Global Commander

6connect Global Commander (GC) is a ProVision add-on module which allows for remote monitoring & control of distributed IP management systems. Global Commander can be enabled by procuring a license key from 6connect ProVision Support.  Once you have the key, apply it to ProVision using the "Manage Licenses" area on the ProVision Admin page.  This will enable the Global Commander navigation tab, containing two Global Commander sub-tabs: IPAM and Resource Tree. 

Use Case

6connect Global Commander (GC) is a ProVision add-on module which allows for remote monitoring & control of distributed IP management systems.  The core use-case for Global Commander is a large organization whose departments all operate independently, and have developed their own internal IT systems, standards, and practices.  This scenario is common for companies whose growth is driven by acquisition, and it is often very difficult to justify a departure from established, known-good practices to impose a single methodology company-wide. With so many actors working with mutually-incompatible systems it can be a challenge to know what is truly going on within an organization.

With this in mind, we present 6connect Global Commander to address the following problems:

  • You want a single overview of all IPAM activity in an organization regardless of what IPAM technologies are being used.
  • You want a central location from which all IP information can be queried now matter how many IPAM systems manage fragments of the total landscape.
  • You want to standardize IT systems, standards, and practices across a disparate internal landscape and need a bridge technology.
  • You want to establish a centralized IP authority from which downstream groups request IP resources from, and return IP resources to.
  • Your organization has a limited amount of public IP space distributed across many departments and you want identify where it is being used inefficiently.

Overview

Global Commander allows you to establish a single, centralized IP Management plane whose purpose is the orchestration and distribution of large IP blocks throughout the organization. Global Commander utilizes a stable of API connectors to popular IPAM systems (6connect ProVision, BlueCat, Infoblox, Netbox, Device42, etc.) to import and integrate IP data to present a unified view of IP utilization across the entire landscape.  Global Commander can also act as an IP broker for the organization and use its connectors to either push or pull IP blocks on the daughter IPAMs to allow for effective management by IP Architects.  Additionally, once established Global Commander can act as a bridge technology to transition departments onto a centrally-approved IPAM solution. 

Enabling Global Commander

Once you have the have applied the license key for Global Commander to the Manage Licenses area, the Global Commander navigation tab will be enabled. There are two Global Commander sub-tabs: IPAM and Resource Tree.

Synchronizing Global Commander

Global Commander comes pre-loaded with a "ProVision Local" IPAM Service which represents the IPAM Module of the local ProVision instance. 

This is initially blank.  Global Commander must synchronize itself with a daughter IPAM in order to pull in its IP state and detect changes. 
The 'Sync' command can be found under the gear wheel in the upper-left hand corner of the services card.

Here you can also Edit the connector to rename it, change its connector type, or connection credentials.  You can also use the ProVision Scheduler system to queue up automatic synchronization tasks.  Triggering an immediate Sync starts a synchronization job which pulls in IP information from the daughter system.

After, the IPAM Service card will show up-to-date information on the IP space managed by this service and its current utilization state.


Notice the "Status:" area has changed to "SYNCED", alongside a date of the last Sync.  The service card now shows the Aggregates available in the IPAM system.  For convenience we also offer the ability to sync individual aggregates on demand.


Viewing an Aggregate

Clicking on an aggregate will allow you to see its details:

Here we can see that an entire /17 has been assigned to "Department A" by the daughter IPAM.  Clicking on the /17 allows you to explore further.  Depending on the functions provided by the daughter IPAM, you can use Global Commander to split, merge, assign, or reclaim this IP block from the daughter IPAM.  This allows a central IP administrator to push IP resources directly to the departments that will be using them, or recall the same blocks when they are no longer needed.  

Additional IPAM Services can be added with the "Add IPAM Service" tab on the main Global Commander page:

Each IPAM service has their own distinct method of communication and will require different credentials to properly connect.  Once connection is established and Syncronization enabled, Global Commander will show a thorough listing of the IP resources on each service.

Each daughter IPAM can be put on its own synchronization schedule, or manual-only if needed.  Additionally, the Global Commander system can be configured so that only manually-added IP Aggregates are tracked.  This will allow you to track critical IP blocks in Global Commander, but allow departments to manage their own 1918 space without it cluttering the central control plane.

Network Blocks List

The Network Blocks List provides a centralized view of all the IPAM blocks organized by the system.  It can be used to filter for a specific IP or range regardless of what IPAM system directly controls it.

The relationship between aggregates, IPAMs, and the Global Commander system can also be visualized as a tree by clicking the "Resource Tree" button: