32 Replies Latest reply on May 17, 2011 3:00 PM by connectu

    If you're curious as to what we're working on for Orion IPAM...

    mavturner

      Now that IPAM 1.7 is out of the door, the IPAM team is hard at work on the next release. Some of the features we are working to include are:

      • IPv6 Support (with a particular focus on planning)
      • Historical Tracking of addresses (MAC or IP)  
        • Enter an IP or MAC Address and see how this address has changed properties over time
      • User Delegation
        • Specify which users have what level of permissions (read/write) to certain address spaces (Group, Supernet, or Subnet)
      • Modifying the behavior of duplicate subnets
        • Provide a global settings to disable / enable duplicate subnets
      • Enhancements to address importing
      • Multiple item edits
      • Per subnet settings
        • SNMP communities
        • Transient interval

       Other items we are looking into but not working on currently include:

      • Additional options for alerts
        • Alert on an IP status change
      • Support for ISC DHCP (Linux) Servers

      PLEASE NOTE:  We are working on these items based on this priority order, but this is NOT a commitment that all of these enhancements will make the next release.  We are working on a number of other smaller features in parallel.   If you have comments or questions on any of these items (e.g. how would it work?) or would like to be included in a preview demo, please let us know!

        • Re: If you're curious as to what we're working on for Orion IPAM...
          mattjenkins

          Hi Mav,

          Can you expand on the user delegation??

          Matt

          • Re: If you're curious as to what we're working on for Orion IPAM...
            gibjim01

            Hi there,

            An interesting feature for IPAM would be a "unauthorized IP address detection" probe who can send an alert when someone configures a static IP address without asking for it or without using DHCP. This would prevent duplicates IPs in our network.

            Orion IPAM is the bast so far. Keep up the good work!

            • Re: If you're curious as to what we're working on for Orion IPAM...
              mandg

              I'm liking that "User Delegation" feature on the v1.8 radar.  Can you offer a timeframe for its release?

              • Re: If you're curious as to what we're working on for Orion IPAM...
                justinh

                What info do you have on your IPv6 support?  And what does "focus on planning" mean?

                • Re: If you're curious as to what we're working on for Orion IPAM...
                  Dentifrice

                  I would like to be able to exclude time from schedule.

                   

                  Example : A lot of people in my company turn off their computers when they are leaving. I want to be able to exclude scanning from 5:00 PM to 8:00 AM.

                  That generate useless traffic (I have 85 remotes sites with slow WAN connections and backup are taken during night).

                   

                  And because they turn off their computers, I suppose this will put garbage status when Historical Tracking of addresses will be include in the next version.

                   

                  thanks

                   

                  edit : The left section of IPAM (tree) doesn't refresh automatically when you edit things like subnet name or description

                  • Re: If you're curious as to what we're working on for Orion IPAM...
                    Dpeacocke

                    Mav;

                     

                    Will ISC support also include the ability to capture all of the information that the various options provide?

                     

                    David

                    • Re: If you're curious as to what we're working on for Orion IPAM...
                      gibjim01

                      I dear friends,

                      We've been working with IPAM v1.7 for 3 months now. It is quite a nice tool since we had to manage IP addresses with two separate excel sheets before. However, with nearly 150 subnets to manage, we quickly have some needs that are not coverd by IPAM features.

                      For example:

                      -we can search for IP address, but not for subnet.

                      -There should be a graphical overview of the IP address space within a supernet, so we could easilly vizualize where are the unused adress space. This would be very nice for capacity planning. For example, if a customer asks for a new subnet, I should be able to see where there some available space within the supernet.

                      - For those who have NCM (like us), it would be VERY NICE if we could find the switchport where the IP address comes from.

                      I hope this would give you some good ideas for the next version of IPAM.

                      Many thanks to you!

                      Jimmy Gibson

                      • Re: If you're curious as to what we're working on for Orion IPAM...
                        Deltona

                        Hi Mav,

                        Could you please shed some light on what your plans are, with regards to solving the issue when monitoring two DHCP servers that both have the same scopes?
                        When these servers are added in IPAM, the IP addresses from both servers are being displayed. Since the scopes and IP addresses are the same on both servers, IPAM displays duplicate IP addresses, and there's no way of telling which server has rights over any given IP.

                        If there is a solution to this, please share.

                        • Re: If you're curious as to what we're working on for Orion IPAM...
                          Craig Norborg

                          Seems like an easy no brainer, but how about some auditing capabilities?

