City of Munich Consolidates 16 DDI Systems into One Unified Infoblox Platform
“It’s hard to imagine the time before Infoblox.”
- Florian Fehre, Service Manager, DNS/DHCP/IPAM, City of Munich
OVERVIEW
The City of Munich, with a population of more than 1.6 million residents, serves as Germany’s third-largest city, boasting the country’s strongest economy and operating as a major hub for manufacturing, technology, and finance in Europe and beyond.
Home to such global brands as BMW and Siemens, Munich thrives on innovation, fueled by its research universities and numerous scientific institutions. Yet, despite its size and commercial success, the Bavarian metropolis has a distinctly relaxed, small-town feel, earning it the nickname, Millionendorf, “the village of a million people.”
This village atmosphere traces back to the Middle Ages when Munich first emerged as a European center of commerce. The City has taken deliberate steps to preserve this legacy. Streets in its historic center still largely follow the town plan laid out hundreds of years ago, landmark structures have been lovingly restored, and new construction incorporates architectural nods to the past. This attention to retaining its timeless charm combined with its high standard of living is why Munich consistently ranks among the world’s top 30 most livable cities.
THE SITUATION
IT Services Were Overdue for Restructuring
The City of Munich is tasked with balancing the preservation of its historic allure while also providing modern services that enable residents and forwardlooking businesses to flourish. A crucial portion of this responsibility falls to Munich’s IT organization, which supports a broad range of city services, including construction, public safety, disaster preparedness, urban planning, public education, and parks and recreation, among others.
While the City’s IT operations are on solid footing today, that was not the case two decades ago. By 2005, Munich’s IT services, which had evolved organically over time, had become as uniquely ornate as the City’s spired medieval churches. Each of the City’s 16 departments had its own, independent IT organization with separate structures, tools, and management processes.
Customer: City of Munich
Industry: Government
Location: Munich, Germany
Objectives: Consolidate 16 siloed IT systems into a single, centralized organization, Eliminate duplicate effort and reduce human error stemming from highly fragmented DDI implementations, Establish consistent, standardized processes to improve response t imes and simplify DDI management across the City’s IT operations
Results: One unified and integrated DDI platform (down from 16 standalone systems), Significant reduction in manual workload due to the automation of core DNS, DHCP, and IP address management functions, Comprehensive, automated view of IP address allocation across the City, enabling faster issue resolution
Products: NIOS DDI
City planners determined that in order to provide the faster, more efficient services that the modern metropolis required, its sprawling IT operations would need to be restructured into a single organization. Florian Fehre, service manager, DNS/DHCP/IPAM, for the City of Munich came on board around that t ime. “The intention was to create synergies, avoid duplication of work, and make troubleshooting and responding to customer needs easier,” he recalls.
The newly formed municipal in-house operation, IT@M, would become Munich’s primary IT services provider, existing as a distinct department within the City’s IT operations. However, achieving that transformation would require overcoming entrenched barriers.
THE CHALLENGES
Reigning in Out-of-Control DDI
Centralization of Munich’s IT operations began in 2006. By 2011, however, one area in particular was still unmanageably fragmented and inefficient: critical network services. These services, which include DNS, DHCP, and IP address management (DDI), play a central role in ensuring fast and reliable connections among devices, data centers, applications, and internet resources.
In Munich, DDI services were profoundly disjointed and bespoke. As Fehre recalls, “We had 16 individual areas at the time, each cooking their own soup, so to speak.” Beyond 16 different toolsets, all IT departments were also using separate products for each of the three critical network services. Every department managed its own IP address ranges, using its own subnets and methodologies, with no easy way to share those details cross-departmentally. DNS and DHCP services ran on separate, standalone systems, relying on customized implementations of so-called freeware DDI tools, such as BIND and ISC-DHCP. These siloed solutions required significant manual effort to operate.
The lack of automation, visibility, and integration across the 16 DDI implementations prevented IT from creating the synergies, efficiencies, and responsiveness it hoped to gain with centralization. “There were always challenges in exchanging information between different departments and areas,” Fehre says. “The use of mobile devices was also very limited. In large departments, managing clients was cumbersome and difficult to oversee.”
Subnet misconfigurations routinely led to connection delays and failures. Duplicate effort arose because each department had its own processes for identical activities, such as provisioning an IP address to a client workstation or a printer. When IT’s customers reported problems, even basic fixes proved too complicated for frontline help-desk staff to handle. Those issues were regularly escalated to higher tiers, slowing response times and increasing IT costs.
It was clear that the City’s hydra-headed approach to DDI was no longer viable and that a restructuring was required. However, each department had grown accustomed to its own tools and processes for managing DNS, DHCP, and IP address management (IPAM). They were wary of how changes to these processes might adversely affect service delivery. Whatever the City chose as a replacement would require significant buy-in from all stakeholders.
