Underlying every network is a set of core network services that contribute to the reliability, availability, security, and operational efficiency of all networks and applications. This set of essential services includes naming, addressing, authentication, file distribution, and logging. Today’s organizations need an infrastructure that integrates, distributes, and manages these core network services throughout an extended enterprise.

Appliance Delivery of Core Network Services

	The Network Services Suite is available on all Infoblox appliance platforms.

Most organizations deploy core network services like DNS, DHCP, RADIUS, and TFTP using an ad-hoc collection of software applications on conventional servers and operating systems. This approach is no longer acceptable in light of the growing demands on these services for availability, security, manageability, and growth. As a result, appliance delivery of these services has become a recommended industry best practice because appliances are inherently more reliable, manageable, scalable, and secure than software on general-purpose servers. In distributed environments, appliances need to be linked together to provide centralized management, ensure accuracy of data, provide for nonstop service delivery, and enable fast and easy disaster recovery.

The Network Services Suite is a software package available for Infoblox appliances that provides a full complement of core network services delivered using the secure Infoblox NIOS™ operating system and the integrated bloxSDB™ database. The Network Services Suite also includes the Infloblox grid module, which connects distributed appliances into unified Infoblox grids that provide unparalleled management, control, visibility, and service resiliency. Infoblox grids provide a foundation for delivering highly available, secure, and easily managed network services across an enterprise, including:

• Protocols (DNS, DHCP, RADIUS, TFTP, NTP, etc.)
• Data (IP addresses, MAC addresses, user credentials, domain names, transaction logs, etc.)
• Files (policies, device configuration files, executable programs, certificate revocation lists, etc.)

Infoblox grids combine the power of nonstop local service delivery with the benefits of consolidated management and control. They provide the next level of essential infrastructure needed to support all networks and applications.

Features and Benefits

The Infoblox Network Services Suite provides the essential services required by all networks and applications and allows organizations to deploy these services throughout the network to enhance reliability, availability, and security while lowering operational costs. The services included in the Network Services Suite include:

• Naming services via Domain Name System (DNS);
• Addressing services via Dynamic Host Configuration Protocol (DHCP);
• Network visibility and control via IP address management (IPAM);
• Authentication services (RADIUS);
• Configuration services via Trivial File Transfer Protocol (TFTP);
• Configuration services via HTTP;
• Time synchronization services via Network Time Protocol (NTP);
• Logging services via Syslog

The Network Services Suite also includes Infoblox’s patented grid technology for linking distributed appliances into a unified grid. The embedded databases in all Infoblox appliances within a grid are intelligently interconnected so that they share a common, real-time view of host names, IP leases, user credentials, and other network data. The Infoblox grid uses secure communication among appliances and also uses sophisticated database technology to maintain data integrity. This ensures that all appliances in the grid have the right data and that the grid continues to deliver services without data loss or corruption in the face of a wide range of device or WAN failures. Infoblox grid technology also supports intelligent data replication to minimize the use of bandwidth in the grid and to enable “right-sized” appliances to be deployed at each location.

Additional Benefits

High-availability Services: High-availability (HA) services are supported by bloxHA™ technology—which uses industry-standard Virtual Router Redundancy Protocol (VRRP) for sub 5-second network failover—and bloxSYNC™ technology to ensure real-time database synchronization with no loss or duplication of data.

Integrated, Zero-admin Database The Network Services Suite stores all DNS, DHCP and authentication data in the integrated bloxSDB™ database, which is built into the Infoblox NIOS™ software provided on all Infoblox appliances. The bloxSDB database uses sophisticated replication technology to distribute data throughout the grid in real time, enabling key benefits including centralized management, nonstop service delivery, real-time monitoring and reporting, and built-in disaster recovery.

Easy-to-use GUI: The Network Services Suite includes the Infoblox Grid Manager that can be run from a PC running Windows XP or Linux OSes. The Grid Manager streamlines complex and repetitive management operations and enables administrators to focus on data and services rather than boxes and protocols. This reduces management time and eliminates many common data entry errors.

