SOLIDserver 7.2: Enhancing Network Security and Cloud Visibility

The new release of SOLIDserver 7.2 is radically geared towards the Internet, the ecosystem and the cloud. It brings more visibility on cloud resources, eases integration and digital transformation, and places the IPAM at the heart of I&O solutions for Network Security. The release brings new features and updates many DDI components, mainly in the areas of network automation and security.

1) Better control over multi-cloud with Cloud IPAM Sync

Nowadays, computing resources can be deployed in any kind of cloud and any datacenter location. The IPAM, as the global repository of IP networking information needs to be either informed of any changes/additions/suppressions or directly retrieve the information from the source. SOLIDserver has been enriched with the ability to automatically gather information about the network topology and usage of IP addresses in two more IaaS solutions: Amazon AWS and Microsoft Azure. Using consistent mapping between the networks, subnets and endpoints objects available in these cloud infrastructures and the SOLIDserver IPAM objects, the IPAM offers complete visibility over networks from one single viewpoint. All list, filter, report and network automation functions already available in the IPAM can therefore be extended to the network infrastructure deployed in clouds, helping support workload migration in EC2 and Azure.

2) A new REST API following OpenAPI specifications

Complementing the existing powerful API providing both REST and SOAP interfaces, a new open API is now available, respecting the open standards currently available on the market and used by developer teams. This feature allows direct use of interface libraries deployed through tools like Swagger or Postman and following the OpenAPI specifications. This additional approach of API is easier to integrate with automated tools through a more standard interface and naming convention. The current API interface remains available as it is able to provide high throughput and calls directly bonded to the internal data structure. All the proposed libraries available in the development ecosystem are still supported and new ones automatically built with generic tools like Swagger are now possible.

3) Improved Data exchanges, using NetChange

The NetChange solution is key to providing a deep understanding of the IP topology and how the IP network is used. For Rls 7.2, in addition to lots of new equipment becoming available in the discovery module, two important objects can now be directly exported towards other modules of the DDI environment: 1) The IP routes discovered in the routing table can be automatically converted into networks and subnets in the IPAM. 2) The VLANs discovered on switches can be automatically converted into entries in VLAN manager. This extension provides many benefits to the plan and control phases, including ease of error detection and automatic integration of any operations on the network or its topology.

4) DNS Security tools to enhance threat intelligence and client filtering

DNS is at the center of the security arsenal used nowadays by telcos and corporations. By implementing threat intelligence filtering at the DNS level, it is possible to suppress bad behavior and well known erroneous domains. With intelligent feeds and internal SOC forensic capabilities it’s even possible for the company to build its own filtering and categorization feed. In Release 7.2, the DNS firewall offers analytics for easy evaluation of the filtered FQDN and domains, and also of the IP clients making these requests on the network.

In addition to analytics, DNS Guardian advanced security solution is now able to use the DNS data in a more powerful way. By being able to use client filter lists, it is now possible to apply DNS domain filter lists (from the RPZ system) directly to clients. There are multiple potential usages of this very advanced feature, the two obvious ones being parental control for ISPs and telcos, and IoT or BYoD filtering for corporations. More advanced topologies of DNS architectures are also now available with the Guardian offer, augmenting the ability to go deeper in the network for bringing security closer to the end device.

5) Enhanced security for SOLIDserver administrators

Compliance and security common criteria are also enhanced in this release, with the availability of a new authentication module for any user or administrator connecting to the SOLIDserver: OpenID Connect. User management and authentication can now be delegated to an enterprise IAM (Identity and Access Management) system, bringing centralized password storage, key rotation, automatic revocation or multi factor authentication as a few examples. This connection is tightly coupled with the RBAC system already in place in the SOLIDserver and able to manage any authorization at the finest level of operation, by module and by action.