Proactive and Preventative Actions for your DDI Environment.
Apr 5th, 2023
Vendors are always talking about how to stop being reactive, as if it had never occurred to an engineer that working proactively might be better. The truth is that there are a lot of proactive actions engineers take every day, in fact, I would argue that engineers spend a lot of their time just thinking about all of the things that could possibly go wrong. The problem is engineers need help, both from a resource perspective and from a technology perspective.
There are essentially three ways we can build a proactive culture:
While these are three fantastic ways to become more proactive, they also come with constraints. While not an exhaustive list, here are the constraints I hear about most often:
So…how do we become more proactive? While I can’t help you with headcount, I’m going to concentrate on the second two bullets of using solutions with built-in proactive use cases and using automation, specifically in your DDI environment. I’ll also be giving some actual tips for using a DDI solution such as Micetro because I want every reader to walk away from this article feeling like they gained something that will help them in the real world.
Preventing IP Conflicts:
IP conflicts are real. Here’s how you can prevent them using Micetro.
If you’re using self-service portals, don’t let other teams take IP addresses. Through the API or the UI, you can tell someone whether an IP address is already assigned, claimed, or even being held for some reason and even prevent them from using that IP.
Preventing DNS Outages from DDoS Attacks
DDoS attacks are going to happen, in fact, they’re reported to be on the rise. Using multicloud DNS is the only way to stay up when one of your services goes down. Multicloud DNS allows you to select multiple DNS services to be authoritative for your critical zones. That way, when one service goes down you can ensure that a second DNS service is picking up the slack.
Preventing the Intern from Making Mistakes
If a system is set up so that an intern, or any human being for that matter, is allowed to make critical errors that may bring down service, then we have to blame the system and not the individual. Access control is a big factor in this.
Using Role-based Access Control is going to simplify your access management by simply reducing the number of permissions you have to create and assign. Granular role-based access control to specific DDI objects like DHCP scopes or DNS zones is going to take you that step further so that you’re obeying the “law of least privileges” and only giving users the exact access they need.
Want to take it a step further? Micetro has a built-in DNS workflow, called Workflow, which will allow you to give users requestor privileges. This will ease communications between siloed teams while making it impossible for non-DDI experts to accidentally make errors like assigning the wrong IP to an A record.
Creating Network Consistency
Network consistency is what’s going to prevent errors from happening in the first place, because a consistent network is a reliable network. But, even if a problem occurs, consistent networks are easier to troubleshoot because an engineer knows where to look at what to expect.
How do we get consistency? We use solutions like templates, standardization, and automation. Are you creating all your DHCP scopes ad-hoc? Maybe it’s time to create a DHCP Scope template, so you know that the first IP and last IP aren’t going to be included, and you know the first usable IPs are actually printers, and the next 150 are used for laptops, and the next 50 are used for work phones. You get the idea. If all the scopes look alike, it’s going to be easier to identify issues before they occur.
Standardization makes it easier for smaller teams to prevent issues and use automation. You can standardize all sorts of things from versions to vendors. Standardization is key to simplifying operations. You can read here how one of our customers made standardization a priority for their school district.
Automation is not about saving time. It’s all about consistency. But it can be very difficult to get started if you don’t know where to start. We’ve created a YouTube playlist to help you do just that. While it uses Micetro to show you how to access and use APIs, the lessons are applicable to any automation you might do in your environment with any solution. Click here to watch our Automation with Micetro Playlist.