The Network Services Suite includes the Infoblox Grid manager.

High-availability Services: High-availability (HA) services are supported by bloxHA™ technology—which uses industry-standard Virtual Router Redundancy Protocol (VRRP) for sub 5-second network failover—and bloxSYNC™ technology to ensure real-time database synchronization with no loss or duplication of data.

Granular Administration : Administrators can delegate the management of particular zones, networks, and devices to other administrators, and they can also create “read-only” profiles for delegated administrators. This allows companies to grant individuals, in different parts of an organization, management authority over only a portion of the network’s resources.

Hardened Security: The Infoblox NIOS Software is hardened and consistently withstands security scans and attacks from the most demanding government and military organizations. DNS, DHCP and authentication services can be upgraded easily, ensuring minimum exposure to security threats. In the event a new exploit is discovered, the underlying Infoblox NIOS software can be upgraded in minutes via a single, simple operation. This makes it much more difficult to penetrate than general-purpose operating systems with known vulnerabilities. All data distribution and management communications are secured using Secure Sockets Layer (SSL)-encrypted VPNs for protection against management compromise.

Nonstop Infrastructure for Critical Network Solutions

Infoblox network services appliances include a range of special capabilities that serve key network applications:

A Foundation for 802.1X and Network Access Control (NAC)
The RADIUS authentication services provided with the Network Services Suite deliver a unique solution for distributed networks using 802.1x authentication. Additionally, the Infoblox NAC Foundation module—included in the Infoblox NIOS software—provides intelligent, policy-based control over Infoblox’s DHCP services and, as such, provides a foundation for a wide variety of NAC solutions using components from multiple vendors. It also provides basic NAC functionality, such as guest access and network quarantine out of the box. The NAC Foundation module—which includes a captive Web portal for user and guest registration—interfaces with third-party authentication and endpoint policy assessment systems, and contains a built-in policy engine. It is fully integrated with the other Infoblox NIOS software modules as well as Infoblox grid technology, benefiting from the native grid benefits, including central administration and high-availability failover.

Network Services for Voice over IP
The Network Services Suite delivers a combination of features that provides an easy-to-manage, high-availability solution for IP
voice applications:

High-availability DHCP
Infoblox supports industry-standard DHCP failover that works across distributed WANs. In addition, pairs of Infoblox appliances can be easily configured in “HA mode” to provide fast failover and real-time data synchronization without requiring inefficient allocation of IP addresses. This ensures that IP phones are always able to receive IP addresses and connect to the network.

Built-in File Transfer via TFTP, FTP or HTTP
IP phones require periodic updates to firmware and configuration files using FTP, TFTP or HTTP services. The Networks Services Suite extends the benefits of grid technology to managing IP telephony by providing a distributed, centrally managed FTP/TFTP/HTTP configuration service. Firmware and configuration files are uploaded to the grid master and automatically delivered to all appliances in the grid with a single operation. In Cisco environments, the Infoblox Grid Connector automatically synchronizes firmware and configurations between Cisco Call Manager and the grid master. This greatly reduces the time required to manage IP phone firmware and ensures that all devices always have the right software and configurations.

Reliable DNS Infrastructure for Microsoft Active Directory (AD)
Infoblox is a Microsoft Certified Partner and the Infoblox DNSone package includes special support for easy integration into Microsoft AD environments. This enables enterprises to ensure that the critical DNS services needed for their Microsoft and non-Microsoft applications are always available and secure.

Reliable DHCP and RADIUS for Wireless Networks
Providing secure, reliable, policy-based access to wireless networks places additional demands on the underlying DHCP and RADIUS services. The industry standard for securing a wireless network is 802.1X authentication that uses the RADIUS protocol to communicate to an authentication server every time a user tries to access the wireless network. Additionally, mobile devices may require a new IP address each time they associate with a different access point as they move throughout a building or campus. User VLAN assignment based on Active Directory group membership and VSAs enhance network access and security.Infoblox’s bloxHA and grid technology provide reliable DHCP and RADIUS services to ensure that the wireless network is always available and secure.

