the need to make changes in multiple locations.

DNS Mapping To Support ENUM Protocol

Part of the VoIP rollout strategy is the DNS mapping to support the ENUM protocol. The E164 numbering system is the format used for most telephone numbers including country, area, and additional delegation codes.

This protocol uses DNS to map the E164 number using similar methods to those used in reverse DNS mapping of the IPv4 and IPv6 space. The information is represented in normal DNS zones, but since the numbers are stored in reverse dotted notation, it becomes very difficult for most administrators and users to


visualize.

Proteus has native support for modeling the ENUM space with delegation methods to handle country and area codes. The user interface also supports unified management of services, like SIP and email, for a given phone number. E164 numbers are presented in Proteus in normal reading order and are converted to the reverse format upon service deployment. This removes the difficulty in configuring ENUM while providing the necessary visibility.

Proteus API

To allow integration with 3rd party applications or to manipulate data programmatically, Proteus offers an open standards, SOAP-based API.

Since the API uses web services to encode XML information, the API is not limited to a single language, thus reducing dependence on a specific platform.

Included with the Proteus appliance, BlueCat offers Java® and Perl packages for the web service. These packages reduce the time required to write code and make the API fit tighter with the specific language. API sessions are tracked by the same audit trail and user management system, and can occur over secured or unsecured channels.

VisibilityWith dynamic DNS and DHCP data, real-time visibility into DNS and DHCP updates is an important part of IPAM intelligence. Spreadsheets provide visibility into static data; however, as more and more services are standardizing on DHCP for IP allocation, more and more DHCP addresses are being leased to a variety of different devices and spreadsheets just can’t track these dynamic updates.

Governance and compliance requirements also dictate visibility into administrative changes. To comply with industry-specific regulations, monitoring, reporting, and auditing features have become paramount.

Real-Time Visibility into DNS and DHCP Services

Proteus provides real-time visibility into IP allocation (via DHCP), host name usage (through DNS), hardware visibility through MAC address and network location through port mapping. A major drawback with spreadsheets and homegrown solutions is that they don’t provide visibility into dynamically allocated addresses—they are disparate from your IP and host allocation tools, such as DHCP and DNS.

IP Reconciliation

Proteus’ IP Reconciliation feature provides visibility into the network through the Network Discovery service, including the IP, MAC, host and port for each device on the network.

For an IPAM solution to be effective, it must be kept up-to-date with what is occurring on the actual network. While DNS and DHCP integration help maintain current information, static IP address management can be a time consuming affair. IP reconciliation uses automated, scheduled network discoveries to track actual IP usage on the network and reconcile this to the data within Proteus. This

DHCP Data DNS Data

Real-time centralized view into DNS & CP services.


allows administrators to unearth reclaimable IP addresses (those no longer in use on the network) as well as discover addresses in use that have not been permitted by Proteus. Using the IP Reconciliation feature, administrators are able to automatically reconcile the data within Proteus with the actual network to ensure the accuracy of all IP data. For more details, please see IP Reconciliation on page 7.

Mapping Devices

Proteus’ Devices feature allows you to map physical network devices to data within Proteus.

This feature allows network administrators to compartmentalize network objects by physical boundaries within their organization. This takes the logical data within Proteus and maps it to the physical devices on the network.

Audit Tracking

When many users work on similar or separate parts of any system, it is important to know who is changing what, when and where.

The auditing system inside Proteus runs deep within the product. In fact, the module that captures all changes is implemented inside the database. Changes cannot be made to the Proteus database without being recorded – even if users attempt to access the database directly. This information is tied to several key components in order to answer the questions who, when, where, and why.

Each time a user signs into Proteus, a user session is created which is tied to every database transaction that the user performs. The session includes information about the user, including his or her identity, authentication system and IP address used to sign into Proteus. Using this information, along with what data was changed and a user supplied comment, Proteus creates an audit trail entry that can be used by administrators to determine what information was changed.

