ZoneRanger in the MSP - Managing Duplicate (Overlapping) IP Addresses


A significant number of the enterprises do not have a registered IP range. As long as the organization manages their network and systems this is does not create problems. Many organizations have chosen to outsource network management. The unregistered address create a significant effort for the service provider. The service provider must isolate duplicate address or translate them using network address translation (NAT). Unless the client is large enough to justify a separate network and full suite of management applications, NAT is used to add the new client to the existing service providers network of clients.

The ZoneRanger Solution

The ZoneRanger isolates each client network. This isolation is accomplished by the restriction of traffic between the Ranger Gateway inside the firewall of the service providers network. For some applications the ZoneRanger only knows about the nodes management by the application. For applications that require the node to add to the applications database, the ZoneRanger will provide the necessary NAT to isolate the devices seen by the application. The single configuration of the ZoneRanger is open to an unlimited number of applications. Changes to the network are managed within the ZoneRanger. Connection to these devices is achieved by a single rule and port in the firewall. Network additions or changes do not require a change to this firewall configuration.

One of Tavves MSP partners has a large health care client. This client has grown via acquisition. Their large network consists of numerous small organizations with unregistered IP addresses. As predicted there is significant overlap of IP addresses. The complexity of managing this issue is magnified by the extensive firewall configurations in place to meet HIPPA requirements. A committee must approve all firewall changes. The ZoneRanger has isolated the overlapping addresses and while eliminating most firewall rules required for network management. The ZoneRanger without additional committee involvement can handle new devices, applications, and network changes. For the MSP the ZoneRanger has reduced the staff required to support the clients network. The ZoneRanger has increased the overall security, while reducing the bureaucracy. The ZR solution has increased efficiency and decreased the operational costs.