Orchestration

IF-MAP is a powerful new standard for sharing data among disparate systems in real-time. It enables a new age of coordinated computing across a wide range of applications. Just as the Internet Protocol (IP) changed the world by standardizing connectivity, IF-MAP has the potential to support highly intelligent systems by standardizing the way that devices and systems share information.

IF-MAP defines a protocol and an associated database service that provides real-time aggregation, correlation and distribution of metadata among infrastructure systems, management systems, and applications. Today, IF-MAP is being used to support applications like dynamic network access control, integration of physical and network security, and factory automation (SCADA). Leading vendors and end users are working to integrate IF-MAP into their systems and environments to support applications such as global asset tracking, federated identity, cloud computing and smart grids. This technology can ultimately replace ad-hoc integration using SNMP, Syslog, proprietary APIs and custom scripts, and thereby reduce integration complexity and cost and make new applications possible.

Key Benefits of IF-MAP
  • Reduced integration costs with standards-based integration
  • New levels of automation for a wide variety of applications including network security, IT audit and compliance, factory and SCADA, cloud computing and Smart Grid
Infoblox Orchestration Server Appliances

Infoblox Orchestration Server (IBOS™) appliances implement the IF-MAP standard and provide a robust, secure, high-performance and manageable IF-MAP server in a hardened appliance form factor.

Infoblox Orchestration Servers provide advanced features such as Federation between Infoblox MAP servers, granular client authorization and Custom Identifiers, which extend the IF-MAP standard Identifiers.

Key benefits of Infoblox IBOS appliances include high availability, reduced operating expenses, easy administration with an intuitive GUI, and extensive facilities for monitoring, troubleshooting and logging.

> Read more about IBOS appliances

Challenges

Many organizations have made dramatic improvements in efficiency and customer satisfaction by breaking down application and database silos. For example, by linking Customer Relationship Management (CRM) systems with order status, inventory and logistics systems, organizations reduce inventories, shorten delivery times, lower customer support costs, and offer an improved customer experience. Still, at many organizations key aspects of IT infrastructure and business operations are not yet integrated or coordinated. Critical systems—such as network infrastructure, network security, building controls, power systems, physical security systems, asset management and others—still operate largely in silos.

IF-MAP—which stands for Interface to Metadata Access Points—is a Trusted Computing Group standard that makes it easy for different types of systems from different vendors to share data, including information about users and their roles, network addresses, endpoint status, network activity, physical location and many more. And it can easily be extended in real time to support virtually any kind of metadata.

IF-MAP is being used today in applications including network security, integrated physical and network security, factory automation (SCADA), and others.

Features

Standards-based Networked System Coordination

Used in conjunction with IF-MAP enabled products, the Infoblox Orchestration Server reduces the complexity and cost of system integration, enabling new worlds of collaborative systems and applications. The need for a standard in this area is widely recognized: in a recent survey of 50 large enterprises, over 87% see a major business value in standards-based integration solutions such as IF-MAP. The Infoblox Orchestration Server supports off-the-shelf solutions with products from companies such as Juniper, Hirsch Electronics, Great Bay Software, Lumeta, Insightix, and others. Infoblox NIOS appliances for DNS, DHCP and IPAM (DDI) include IF-MAP compatibility and can publish DHCP lease information to an IF-MAP compliant server.

Key features

Full Compatibility
  • IF-MAP 2.0 and 1.1 compliant
Real-time visibility
  • Search and view IF-MAP data
  • Manage IF-MAP clients
  • Log all publish, subscribe, and search operations
Granular Administration
  • Granular control over client-to-server connections
  • Grant or deny access to specific operations on a specific client
High-Availability
  • Active/standby failover
  • Ensures transactional integrity
  • Scalable
  • Robust infrastructure for large-scale IF-MAP deployments
MAP Federation
  • Share data across Infoblox MAP servers selectively
  • Real-time updates on MAP servers
Custom Identifiers
  • Expand the use cases supported by IF-MAP
  • Enable experimentation new Identifiers prior to their incorporation into the standard
Global Identifiers
  • Allow creating subscriptions and searches on MAP server without a handle to a known IF-MAP Identifiers
  • Enables uses cases that are otherwise not possible with standard IF-MAP protocol. For example use cases that require subscriptions to get all the IP-MAC publishes from a DHCP server that are used for discoveries on devices
Advanced Search
  • Powerful search features to search across entire MAP server data-store
  • Pre-defined searches types that allows searches on all identifiers and associated metadata defined by a filter

Benefits

Reduces integration costs
  • Provides standards-based integration
Enables new automations
  • Coordinated security
  • Security audit compliance
  • Factory automation/SCADA
  • Network & IT automation
  • Cloud Computing
  • Smart Grid
Minimizes operations costs
  • Intuitive web 2.0 UI
  • Extensive monitoring, troubleshooting, and logging
Ensures nonstop operation
  • High-capacity, high performance, high-availability

Solutions

Joint Solution with Juniper for Network Access Control

Network access control (NAC) is a term that has come to mean many things to many people. For the purposes of this discussion, NAC refers to the ability to apply policies dynamically to grant and maintain (or terminate) endpoint access to networks and applications. While this sounds simple enough in concept, implementing NAC has proved problematic for many organizations.

Using MAP-compliant products from Infoblox and Juniper, organizations can implement a powerful NAC solution that provides dynamic, policy-based network access control without requiring agent software on endpoints—without the need for custom scripting or writing to proprietary APIs. Integration of data from the Infoblox DHCP server and Juniper Infranet Controller occurs using IF-MAP, and all desired security functionality is simply configured—not coded.

The Infoblox/Juniper NAC solution can be easily enhanced to integrate a user’s physical location into network access decisions by integrating with the IF-MAP compliant building access control system from Hirsch Electronics. For example, if a user leave’s their PC unattended, the act of leaving the secure area can be used to instantly block the user’s PC from accessing the network—again, without any custom integration or scripting. The Infoblox/Juniper Joint Solution Note has more information.

Demos & Resources

See the power of network automation and control in action

Since every network environment is unique, the best way to see the power of the Infoblox solutions is to request a one-on-one, interactive demo. Our experts will discuss your current requirements and future needs, and tailor the presentation to cover the aspects most critical to you.

Additional resources
IBOS FreewareFully functional VM version of IF-MAP server, Sample MAP clients and ToolsTry it now