                           

                          ie:  I want to know when forward DNS doesn't agree with reverse DNS and/or the hostname NPM read via SNMP. 

                           

                          Should be a fairly easy item with the info you already have I would think!

                          • Re: If you're curious as to what we're working on for Orion IPAM...
                            ssaluga

                            I  would like the ability for IPAM to NOT remove any information from a given IP or subnet.  If IPAM scans an IP and places it in a "transient" state, when that transient state expires I do not want IPAM to remove any comments or custom field information.  I do not neccessarily care if it marks it as "available" but I do not want it to remove any information.  The IP address manager in the Engineers Toolset functioned this way and we like the fact that it did not overwrite any information.

                             

                            Scott

                              • Re: If you're curious as to what we're working on for Orion IPAM...
                                mavturner

                                gibjim01, these are all great requests. The search enhancement has been requested a few times before but the graphical space usage is a new one. This is a great idea and I will get it logged. Regarding your NCM integration, we are working on something even better to help solve this problem, stay tuned...

                                Deltona and jon0966,
                                One option we are looking at is to merge data from exactly duplicated subnets. For example is dhcp1 and dhcp2 both are serving 1.1.1.2-250, we will simply merge the subnet updates if duplicate subnets are disabled. This is one approach we are looking at and I can't make any promises on if and when we would deliver it - but we definitely hear you!

                                cnorborg, can you provide more information about what auditing you would like to see? Currently, we only get name information based on the local server's resolution. However, for other activities, we have fairly detailed logging available. The DNS use case is a good one, got any more :-)

                                ssaluga, I've heard this request a few times as well. I've got it logged.

                                Thanks to everyone for the great feedback! As always, we are trying to incorporate these ideas as we can and as we hear more requests for them.

                                  • Re: If you're curious as to what we're working on for Orion IPAM...
                                    Craig Norborg


                                    cnorborg, can you provide more information about what auditing you would like to see? Currently, we only get name information based on the local server's resolution. However, for other activities, we have fairly detailed logging available. The DNS use case is a good one, got any more :-)

                                     



                                    That's exactly it.  Currently the IPAM module gets reverse DNS from the local server, but that's all it seems to do.   For auditing purposes I would first love for it to take this reverse DNS information and do a forward DNS resolution on it and see if that matches.

                                     

                                    Next I would like for it to look up the IP address in NPM and see if the hostname information matches there.

                                    Currently I can't figure out a way to do this, but it would be very useful information.

                                    For instance, lets say you have two servers Orion (1.1.1.1) and OrionNCM (1.1.1.2).  If you did reverse DNS on both of them and came up with Orion for both of them, the first server would pass phase 1 of the testing.  However, the second one would not (Orion =! OrionNCM).  

                                    Now if you cross referenced this with the NPM database and the first one once again came up "Orion", while the second one came up "OrionNCM1", once again the first one would pass while the second one didn't.

                                    Preferably all this would happen with FQDN, in which case a misconfigured domain name would also trigger the mismatch.

                                    I think Engineers Toolkit had a DNS Audit function that was similar.   Don't have it at my current job yet, so I can't easily check.

                                • Re: If you're curious as to what we're working on for Orion IPAM...
                                  adeimel

                                  add me as another interested party in additional dns auditing / flagging.

                                   

                                  To be specific I would like to see something along the lines of the transient state set for ips that are not pinging but have a PTR record in place. Since this could be demanding to run entire in.arpas maybe toggled by subnet.

                                  There are numerous cases where certain devices may not answer icmp but have a PTR entry in place. fws, isa, etc. 

                                  Currently you can manually update these but as with anything manual its not a long term solution as staff will make mistakes or fail to perform these tasks.

                                    • Re: If you're curious as to what we're working on for Orion IPAM...
                                      rgward

                                      Please! Please! fix the Description column in the left panel of Manage Addresses so we can adjust the width of the column.  All our Descriptions are truncated.  We have to click Properties to view the full Description.  Still not able to do this in IPAM 2.0

                                      Also, it would be awesome to have a expandable hierarchical map view of all address space (supernets & subnets) and be able to click on a supernet / subnet and get a submenu to expand, manage, and display properties.  Another option, a report (landscape) that shows the hierarchical supernet / subnet structure as well as be able to export to Excel. 

                                    • Re: If you're curious as to what we're working on for Orion IPAM...

