What are the pros and cons of keeping NPM and IPAM on separate servers from a security, rbac, workflow perspective? What do you lose by having these servers separated into their own standalone environments?
We started separate, we put Orion and IPAM on the same instance not long afterward. I see no reason to keep them separate. IPAM delegation is completely separate to other modules. If you have additional polling engines on NPM.other Orion stuff your IPAM install gets to leverage that.
So... I have three networks and three instances of SolarWinds. On two of them, the servers seem to run fine with IPAM (v4.9) included with the primary. However, on my largest network, I discovered one day that I couldn't ping anything from that server. I found that other poeple had the same issue. I also noticed my website was really sluggish and i was having trouble testing node credentials. I kept getting "test job timed out". I even have more than one polling engine for load balancing polling, so it was surprising. I removed the DHCP and DNS servers and cleared out all the jobs, and was able to ping again and my server started functioning much faster immediately. However, I think it really comes down to server load. If you have a large environment, I would consider splitting. If you are relatively small, you should be fine with having it on the same as other modules.
More info:
Re: Unable to ping from command prompt on main orion poller
"However, I think it really comes down to server load."
Agreed. this is why I took IPAM out of my NPM (and other modules) installation and run it standalone. We weren't using any of the "integrated" stuff in the tools and IPAM was basically being used as a standalone app. Pulling it out and running it separately has saved me a lot of troubleshooting issues with "Orion is slow" (I now have less things to consider) and it also speeds up upgrade times as on my main Orion NPM system there's simply less to upgrade, and for the IPAM standalone I can schedule it at some other time.
