Tools cure IP address-management headaches

IP address management tools aren't sexy, but they can certainly take the tedium out of the necessary and difficult task of tracking IP addresses and DNS names across an enterprise network.

A mistake in the configuration of the DNS or DHCP services can create catastrophic problems. The bigger your enterprise network is, the more IP addresses you have to maintain and typically, the more complex the DNS configuration.

IPAM products keep strict tabs on IP addresses, DNS names, MX records, aliases or any other standard DNS object attribute. An obvious extension to IPAM is the ability to push IP address information out to DNS and DHCP servers to make the information usable across the network. Some IPAM solutions completely take over the operation and configuration of DNS/DHCP services and some simply control cursory operational aspects of these services.

For this test, we considered IPAM to mean all the tasks surrounding maintaining a list of active and available IP addresses for each subnet of our test enterprise network, the data which characterizes the addresses (media access control addresses, DNS name, DNS aliases, MX records, dynamic vs static IP addresses), management of the services necessary to make the names and IP addresses usable on the network (dns and dhcp), and all access control and user roles for individuals who would need to use the system.

Yes, it’s a pretty tall order, but we generally found that while the products tested attack the problem from different angles, they all do a fairly decent job. The real differentiation in the four products we tested -- Alcatel-Lucent’s VitalQIP, BT DiamondIP’s IPControl, Bluecat Networks' Proteus and Adonis, and Crypton Computers’s EasyIP -- lies in how each approach lines up with how your network is built.

Bluecat's offerings are delivered as a set of appliances. There are basically two types – Proteus for IPAM and Adonis for DNS/DHCP services, both of which are driven via a Web interface. The Proteus 5000 IPAM appliance was capable of completely controlling the Adonis 1000 box and its standard set of Internet Systems Consortium (ISC)-based services software. The set of appliances is purchased outright with no recurring software licensing charges and is based on the number of managed IP addresses you have. Bluecat’s has a high starting price (the combination we tested runs more than $90,000) but depending on the number of IP addresses you need to manage, this combination may actually be less expensive than other options that the number of IP addresses exceeds 50,000. There is a recurring annual maintenance fee, but professional services that aid in the integration of the solution into your network are included in the purchase price.

Alcatel-Lucent’s VitalQIP is the longest running enterprise IPAM product on the market today and therefore has had more time to mature. VitalQIP – delivered as software that runs on a standard network server -- from an architectural perspective is infinitely scalable and has full control of all DNS and DHCP services from either Web client, a native client that runs on a desktop and a command line interface. VitalQIP developers wrote their own DNS and DHCP services. And while they say their code is based on ISC code, it is still a proprietary implementation of the service standards. The architecture is also a bit complex, but when you buy VitalQIP, professional services are bundled with the price.

BT DiamondIP takes a similar approach to Alcatel-Lucent’s architecture, but instead of writing their own services, they take standard open source services and wrap them with software so they can be controlled by IPControl. BT DiamondIP offers the product in the form of an appliance (which we tested) or as software that can run on your own server hardware, both of which are accessible via Web-based and command line interfaces. But while IPControl is architecturally similar to VitalQIP, it’s much less complex.

EasyIP is a completely different class of IPAM product. It is a software-only product that runs on a Windows server (NT, 2000 and 2003) that is also running IIS. There is an AJAX-based Web interface as well as a native console to drive the product. EasyIP has features to help the user import current IP and DNS information loaded into its database, manage the information in the database, and allow for simple export features for manually loading the information into a DNS server. This solution requires more manual intervention than the other products, but it is also less expensive. That said, EasyIP is more suited for smaller enterprise networks because it is focused on the most basic of IPAM problems.

Picking a winner from this group of products is difficult. Bluecat’s combination got the ultimate nod for our Clear Choice Award. But there was very little daylight between the winner and Alcatel-Lucents’s VitalQIP and BT DiamondIP’s IPControl, which came in at a virtual tie for second. The issues Bluecat excelled in addressing were ease of use, licensing flexibility and data import methods.