During operation, Proteus processes dynamic updates, such as granted DHCP leases or dynamic DNS host registration, from Adonis appliances and Proteus Management Agents for Windows. These updates are recorded within the audit trail and available for administrators to browse. Information about what was changed is available on a system wide, per object, and per user basis.

Even if an object is part of a transaction involving other objects, it is still visible from the object’s perspective. The information tracked for auditing purposes can also be used to perform localized rollbacks when data is removed from the system.

Monitoring

Proteus provides the ability to monitor DNS and DHCP services both remotely and ‘on-box’. Remote monitoring provides a real-time, centralized perspective of performance and overall service availability across the entire network. It helps ensure operational efficiency by instantly notifying administrators of any change in the state of a service, such as an outage or capacity issue.

On-box monitoring provides administrators with real-time notification of state changes and service-level outages as they occur. Notifications occur via the user interface, email, and/or SNMP alerts. On-box monitoring, with its own service level Message Information Blocks (MIBs), provides a very granular view of DNS/ DHCP and operating system level services and statistics.

With Proteus, administrators can proactively monitor their entire IP space to identify trends or potential threats. It gives them the tools they need to ensure ultimate network performance.

User’s Session

User Name IP Address

Changed Data

Change Control Comment

Transaction

Composition of an Audit Trail entry.


Logging and Reporting

Proteus contains a centralized logging system that captures all transactions and system-generated events, including alerts and exceptional conditions. Specific services like the Data Checker and DHCP Alerter will post events that require an administrator’s attention.

All events generated within Proteus can be inspected and processed by an intelligent notification system, which uses rules to determine how and when to notify interested users or systems. The notification system can filter by source and/or severity and inform users via email or SNMP traps.

On-demand report generation is available through Proteus’ web-based management console. Reports come in a variety of formats including PDF, HTML, CSV, XLS and RTF. Proteus’ reporting system provides visibility into a variety of IPAM parameters, ranging from network and DHCP utilization to administrative changes. Administrators can customize reports to suit their needs by defining which parameters are required and how each parameter is sorted.

ContinuityContinuity of network services ensures your company is always able to conduct business. To shield businesses from costly network down time and service disruptions, intelligent IPAM solutions offer high availability features.

BlueCat’s IPAM solution separates critical services to help ensure business continuity. Configuration and network change data is stored on Proteus, while Windows® servers or Adonis appliances provide the DNS and DHCP services. Separation of services means that DNS, DHCP and IPAM services can run independently of one another. Should Proteus experience an outage, network operations would continue without incident.

Data Integrity

Clustering with Data Replication

Proteus appliances can be deployed in two-unit clusters, with data replication between the systems in the cluster. Administrators can access either system to make configuration changes and updates – any change made to one unit will automatically be copied to the other.

Data replication keeps both Proteus units synchronized and ensures either unit can substitute for the other. Should one Proteus unit fail, its partner unit can continue functioning for both, ensuring minimal network disruption.

Database Backups

Proteus has the ability to schedule backups of its configuration database. Backups can be stored locally and automatically off-loaded to remote servers for safekeeping. They ensure that organizations always have a working configuration that can easily be restored in the event of a system failure.

Replication

XHA

DHCP Failover

Proteus and Adonis continuity options.


Recovery

BlueCat’s Proteus and Adonis appliances include recovery mechanisms that return the systems to factory default configurations. In the event of a system failure, these recovery mechanisms quickly return systems to a known working condition, from which administrators can reload databases from backup or deploy other working configurations.

High Availability

Adonis appliances provide the ability to cluster pairs of systems in an activepassive state. Systems are connected through a heartbeat monitor that actively checks each system for configuration changes and errors. Configuration changes in one system are automatically replicated to the other, to ensure both remain synchronized. The heartbeat monitor also detects errors or problems in a unit and automatically initiates failover to the other unit. Clustering with automatic failover ensures customers do not experience a disruption of DNS/DHCP services in the event of a hardware or software error.

