IP address management is necessary for your network if you use dynamic addressing. The Dynamic Host Configuration Protocol (DHCP) allocates addresses to nodes on your network on leases, which can be renewed.
However, the reclaiming of abandoned addresses and the process of ensuring that addresses are kept within ranges for subnets and not duplicated is complicated and time-consuming. So, you need to use an automated IP address manager in order to run a DHCP environment.
If you can’t read the whole article, here is our summary list of the six best IPAM tools:
- ManageEngine OpUtils IPAM EDITOR’S CHOICE Combination of an IPAM and a switch port mapper. Runs on Windows Server and Linux. Download a 30-day free trial.
- LightMesh IPAM Cloud-based subscription service that has modules for network management that include IP address management.
- SolarWinds IP Address Manager Full DDI with IP address monitoring, DHCP management, and DNS correction. Runs on Windows Server.
- Men&Mice Micetro DDI IP address manager combined with DHCP and DNS monitoring to provide a full DDI. Installs on Windows and Linux.
- Morpheus Cloud-based DDI with excellent security monitoring features.
- BlueCat Overlay for Microsoft A DDI suite with network security monitoring. Installs on Windows.
DDI
The allocation and replacement of temporary addresses all around your network has many consequences for other sections of the addressing system, which need to be coordinated. A typical DHCP environment will include a DHCP server that distributes new addresses to devices as they connect to the network, a DNS server, which maps between hostnames and IP addresses, and an IP address manager (IPAM), which is a central store of available addresses. These three tasks need to be coordinated. For example, if all of the IP addresses on your network get reallocated through the DHCP server, all of the cross-reference entries in the DNS server will have to be updated. The IPAM needs to know which addresses are available. That includes the task of recovering abandoned addresses and registering them as available again.
The coordination of these three addressing functions into a coordinated tool is called ‘DDI,’ which stands for DNS, DHCP, and IPAM. The extent to which you automate the interaction between these three servers is up to you. Just because you have a degree of manual intervention in your system does not mean that you do not have a DDI environment. As long as the DNS server gets updated when you change IP addresses and your IPAM pool of available addresses gets updated when different addresses are live, then you have a DDI. Whether it is all done without you lifting a finger or if you actually have to copy over some files from one application to another, you are still running a DDI.
IPAM in DDI
The role of IPAM is central to any dynamic addressing system. However, address management is not limited to dynamic addressing. You can issue fixed addresses to particular pieces of equipment and permanently allocate all of your addressing. You still need a central record of which device should have which address in case the node loses its own address and needs to get it reallocated.
You can run a restricted DHCP system with subsections of the total range of addresses (scope) reserved for subnets. You can also run a mixed environment, with dynamic addressing for most of the nodes on your network and fixed addressing for key devices.
The DHCP server can be set to allocate addresses automatically or you can work with a manual allocation system. However, you still need a central registry of which addresses are in use and which are still available.
So, no matter what addressing method you use, you will still need an IP address manager. A key function of an IPAM is the recovery of abandoned addresses. There are some very simple but effective tools that can sweep your network and assemble a list of addresses that are currently in use. These tools are called ‘Ping sweepers’ or ‘IP address trackers.’ Such tools give you partial IPAM functionality. If you have a small network, you could get by with just an IP tracker. However, you will have to make up the other IPAM functions manually by setting up a spreadsheet or list of available addresses.
When you perform a sweep of the network, you then need to compare the list of results to the list of allocated addresses that you have in your spreadsheet. You would then manually update any records that show incorrect availability statuses.
Automated IP address managers
You don’t have to have a fully automated IPAM. If you contribute some ‘sweat equity’ to your IP address management system, you are still running an address manager – just with a lot of personal involvement.
When you manage a small network, that manual intervention is not so time-consuming. However, as your network grows, you will find that you just don’t have enough hours in the day to carry out all of your IPAM tasks. At this point, you will be faced with a choice: either take on an extra member of staff to watch over the addressing system of your network or go for full IPAM automation.
