The IPAM is far more than just a repository of IP addresses and subnets. To cope with a wide variety of networking environments, it becomes interesting to store and manage additional objects such as VLANs for example. In order to achieve true visibility between users and their applications, which is by essence what IT is all about, it’s necessary to be able to manage both the applications and the users. Since release 7.3, the EfficientIP SOLIDserver solution brings IT user information directly to the heart of the IPAM with the Identity Manager module.
The main idea behind the management of identities is to expand the visibility of the IPAM with enriched information attached to each IP address. While knowing that an IP address is attributed to a specific MAC address through the DHCP process can be interesting, having information about which user is currently authenticated on this device is even more valuable. SOLIDserver Identity Manager is such a container of information, able to link an IP address to a user through a network or application session, generally established from a device with an IP address.
Native integration with Microsoft Active Directory
The first directory proposed in the Identity Manager is Microsoft Active Directory. Most organizations use this system today to manage their users, groups, and credentials. They automatically get access to this new data facet in their favorite IPAM by connecting the Microsoft Domain Controllers to the SOLIDserver. Doing that directly brings the new data into their DDI solution, opening up many exciting new use cases. This integration requires neither any complex manipulation in the Active Directory database nor specific access rights in the Microsoft domain which ease deployment.
Internal DDI automation and external access of information with reference to identity are immediately made possible, like a simple search directly on the web interface. A global search can look for identities and their respective IP address allocation, while the identities associated with any IP address can also be retrieved.
In addition, the Active Directory user list can be synchronized directly in the Identity panel of Identity Manager in order to get additional information (parameters) including email address, phone number, or the real name. This is optional and configurable with regard to exposed data and corporate policies. When made available to the DDI managers, this information can ease operations and simplify finding how to contact specific users. A good example would be finding the user associated with an IP address triggered by the DNS Guardian security engine in order to quickly start remediation and forensic analysis of his device.
Ease troubleshooting and forensic analysis
Just like any other objects in the SOLIDserver DDI solution, the information related to identities is available to any external automation process through the API. This gives a new way to enrich incident tickets of your AIOps system, with more information linked to an IP address for example, as well as allowing specific analytics studies where an IP address can be linked to a user, a DNS record, a DHCP lease and a device (from Device Manager).
By extending the ontology of its IPAM, EfficientIP brings new automation and use cases to its DDI solution for all organizations with Microsoft Active Directory already in place. Identity Manager is part of the standard DDI license, so you can give it a try right now!
The Identity Manager solution provides visibility on who is using the network and from where, by collecting real-time events on user sessions and additional metadata.LEARN MORE