Getting started with ManageEngine DDI

Getting started with ManageEngine DDI

 

 Adding Clusters 


Upon successful signup, the first glimpse within the DDI console reveals an empty dashboard. To get started, create clusters and add your DNS and DHCP servers to your clusters for effective management of your network infrastructure.

To create new clusters
  • Click on the plus ( + ) sign at the top right corner.

  • The Add Cluster window appears prompting you to enter the name and type of the cluster: DNS, DHCP or Both.
    Selecting either DNS or DHCP will create a cluster dedicated only for DNS servers or DHCP servers, respectively. Selecting both enables you to add both DNS and DHCP servers into the cluster.

  • Clusters in DDI are logical groupings of servers - DNS, DHCP or both organized for identification and administrative purposes. These clusters operate independently of other clusters configured within DDI. Each cluster you add has its own internalized  IP address plans, IP inventory,  IP Address Manager, DNS manager and DHCP manager. A single cluster can accommodate any number of DNS servers and DHCP servers.

  • After making the necessary selection, click Save to create the cluster.

  • Once the cluster is created you will be directed to the Servers-> Create Server page where you'll be prompted to add your DNS and DHCP servers as per your selection.

 




 Modes for deploying servers 

 

 DDI server  incorporation modes


Servers can be added to the DDI Clusters using the Discovery mode or can be set up as new servers from the scratch.  

  DDI as an overlay    

Enable DDI to seamlessly discover and integrate your on-premises infrastructure's complete DNS-DHCP server configurations, including the entire IP address footprint, into the intuitive DDI console interface.

 DDI as a DNS-DHCP-IPAM service provider   

As ManageEngine DDI is bundled with  DNS and DHCP services you can set up new servers, enable ManageEngine DDI to implement, configure, and manage DNS, DHCP and IPAM services on your network infrastructure from scratch as you install it.

 

 Core to periphery DDI   

Deploy DDI flexibly to manage both your on-premises internal and external DNS-DHCP cluster of servers that are accessible via VPN, point-to-point connections, private networks connected via MPLS(Multiprotocol Label Switching) services offered by ISPs, and SD-WANs.

Note: ManageEngine DDI only supports  Internet Systems Consortium (ISC)'s ISC DHCP and BIND9 DNS servers.



 Adding Servers  in DDI

Once the cluster is created, you'll be immediately directed to the Servers page to add your DNS and DHCP servers. If not, you can add servers by selecting the Settings menu from the menu bar along the left side of the screen. From the submenus that appear in parallel, choose Servers.

  • On the Servers page, click the Add Server button on the top left corner.

  • The Create Server page appears on the screen. Here, you can add your DNS-DHCP servers either by discovering existing server configurations or by simply adding the server to the DDI console and configure it using the DDI user interface at later stages.

Enter the server details like

  1. SERVER NAME: A required field where you assign a unique name to the server being configured or added for identification.
    Note: No two servers in the same or different clusters can have the same name.

  1. TYPE: Select the type of server being set up, such as DNS, DHCP, or both (server that is configured for both DNS and DHCP services).

  1. SERVER IP: Specify the IP address of the server being added.

  1. AGENT HTTP PORT: Specify the port number used by the DDI Node Agent installed in the server for HTTP connections.

  1. AGENT HTTPS PORT: Specify the port number used by the DDI Node Agent installed in the server for HTTPS connections.

  1. DISCOVER EXISTING CONFIGURATIONS?: You have two choices to make here, opt for Step 7 or Step 8 depending on your requirement.
     Step 7 -> Advanced DNS-DHCP-IP address discovery
    Specify any one of the options :DNS, DHCP, or Both to discover all the existing configurations from the server, or
    Step 8 -> Adding and configuring servers using DDI
    Specify No if you just want to add and setup a new server from the scratch. You can setup the required DNS, DHCP or combined configurations to your server to get it configured through the user-friendly DDI user interface later.

 

 Advanced DNS-DHCP-IP address discovery 

  1.   To discover all the advanced configurations of DNS-DHCP services, the whole IP address plan and the current IP address inventory

Choose any one of the three options: DNS, DHCP, Both,  for the Discover Existing Configurations? 

Note: Selecting either DNS or DHCP will result in the discovery of only the DNS or DHCP configurations, respectively, from the server. 
When discovering a DNS server with DDNS-enabled domains, ensure that both DNS and DHCP servers are discovered at the same time for DDI to capture the combined configurations. Similarly, while discovering DHCP servers that provision IP addresses for dynamic domains, it is essential to discover the corresponding DNS servers as well.

 

Provide the essential Config Path and the Zone File path for the DNS servers, while providing the Lease Path and the DHCP server path for the DHCP servers.

 

 

 

 Setting up servers through DDI    
 

  1. You can add new servers to DDI console and enable  ManageEngine DDI to implement, configure, and manage DNS, DHCP and IPAM services on your network infrastructure from scratch. As DDI has DNS and DHCP bundled with the product and it gets deployed on your servers while installing the product. For this, you'll have to choose No for Discover Existing Configurations? option.  

 

   App Console Details
  

  1. APP CONSOLE: Enter the static IP address of the central server that hosts the DDI application console associated with this server.
    Note: It is crucial that this IP address remains constant to maintain consistent connection between the central DDI console server and the Node Agents installed in all your DNS and DHCP servers.

  1. HTTP PORT: Specify the port number of the central DDI application console server for HTTP connections.

  1. HTTPS PORT: Specify the port number of the central DDI application console server for HTTPS connections.

  1. Click Save to add the server into the ME DDI console.
    If you have chosen the discovery option as outlined in Step 7, ManageEngine DDI will begin to discover configurations from the designated paths for each service.
    Note: The discovery process takes a considerable amount of time depending on the volume of configurations in the servers. Wait until the whole process completes.

    Once you add your server into the DDI console you can further proceed modifying the discovered DNS-DHCP-IPAM configurations or quickly start setting up  the DNS-DHCP-IPAM configurations for the new server through the user-friendly DDI user interface.  



 Monitoring servers  

To monitor the load and performance of your DNS and DHCP servers:

Select Settings-> Servers. The Servers page appears listing the servers added.

First it displays the status of the DNS, DHCP4, and DHCP6 services of the cluster.

 

DDI also gives a visual snapshot of a different part of your server's load, health and performance. CPU, memory, and disk percentages of your server represent different aspects of the server's system resource usage, each playing a unique role in the server's overall performance. Understanding the differences between them can help diagnose performance issues or guide system upgrades.

  1. CPU Percentage

    • The CPU (Central Processing Unit) percentage indicates how much of the CPU's processing power is being used. It reflects the workload being processed by the CPU of your server at any given moment.

    • Implications: A high CPU percentage can mean the processor is handling a lot of tasks simultaneously or dealing with a few very demanding tasks. If the CPU usage is consistently high, the server might slow down or become unresponsive, especially if it's attempting to process more data than it can handle efficiently.

  1. Memory (RAM) Percentage

  • The memory percentage refers to the proportion of the computer's RAM (Random Access Memory) that is currently in use. RAM is used to store data and program instructions needed immediately or shortly by the CPU.

  • Implications: High memory usage indicates that a large amount of the system's RAM is being used. If the server runs out of RAM, it starts using disk space as virtual memory, which is much slower. Excessive memory usage can slow down the system, cause programs to respond more slowly, and may lead to system instability.

  1. Disk Usage Percentage:

    • Definition: Disk usage percentage shows how actively the server's hard drive (or SSD) is being read from or written to. It’s different from disk capacity, which refers to how much data is stored on the disk.

    • Implications: High disk activity can indicate that a lot of data is being transferred to and from the storage device. This could be due to various reasons, like file copying, intensive read/write operations by applications, or because the server is using the disk for virtual memory. Prolonged high disk usage can slow down the server, as the disk is generally the slowest component in terms of data access.

