Agriculture and Agri-Food Canada
With Infoblox, we’ve been able to upgrade and replace units in the middle of the day, and the new units seamlessly rejoin the grid without impacting users or service availability.”
—IT security analyst, Canada’s Department of Agriculture
Agriculture and Agri-Food Canada (AAFC) helps ensure the agriculture, agri-food and agribased products developed in Canada to compete in domestic and international markets, deriving economic returns to the sector and the Canadian economy as a whole. The activities of the Department extend from the farmer to the consumer, from the farm to global markets, through all phases of producing, processing and marketing of agriculture and agrifood products.
AAFC also provides the overall leadership and coordination on federal rural policies and programs through Canada’s Rural Partnership, and supports co-operatives to promote economic growth and social development of Canadian society.
Agriculture and Agri-Food Canada (AAFC) previously relied on BIND and Linux/Microsoft servers to deliver domain name system (DNS) and dynamic host configuration protocol (DHCP) services across their 80 locations throughout Canada. These systems proved unreliable and difficult to manage due to lack of redundancy and complicated maintenance and upgrade processes.
And, there was no IP address management capability, so AAFC tracked IP addresses through a multitude of spreadsheets.
These disjointed systems and management silos resulted in network issues and unnecessary administrative overhead.
In order to reduce manual-task related errors and improve network availability and visibility, Frank Simioni, Chief, IT Security at Canada’s Department of Agriculture, searched for an appliance-based DNS and DHCP solution with built-in IP address management (IPAM) and an intuitive graphical user interface (GUI).
AAFC evaluated BlueCat and Infoblox; choosing the latter because of its simplicity and userfriendly interface. Infoblox’s Grid™ technology, easy updates/patching and “one-button” disaster recovery capability was also very appealing to the department’s IT team.
AAFC selected Infoblox -1050 appliances with Trinzic with Grid, which links a collection of appliances into a unified, centrally-managed platform. Benefits include resilient operations, unified management and real-time, secure, system-wide updates. Infoblox’s easily customizable solutions have made it possible for the department to address all its DNS, DHCP and IPAM needs. Vincent Boileau, IT Security Analyst, shared that one of the biggest benefits of Infoblox’s Grid technology was that he knew the essential DNS and DHCP network services would work around the clock.
“Infoblox’s Grid technology and high availability features have improved our reliability tremendously. This has made a huge difference in maintaining our 24x7 news and publishing business,” said Boileau.
He added: “The Infoblox appliances make it incredibly easy to establish a backup in the event of a disaster. Because of the grid architecture, we’ve been able to upgrade and replace units in the middle of the day, and the new units seamlessly rejoin the grid all without impacting the users or service availability.”
The Infoblox solution was easy to deploy and simple to upgrade because it eliminates the need to install and manage an operating system on individual devices with its Grid technology and offers an intuitive graphical user interface (GUI) for easy DNS and DHCP changes. Further, the purposebuilt appliance approach has inherent security benefits and increases reliability with built-in high availability functionality.
“Since installing the Infoblox appliances, we have a more effective, available, secure and resilient solution. The boxes require very little maintenance and they just work,” said Boileau.
AAFC now has the ability to delegate administration of certain subnets to regional administrators, spreading control where it is needed. And, by having a single source for logs, the AAFC can easily access information needed to meet Canadian Government IT compliance and security reporting needs.
“Our high availability Infoblox DNS deployment has provided the availability, resiliency and security that Internet-facing DNS servers should have, all while ensuring the administration of the DNS zones are far easier and less prone to error. These boxes support DNSSEC and DNS64 right out of the box,” said Boileau. “Although .ca and .gc.ca aren’t DNSSEC signed by CIRA yet, knowing that these boxes can enable this function without requiring any major reconfiguring when the time comes is very reassuring and puts us at ease.”
Simioni concluded, “With Infoblox, we most definitely made the right purchase. Since these products went into production, we have experienced 100% service uptime.”
The Canadian Federal government recently announced in summer 2011 the creation of Shared Services Canada, which aims to consolidate IT services across 43 different departments. One of the goals of that consolidation is to reduce data center count from over 300, down to 20.
AAFC is an example of this by migrating their 67 DHCP servers down to the Infoblox appliances – that`s 67 servers they no longer need to support. Boileau commented, “From a hardware and operating system perspective, that’s 67 servers that don`t need power nor need to be cooled, and 67 servers that won`t need to be consolidated as part of the Shared Services Canada initiative, so the use of Infoblox appliances is helping meet some of the goals of the new Shared services Canada vision for more effective use of IT resources.”