The first step toward simplifying operations in multi cloud architectures is knowing where and what your assets are.
Mar 16th, 2023
What are two things that are assigned to every single device on your network? The answer is an IP address (at least one) and a DNS name. Why is this important? Because if you’re already using DNS and IP address management for every single device on your network, doesn’t it make sense to track other information about those devices in the same place?
Asset Management has gone beyond taking a simple inventory of physical assets you have on-premises for budgetary reasons. Asset management is now the single source of truth for building reliable and consistent networks, ensuring every device is secure and automating lifecycle workflows consistently.
With proper asset management, you can be more confident in your network information, but also bring new services to market quickly, and reduce the risk of outages due to accidental errors or malicious attacks.
Asset Management for Security
Security experts talk a lot about the attack surface area of our networks as they grow in complexity and scale. We have not only physical but digital assets which need to be protected, and these assets need to be protected in multiple layers. If we pull this back, though, the root is that there’s often not a trusted single source of truth that tells us about every single asset, its location, who owns it, when it was created, etc. We have to depend on device discovery in multiple security tools which may not be finding everything on our networks. If we can’t see something, then we can’t secure it.
[For more information on Cloud Asset Management and security, here’s a podcast: https://www.cloudbytes.cloud/episode/s3-asset-management/]
100% of those assets have an IP address, though, and therefore should be managed by an IPAM tool. Using an IPAM tool that provides centralized visibility of all your assets, no matter where they live is essential to the visibility required of trusted security.
Taking this a step further, using a tool that can require custom processes in order to track whether or not each asset has been secured will give you another level of confidence. Seeing that information easily without having to run reports is even better. Below you’ll see a screenshot of one way to do this, by creating a custom property in Micetro and then creating a Smart Folder which lists all objects that have “No” populated in the “Secured” property.
Asset Management for Prevention and Troubleshooting
At the root of troubleshooting issues is also this idea of using asset management more effectively. It’s not just about having good documentation, because if it were, everyone would do it. It’s about creating a system where human error or forgetfulness is not going to cause an outage or impede us from fixing one.
We simply can’t blame the intern or the early-in-career admin because we know better now. We know that the issue is with the processes and the system itself if an intern is able to bring the network down. The saying is that an ounce of prevention is worth a pound of cure. By building in required processes, including identity and project tracking information, we can build trustworthy sources of truth which lead to faster troubleshooting and in some cases prevent issues, to begin with.
Asset Management for Automation
In the same way that if we can’t see something we can’t secure, we also can’t do anything with something we can’t see. There’s no way to trigger an event response when an issue happens to an object of which we have no visibility.
Configuration sprawl has been an issue for several years now, even before the public cloud became ubiquitous, even before we heard terms like “intent-driven.” Automation has always had a place in preventing configuration sprawl because consistent configuration leads to reliable and performant networks.
Being able to apply lifecycle automation workflows to segments of devices based on need rather than just OS or location makes it easier to apply policies to objects in a way that makes sense for your use cases.
Take as an example, the use case above, where devices haven’t been secured. Now if we can grab that list and apply the appropriate security policies to that list in an automated fashion, we can be sure that our devices have consistent policies assigned to them. Then we can also automate flipping the switch to “yes” under the property so that it stops appearing in the list. You can imagine other use cases around bringing services to market, sunsetting devices, and even migrating to new services/platforms/providers.
Asset Management from an Overlay
To have asset management be meaningful in some of the ways described above, it truly needs to be a single source of truth. There can’t be a source of truth for the cloud, another source of truth for a site, and yet another source of truth kept by a different team. This is where the system starts to fail and we’re building in unnecessary complexity.
An overlay management architecture achieves all of this because it doesn’t require that you rip and replace anything. It only requires that you connect to services to get a big-picture view of what exists in your environment. Yes, some hygiene is necessary to maintain this single source of truth (SSOT), but the processes can actually be built-in tasks that may then be distributed to your broader team, because now you have the confidence that everyone is populating the correct identification and tracking information, either manually or through automation.
Closed DDI solutions won’t be able to be a single source of truth due to the fact that they may not have visibility to all your digital assets, especially in the public cloud. Where an open overlay architecture has full visibility without being a resource hog.
We are hosting a series of DDI Talks Live events for you to join and enjoy for free. These include live webinars, demonstrations of Micetro, interviews, and all sorts of other live content around DDI, network management, and Men&Mice.
Join us Live on March 23rd at 4.00 pm GMT (12.00 pm ET) for our next DDI Talks: Asset Management