                                      The ability to do a "Quick Edit" of the properties of the IP addresses while viewing them in the list.  ie, I dont have to click "edit" and pull up the properties window for each IP, edit, then save.  Instead, either clicking a quick edit button on the toolbar that makes all of the fields for all IP's editable, or if you double-click the field it becomes editable or both!

                                      This would improve usability & productivity substantially!

                                      • Re: If you're curious as to what we're working on for Orion IPAM...
                                        connectu

                                        Great idea to have a thread like this. 

                                        I assume feature requests are not out of line here. This is a big one that I haven't seen mentioned. I'm going to post a request for the same thing in the NCM topic. 

                                        MSP support (multitenancy).

                                        You guys are already on track with NPM and the EOC. Taking ALL data and putting it into a customer context, and making the server architecture work in a distributed fashion accordingly. I want all your products (especially IPAM and NCM at the moment) to function the same way.  That might mean a LOT of redesign from the ground up, so you may decide that demand doesn't justify the overhaul. Either way, if you could indicate whether or not this feature is under discussion and/or where it stands, that would help me decide whether or not to buy IPAM right now. 

                                        Keep this in mind. If you DO modify the server application to be multi-tenant aware, avoid this pitfall.  In many cases, it might make sense to have a dedicated "IPAM Server" for each customer if they are large, but an MSP managing some customers which have only a single office fall in an awkward situation. We want to manage those customers in the same way as big customers, but the same strategy doesn't fit.  Thus, a lightweight remote-IPAM application with an SSL tunnel back to the central server IPAM server is closer to the ideal strategy. 

                                        This comes from broad experience in the MSP sector, with many applications having varying degrees of support, and strategies for supporting multi-tenancy. This type of strategy has licensing implications, but it would be wise to create a totally separate license approach for MSP's anyway. 

                                        Regards,
                                        Jerry

                                        • Re: If you're curious as to what we're working on for Orion IPAM...
                                          connectu

                                          I really like that you show us what is on the horizon.

                                          I assume feature requests are not out of line here. This is a big one that I haven't seen mentioned. I'm going to post a request for the same thing in the NCM topic. 

                                          MSP support (multitenancy).

                                          You guys are already on track with NPM and the EOC. Taking ALL data and putting it into a customer context, and making the server architecture work in a distributed fashion accordingly. I want all your products (especially IPAM and NCM at the moment) to function the same way.  That might mean a LOT of redesign from the ground up, so you may decide that demand doesn't justify the overhaul. Either way, if you could indicate whether or not this feature is under discussion and/or where it stands, that would help me decide whether or not to buy IPAM right now. 

                                          Keep this in mind. If you DO modify the server application to be multi-tenant aware, avoid this pitfall.  In many cases, it might make sense to have a dedicated "IPAM Server" for each customer if they are large, but an MSP managing some customers which have only a single office fall in an awkward situation. We want to manage those customers in the same way as big customers, but the same strategy doesn't fit.  Thus, a lightweight remote-IPAM application with an SSL tunnel back to the central server IPAM server is closer to the ideal strategy. 

                                          This comes from broad experience in the MSP sector, with many applications having varying degrees of support, and strategies for supporting multi-tenancy. This type of strategy has licensing implications, but it would be wise to create a totally separate license approach for MSP's anyway. 

                                          Regards,
                                          Jerry

                                          • Re: If you're curious as to what we're working on for Orion IPAM...
                                            connectu

                                            Oh yeah, almost forgot...

                                            DNSMASQ and DHCPD. 

                                            I know ISC claims to be the most popular by some statistics, but DNSMASQ is the lightweight and feature rich DHCP server daemon of choice for the vast majority of embedded platforms, and small scale environments.

                                            Ultimately, you'll have to decide where this falls in the priority list (if it even makes the list at all), but i wanted to plant the seed anyway. And yes, I'm requesting it because I manage of bunch of small DNSMASQ based environments. 

                                            Regards,

                                            Jerry

                                              • Re: If you're curious as to what we're working on for Orion IPAM...
                                                mavturner

                                                Great feedback Jerry, this is definitely the right place for those comments.

                                                Regarding the DNSMASQ support. This is the first request I've heard for it. I heard ISC more often, but still rather rarely. 

                                                Regarding your comments on multitenancy, this is something we are aware of. Feedback like this is extremely useful in helping us prioritize features around this. A more fully featured delegated administration is a step in the direction we are interested in for our approach to this market.

                                                Thanks again!