From back-office administration systems and registration and testing applications to Internet access in the residence halls for students and global affiliations with research partners, universities and their constituents have come to rely on the availability of the network and its applications for daily functions. In fact, because of increasing competition among universities, the availability of an institution’s network can affect student and faculty recruitment.

As a result of increased dependability on the network, considerable time and effort have gone into making the network infrastructure (i.e., routing and switching equipment) and applications, like e-mail and IP telephony, failsafe. Simultaneously, university IT departments have heavily invested in security solutions to prevent malicious attacks and intrusions into the network systems, testing applications, student records, and more.

However, core network services, which operate as the essential “glue” between the network infrastructure and applications and play an essential role in access control, have been neglected. If core network services–IP address assignment and management (DHCP and IPAM), name resolution (DNS), and authentication and authorization (RADIUS), among others–don’t work, the network and applications don’t work. This can compromise:

Network Access Mergers and acquisitions are fairly commonplace in the financial services industry. Network designers and administrators need powerful and flexible IP address management (IPAM) tools that enable them to bring together and manage complex networks and provide local administrative autonomy while retaining central control, management and accountability.

Availability of key applications, such as registration, testing, and other administrative functions

Ability to scale to meet demands of students and faculty for network access from new devices and to new applications like IP telephony

Security of applications and student records in the event that an IP address is assigned to an unauthorized individual

Repercussions like these merit deployment of a “utility-grade” core network services infrastructure that is reliable, secure, and manageable.

Inadequacies of Conventional Core Network

Services Infrastructure

Shortcomings in conventional core network services solutions (i.e., general-purpose servers, operating systems, and freeware) can unexpectedly disrupt core network services, the applications that depend on them, and general network security. Specific concerns with alternative solutions in a higher education environment include:

Requires experts to maintain: Frequent updates and patching consumes already limited university IT resources that can be applied to more advanced and pressing projects

Vulnerable to attacks: General-purpose operating systems and older BIND versions are open to attack, which can compromise system availability and integrity–essential to maintain in university environments where malicious attacks and intrusion are frequent

Limited means to segment users: Distinction between administrative and student users with clear access rights is nearly impossible to achieve with discrete systems

Disjointed systems: Provide little means for university-wide IP address audit logs/lease history to investigate network breeches

Administrative cost is high: There is no central point for campus-wide administration and each server has to be managed independently, consuming already limited university IT resources

Unreliable: It is difficult to implement high-availability solutions and achieve failover, which can compromise university network and application availability; this can disrupt registration, testing, and more

Scalability is poor: As more devices are introduced to the university network and application demands increase, the need for more capacity and functionality can produce latency

To provide nonstop core network services, eliminate reliance on experts, and improve security-including the ability to distinguish access rights by user-higher education institutions need to consider a next-generation approach to delivering and managing core network service infrastructure.

Infoblox Core Network Services Platform

Appliances Deliver High-availability Services and Secure Infrastructure
Based on purpose-built appliance platforms that are designed for nonstop operation in high-performance networks, Infoblox provides high availability (HA) between appliances using industry-standard Virtual Router Redundancy Protocol (VRRP) for sub 5-second network failover.

Infoblox appliances are preconfigured with operating and application software, eliminating build time, and enabling “one-button” upgrades to accommodate new features and easy installation of the latest BIND releases. This simplifies deployment, eliminates the need for experts to maintain the systems, and increases scalability and security. Additionally, the custom Infoblox NIOS™ operating software is hardened and, therefore, secure from vulnerabilities associated with general-purpose operating system approaches.

Additionally, Infoblox delivers DHCP failover, which synchronizes DHCP lease databases between two Infoblox DHCP servers configured in a failover association. If either should fail, the other can take over issuing and even renewing leases. This ensures DHCP assignment resiliency and consistency, which is essential to preserving security of network resources.

Grid Technology Ensures Continuous Uptime and Centralized Management
Infoblox’s grid technology, which includes a unique semantic database, links appliances across a campus and/or a WAN to satellite campuses or partner research sites into a unified, distributed system that is resilient to network and equipment failures and assures continuous uptime.

For example, if an appliance connected to the grid at a remote campus site fails, it can be replaced with a new device, powered on by any local staff member-no expertise required. The device will configure itself and synchronize with the network database within minutes. The site can be operational again within minutes, rather than the hours or days it can take with legacy technology. Or, in the event of a WAN link failure to a site or appliance, the configuration and data will be updated automatically when the link is restored.

In addition to increasing reliability, Infoblox’s grid technology allows central management reducing administrative overhead. It also provides visibility into the services and the associated data (i.e., MAC/device addresses, user credentials, DNS records, etc.). This increases visibility into and control of who is on the network as well as when, where, and what they are accessing.

In the event of a malicious attack, leveraging the rich data, such as DHCP lease history, available through the Infoblox approach, university IT representatives can easily identify which port had a rogue appliance/address on it and shut down the port, device, and/or identify the malicious user to stop the security incident or prevent them from accessing the network again.

Unique DHCP Authentication Capability Increases Security
To accommodate university environment requirements to distinguish access rights by user (i.e. student versus faculty), Infoblox offers the ability to authenticate users at the time of IP address assignment. Infoblox DHCP authentication capabilities validate the identity of users before granting them access to a network, registers unknown users, and ensures that only valid devices and users (i.e. faculty) are granted full access to the network (i.e. administrative systems). For example, different IP addresses can be designated for faculty, students, and guests respectively, and unknown devices and users can be quarantined to provide granular access control. An added benefit of Infoblox’s unique authenticated DHCP capability is that MAC filter lists can be modified without taking the systems offline so modifications without disruption can be easily accommodated.

Summary

Educational institutions today continue to largely rely on traditional server-based implementations for core network services. This leads to high cost of operations, and becomes increasingly difficult to justify as the number of devices, complexity of implementation, and security risks increase. By migrating to an Infoblox appliance-based approach, higher education institutions can achieve high network availability, scalability, and security, while reducing administrative overhead.

To learn more about Infoblox solutions or to evaluate Infoblox products in your environment, please contact us at info@infoblox.com or call +1.408.625.4200.