Data Restoration

With regular database backups and a ‘Recycle Bin’ that allows recovery of deleted items, administrators can restore all information on both small and large scales. Users have their own personal bins while administrators with proper privileges have access to all deleted items for any given object. The ability to undo changes reduces the risk of mis-configurations and disruptive system downtime.

Error and Data Checking

Proteus provides multiple levels of error and data checking to ensure data integrity within the system. Error checking provides the ability to check any entered data for syntax and logical errors at time of entry, removing the need for administrators to do this themselves.

Changes made to any system might be syntactically correct but not always wise from a logical perspective. The problem with these types of conditions is that they cannot be determined as the data is being entered but require external analysis by experienced users who know the pattern that they are looking for.

Based on a system developed for the Adonis appliance, which provides a holistic method for checking the consistency of the data from both syntactical and logical perspectives, Proteus performs additional logic for use in an asynchronous environment where multiple users might be involved in the creation of an issue.

Data Checker Service

The Data Checker service continuously checks the IPAM data for inconsistencies and logical issues that might result in a failed deployment of one or more IPAM services. The service also examines the configuration and compares it against best practices to indicate where settings might not be ideal. Once a concern is detected, it is automatically triaged to determine what type of impact it will have on the system. Issues that result in an erroneous condition are flagged and prevent deployment until resolved by user intervention.

Since data issues are often detected while administrators are offline, they trigger events which are then processed by the notification system to alert users. Issues found by the Data Checker can be viewed globally and locally on a per object basis.

Appliance Level Redundancy

BlueCat offers carrier grade appliances with redundant hard drives and power supplies and other hardware components. Should a single component fail, the appliance will continue to function.

Service Level Failover and Load Balancing

The DHCP failover protocol provides a method for two DHCP servers to communicate with each other. Failover provides both redundancy and load balancing without requiring the use of scope splitting. DHCP failover works by sharing one or more pools between two DHCP servers. In failover terminology, two servers running failover are known as failover peers.

Failover peers need not be located on the same subnet, which provides great flexibility when deploying DHCP servers. In fact, failover servers are commonly placed on opposite sides of a WAN link, providing distributed services with full redundancy.


ControlEnterprises require an IPAM platform that simplifies and centralizes the control of network services and resources, actively orchestrating user access control and delegation settings regardless of location.

Providing busy administrators the control to delegate access and change rights with multi-level granularity out to remote locations, this Proteus functionality allows them to keep an eye on everything from a central office while freeing their time to accomplish other tasks.

Delegated Access Control

Administrators typically have free reign over most systems, but unfettered access is not appropriate for less experienced users involved in network administration. Enterprise applications must allow for delegation of control while limiting access. Proteus provides administrators with the ability to assign access rights to specific users or groups of users. Access rights can be assigned system wide or on an object level basis. This allows administrators to mask specific sections of the Proteus system, or individual objects from specific users, or groups of users. Once authenticated, users can navigate the IPAM data and manage those portions of the system for which they have access rights.

Through access right overrides, administrators can set different access levels for child objects than for their parents. This provides simpler and more localized access for specific end-level users.

Workflow

An intelligent IPAM solution empowers lower level users to reduce demand on experienced staff with specialized skills. Delegation of control enables users to perform simple tasks, freeing senior administrators for more pressing issues.

Proteus applies workflow to a number of object operations to control delegation. Administrators delegate to a specific user or user group through access controls, but specify that any changes follow the workflow model. The process flows like this:

1. Following the workflow model, a user makes changes to IPAM data in a sandbox environment.

2. Each change generates a ‘request’ to an administrator to approve or reject the change.

3. Requests are visible to administrators and users who have full control over the objects. Changes are also visible to other users but appear as change requests.

4. When an administrator approves the change, all updates are realized and the system indicates that it was the approving administrator who issued the updates. Alternatively, if an administrator rejects the change, it will be discarded and any other associated changes will be reverted.

