“I’ve been using Infoblox for DNS, DHCP, and IP address management for four years. It’s a solid product. We’ve moved resources around because the product works so well. Our global footprint is managed by 1.5 FTE—and that’s 65 devices.”
— Simran Sandhu, Manager of Global Infrastructure
Location: San Jose, California
Number of Users: More than 1,100 external domains
Solution: Infoblox DDI, Network Insight, Reporting and Analytics, DNS Firewall, and Advanced DNS Protection
A Legendary Silicon Valley Innovator Turns to Infoblox
Founded in 1982 and headquartered in San Jose, California, Adobe Systems is the original developer of the PostScript page description language and the Portable Document Format (PDF). The company develops multimedia and creativity software and rich Internet software products and delivers cloud services such as Adobe Creative Cloud, Document Cloud, and Marketing Cloud.
Outage Headaches and Sleepless Nights
Adobe has more than 1,100 external domains, and many of them are key to the business—so efficient management of DNS, DHCP, and IP addresses is crucial to both the company’s reputation and its success. But five years ago, when Brent Hetherwick joined Adobe as technical lead for DNS, DHCP, and IP address management (DDI), the company was running a legacy system that caused a patching-related outage which took 24 hours to resolve. And that outage wasn’t isolated. According to Hetherwick, the product was incredibly inconsistent. “I was called in the middle of the night almost every week,” he says. It was clear that the legacy system had to be replaced with a more reliable solution.
“A Very, Very Solid Platform”
Hetherwick had used Infoblox at another employer, and over his first year at Adobe, he designed a new and much better infrastructure based on the market-leading Infoblox DDI solution. Infoblox DDI features a patented Infoblox Grid™ architecture, central management, a shared data repository, and integrated software for the three core network services that make up DDI—all features that directly address the problems the legacy solution was causing. “Infoblox has given us a very, very solid platform,” says Simran Sandhu, Adobe manager of global infrastructure. “It works very reliably with little maintenance. And when there have been issues, the response from Infoblox support teams has been very positive.”
Some of the ways in which the Adobe IT team is utilizing the Infoblox solution remind you of just how innovative Adobe is. They’re using Infoblox Network Insight—which aggregates network infrastructure data with core network service configurations into one comprehensive, authoritative database—and Infoblox Reporting and Analytics to support an internal marketing campaign educating stakeholders on services the group offers. They also leverage the Infoblox Grid to make a contribution to compliance. “DNS is part of the overall compliance scope,” says Sandhu, “and we use the Infoblox Grid as the authoritative clocking source for all of our devices.”
Adobe is currently running Infoblox DNS Firewall—which detects and blocks malware communications to bad domains—in logging-only mode, and it has cast light on some nasty bugs that have slipped by Adobe’s other monitoring products. Sandhu says, “It is clear that the Infoblox security solution could make DNS a contributor to Adobe’s overall security network.” He also points out that Adobe is bolstering security with Infoblox security-hardened appliances running Advanced DNS Protection, which provides defense against DNS-based attacks such as floods, reflection/amplification, NXDOMAIN, DNS hijacking, and others.
“Network Insight has been very useful to us in discovering multiple networks,” adds Hetherwick. “It also gives us a certain amount of perspective when it comes to security. When I get questions from security about what is known about an IP address, I can go and look it up and see what DHCP host identification information is registered and what network infrastructure information is revealed by the discovery agent.”
Adobe also has an Amazon Web Services workload, and plans to evaluate the new Infoblox DDI for AWS integration, which increases agility and reduces expense in AWS deployments.
Training Valuable Staff to Manage Enterprise-grade DDI
Infoblox offers an extensive portfolio of Technical Training to help its customers get the optimal advantage from their Infoblox solutions, and Adobe has taken full advantage of it. In all, ten people from Adobe have taken the Technical Training courses with Infoblox, ranging from the NIOS Configuration Class to the Advanced Administration Class. “The Infoblox training classes give my team the necessary skills and fundamentals needed to effectively manage our DDI infrastructure,” says Sandhu. “But more than that, because the courses are taught by former field engineers, they learn real techniques and strategies from experienced Infoblox experts—this has proven to be invaluable.”
Measurable Results—and a Trusted Partner
Asked about measureable results, the first thing Sandhu mentions is how much Infoblox has relieved the burden on his staff. “One of the gains,” he says, “is that the entire Adobe global footprint is supported by 1.5 FTE. Brent is devoted 100 percent of the time to this service, and then I have another engineer in Bucharest who spends close to 50 percent of his time supporting the DDI environment, and the other time is spent on other network tasks. It has also given our service desk the ability to assign static IP addresses, and various teams have rights that are assigned by Brent, so they can go ahead and take certain appropriate actions such as updating their host records. We definitely have seen productivity gains from that.”
After four years on the Infoblox gear, both Hetherwick and Sandhu see the company more as a strategic partner than as a vendor. Performance, security, and visibility are key initiatives with Adobe’s executive leadership, so the network team is continuing to extend its use of reporting, discovery, and security capabilities available with the latest Infoblox products. “We have a very high degree of confidence in our Infoblox DNS services,” Sandhu concludes.