Although it’s great to create employment, the kind of applicants you will need to look for in a systems administration role need to be qualified and experienced. There is a global shortage of such people, so you aren’t really doing anyone a great favor by putting even more pressure on an undersupplied tech skills market. Also, using an automated tool costs less than employing more staff. An automated tool won’t go on vacation or get sick. Automated tools don’t get hangovers or get distracted – they are not prone to human error. So, you would be better off investing in a good IP address manager to automate all of your address management functions than getting a human to do it.
The best IPAMs
There are a lot of DDI solutions out there. You can go for separate elements, to build up your DDI system with an IP tracker and separate functions for address record keeping. You can buy in a full IPAM and complement it with a DHCP server and a DNS server from different providers, or you can opt for a fully-integrated DDI solution.
This guide focuses on IP address managers, so if you are just looking for an IPAM, rather than a full DDI, the list of recommended tools that we have put together will cut down your research time and help you zoom in on the best options available.
Our methodology for selecting an IPAM tool 
We reviewed the market for IP address managers for use on Windows or Linux and analyzed tools based on the following criteria:
- A system that can discover all devices on a network
- A live report matching device MAC addresses to assigned IP addresses
- Reconciliation to DHCP and DNS servers
- Alerts for unexpected device encounters
- Updates to DHCP IP address pools
- A demo service or free trial for a no-cost assessment
- An efficient and easy-to-use tool that is worth paying for
With these selection criteria in mind, we identified a group of IPAM tools that we are happy to recommend.
Here is our list of the six best IPAM tools for Windows and Linux:
1. OpUtils IPAM (FREE TRIAL)
OpUtils is produced by ManageEngine, which provides a range of IT management tools. This bundle includes an IPAM and a switch port mapper. This combination is a very good package for detecting rogue access to your network and irregular activities that might indicate compromised user accounts. The software is self-installing and runs on Windows Server and Linux. Although there is a free version of OpUtils, that edition doesn’t include either the IPAM or the switch port mapper.
Key Features:
- Versatile Platform Support: Compatible with both Windows Server and Linux, offering flexibility in deployment.
- DHCP/DNS Integration: Seamlessly works with existing DHCP and DNS servers to centralize DDI management.
- Device Discovery: Continuously scans for new devices, ensuring up-to-date network visibility.
- Subnet Management: Assists in efficient allocation of IP address space to prevent exhaustion.
Why do we recommend it?
OpUtils IPAM is part of the OpUtils package – the other part is a switch port mapper. The full package takes care of all addressing issues on your network. There are a couple of other utilities in the bundle as well, which include a bandwidth monitor and network device config backups.
The IP Address Manager is able to interact with both your DHCP servers and DNS servers, giving the tool DDI controller capabilities. However, it is only able to communicate with the Microsoft DHCP server. The tool can also access Active Directory on Windows to check on the status of equipment. The data retrieved from that source is shown in the dashboard alongside its allocated IP address. The IPAM can also update Active Directory records to reconcile altered IP and host addresses.
The OpUtils IPAM will check on the exhaustion of address pools and advise you when subnets are running out of addresses. The package also includes a guided subnet address allocation function that can help you allocate the address pool more effectively. The tool will also check the network and alter the statuses of any addresses that it finds have been abandoned, making them available for reuse. This function is performed by the Scope Monitor module of OpUtils, which also updates the DHCP server with address usage information.
The dashboard is customizable and you can create many user accounts for the system to enable each team member to have direct access to the tool. All actions performed in the console are logged. The interface includes attractive graphical representations of live data and you can also get an overview of activities from stored historical data.
Who is it recommended for?
The OpUtils software package installs on Windows Server or Linux and it is also available as a service on AWS Marketplace. You get better functionality if you are running Windows Server because the tool is able to integrate with Active Directory. This extends the IP address management to device permissions.
Pros:
- Comprehensive Toolset: Includes additional utilities like switch port mapping, enhancing network monitoring.
- Effective Address Management: Automatically detects and resolves IP conflicts and misconfigurations.
- Cross-Platform: Supports installation on diverse operating systems, broadening its applicability.
