Proactive and Preventative Actions for your DDI Environment

Proactive and Preventative Actions for your DDI Environment.

Apr 5th, 2023

Vendors are always talking about how to stop being reactive, as if it had never occurred to an engineer that working proactively might be better. The truth is that there are a lot of proactive actions engineers take every day, in fact, I would argue that engineers spend a lot of their time just thinking about all of the things that could possibly go wrong. The problem is engineers need help, both from a resource perspective and from a technology perspective.

There are essentially three ways we can build a proactive culture:

  • Add more people (this is often limited by budget/headcount constraints)
  • Purchase new solutions which have built-in proactive actions (sometimes constrained by technical debt/budget/time/skill set)
  • Use automation (often constrained by skill set and time)

While these are three fantastic ways to become more proactive, they also come with constraints. While not an exhaustive list, here are the constraints I hear about most often:

  • Not enough budget/headcount to add more people
  • Onboarding people takes time away from daily tasks and future planning
  • Too much risk to forklift old solutions to replace them with new
  • Not enough time to learn new solutions
  • Not enough time to hone automation skills
  • Not enough time to spend on automation workflows due to putting out fires
  • Not enough budget to spend on new solutions or training

So…how do we become more proactive? While I can’t help you with headcount, I’m going to concentrate on the second two bullets of using solutions with built-in proactive use cases and using automation, specifically in your DDI environment. I’ll also be giving some actual tips for using a DDI solution such as Micetro because I want every reader to walk away from this article feeling like they gained something that will help them in the real world.

Preventing IP Conflicts:

IP conflicts are real. Here’s how you can prevent them using Micetro.

  1. Use the Find Next Free IP Address action. When you are looking for a new IP address to assign to a device or to assign to a DNS A record, Micetro will automatically give you the next free IP through the UI or the API so you can avoid assigning claimed or even held IPs from the start.
  2. Define IP conflicts in your settings. In Micetro you can specify how to define an IP conflict. See image below for all the possible ways to proactively trigger an alert of an IP conflict.

If you’re using self-service portals, don’t let other teams take IP addresses. Through the API or the UI, you can tell someone whether an IP address is already assigned, claimed, or even being held for some reason and even prevent them from using that IP.

Preventing DNS Outages from DDoS Attacks

DDoS attacks are going to happen, in fact, they’re reported to be on the rise. Using multicloud DNS is the only way to stay up when one of your services goes down. Multicloud DNS allows you to select multiple DNS services to be authoritative for your critical zones. That way, when one service goes down you can ensure that a second DNS service is picking up the slack.

Preventing the Intern from Making Mistakes

If a system is set up so that an intern, or any human being for that matter, is allowed to make critical errors that may bring down service, then we have to blame the system and not the individual. Access control is a big factor in this.

Using Role-based Access Control is going to simplify your access management by simply reducing the number of permissions you have to create and assign. Granular role-based access control to specific DDI objects like DHCP scopes or DNS zones is going to take you that step further so that you’re obeying the “law of least privileges” and only giving users the exact access they need.

Want to take it a step further? Micetro has a built-in DNS workflow, called Workflow, which will allow you to give users requestor privileges. This will ease communications between siloed teams while making it impossible for non-DDI experts to accidentally make errors like assigning the wrong IP to an A record.

Creating Network Consistency

Network consistency is what’s going to prevent errors from happening in the first place, because a consistent network is a reliable network. But, even if a problem occurs, consistent networks are easier to troubleshoot because an engineer knows where to look at what to expect.

How do we get consistency? We use solutions like templates, standardization, and automation. Are you creating all your DHCP scopes ad-hoc? Maybe it’s time to create a DHCP Scope template, so you know that the first IP and last IP aren’t going to be included, and you know the first usable IPs are actually printers, and the next 150 are used for laptops, and the next 50 are used for work phones. You get the idea. If all the scopes look alike, it’s going to be easier to identify issues before they occur.

Standardization makes it easier for smaller teams to prevent issues and use automation. You can standardize all sorts of things from versions to vendors. Standardization is key to simplifying operations. You can read here how one of our customers made standardization a priority for their school district.

Finally automation…

Automation is not about saving time. It’s all about consistency. But it can be very difficult to get started if you don’t know where to start. We’ve created a YouTube playlist to help you do just that. While it uses Micetro to show you how to access and use APIs, the lessons are applicable to any automation you might do in your environment with any solution. Click here to watch our Automation with Micetro Playlist.