Nabugu - stock.adobe.com
Network engineering teams should pay close attention to vendor APIs when they evaluate tools for DNS, Dynamic Host Configuration Protocol and IP address management. These three components combine into a network management platform known as DDI.
DDI technology provides a suite of essential core network services that enable connectivity. DNS provides a directory that maps domain names to IP addresses. Without these services, networks simply can't function.
A recent report from Enterprise Management Associates (EMA) found that API quality can determine whether a network team is successful with DDI technology. The study surveyed 333 enterprise DDI managers and found that only 44% of organizations are fully satisfied with the APIs offered by their DDI vendors.
The report also revealed that satisfaction with API quality correlates with overall success with DDI technology. For example, 70% of successful DDI teams were fully satisfied with API quality, but only 17% of unsuccessful DDI teams felt that way.
How organizations use DDI APIs
Respondents said their top two use cases for DDI APIs are IT automation and security. Integrations with other systems usually enable both these use cases. Other integration opportunities for DDI tools include network security, IT service management (ITSM), security monitoring and automation.
44% of organizations integrate their DDI tools with network security tools. Organizations integrate DDI with security tools like firewalls and intrusion detection systems. The integration provides network security devices with insight into network connectivity and DNS activity, which enriches security analysis. For example, if a new device connects to the network, it usually requests an IP address from a Dynamic Host Configuration Protocol (DHCP) server. Through integration, the DHCP server can notify a firewall of the new connection.
41% of organizations integrate DDI tools with ITSM systems. This enables automation around change management and inventory management. A network engineer at a large university said a two-way integration between DDI APIs and a cloud workflow management platform streamlines the change configuration process. For example, when a user requests a change to a DNS entry, a ticket automatically opens in the management platform. Once network administrators implement the change, the management platform closes the ticket and creates an audit of the process.
37% of organizations integrate DDI tools with security monitoring tools. Organizations integrate DDI with tools like security information and event management (SIEM). This integration lets organizations stream DNS logs to SIEM tools, which enables them to identify suspicious DNS activity.
31% of organizations integrate DDI with network automation tools. When network admins make changes in network automation tools, they typically gather data about IP addresses, VLANs and subnet information to ensure the change complies with the network design. Direct integration with a DDI tool enables admins to automate this data gathering, which streamlines operations and reduces errors.
Although APIs are critical to DDI success, less than half of organizations are fully satisfied with their DDI APIs today. EMA research identified several issues that are currently plaguing DDI teams.
30% of organizations struggle with API quality. When network administrators try to implement an API, they typically receive an error or a broken process rather than a successful API call. DDI teams need to hold their vendors accountable for good API design practices.
30% of organizations said they struggle with network complexity. Network complexity can manifest in a variety of ways when vendors design APIs. For example, when vendors decide to provide access to a maximum amount of functionality in a DDI tool, they often add many moving parts and dependencies inside an API. Vendors need to balance the need for capability with the need for simplicity.
25% of DDI teams said they struggle with API documentation. DDI vendors either don't create good documentation about how to use their APIs or they fail to update the documentation in a timely manner when new versions of APIs hit the market.
25% of organizations said their vendors charge additional licenses for using APIs. This forces cash-strapped IT organizations to decide what to do with these APIs, which can be a difficult choice. Organizations can integrate a DDI tool with a security tool but decline to integrate it with an ITSM tool to save money. Organizations that reported less success with DDI tools also find additional licensing challenging.
25% of organizations said they had poor API performance. This poor performance involved API calls that took too long to complete or run. When a delay like this happens, third-party systems might fail to complete a process or report an error. Data gets lost on its way from the DDI tool to a security analytics tool, or a change ticket fails to close automatically.
Scrutinize APIs from DDI vendors
A good set of APIs enables organizations to succeed with their DDI platforms. EMA also found that DDI managers who feel satisfied with their APIs are more confident in the security of their DNS infrastructures, and they have more influence over their organization's cloud strategy.
Network professionals confident in their APIs have higher confidence in DNS security because integration with security tools enables organizations to stream DNS data for analysis and policy enforcement. Influence over cloud strategy also improves because DDI teams can integrate their platforms with a variety of tools, such as ITSM and network automation, to drive operational efficiency.
APIs are an essential element of a DDI platform. When organizations evaluate vendors and issue requests for proposals for DDI tools, they should pay close attention to API quality, complexity, documentation, licensing and performance.