Cons:
- Complexity: Comes with a steep learning curve due to its extensive features and capabilities.
You can get the full version of OpUtils on a 30-day free trial.
2. LightMesh IPAM
The LightMesh package is Software-as-a-Service (SaaS) delivered from the cloud. The network management system includes a number of modules. These are:
- Network device inventory
- IP address management
- Switch Configuration Automation
- Backup automation and data security measures
- ITIL process integration
- Lifecycle management
- Impact and change assessment tools
The IPAM in this pack will communicate with your DHCP server and DNS server to provide one single access point for all of your DDI functions. This coordination saves you from having to log in to your DNS and DHCP systems in order to track operations.
Key Features:
- Cloud-Based: Offers a SaaS model for easy access and management from anywhere.
- Comprehensive Discovery: Automatically identifies network infrastructure and updates inventory in real-time.
- Scripting Environment: Allows for automation of tasks with custom scripts, enhancing operational efficiency.
Why do we recommend it?
Tidal LightMesh provides an IP address manager for on-premises networks plus a service discovery routine for cloud accounts on AWS, Azure, and GCP. The service can plan your subnets and segment your DHCP for proper address management. The console lists all active IP addresses and their associated devices.
The LightMesh service starts off by scanning your network for its infrastructure. It logs all of the encountered equipment in an inventory and draws up a network topology map from that. Both the inventory and the map get updated automatically if you add, move or remove a device.
The IPAM works off the topology map and inventory. It coordinates with the DHCP server to add IP addresses to each node on the network. The periodic checks on devices run by LightMesh also serves to detect abandoned addresses, so that keeps the pool of available addresses up-to-date.
The dashboard can be accessed by any team member once you have set up accounts. Each account can be customized to restrict access to functions – this can be done either per user or in groups. As well as giving access to live data, including graphs and alerts, the interface includes a RET programming environment that enables you to create scripts to automate tasks. All actions performed in the LightMesh system are logged for auditing.
Who is it recommended for?
This is a good solution for any type of business but the provider’s increasing expansion in its cloud tracking services means that it is particularly interesting for companies that run hybrid environments or those that run virtual offices. The cloud-based version is free to track up to 1,000 IP addresses.
Pros:
- Scalable Solution: Suitable for businesses of all sizes, with features particularly beneficial for larger enterprises.
- Team Collaboration: Supports multiple user accounts with customizable permissions for team-based management.
- Audit Trail: Keeps detailed logs of all actions, facilitating troubleshooting and compliance.
Cons:
- Focus on Larger Networks: While highly effective, smaller networks may not fully utilize its extensive features.
The LightMesh package is priced by subscription and there are three different service levels: Small Team, Medium Team, and Enterprise. LightMesh is available on a 30-day free trial.
3. SolarWinds IP Address Manager
The SolarWinds IP Address Manager is a full DDI package because it includes DHCP and DNS management functions. The tool is very easy to set up because it will discover your addressing system, including subnet scopes. The tool doesn’t act as a DHCP server or a DNS server; however, it can manage those services that are provided by Microsoft, Cisco, ISC, and BIND. You won’t need to worry about out-of-date entries in your DNS server with this package.
The tool is self-installing and runs on Windows Server. It keeps tabs on all of the allocated IP addresses on your network; it checks periodically to make sure that all addresses that are marked as in use have not been abandoned.
Key Features:
- DDI Capabilities: Integrates DHCP, DNS, and IPAM functionalities for comprehensive network management.
- Automatic Discovery: Efficiently identifies all network devices and their IP status without manual intervention.
- Rogue Device Detection: Actively monitors and alerts on unauthorized devices connected to the network.
- Dynamic Updates: Automatically adjusts DHCP pools and updates DNS records to ensure accuracy.
- Customizable Dashboard: Offers a personalized interface for different team roles with event logging for accountability.
Why do we recommend it?
SolarWinds IP Address Manager is a full DDI package. It provides a DHCP and DNS server but you can use the native Windows services for those functions if you prefer. This is a classic IPAM and it will scan for abandoned addresses and update your DHCP accordingly.
