Posts

Inglorious DDI

We all know how critical DHCP/DNS/IPAM (DDI) services are. Your network cannot function without them. But like most foundational elements of anything, they are certainly not glamorous...like good luck finding a home designer who specializes in home foundations. I would not be shocked should HGTV pass on my brilliant concept for a foundation building show. I suppose most people would find a show detailing footing depths and concrete pouring techniques rather boring.  Nevertheless, there are countless shows for redesigning and remodeling homes. On most episodes the foundation is out of sight, out of mind. If it's stable, no one wants to pay it attention, they just expect it to keep doing its job, supporting the structure. Once in a while a foundational issue is brought up that unexpectedly threatens to raise the budget to heighten the drama. All work stops until the issue is addressed. And you'll notice that the owner never denies paying the extra amount to fix the issue.

IPAM-As-Code

IP Address Management (IPAM) is often considered a necessary evil by most IT and Operations Engineers. Every time a new virtual instance in the cloud or on prem is instantiated, or an old fashioned server is deployed, both an IP address and DNS name need to be assigned...every time. Of course, the assigned IP address must be unique at least within a given routing domain, and the DNS name must be uniquely resolvable to enable users and other machines to connect with it. Beyond their respective uniqueness requirements, these core configuration elements must also be relevant to their respective deployment realms, such as subnet and DNS domain, so just any old assignment won't do. In addition, with the speed of today's business demanding a highly dynamic rate of change in creating, realigning or destroying virtual instances across a multi-cloud network, the assignment process must be always available and instantly responsive to not impede your business velocity. While assigning IP

DNS is to Devices as Google is to People

Thanks to search engines like google, locating articles, blogs, opinions, and even bona fide information on the Internet is as simple as posing a question in a web browser. Just type in your query then click on one of the search engine results to access the corresponding content. Of course, between the point when you click on a result and arrive at the linked page, the critical function of the domain name system (DNS) performs its crucial yet hidden role. Each search result displays text to the searcher representing content they can expect to find if they click on it. With the hypertext markup language (HTML), behind the text lies the corresponding uniform resource locator or URL. The URL is in the form of a web address that you might enter into your web browser, like www.google.com.  Names are helpful for humans using the Internet to identify desired destinations, but your laptop, mobile, watch, etc., generically "device," connects to your destination using the Internet Prot

Call me...on DNS

DNS has proven incredibly versatile and scalable in resolving email, web, and application services names to IP addresses across the global Internet for over three decades. And its versatility seems to have no limits as DNS can even be used to map telephone numbers into IP addresses too. The means to perform this mapping function is useful for voice applications, not to mention other generic applications requiring resolution with one or more layers of indirection. The ENUM (E.164 telephone number mapping) service has been defined to support telephone number resolution. ENUM supports the mapping of telephone numbers, in ITU E.164 format, into uniform resource identifiers (URIs). A URI is an Internet identifier consisting of a uniform resource name (URN) and a uniform resource locator (URL). A simple example: for URL http://www.ipamworldwide.com with URN file.txt, the corresponding URI would be http://www.ipamworldwide.com/file.txt.  The mapping of E.164 numbers (or other arbitrary domain

Is DHCPSEC a thing?

Dynamic Host Configuration Protocol (DHCP) and the Domain Name System (DNS) are both foundational IP network services, enabling devices to connect to networks (via automated DHCP address and parameter assignment) and to navigate networks (via DNS name-to-IP resolution). DNSSEC refers to DNS security extensions, which is an Internet standard for signing and validating digital signatures on DNS response data. This process requires the signature-validating resolver to possess a trusted key which validates the response data signature, and by so doing, authenticates the data as published by the domain administrator and affirms the integrity of the data as matching that which was published. A single trusted key can be used to validate the entire Internet name space, thanks to the DNSSEC "chain of trust" mirroring the immanent DNS domain hierarchy up to the root zone.  In the DHCP realm, there is no such hierarchy and a given mobile device could roam across multiple networks, each w

The Numerous Components of a Zero Trust Network

In the face of a rising tide of network infiltration attempts via increasingly diversified attack vectors, enterprises must constantly remain vigilant and proactive in managing system monitoring and attack detection solutions. Whether you realize it or not, IP address management (IPAM) plays a key role within your overall network security strategy. Core IPAM functions, including tracking IP inventory, allocating address space, monitoring network access through DHCP and discovery, and various DNS security tactics not only serve as requisite network functions but are critical to your network security strategy. As the sophistication of attacks continues to spiral, defensive strategies including IPAM must likewise evolve to keep pace if not outpace nefarious exploitation of network and system vulnerabilities. The concept of zero trust networks , originally posited by Forrester Research a decade ago, is rising in prominence as a fundamental network security approach within enterprises, acro

Introduction to the Industrial Internet of Things

The Internet of Things or "IoT" refers to the evolution of the Internet beyond connectivity and interaction among traditional user-operated devices like PCs, tablets, phones and similar types of devices into the realm of connectivity and interaction with non-user operated devices such as sensors, monitors and remotely controllable devices. Internet-enabling such “unmanned” devices allows them to autonomously report events, updates, status changes, or to perform remote actions commanded by users or other devices via the Internet. The popularity of home assistants, security systems, video doorbells, thermostats, door locks, etc. evinces the continuing expansion of IoT devices within residences.  IoT also boasts exceptional growth prospects for all types of industries such as utilities, energy, manufacturing, pharmaceuticals, educational institutions, municipalities, and others. This enterprise realm of IoT is referred to as the industrial IoT , or IIoT, where sensors, monitors,