MAC Filtering

MAC Filtering limits the systems that can access specific DHCP pools. This feature ties into BlueCat’s MAC Pool capabilities that restrict DHCP access to a list of configurable MAC addresses. MAC Filtering can also explicitly deny MAC addresses from a global deny list.

DHCP Class and Vendor Options

DHCP Class and Vendor Options allow you to give out various DHCP options based on the type of system that is requesting an IP address. For example, you can create a DHCP Vendor Profile for VoIP devices that restricts what options VoIP phones can receive based on the type of VoIP device that is connecting.

DNS Naming Policies

Proteus’ new DNS Naming Policies feature allows organizations to enforce corporate naming policies within Proteus, as well as restrict what types of host names can be used. Most organizations have a corporate naming policy that indicates the type of device and location through the host name. For example, tor-rtr-005.bcn.

Toronto London NYCSystem Admin

Toronto NYC

London

Delegated access control across global installation.


com represents the 5th (005) router (rtr) in Toronto (tor). Proteus’ Naming Policies feature allows organizations to establish a pre-defined naming policy and associate it with a view or zone. The feature also restricts what host names can be used to prevent network administrators from configuring hosts or zones with vulgar phrases, trademarked terms or other undesirable words.

Audit Tracking

Proteus’ extensive audit trails provide control and complete visibility to all administrative changes, facilitate governance and help comply with government and industry regulations. For more details, please see Audit Tracking on page 23.

Authentication

Proteus provides its own identity manager and supports several alternative methods of authentication. The appliance can authenticate users against an organization’s existing Active Directory, LDAP, Kerberos or Radius services. Proteus also provides mechanisms to use secondary authentication services when the primary means is not available.

Administrators can configure Proteus to use secure connections for all operations or just for authentication purposes. All authentication attempts are logged with user name and IP location, and can be audited by an administrator.


ConclusionMost enterprises are expecting their network requirements to become more taxing in the upcoming year. As IP consumption explodes with the introduction of VoIP, virtualization, introduction of IPv6, wireless technology, RFID and increasing numbers of other devices demanding IP addresses, the requirement for IPAM Intelligence becomes not only urgent, but critical to the business. DNS/DHCP services have given birth to a new layer of network fabric identified as the IP address management space, which reconciles IP centric data with data existent in a network database. This fabric can best be described as an abstraction layer that models out domains and networks with the purpose of planning, tracking, and managing IP addresses and their associated data. This ecosystem can be defined as network objects and services including DNS and DHCP, devices, unique object identifiers, and user-defined identifiers that automatically integrates each other’s existence for data propagation, continuation, and network based data-source sharing. The need for IPAM will only be exasperated as the adoption of IPv6 becomes officially imminent.

As IPAM evolves from a simple marriage between DNS and DHCP services, its definition cannot be limited to simply the benefits derived from dynamically linking DNS and DHCP functionality together. IPAM transcends this marriage to include features and functions shaped by this new requirement in an age of dynamic IP address data.

The management of the entire IP address management space requires a greater sophistication due to a larger number of endpoint devices, users and applications which contribute a heavier demand for more IP addresses (leading to IP address exhaustion), and the eventual onset of new protocols like IPv6 that will transform the IP landscape. With this new paradigm shift in network architecture, a fresh inspection of the IP space is required to meet the needs of enterprises to effectively manage the data associated with IP addresses and DNS/DHCP servers.

As network administrators are constantly asked to do more with less, network issues including a lack of resources, a lack of automation, and an inaccurate inventory of deployed IP addresses become imminent challenges for those dealing with keeping the IT infrastructure always-on and always-accessible. Although IPAM is not fundamentally new, there is a revolution in managing IP addresses that has led to the creation of an intelligent IPAM appliance - Proteus from BlueCat Networks.