The tool can deal with dynamic addressing, static addressing, or a mix of both. There is also a self-service screen available to users so that they can initiate the allocation process by requesting an IP address. That address can be dedicated or allocated from a pool reserved for a subnet.
If you want to resize your subnets, you will be able to use the built-in Subnet Allocation wizard, which will advise you on the optimum use of address scopes for each subnet. The tool will keep an eye on address pool exhaustion and alert you if the allocation to a particular subnet seems to be too small.
The SolarWinds IP Address Manager is able to interact with VMWare functions, specifically VMware vRealize Orchestrator (vRO)/vRealize Automation (vRA). This enables it to manage the complexities of virtualization addressing.
The IPAM can host multiple user accounts, which means that you can distribute access to team members. The dashboard is customizable and that will allow you to restrict the controls available to junior team members. Event logging keeps a record of who did what and when, so you can quickly work out whether a disruptive decision was implemented by a misinformed member of staff or was actually a hacker attack.
You get live data reports in the IPAM dashboard and you can also print out statistical reports – there are standard report formats included with the tool, but you can also create your own. The dashboard of the IP Manager gives real-time statistics on the address usage of the network and there are also standard report formats shipped with the software. The system includes a Report Writer, which enables you to customize reports. Reports can be automatically distributed to a predefined list of recipients via email, or they can be set up on a web space with access controls.
Who is it recommended for?
This service is a software package that runs on Windows Server. The system is designed for use by large organizations Alerts notify busy administrators if problems are detected. It is only able to manage networks that are run from Windows Server hosts. The package can integrate with SolarWinds network monitoring tools.
Pros:
- Comprehensive Management: Offers a complete DDI solution, enhancing network control and visibility.
- Efficient IP Utilization: Automatically identifies and recycles abandoned IP addresses, optimizing network resources.
- Subnet Wizard: Includes tools for effective subnet planning and allocation, simplifying network expansion.
Cons:
- Target Audience: Primarily designed for IT professionals, with complex features that may not suit home users.
The IPAM is part of a suite of infrastructure management software produced by SolarWinds and it integrates with other tools, such as network and server monitoring systems. You can get a 30-day free trial of the SolarWinds IP Address Manager.
4. Men & Mice Micetro DDI
The Men & Mice Micetro DDI is an IPAM with DHCP server and DNS server management capabilities. This tool won’t replace your DHCP and servers, but it will centralize control of them in one dashboard so you don’t have to keep logging into different interfaces to ensure that your IP address policy is being enforced. You will still need to run separate DHCP and DNS server software. The tool is also able to manage Active Directory records on Windows.
Key Features:
- Comprehensive DDI Integration: Manages DHCP, DNS, and IPAM across multiple platforms for unified control.
- Cloud and On-Premises: Effectively manages hybrid environments, bridging the gap between physical and cloud networks.
- Customizable Access: Provides a browser-based interface with tailored access for different user roles.
Why do we recommend it?
Men&Mice Micetro DDI goes a little further than just an IPAM because it provides coordination with your existing DHCP and DNS servers. The system is also able to link device addresses to the permissions structure in your Active Directory or LDAP instance and can integrate with IIS and Apache Web servers.
The DNS management module of the DDI Suite will interact with Windows, BIND, PowerDNS, and Unbound DNS servers. The DHCP management part of DDI Suite can organize DHCP servers run by ISC, Windows, Cisco IOS, and Kea software. The DHCP and DNS server management modules are optional, so you could just install the IP Address Manager. However, coordinating between DDI elements is an important time saver, so you should consider deploying the full DDI Suite.
The Men & Mice Micetro DDI can control Windows and Linux environments and will also manage Cisco IOS devices. This service is also capable of tracking address issues on Cloud services, including OpenStack, Azure and AWS native IPAM functions. It can interact with Azure DNS, Amazon Route 53, Dyn, NS1, and Akamai Fast DNS.
