Virtualization Technology News and Information
Using DDI to Unlock the Full Potential of Your Cloud-Enabled Environment

By Chris Buijs, Field CTO, NS1

Enterprise application delivery environments are increasingly distributed and complex. There are new deployment surfaces to account for. There are new architectures to incorporate, including containers and microservices. Employees are using more connected devices for their work as the Internet of Things (IoT) explodes. And enterprises are trying to adjust to new operating models through DevOps and NetOps.

For organizations using multi-cloud, hybrid cloud, or distributed edge/cloud, the foundational network technologies of DNS/DHCP/IP address management (IPAM), known collectively as DDI, are more relevant than ever. These services are critical to provisioning and making cloud-based solutions, applications, and services available. To get the most out of your cloud architectures, it's important to first understand how this combination of technologies ties together and what to look for in a DDI solution, as well as how it integrates with the rest of your infrastructure.

It is quite common to leverage DDI for managing network services. This technology is important to the enablement, management, and enrichment of cloud usage to gain more control and insight, and it becomes even more relevant when using multi-cloud, hybrid cloud, or distributed edge/cloud.

IPAM can be leveraged to become a single source of truth for all IP address assets in network infrastructures. It is very logical to include cloud-based entities/assets as well, especially when there is a mix of multi, hybrid, and distributed-cloud and on-premise assets that need to be visible. Using IPAM as a "cloud registry" has many advantages. For instance, it enables the unification of the IP address and name space management and provisioning, provides the ability to distinguish workloads and entities in the cloud, and makes it possible to move them programmatically among clouds and sites. When IPAM is done right, you can tie network services in and provision-or even orchestrate them to "follow the workload"-and ensure that access to these workloads and entities is maintained in optimal form.

The DNS element of DDI can be used more programmatically to route traffic efficiently across distributed environments. Ingesting data about resources for use in routing decisions will enable greater agility and velocity of deployments as well as automate changes in the infrastructure. This can be especially beneficial for resilience because DNS can be used to route around problems in the network to ensure continuous uptime and performance. It can also be used to address other common concerns associated with cloud environments-like keeping costs in check. By dynamically routing traffic based on factors like cost metrics and usage requirements, organizations can successfully manage, or even reduce, cloud expenses in addition to improving end-user experiences.

Visibility becomes very relevant, as feedback from the cloud, DNS, DHCP, and other network services becomes current and can be relied on and used for many different purposes. For instance, this data can be used to make those services automated, to improve full-stack development and deployment, and to enrich monitoring.

Last but not least, DDI provides a good form of independence, especially when using multi-cloud and relying on a per-cloud provider solution to manage the IP address and name space. This would mean no unification and no feature equality, which can in some cases inhibit security or access. A good example of this is DNSSEC, which is a security protocol crucial for preventing man-in-the-middle DNS attacks. Independence ensures that DNSSEC can be enabled across multiple cloud providers. Another example of the benefits of independence is the ability to have an up-to-date repository that includes everything housed within your security policy requirements.

Despite the many benefits, it seems these network services are often overlooked, typically because they "come with the solution" and generally function as they are designed to. But out-of-the-box network services are often unable to be fully utilized when the infrastructure becomes more diverse as they are not designed to work outside of a single provider and across more complex environments. It can be difficult to maintain visibility over all assets and their usage. This requires a more centrally managed solution (hint: IPAM), which can be run in the cloud as well.

There is a general lack of knowledge about DNS, DHCP and IPAM, and even less when cloud is part of the equation. As a result, network teams fail to utilize DDI to its full potential-especially when the goal is to be independent of specific cloud vendors or infrastructure. But taking the time to seek education about these services can bring huge gains. Using IPAM as the single source of truth and tying it in with network services provides unification, oversight, and automation. Beyond that, it can play a crucial role in enabling new technology that comes with digital transformation efforts or even just in bringing down costs.


To learn more about cloud native technology innovation, join us at KubeCon + CloudNativeCon Europe 2021 - Virtual, which will take place from May 4-7.  


Chris Buijs Field CTO, NS1

Chris Buijs 

Evangelist, Network and Security specialist with 20+ years of focus on DDI (DNS, DHCP and IPAM) in various leadership roles and capacities at Vendors, Resellers and End-Customers. Rich background as lobbyist for various topics to create awareness on tech-forward topics (IPv6 and DNSSEC as prime examples). Instigator and Initiator in the support of making organizations turn into forward-thinking entities.
Published Wednesday, April 28, 2021 7:31 AM by David Marshall
Filed under: , ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2021>