For optimal performance, it's crucial to have a balanced server where no single resource consistently becomes a bottleneck. For example, a powerful CPU can be underutilized if the server doesn't have enough RAM or if the disk is too slow to provide data quickly. Similarly, having a lot of RAM is less useful if the CPU isn't fast enough to process the data held in the RAM, or if the disk is too slow to load new data into the RAM efficiently. Regular monitoring of these percentages can help in identifying and resolving performance bottlenecks in a computer system.



 

 Configuring the SMTP host 

  • DDI Admins can configure to send email using a particular SMTP host.

  • Provide an SMTP username and password for the authentication of email notifications. This is optional; you can enable or disable it anytime.

  • Configure the SMTP host, sender address, and optional username and password. For this select Settings-> SMTP. The Configure SMTP window appears on screen. Enter the details as mentioned below:

  1. PROTOCOL: Choose the encryption protocol for SMTP communication: either TLS (Transport Layer Security) or SSL (Secure Sockets Layer), both of which ensure that email communications are encrypted for security.

  1. HOST: Provide the FQDN(Fully Qualified Domain Name) of your mail server in the following format: hostname. domain. tld

  1. PORT: The port number used for SMTP connections. It's set to 587 for TLS,  465 for SSL. If no encryption protocol is chosen the port number switches to the traditional SMTP port 25.
    Note: Port 25 does not imply any encryption and is often used for relaying emails across servers. Due to its lack of security features, it's generally not recommended for submitting emails from clients to servers. Additionally, many ISPs block outgoing connections on port 25 to reduce spam.

  1. FROM ADDRESS: A valid sender email address DDI uses to send mails incase of password recovery and other notifications.

  1. AUTHENTICATION: A toggle switch, which can enable or disable the authentication required for sending emails through this SMTP host.

  1. USERNAME: The username for authenticating with the SMTP host, often the same as the email address.

  1. PASSWORD: The password required for SMTP authentication.

  1. Click Save. Now, when ME DDI issues an email notification- whether it is for alerts, confirmations or any other communication, the email will be dispatched via the chosen SMTP server using the specific From Address that has been configured in the DDI settings.

 

To start the email notification service and subscribe to notifications pertaining to a cluster, set up a Contact group under the cluster by selecting Settings-> Contact groups.

 



 

 Adding Users 

To add users as an admin:

  • Select Settings->Users.

  • Under the User Management tab, click on the Add User button in the right corner.

  • Enter the essential details of the user, including Name, Username, email, and password. You can enable or disable the login for this particular user. Set Yes to enable the login. Enable the TOTP login for the user to add an extra layer of security.

  • Finally, Assign the appropriate role for the user.

  • DDI provides two roles: Admin and Operator. The Admin role has unrestricted access, while the Operator role has limited access, which can be extended by granting specific permissions for each cluster or zone as needed.

  • Click Save.

  • Provide the Username, Password, and URL for the other users you've added. Make sure they login using the URL from their web browser.

  • Once they login they'll be prompted to reset their password and login to the DDI system.

  • Enabling Two-factor authentication for the users


DDI enhances user account security by mandating two-factor authentication (2FA) for all users associated with your organization. This additional security layer requires verification through a time-sensitive code generated by a compatible mobile authenticator application. The following steps outline the 2FA process.

  1. Users need a mobile device capable of running a TOTP-enabled authenticator mobile app.

  1. ManageEngine DDI is compatible with various mobile authenticator apps, including Google Authenticator, Zoho's OneAuth, Authy, and others.

  1. Install your chosen authenticator app on your smartphone.

  1. Link DDI to the authenticator app either by scanning the QR secret code displayed on the DDI login page or by entering the code manually. This is a one-time process.

  1. On subsequent logins, enter the TOTP displayed in your authenticator app. The OTP adds an extra layer of security and can be generated without an internet connection.

  1. Upon first accessing DDI, all users except the Admin who managed the installation process will need to reset their password.

This two-factor authentication approach ensures that access to DDI accounts is secure, combining something the user knows (their password) with something they have (a TOTP from the authenticator app).

