SOLIDserver 7.3: Boosting Network Automation, Security and Control

Release 7.3 of SOLIDserver builds on the importance of the centralized IP Source of Truth data repository and open APIs to boost automation capabilities of DDI. With a focus on simplifying network management and easy ecosystem integration, the new functionalities introduced bring enhanced visibility over infrastructure resources and users, helping improve operational efficiency and control while strengthening security.

The main features introduced with Release 7.3 include the following:

1) Network Identity Manager for Enriched IT Automation

With Identity Manager, the EfficientIP DDI adds application USERS as a new facet. Events on user sessions, plus additional metadata, are collected in real-time through directory synchronization, and this information is linked to the IPAM to enrich its “IP source of truth” data. By providing a simple way to bring user information to SOLIDserver DDI, Identity Manager offers visibility for each user session – including the associated duration and device location – thus answering the questions: WHO is using the network, from WHERE and WHEN.

Microsoft Active Directory (AD) is included by default in the Identity Manager module. Unlike other DDI solutions, Identity Manager has the unique advantage of offering scalable AD-native integration with identity information being made visible to network teams and automation systems in near real-time. This significantly simplifies IT management, leading to operational time savings and strengthened network security.

Example usages of the Identity Manager functionality include:

• List users (from AD) and their AD properties directly in the DDI solution
• List user sessions, active and expired/closed
• Search active user session associated with an IP address (using global search)
• Use SOLIDserver alerting system to be informed based on listing filtered view

2) Multi-IPAM Sync for Shared Workloads

To help administrators and users of SOLIDserver get quick access to data through views, lists and global search, organizations require multiple DDI instances (geographic, organizational, security). This requires consolidated data to be made available at different locations.

Multi-IPAM Sync brings capability for multiple independent SOLIDserver DDI environments to share IPAM data through synchronization via API. Data from one IPAM can be copied to another IPAM, providing read capabilities. The benefits brought include:

• Central and global visibility
• IPAM responsibility zoning (business unit/region)
• Capability to distribute IPAM intensive workload amongst several SOLIDservers

A typical usage would be where central governance needs information concerning independent regions or business units, so requires a copy of each database (costing, billing, inventory, IP plan governance). Meta IPAM creates copies of all the information from each remote IPAM space and is able to perform operations on these.

3) DoH Listener to Enhance Data Privacy

DNS over HTTPS is gaining traction on modern applications using a browser as the client. This requires a specific front-end to the DNS service, to cipher traffic between the client and the first DNS resolver. DNS Guardian (and also DNS Blast) provides this in SOLIDserver Release 7.3, complementing the DNS over TLS solution previously introduced on the DNS engine. All existing security features are supported with these access methods, including user behavioral analysis, automatic countermeasures, client traffic blocking on specific conditions and filtering based on RPZ.

As well as catering to market requirements, DoH brings value in areas such as customer retention, in particular for telcos. In addition, the functionality helps strengthen protection for apps and services being accessed by remote workers.

4) Event Forwarder to Feed Valuable Information to Ecosystem

The Event Forwarding Engine allows any ecosystem environment to be automatically informed about changes performed in the SOLIDserver DDI solution – on all the IPAM objects, as well as DNS and DHCP services objects. The forwarder performs this using either a standard webhook mechanism based on a HTTP call to a normalized endpoint, or via an enterprise service bus.

Upon completion of actions in the SOLIDserver (by user or API), an event can be triggered that will convert this action into a call to an external service of the ecosystem. This provision of near real-time events feeds valuable information to multiple 3rd party players, including security, automation, cloud infrastructure and inventory systems.