SOLIDserver API & Webhook for IT automationIT Automation and Ecosystem Integration

The SOLIDserver DDI solution (DNS-DHCP-IPAM) brings capability to automate internal function between the IPAM repository and services functions like DNS and DHCP. IT systems today require extra interconnection between components in order to provision new services and environments in a reproducible manner. Infrastructure components are mandatory for supporting applications and are expected to be available and scalable. Interfacing SOLIDserver to orchestration or automation systems provides IT the foundation of IP networking from addressing to global load balancing. The full SOLIDserver API stack enables linking with the whole infrastructure and application management ecosystem.

Open Architecture for DDI Integration

SOLIDserver’s internal engine is based on a standard service oriented architecture allowing full decoupling of any atomic actions. All actions are exposed at various levels of the engine allowing easy automation, user interaction and API management. Even if all configuration actions can be performed from the web interface, automation requires a more simple and easy to manipulate interface.

SOLIDserver proposes both SOAP API and REST API interfaces to allow integration with most engines and development languages. SOAP interface is fully described through either a global WSDL description format or purpose built one through the web interface. The REST API is more used nowadays than SOAP on open integration, all services are also available through REST calls.

SOLIDserver API Key Benefits

Complete DDI Functions Access

REST and SOAP API access to the complete set of DDI functions to cover any integration need

Advanced Integration Plugins

API can be accessed directly in your programming language or through more advanced plugin solutions like Python or Terraform

Powerful Metadata Manipulation

Exposure of all class parameters and custom database through API calls

Enhanced Powerful Search and Filtering

API efficiency on large DDI databases with easy filtering and controlled searching capabilities

Strengthened API Access Security

Rich rights management and Role-Based Access Control (RBAC) applied to API calls for controlled exposition level

Proposed Plugins

The purpose of API is to bring feature access through openness. The service functions are published with arguments and returns format. Some development or tool parameterization is then required in order to correctly orchestrate various calls depending on the automation process required. For easing API usage, we propose some integration framework or plugins in open source projects.

Python development language
Ruby development language
Terraform as a specific provider
Ansible base encapsulation
ServiceNow activity pack

API Service Design

All services allowing interaction with SOLIDserver are available by product and object. The services are then associated with a verb key describing the action that will be executed. The key services are mapped to the CRUD model and cover add, count, list, info and delete actions.

The list of object functions per service is presented on the following tree map and is evolving with each release of the SOLIDserver solution.

IPAM: space, network (v4/v6), pool (v4/v6), address (v4/v6), alias (v4/v6)
DHCP: server (v4/v6), scope (v4/v6), group (v4/v6), shared network (v4), range (v4/v6), lease (v4/v6), static (v4/v6), option (v4/v6), ACL (v4), failover channel (v4)
DNS: server, view, zone, resource record, ACL, TSIG key
Application: application, pool, node
DNS Guardian: policy
NetChange: network device, route (v4/v6), VLan, port, address (v4/v6), discovered items

Workflow: request
Cloud Observer: folders, instances, interfaces
Network Object Manager: folders, network object, interfaces
VLan Manager: domain, range, VLan
VRF: VRF, route target
Identity Manager: directory, identity, session
SPX & RIPE management
Administration: service, user group, user, custom database

ws-SOLIDserver API for IT-Swagger-2020-06-02-154006

OpenAPI compatibility

Integration into an ecosystem requires development. This one is easy whenever the APIs are available and even more when available in a standard format. This is why the SOLIDserver APIs are proposed also in an OpenAPI format to ease integration. From the specifications any developer can use its favorite solution, from Postman or Swagger to any integrated one in its IDE.

Object Tagging with Metadata

Most of the API functions that manipulate DDI objects can use advanced class parameters in order to associate specific metadata to the object. This bridges the gap between automated functions performed in orchestration systems and the user interface on which operators will perform specific administration action. It can also help other usages such as conformity checks, security controls, auditing or costing and invoicing. Any metadata can be used as a search key in searching and listing operations, easing the link between objects in the real world and the IPAM, and simplifying the development of automation. The very powerful inheritance feature takes the metadata set to a higher level, with the ability to propagate down the object hierarchy, supercharge the value or even stop the propagation. Since the IPAM contains the IP golden records, adding actionable metadata by making use of the API is really important and easy with the API.

Advanced Filtering and Searching

For any API call related to counting objects or listing objects in any repository, a very advanced filtering capability is offered. Similar to SQL clause you can optimize any query with filter parameters on the rows being retrieved from the repository and also on the parameters returned from the query. In addition, the information retrieved can be sorted for simplifying analysis by the client.

Access Security

In order to secure the operation performed through the API, all calls should be authenticated. In the administration panel it is possible to create a specific account with appropriate access rights to each application that will perform API calls. Authorization can be a basic segregation between read and write, or more evolved with specific rights on each module and actions.

API calls are performed through a standard TLS security channel. A digital certificate can be checked at connection level in order to identify the SOLIDserver on which the action will be performed. Any action performed through the API is tracked for auditability at the user level.

More advanced protection and features can be performed with the addition of an API management platform, including user certificate validation, rate limiting, tracking at the protocol level or API token authentication.

Event Forwarding & Webhooks

The IPAM is considered as the IP Source of Truth, it can be managed through API but also through manual actions directly in the graphical management interface. To inform the IT ecosystem of any change to start an automation process, SOLIDserver pushes qualified events to it.

Using either: a) a standard webhook mechanism based on HTTP call to a normalized endpoint, or b) an enterprise service bus, the event forwarding engine allows to automatically inform any ecosystem environment. All user-performed actions can be considered as triggers and used to dynamically push the notification outside the SOLIDserver. By using a rich filtering feature, it’s possible to send specific events to other applications – for example to inform a firewall solution about the creation of a new network, or to inform a SIEM application about any deletion in the IPAM.

Event forwarding allows automation with minimal coding, and eases ecosystem usage of the DDI rich data set with automatic notification of json, plain text or xml contents.