IP Address Management (IPAM)
IP addresses are one of the most critical resources that need to be managed in any network. Having immediate access to information such as which IP addresses are in use, when they were allocated, which devices they were assigned to, and who is using them is critical to eliminating conflicts and network outages, tracking critical assets, ensuring network security, troubleshooting network problems, and enabling regulatory compliance.

Infoblox IP address management lets customers manage DNS and IP address data at a company-wide level, delivering unified management, monitoring, and administration—and providing for appropriate levels of centralized auditing and reporting. The Infoblox IPAM module, in combination with the DNS and DHCP modules included in the Network Services Suite, delivers the world’s first and only appliance solution that integrates DNS and DHCP with built-in IPAM.

DNS
	RFCs supported: 1034 and 1035 Dynamic update, RFC 2136 Incremental zone transfer, RFC 1995 Notification of zone changes, RFC 1996 Secret key transaction authentication (TSIG), RFC 2845 Classless IN-ADDR.ARPA delegation, RFC 2317 Protocol engine: BIND 9.3.4 Additional Capabilities Secure dynamic DNS updates using TSIG Conditional forwarding Microsoft Active Directory support Infoblox Views IP-address-based access lists on queries, zone transfers, and dynamic updates Zone import tools Customizable TTL settings

DHCP
	RFCs supported: RFCs 3046, 2131 and 1531 BOOTP, RFCs 1534, 2132 and 4388 Protocol engine: DHCPD 3.1 Additional Capabilities VLSM (Variable Length Subnet Mask) support CIDR (Classless Inter-Domain Routing) support Multiple subnets per segment (supernetting) “Static leases” based on MAC address (manual allocation) MAC-address-based filtering Support for custom DHCP options Address availability checking before assignment DHCP relay agent/Option 82 support DHCP Vendor Class Identifier/Option 60 support Secure DHCP-DNS integration updates DNS when leases are issued Advanced DHCP Options Editor Windows, Unix, and Mac OS compatibility External syslog server support

Radius Technical Specifications
	Authentication Method • PAP - Password Authentication Protocol • EAP – Extensible Authentication Protocol for 802.1x port-based authentication EAP-TLS, EAP-MSCHAPv2, EAP-GTC • PEAP – Protected Extensible Authentication Protocol for 802.1x port-based authentication PEAP/EAP-GTC, PEAP/ EAP-MSCHAPv2 (authentication method natively supported by Microsoft Windows clients) ) • EAP/TLS – Extensible Authentication Protocol Transport Layer Security, provides mutual authentication, requires client certificates •EAP-TTLS/EAP-PAP, EAP-TTLS/EAP-MS-CHAP, EAP-TTLS/EAP-MS-CHAPv2, EAP-TTLS/EAP-GTC User Databases • Internal User Database • Microsoft Active Directory (using the Infoblox Replication Agent for Active Directory)

Part Numbers
	Descriptions Infoblox-250 with Network Services Suite, 100 Leases IB-250-100-NSS Infoblox-250 with Network Services Suite, 300 Leases IB-250-300-NSS Infoblox-550 with Network Services Suite IB-550-NSS Infoblox-1050 with Network Services Suite IB-1050-NSS Infoblox-1550 with Network Services Suite IB-1550-NSS Infoblox-1552 with Network Services Suite IB-1552-NSS Infoblox-2000 with Network Services Suite IB-2000-NSS

Infoblox product warranty and services

The standard hardware warranty is for a period of one year. The system software has a 90-day warranty that will meet published specifications. Optional service products are also available that extend the hardware and software warranty. These products are recommended to ensure the appliance is kept updated with the latest software enhancements and to ensure the security and availability of the system. Professional services and training courses are also available from Infoblox. Information in this document is subject to change without notice. Infoblox Inc. assumes no responsibility for errors that appear in this document.