With Proteus, BlueCat has taken an innovative approach to defining IPAM from the customer’s perspective—starting with the data centric view of the IP address itself. BlueCat has designed and built an intelligent IPAM platform that provides the delicate balance between a strategic and pragmatic overview of the whole network. BlueCat is defining 3rd generation IPAM with network administration workflow efficiencies in mind so that IP address data can be dynamically shared and updated with DNS/DHCP

servers.

Choosing an IPAM solution is a mission critical decision.

By integrating Proteus with our Adonis DNS/DHCP appliances and Windows DNS/DHCP servers, we enable our customers to manage their networks with an exclusive competitive advantage—deriving greater efficiencies by using a commonly shared data source in managing the IP address management space.

©2010. BlueCat Networks, the BlueCat Networks logo, the Proteus logo, IPAM Appliance, the Adonis logo, Adonis are trademarks of BlueCat Networks, Inc. Microsoft, Windows, and Active Directory are registered trademarks of Microsoft Corporation. Any product photos shown are for reference only and are subject to change without notice. All other product and company names are trademarks or registered trademarks of their respective holders. Printed in Canada.

About BlueCat NetworksFounded in 2001, BlueCat Networks – the IPAM Intelligence Company is a leader in providing enterprise-class IP Address Management (IPAM) platforms and secure DNS/DHCP network appliances. BlueCat services an account base of over 1000 accounts with thousands of units sold worldwide. Our award-winning ProteusTM IPAM platforms and AdonisTM family of DNS/DHCP appliances has successfully garnered end-user acceptance by meeting the rising IP management demands of healthcare, government, financial services, education, retail, and manufacturing organizations.

BlueCat Networks, a worldwide market leader in IPAM innovation and thought leadership, is benchmarking IPAM excellence in the networking industry. BlueCat Networks experiences overwhelming marketplace acceptance of its networking solutions, resulting in high double digit growth, year over year, since the company’s inception.

BlueCat Networks is headquartered in Toronto, Ontario, Canada with offices in the United States, Europe and the Asia Pacific region. It sells networking appliances and services worldwide through direct and indirect sales channels in over 32 countries.

To Learn MoreFor more information on BlueCat Networks, and our award winning Proteus IPAM solutions, please visit our website at www.bluecatnetworks.com or call us at 1-866-895-6931.

US Offices:Reston, VA1818 Library StreetSuite 500Reston, VA20190Phone: +1.703.956.3551

Atlanta, GA1165 Sanctuary ParkwaySuite 260Alpharetta, GA 30009Phone: +1.770.777.2461Fax: +1.770.777.2464

www.bluecatnetworks.comNorth AmericanCorporate/R&DHeadquarters:502-4101 Yonge StreetToronto, ON M2P 1N6Phone: +1.416.646.8400Fax: +1.416.225.4728Toll Free: +1.866.895.6931

United KingdomBlueCat Networks EuropeMerlin HouseBrunel RoadTheale Berkshire RG7 4ABPhone: +44.118.902.6680Fax: +44.118.902.6401

GermanyBlueCat Networks (Zentraleuropa)Altrottstrasse 31D-69190 Walldorf, GermanyTelephone: +49.6227.38489.10Fax: +49.6227.38489.18

European Head Office:BlueCat Networks BVJohannes Verhulststraat 156A1071 NP AmsterdamThe NetherlandsTelephone: +31 20 754 64 85

Chicago, IL300 East 5th AvenueSuite 440Naperville, IL60563Phone: +1.630.946.6297

Philadelphia, PA1500 Market Street12th Floor / East TowerPhiladelphia, PA19102Phone: +1.215.246.3400

Los Angeles,CA4640 Campus DriveSuite 103Newport Beach, CA92660Phone: +1.949.260.8444

Asia Pacific Head Office1 Fullerton Road#02-01Singapore 049213Phone: +65 6832 5124Fax: +65 6408 3801

proteus - bluecat networks

Documents