The Catholic Education Network (CEnet)

The Customer

CEnet is a not-for-profit information, communication, and learning technology (ICLT) services organization supporting Catholic Diocese education networks that connect school communities across metropolitan, regional, and rural New South Wales, Queensland, and the Australian Capital Territory.

CEnet’s member dioceses share a common vision for a network and learning architecture that supports education and evangelization in the digital age, and they have put their combined resources behind the development of a centralized, flexible, scalable managed services architecture to serve the online needs of some 330,000 staff and students across eastern Australia.

The Challenge

Andrew Frodsham, a systems specialist for CEnet, looks after the appliance-based infrastructure for CEnet and its members. His responsibilities encompass Infoblox appliance-based DNS, F5 VIPRION Load Balancer and ADR, and a multi-tenant private-cloud Zscaler deployment. Here’s how he describes his network before Infoblox came in to help with DNS services.

“Our DNS was handled by a custom-built GUI wrapped around four VM BIND 9 servers in a classic master/slave setup,” he says. “DHCP is handled at the diocesan level and was not considered for our project with Infoblox. IP address management (IPAM), I’m sorry to say, was done on Excel spreadsheets.”

He goes on to say that the management of this legacy solution was the responsibility of one person in the United States, and CEnet had to mitigate that risk due exponential growth.

“DNS service was falling behind the demand,” he says. “We considered cloud-based DNS solutions, but currently most cloud providers only serve external DNS requests, and our need was for both internal and external DNS services.”

The strong feature set Infoblox DNS offers for internal DNS management, combined with its easy-to-use interface, inclined Frodsham to look at Infoblox. ”The GUI on our previous system, while old, was actually quite intuitive,” he says. “I needed to select a system that kept some of the nuances of the previous GUI, but also allowed us to easily manage the system from the back end. The Infoblox appliances are also hardened at the network input/output system (NIOS) level, and this was important from a security point of view for our network because it faces internal threats and well as external.”

The Solution

In addition to cloud-based DNS providers, Frodsham actively engaged one other vendor in making the selection. “A major component for me was the ease of use of the GUI for our members. Tech-savvy people can learn a new system. End users ultimately are reluctant to re-train. A new GUI that worked well was paramount.” Although parts of the competing vendor’s solution were commendable, Frodsham rejected their offer because of a cumbersome GUI.

“It had to be user friendly with a very nice GUI and very little management overhead,” Frodsham emphasizes. “I wanted to set it up and basically forget about it. Infoblox ticked all the boxes. During trials conducted by our member base during the proof-of-concept stage, members voted overwhelmingly for the Infoblox GUI versus other vendors.”

The Infoblox solution he ultimately selected consisted of Trinzic TE-1420 appliances with Infoblox DNS on an Infoblox Grid, loaded with DNS Firewall software using a public reputation feed. “The changeover was seamless for us,” he says, “and we experienced no down time, which was a big requirement for DNS.”

In addition, CEnet acquired Infoblox DNS Firewall and Response Policy Zone. As a service provider to schools, CEnet is anxious to make sure the safesearch option in web browsers is enforced so that they can restrict adult content from appearing in search results. CEnet members utilize Google Apps for Education (GAFE), which is configured to employ an encrypted HTTPS connection for secure connections to Google services, including its search engine. Since this is a Secure Sockets Layer (SSL) encrypted connection, applying search-query rewrites through content filtering services to enforce the safesearch option is impossible. DNS Firewall overcomes this by enabling a local policy zone and a local rule that can redirect them to a non-HTTPS address for Google, forcing a non-HTTPS search that allows search-query URLs to be rewritten by web-filtering services and provides safe search results to the schools.

The Results

When asked about the benefits of the Infobox solution, Frodsham keeps going back to the GUI. “I cannot stress how important a useable interface was for our member base. At the end of the day, after using a previous DNS system for four plus years, no one likes changes. It had to work, and work well. The Infoblox GUI and general workflow is one the best appliance-based GUI experiences I have had as both an end user and as a technical lead. The day-to-day management of the boxes is a breeze, and I can securely back the Grid up via SCP (Secure Copy Protocol). The recycle bin feature is excellent for a multi-tenant environment where accidents can happen. And the Infoblox Grid configuration was a big bonus. Need to upgrade? Tack on another appliance, add it to the Grid, and it inherits all the settings and zones. Job done.”

DNS Firewall is also functioning well to block undesirable search results, and in addition is improving the completeness and performance of DNS lookup for known spam domains. By implementing a reputational feed, the Infoblox DNS appliances act as a local DNS resolver for content and email-filtering devices. The DNS lookups get resolved and the detected spam domains get blocked locally rather than having to rely on external DNS servers. The result is increased performance of DNS lookups due to lower latency and less DNS traffic going out into the Internet.

Frodsham goes on to express his appreciation of the Infoblox team. “The technical abilities of everyone I worked with at Infoblox were particularly impressive,” he says. “Everyone knew the product inside out, and any questions were answered extremely quickly and were always excellent, informed, replies.”

And he wraps it all up by saying, “The feedback has been overwhelmingly positive from our end users, and in the event of a total failure, I could restore our Grid to a virtual machine in a matter of minutes. You can’t put a dollar figure on a DNS system that just works, and works well. For us, the benefit of choosing Infoblox was from day one.”

For more information, please contact your Infoblox representative or visit www.infoblox.com