Enterprises are growing more dispersed, borderless, developing, and deploying their applications at a faster rate that needs rapid and secure access to run the business smoothly. To achieve this, enterprises require a one-stop DDI solution that can drive their businesses efficiently through agile, secure, scalable, and reliable infrastructure management.
TCPWave has been rated as the number one choice by the Gartner research. The latest publication, which can be obtained as a complimentary copy from the TCPWave sales team, clearly shows how modern and agile frameworks used in the product development of TCPWave propels TCPWave into a territory of undisputed leadership.
The DDI solution provides enterprises with all the necessary tools to have centralized management that supports their ever-growing business requirements. The opted DDI solution must be secure, scalable, and resilient. An ideal DDI solution has the following abilities.
TCPWave's enterprise DDI platform helps you to move from traditional DDI solutions to modern DDI solution that can deliver the scalability, security, performance, and resilience required by modern infrastructure..
The primary advantage that the TCPWave provides is the ability to seamlessly manage the DDI infrastructure using REST API calls. The TCPWave IPAM is the only provider in today's DevOps community with 1400+ REST API calls. Other providers are based on legacy technologies such as Perl API or SOAP APIs. TCPWave proudly claims to be the only provider in the market today to integrate with numerous orchestration frameworks such as Terraform, VMware vRA, AWS Lambda, etc. using an SSL certificate as a method of authentication. The other providers use a plain text user name and password to authenticate with their dated APIs. The below figure illustrates a high-level feature set of the TCPWave DDI solution.
TCPWave goes above and beyond to ensure that the DDI migration is performed seamlessly with zero downtime to the enterprise's mission-critical DNS and DHCP infrastructure. Unlike other providers, TCPWave does not provide a one-size-fits-all approach for performing cutovers. After a series of meetings between the professional services team and the enterprise's DDI architects, a carefully designed migration plan is drafted.
Design changes such as proper placement of the DDI infrastructure, designing and implementing end-to-end monitoring solutions, capacity planning methodology, and config assurance tools are some of the aspects used in the migration planning. Numerous dry runs are performed in a development environment to ensure striking success when deployed in a production environment. Data cleanups, if needed are performed before the migration. The exception reports that provide a delta between the converted dataset to the original dataset are scrutinized. A dedicated Project Manager (PM) and a Technical Account Manager (TAM) are allocated. Weekly communication is scheduled to ensure that proper planning and implementation steps are undertaken before administering a cutover.
The post-migration follow-ups by the TAM ensure that the DDI infrastructure is operating seamlessly after a successful migration. The enterprise's NetOps and DevOps teams are then brought on-board to facilitate an integration using the automation frameworks. TCPWave also provides a training session to improve the operational efficiency of the deployment.
Microsoft's Active Directory is a directory service developed by Microsoft and used to store objects like the user, computer, printer, and network information. It is primarily used for authentication and resource management within an active directory domain. The AD infrastructure relies heavily on the DNS infrastructure. It is mandatory to have a one-to-one mapping between an AD forest name to a DNS domain name. The domain controllers self-register their DNS resource records. It is a common misconception that Microsoft's AD requires Microsoft's DNS. The TCPWave DDI management is engineering to seamlessly integrate with Microsoft Active Directory. It can manage large AD environments and it can also add stability by centralizing the DDI management. This whitepaper discusses the most common challenges in a large AD-integrated DNS environment and it also lists the advantages of the TCPWave engineered design that fully supports the integration with active directory.
It is common to see many enterprise-grade deployments utilizing Microsoft's in-built AD integrated DNS. These distributed deployments typically keep growing without following the best practices recommended by TCPWave. The failure to follow a common set of standards across a global infrastructure by a set of different individuals reporting to separate management chains is a reason why a large-scale AD deployment is complex to maintain. The configuration of multiple conditional forwarders makes it extremely difficult to maintain, manage, monitor, scale, and troubleshoot. It is also common to see various large scale AD integrated DNS deployments to have frequent DNS blackouts because of improper designs. As the number of forests and the trusts grow, the environment becomes fragile. The Active Directory trusts require DNS resolution to the root forest, child forests, and possibly some standalone forests depending on the deployment of the AD forests. The resources in one AD domain can be used by the users in another AD domain if the DNS resolution is functioning properly. When data centers move or when a new network topology is designed, a single DNS change in one forest for a re-IP of a set of domain controllers could cause a blackout in other forests if multiple de-centralized administrators do not conduct the change properly with proper co-ordination. Forwarders will stop to work, and delegations will become lame if all the distributed AD integrated DNS configurations are not updated accordingly.
TCPWave's DDI solution centralizes the DNS management in the enterprise. In the TCPWave managed DDI design, each domain controller will point to a cache-only TCPWave DDI appliance. The cache-only DNS appliances would fetch the DNS answers from the TCPWave authoritative DDI appliances. The TCPWave IPAM, running in a HA (High Availability) mode, will manage the authoritative and the cache DNS appliances. Each domain controller in each AD forest would update the authoritative DNS zone that is hosted on the TCPWave authoritative DDI remote. The TCPWave IPAM can configure an IP based ACL to accept the DNS updates from the domain controllers. Since a UDP based update controlled with an IP based ACL is subject to spoofing or hijacking, TCPWave goes one step further and secures the DNS update using GSS-TSIG. GSS-API algorithm uses Kerberos for passing security tokens to provide authentication, integrity, and confidentiality. The web interface of the TCPWave IPAM provides a simplified method to manage the Kerberos configurations, Service Principal Names (SPN), secure DNS update policies, TSIG keys, etc. across all the AD-enabled DNS zones. The TCPWave design provides a seamless AD integration with auditing, reporting, disaster recovery, monitoring, role-based access control, and many more features.
TCPWave has the experience and the global reach, to help you efficiently deploy your network when growing, upgrading, or changing network elements.
Legacy DDI providers that were designed in the late 90s or the early 2000s cannot keep up with today's demanding needs of the DevOps and CloudOps communities. The stringent information security standards of the enterprises require proper segregation of duties, role-based access controls, and the use of SSL certificates for all API communication. The outdated systems that use weak ciphers in their encryption algorithms cannot be used in today's automation frameworks. A centralized management model with linear scalability delivered to the global data centers is a critical decision-making factor. Open-source systems, native ISC's BIND/DHCP, Microsoft's DNS/DHCP, and excel spreadsheets are things of the past since they cannot cater to the needs of automation. Customers are advised to carefully evaluate the pros and cons of the available DDI management choices, the information security recommendations, capital expenditures (CAPEX) and operating expenses (OPEX), the quality of professional services, design oversights of the current implementation, etc and make a business decision that best suits the franchise critical DDI framework of your enterprise.