Keeping Control Over Azure With Cloud IPAM Sync

Nowadays, hybrid clouds are ubiquitous. Companies have their resources spread across on-premise, private clouds and public clouds such as AWS and Azure. For managing these cloud infrastructures, the main options are to use the tools from the cloud provider, develop home-grown solutions, or to take advantage of a Cloud Management Platform (CMP). Unfortunately, potential outcomes of these solutions include siloed management, limited visibility of resources, or having to manage multiple separate repositories. The SOLIDserver Cloud IPAM Sync feature helps overcome these challenges thanks to its central repository, offering visibility, unified management and hence control across the entire infrastructure.

The current trend in development is to split applications into multiple modules, sometimes called micro services, to make them easier to test, refactor and scale. This increases the overall availability of the application and also eases its maintenance. But not all applications are using such advanced patterns, and tiered approaches (front-middle-back) are still very common. For such application architecture, using servers rather than function-as-a-service and containers is straightforward, therefore corporations are still using virtual machines in private cloud and servers in IAAS cloud offers. For workloads running on servers, the cloud providers have robust and easy to manage solutions with predictable costs, simplified management and an almost unlimited amount of elasticity.

Visibility is key for management

But using multiple hosting providers for application workloads does not ease administration, operations or troubleshooting. It is a real challenge to maintain coherence between all infrastructure components located in multiple datacenters, cloud providers and IAAS solutions. When everything was hosted in a single big datacenter using a single VMware cluster it was more simple to manage, despite being distant from most I&O teams. However, we know that visibility is key for infrastructure management, so I&Os teams require a central trusted repository which is accurate and up-to-date, wherever the workloads are running. This repository is extremely useful not only for simple management activities, but also for automated network tasks and for handling more advanced requirements from business teams, such as auditing or security orchestration.

The Cloud IPAM Sync module for SOLIDserver is here to help ensure I&O teams continue to have complete visibility over distributed computing architectures located in Amazon AWS and Microsoft Azure. In the case of Azure, the module keeps the IPAM synchronized with the cloud network infrastructure, more precisely concerning:

  • Resource groups with spaces
  • Virtual networks within resource group with blocks and non terminal networks
  • Subnets within virtual networks with terminal networks
  • Connected device interfaces with IP addresses in subnets

Accurate central repository thanks to ongoing synchronization

Synchronization is an ongoing process that browses the Azure resources within a tenant in order to find new ones that will be created in the IPAM, old ones that will be suppressed and still present ones that will eventually be updated. Any network automation linked to creation or destruction of a subnet object or an IP address will be automatically triggered during the synchronization process. This enables pushing of the information to other systems such as billing, accounting, security or auditing. It also avoids tier systems performing their own discovery of resources inside multiple cloud environments and makes them use the IPAM as the central repository of information, the single source of network truth. Getting access to cloud inventory requires credentials, so centralizing the usage of these credentials is also of interest from a security standpoint.

The example of a cost control system requiring accurate knowledge of the number of resources in a cloud is a really obvious use case, based on the importance in these “pay-as-you-go” solutions of controlling resources which have been started but are not being used. Since the IPAM has a wide view of all the resources currently running in various tenants, a very simple business analytics dashboard can be developed to follow the evolution of running resources. This can then be correlated to the provider’s overall billing system. Interest for that is huge, when knowing that almost 40% of servers in the cloud are not used in production (instead being used mainly for QA, test, qualification or pre-production) and most of them are only used during working hours, so for around 50 hours a week out of a potential of 168 hours.

Extend discovery to multi-cloud, include apps and devices

SOLIDserver is already a great solution for internal cloud resource inventory and network automation. The Cloud IPAM Sync module enhances the discovery process beyond internal datacenter boundaries. As the “golden records” repository, the IPAM needs to be considered the central and unique source of truth for any IP-related information. EfficientIP’s SOLIDserver has pushed the concept up to the cloud and also to include more evolved objects like applications and devices. The link between all these objects serves the overall objective of helping users to get access to their applications in a secured and dynamic manner, not just for consuming cloud resources.

Cloud IPAM Sync for Azure

If you have servers/workloads spread across multiple clouds like Microsoft Azure, they can be complex to control. Discover how to improve global visibility over cloud resources + keep your IP repository constantly up to date.

Posted in:
29 June 2020 Nowadays, hybrid clouds are ubiquitous. Companies have their resources spread across on-premise, pri...