NI, Leveling the Learning Curve with Micetro
NI was originally founded in Austin, Texas in the 1970s as National Instruments. NI has been working with Men&Mice since 2008 to manage their IP address information, DNS, and DHCP systems. With a core value of “Engineering Ambitiously” both companies understand the necessity of adapting to the current times while preparing for the future with customers as the top priority.
NI is a global, publicly traded company with around 8,000 employees. NI produces automated test equipment and virtual instrumentation software focused on turning real-world data into insightful information and creative solutions that help businesses succeed today and in the future.
Being a global company, they need a network management solution that grows with them, especially as they acquire more companies. With over 50 Active Directory sites, 10,000 IP ranges, and over 20 DNS zones, Men&Mice has been key to their DDI management allowing them to keep up with the needs of a growing company.
NI uses on-premises Active Directory (AD), Azure AD, as well as DNS and DHCP snap-ins on premises. NI also uses Microsoft SQL as their back-end database. So a tight Microsoft integration was a must when choosing and renewing DDI network management systems. Men&Mice is a Microsoft Preferred partner and from the beginning has worked very closely with Microsoft to ensure the simplest integration both for AD authentication as well as DNS and DHCP. In fact, with Micetro, Men&Mice’s sustainable DDI solution, agents aren’t required in order to reap the benefits of using Microsoft services.
As mentioned above, NI has over 50 Active Directory sites around the globe and as they acquire new companies, they add those AD sites to their top level AD forest. Micetro has the ability to use AD users and groups, with single sign-on (SSO) imported from the domain controllers. NI also has public cloud users in Azure, as well as AWS, which can be added into Micetro so all of their user access for DDI can be managed in the same place using Micetro’s Role Based Access Control (RBAC).
Though it is possible to manage each DNS and DHCP server manually, managing them is quite cumbersome with over 120 servers to log into. Also, with Azure, there’s no integration between AD authentication and DNS/DHCP services authentication, they’re decoupled. It’s possible to deploy Microsoft DHCP servers within a VNET, but it’s more common to use the built in DHCP services within a VNET, which is how NI chooses to implement it. Micetro gives them the ability to log into one place, and view and manage their entire DDI environment, including not only on-premises Microsoft solutions, but public cloud and external DNS services.
“Learning Micetro is quite easy, but learning Windows DNS and all of the small MMC windows to click through can be quite a learning curve. So for us having a completely separate application that is currently published through Citrix, any of the teams using the application can login and do what they need to do is a key benefit. And again, we can allow them to do that without giving them access to the domain controllers.”
Charlie Alvarez, IAM Service Owner & Team Manager, NI
Granular Centralized Access Control
NI uses the benefits of RBAC from Micetro for all of their users and groups no matter if it’s coming from Active Directory or from the public cloud. The IT organization installs all their DNS and DHCP snap-ins on domain controllers, but only Domain Controller Admins are allowed access to the Domain Controllers. With Micetro, they can continue to use this locked down access while giving DDI and network engineers the access they need.
They are able to be quite granular with the use of specific access to subnets and DNS zones as well. Often when making changes they will gather the applicable admins from the network team, server team, branch teams, and even R&D at times while making a change. This helps break down silos and gives everyone the same view of what’s happening in real-time in case of any issues.
“What’s really helpful is the granular access [Micetro] provides. Back in the day you had to be a general admin but now we can go right to the subnet level and allow various teams access to specific subnets that they own.”
IAM Service Owner & Team Manager, NI
“For me it’s about IP allocation where we can see the whole IP space, knowing which IP is mapped to which name. [With Micetro] it’s much easier to see what’s free and where we want to put things, rather than probing the IPs one by one through DNS. For us that’s a key feature that’s really helpful.”
IAM Service Owner & Team Manager, NI
Making DDI Management More Sustainable
NI values a proper lifecycle process and therefore uses automation and orchestration to ensure a clean and stable environment. Using an orchestration solution called Resolve, they can integrate with the Micetro APIs to create new virtual machines and assign static IPs as well as handle the assignment of DNS records. Perhaps more importantly, they also use orchestration to sunset servers and applications along with the cleanup of IPs and DNS records.
No matter if they’re using automation or making manual changes, NI uses the logging within Micetro frequently. Micetro takes the guesswork out of who made the change, what change was made and when, and even lets admins comment on why the change was made. They’re able to check the history on any object within the system and also quickly check the Recently Created or Recently Modified filters provided within the menus without having to jump between snap-ins to find the information.