The dashboard of Men & Mice is browser-based. You can set up different accounts with access to different sets of data and controls in order to allocate access rights to team members safely. All changes performed through the system are logged with the user name registered for each action, so you will easily be able to track the performance of each admin team member.
The tool also includes scripting languages and APIs that enable you to exchange data with other applications on your network and automate many address administration tasks. The scripting languages supported by the system are SOAP, REST, and JSON-RPC. The standard DDI Suite package includes a number of pre-written automation scripts, which are called ‘wizards’.
Who is it recommended for?
This tool runs on-premises with versions for Windows and Linux. This makes it a better solution for businesses that are primarily based on their own networks. However, the tool is also able to reach out to cloud systems, so those operating hybrid environments should also consider this solution.
Pros:
- Extensive Compatibility: Supports a wide range of DHCP and DNS servers, facilitating versatile network management.
- Automation and Scripting: Includes APIs and pre-written scripts for streamlined task automation.
Cons:
- Interface Usability: Could benefit from enhancements in user-friendliness and more intuitive visualizations.
This IP address manager is able to organize and resize subnets and it is a very powerful scope management system that is suitable for large and complex networks. You can get a 30-day free trial of the DDI Suite in order to put it through its paces without any risk to your budget.
5. Morpheus
Morpheus gives you an IP address manager that also controls your DHCP and DNS servers, so you can run your entire DDI system from the Morpheus control panel. This is a Cloud-based system, so you access it through a Web browser. Morpheus is specifically aimed at businesses that want to run their network on the Cloud or even deliver their own services from the internet. It is also available for hybrid Cloud/on-premises systems.
Key Features:
- Hybrid Cloud Management: Designed for seamless integration of cloud and on-premises networks with DDI functionalities.
- Comprehensive IP Management: Offers centralized control over IP addresses, DHCP, and DNS services.
- Security and Compliance: Includes features to detect and prevent unauthorized access, with detailed logging.
Why do we recommend it?
Morpheus provides a way to integrate cloud and virtual systems into your on-premises network. From its cloud location, the Morpheus system blurs the boundaries between physical and virtual to create a hybrid environment. This is achieved by manipulating IP address management together with your DHCP and DNS systems.
Morpheus is a Cloud Management Platform, so it supports a lot of different administration functions. The IPAM section of the system will make sure that you don’t have duplicate IP addresses on your network and that your DHCP server doesn’t overlook equipment and leave it without an IP address. You can detect rogue devices connected to your system because they will need to have a system IP address allocated from the scope listed in your IPAM database.
Who is it recommended for?
Morpheus is a good solution for companies that are constructing their own SaaS products that have both internal and external IP address needs. The system is also a good fit for businesses that run hybrid environments. The package is unnecessarily complicated for an on-premises DDI solution.
Pros:
- Cloud-Native: Ideal for businesses focusing on cloud or hybrid environments, offering flexibility and scalability.
- Simplified Management: Centralizes DDI tasks in a user-friendly dashboard, streamlining network administration.
Cons:
- Complex for Smaller Networks: May offer more functionality than needed for simpler network infrastructures.
The IPAM will not allow unauthorized devices to be allocated to a network IP address, which effectively locks out those access attempts. So, the Morpheus IPAM includes some strong security procedures and every address-related event is logged for system auditing. There isn’t a free trial of Morpheus, but you can access a demo version on the service’s website.
6. BlueCat Overlay for Microsoft
BlueCat offers an IPAM solution, but its presentation speaks more about its DNS and DHCP capabilities. The company focuses on address issues as security tools. This is strongly expressed in its DNS and DHCP management facilities, which, of course, are threaded together by the classic tasks of an IP address manager.
Key Features:
- Microsoft Integration: Tailored to enhance and work seamlessly with Microsoft DHCP and DNS servers for improved DDI management.
- Device Discovery: Keeps network inventory accurate with continuous monitoring and automatic discovery.
- IPv4/IPv6 Support: Prepares networks for future technologies with dual-stack capabilities.
Why do we recommend it?