 

 User permissions 

 

Admin can

Operator can

Create, update, and delete user

-

Add, update, and delete zones

Update zone if operator has zone permission

Create update and delete cluster

-

Giving cluster and zone permission to the operator

-

Add, update, and delete servers

-

Add SMTP details

-

Able to see login and logout details of the user

-

Able to see DHCP and DNS audit report

-

Reset client credentials

 Reset client credentials

Enable TOTP for an user

-

Delete TOTP device

-

Add, update, and delete records in zone

 Add, update, and delete records in zone if the operator has zone permission

Add, update, and delete named options

 Add, update, and delete named options if the operator has cluster permission

Add, update and delete dhcp options

Add, update and delete dhcp options if operator has cluster permission

Add, update, and delete custom options

Add, update, and delete custom options if the operator has cluster permission

Add, update, and delete subnet, shared network, client class, host, host group and vlan

Add, update and delete subnets, shared network, client classes, host, host group and vlan if the operator has cluster permission

 

Add, update and delete supernet

Add, update and delete supernet if operator has cluster permission

 

Add, update, and delete failover configurations

Add, update, and delete failover if the operator has cluster permission

Enable, add, update, and delete named views

update named_view if operator has cluster permission

Add, update and delete DHCP Zone

Add, update, and delete DHCP Zone if operator has cluster permission

 

Add, update, and delete records in views

Update view if operator has zone permission

 

 User Audits 

The User Audit tab can be accessed by selecting the Audit menu from the left menu bar. The User audit tab helps you monitor your users' login activities by capturing the username, date, and timestamp of the latest login activities.

 

 



 

 Creating  Contact Groups  

 

DDI enables you to group specific users under your organization to create special contact groups. You can associate the relevant contact group to be notified of alerts or incidences concerning that domain and associated monitor.

 

To create a contact group

  1. Select Contact from the left menu bar. In the Contact page, under the Contact Groups tab, CloudDNS displays the list of contact groups created under the organization.

  1. Click on the Add Group button to create a new contact group.

  1. Enter the details of the group, like the group name.

  1. For the group email, add the list of email ids of the members to send notifications to, one by one, and click Add after each selection.

  1. Select the required clusters one by one and click the Add button after each selection. Click Save.

  1. On successful association, the Contact Group tab on the Contact page displays the list of members in the Contact Group as well as the list of Associated Clusters.

  1. To dissociate any cluster or contact from the Contact Group, click on the Edit button on the extreme right. From the Edit Group window, deselect the email ids or the clusters using the minute close button at the top right corner of each selection.

 



 

 

 

 


                  New to ADSelfService Plus?

                    • Related Articles

                    • ManageEngine DDI- Quick installation guide

                      Note: ManageEngine DDI is available only for Linux platforms. ManageEngine DDI can be deployed as an overlay for your existing Linux DNS and DHCP environment that supports Internet Systems Consortium : ISC DHCP and ISC BIND9 DNS. Installing DDI ...
                    • System requirements for ManageEngine DDI

                      Hardware requirements for ManageEngine DDI Console - main server ManageEngine DDI Console server hardware requirements for discovering and managing existing installation of ISC-DNS and ISC-DHCP is as follows: Parameter Essential/Professional ...
                    • DDI application architecture

                      ManageEngine DDI has two components DDI Console and DDI Node Agent to be downloaded. DDI Console DDI Console provides centralized User Interface to manage all your DNS, DHCP clusters and also helps to manage your IP address inventory. DDI Node Agent ...
                    • Managing DHCP scopes

                      What is a DHCP Scope? A DHCP scope is a network topological element in DHCP defined as a pool of IP addresses that a DHCP server can dynamically assign to clients on a particular subnet. Each scope represents a range of IP addresses that are ...
                    • Managing DNS resource records

                      What are domain Resource Records (RR)? Resource Records (RRs) are the fundamental information elements of the Domain Name System (DNS). Each RR defines a specific piece of information about the domain. Here are the general components of an RR: Name: ...