The network infrastructure – in our homes, our work, wired and wireless – that we all increasingly rely upon to carry out our personal and professional lives, is based upon the individual devices we use – routers, laptops, tablets, printers, IP phones etc. – each having its own legal and unique address to which communications can be reliably directed.
Our IT networks are founded on a protocol known as Transmission Control Protocol/Internet Protocol or for short, TCP/IP. Any device connected to a network must have its own unique IP address and were an address to be duplicated the resulting address conflict would cause problems, and even a substantial network outage.
This is a really basic understanding for every network and IT technician, but the problem is this; while of itself not difficult to manage, the scale – the sheer number of addresses on even the smallest network – makes it unwieldy, and this alone can introduce unacceptable overheads – for which read cost – and avoidable risk to the day-to-day operation of the network.
For many years, innovative IT professionals have worked tirelessly, unnoticed and without thanks to impose some order around this situation. Spread sheets and scripting have been extensively used to help, and it must be said, with a degree of success.
Spread sheets have been used to record large and growing volumes of data about devices and their addresses, and scripting (a programming language used to control how individual devices or applications operate) to enforce rules, and policy upon network attached devices, such as routers.
A number of things are bearing down on this apparently tranquil workaday routine and with them arrives two unwelcome forces; increasing, possibly invisible, and definitely unmanaged cost, and a substantial and hidden increase in the risk to the network and the business of the organisation that it supports.
A conspiracy of change
How employees interact with their employers IT infrastructure is being strongly influenced by what they do with IT in their personal lives; on-line banking, family research, networked homes, smartphones and computing tablets all form expectations, and this is referred to as the ‘consumerisation’ of IT.
Then there is the fact that more and more devices are becoming IP enabled, for which read, requiring an IP address, and the magnitude of the task changes again. So many devices are becoming IP enabled that the current IP addressing scheme, known as IPv4, has nearly used all of its available addresses, and it is being progressively replaced by IPv6, which at 128-bits of address space, is significantly larger than IPv4, at 32-bits.
For the CFO and other members of the board, that’s about as technical as it gets; so let’s talk numbers. The spread sheet used to map IP addresses is only as accurate, or should that be as inaccurate, as its last entry.
It relies on manual updates and when the choice is configuring a router change to support a new marketing initiative, or recording static data, it’s clear where the pressure will drive the IT technician. When this entirely undependable record is updated – it’s still out of date – there has been some cost incurred. This cost however is trivial when compared to the out of control expenses associated with scripting.
Every network will have scripts (the most modest of networks could utilise hundreds) and depending on their objective, they can be classified in a range from simple to complex. A simple script could take up to one man day to write, test and deploy, whereas for something not uncommonly complex, this cycle could be measured in months.
It doesn’t stop here. The profusion of scripts is unmanaged and once again drawing our attention to this well-intended amateurism, any script can become a time-bomb. A change to one line of code could have unintended consequences, or even cause paralysis, because the author of that script no longer works for the organisation, and the code has not been adequately commented.
While transition to IPv6 has been cautiously slow, transit you must. It is not just the more generous range of addresses that drives this need. IPv6 offers a wide range of new options; the mandatory use of the protocol suite IPSec offers a significant improvement in data security by adding encryption and this should not be overlooked.
Diseconomy of scale
Business professionals are always looking for the savings bought about through scale of economy, but they will not find then when it comes to IP address management, also known as IPAM. Because more addresses will create the need for more scripts, not to mention the escalating risk bought about by the radical growth in complexity, the per-address management cost increases. One estimate has suggested that the annual cost of managing each IP address grows from $7.46 where there are less than one-thousand IP addresses, to $9.86 with ten-thousand addresses under management.
Automation with rapid ROI
Spending now to save in the future will trigger a CFOs alarm bells, but there are valid exceptions. Market analyst Gartner has been saying since 2009 that there is a strong emerging market of IPAM suppliers and the selection of one of the more advanced suppliers could help to improve other critical areas of network management, including DNS and Network Change management.
An automated IPAM solution could create scripts in real time instead of 30 days and provide network managers immediately with real time alerts that foretell of potential problems. Depending on the specific economics, the solution could pay for itself in 6 to 9 months.
Choosing the right level of automation will need to take account of the specific aspects of each network, but IPv6 transition and IPAM automation, are as interdependent as oxygen and water are to our own survival. With a collegiate approach, senior managers, and the IT team can collaborate in ways that can only strengthen the organisation and the individuals.