BlueCat Overlay for Microsoft provides a method of removing the dependency between hardware and addressing on a network. This tool operates on the standard DHCP and DNS servers that are bundled into Windows Server and adds on IP address usage detection.
The starting point of the address manager is its device discovery routine. This is a persistent module that will continue to seek out all equipment connected to your network, and updating the resource directory as it finds changes in infrastructure. Once all devices have been identified, the next task is to ensure that they each have an IP address allocated.
The tool won’t act as a DHCP server. The software installs on Windows and interacts with the native windows DHCP and DNS server software. This enables it to spot abandoned IP addresses and update its database. It will also coordinate entries in the DNS server with its own IPAM records and the activities of the DHCP server.
This is a good tool for migration from IPv4 to IPv6 because it is dual stack. All address-related issues can be managed centrally through the BlueCat dashboard, so you don’t need to keep switching between management consoles in order to prevent address duplication or shortages. The tool includes an approvals hierarchy, individual user account, event logging, and automated task workflows, so it will help you cut down on the damage of human error.
Who is it recommended for?
This package can provide constant IP addresses for systems where you need to group subnets by device function instead of location. An overlay network disconnects the addresses used for physical devices. So, you can spread adjacent addresses to devices that are physically far apart. The service maintains two levels of addresses and interprets between them.
Pros:
- Enhanced Security: Focuses on addressing as a security concern, adding a layer of protection against network threats.
- Efficient Address Management: Automatically resolves IP conflicts and recycles unused addresses.
Cons:
- Platform Specific: Best utilized in environments heavily reliant on Microsoft services, which may limit its use in diverse IT landscapes.
This package is suitable for large, team-managed networks. BlueCat Networks doesn’t offer a free trial of its platform and it doesn’t even publish its prices.
Centralize address management
A full-service DDI solution is preferable to a working method that requires manual actions to reconcile DNS, DHCP, and IPAM actions. You just don’t have time to keep track of these three separate addressing functions and if you slip up on your oversight, users will run into problems and business will be lost.
The industry convention for implementing DDI is to keep each module separate, with a preference for the native abilities of Microsoft DNS and DHCP systems, which are bundled into Windows Server. That is bad news for Linux users, but other DNS and DHCP server platforms are often compatible with the tools that are listed in this guide. It is certainly true to say that users of Windows Server are better catered to in the IPAM market than Linux owners.
As you can see in the description of our recommended IP address management tools, solution providers concentrate their DDI integration facilities into their IPAM software. So, you need a competently-planned IPAM in order to fully integrate your network’s DDI functions.
Do you use an IPAM? Do you prefer to keep it separate from your DHCP and DNS servers, or did you make sure to put an IP address manager with DDI oversight capabilities? Have you installed any of the tools on our list? Leave a message in the Comments section and share your experience with the community.
IPAM Tools FAQs
What is IPAM Linux?
IPAM stands for IP Address Management and IPAM Linux would refer to an IP address manager that runs on the Linux operating system – it isn’t a Linux distro. An IPAM scans a network and detects which IP addresses are in use. By comparing this list to the records of a DHCP server, it is possible to see which IP addresses have been abandoned and os should be returned to the SHCP pool of available addresses.
What is IPAM in SolarWinds?
SolarWinds IP Address Manager (IPAM) is actually a DDI solution. DDI stands for DHCP, DNS, and IPAM. These three systems work together to manage the addresses on a network. The DHCP server allocates IP addresses to devices connected to the network and updates the DNS server, which corss0-references that address to a hostname. The IPAM makes periodic checks on the IP addresses that are in use so that the DHCP records of available IP addresses can be kept up to date.
Why is IPAM used?
An IP address manager (IPAM) makes regular checks on the IP addresses that are in use on a network and refers to the DHCP server’s records to verify that all allocations are up to date. This work provides two benefits. It spots IP addresses that are no longer in use and so can be returned to the DHCP server’s list of available addresses and it also spots rogue devices that have connected to the network using their own fixed IP address. A device that uses an IP address that was not allocated to it is possibly a hacker conduit and should be disconnected from the network immediately.