THE SOLUTION
Collaboration and Consolidation
Munich’s IT organization got to work gathering requirements for a new solution that could unite and standardize DDI operations across its 16 departments. For help in identifying the best option, the City turned to its technology partner Computacenter, a U.K.-based, global IT consultant and service provider. They recommended Infoblox NIOS DDI because of its breadth of capabilities and its reputation as the marketleading DDI solution. “It met all our functional requirements,” says Fehre.
NIOS answered the IT staff’s most urgent demand: to centralize the management of DNS, DHCP, and IPAM into a single solution with a common console across all three critical network service areas.
The migration from the splintered DDI systems to NIOS began in 2012 and was completed across all 16 departments in just under a year and a half. Along the way, Munich IT and Infoblox had to earn the trust of each department in the City as they were initially hesitant to relinquish control of the DDI services they had managed themselves for so long. In the end, they had no regrets. Fehre notes, “Afterwards, they said we’re glad you’re doing this now because we probably wouldn’t have lasted much longer.”
Collaboration between Munich IT and Infoblox did not end with the deployment of NIOS DDI but instead is ongoing. For example, Infoblox experts remain on hand to solve unforeseen compatibility issues that occasionally arise with the City’s legacy server infrastructure and ecosystem. Infoblox has also become a reliable source of knowledge, helping Munich’s IT staff gain a clearer understanding of NIOS and how its unified DDI capabilities improve network uptime, reduce IT costs, and enhance asset visibility.
Today, Munich’s NIOS DDI solution consists of high-availability (HA) paired primary servers that remain in sync through the Infoblox Grid, ensuring instant failover and continuous uptime should issues occur with one of the servers. An assortment of paired physical and virtual appliances handles DNS and DHCP functionality. Munich initially relied on NIOS DDI for internal DNS traffic only. However, after repeated service issues with external DNS providers, the City decided to run internet-facing DNS on Infoblox servers as well. The stability and security of the Infoblox Grid were decisive factors in this decision. Furthermore, NIOS facilitates IPAM for the City’s tens of thousands of endpoints.
THE RESULT
Enabling IT Transformation
In 2006, the key pillars of Munich’s vision for IT transformation were centralization, simplicity, and automation. Since then, the City has successfully achieved all three, consolidating 16 separate operations into a single, nimble, responsive, and future-ready organization. Along the way, Infoblox has been instrumental in that effort by bringing the same qualities of consolidation and automation to critical DDI services.
For Fehre, the benefits have been tangible. “It’s hard to imagine the time before Infoblox.” Instead of dealing with DDI chaos and confusion, Munich now has an intuitive, cohesive solution that IT@M staff can manage in a fraction of the time the previous deployments required.
Manual DDI effort has been replaced by pervasive automation. Staying on top of IP addresses is a prime example. Back in 2006 when the IT consolidation effort first began, the City had far fewer devices and workstations than it does today—approximately 20,000 at the time. By the time the Infoblox migration began in 2012, IT staff were already struggling to manage the IP address ranges each department had been assigned. Since then, the number of IP addresses has more than tripled, currently reaching 65,000. “That manual approach wouldn’t work today,” Fehre insists. With the IPAM capabilities of NIOS, Munich now has a centralized, automated view of all IP addresses across the City’s IT organization, helping to prevent misconfigurations.
Indeed, the simplicity and automation of NIOS proved decisive during the COVID-19 pandemic in 2020. Within three weeks, two-thirds of the City’s staff began working from home, logging on to different devices and causing IP address numbers to soar. Fehre believes that without NIOS DDI, the City could not have handled the sudden surge. “It would have been technically impossible.”
The consolidated Infoblox solution has also brought much-needed simplicity and reliability to the City’s DNS and DHCP services that were missing from the initial, fragmented DDI implementations. When issues arise, troubleshooting is significantly easier thanks to the unified system, typically taking no more than 30 minutes to identify the root cause. Today, networking teams use standardized processes for accomplishing common DDI tasks that were once difficult and arcane. Help-desk staff can now handle basic requests themselves, like updating DNS records or resolving subdomain issues, and in just a few clicks without escalating to more experienced staff.
Looking Ahead
In the near term, the City’s on-premises deployment of NIOS DDI suits its needs. Evaluations of Infoblox DDI’s cloud capabilities are ongoing. One option under consideration is expanding the City’s cloud integrations by running Infoblox’s external DNS in a public cloud, such as Azure. In the security realm, Munich is also exploring ways to incorporate DDI data from Infoblox into the security information and event management (SIEM) platform used by its Security Competence Center.
The intricacies involved in Munich’s IT centralization effort required considerable collaboration across all stakeholders. Reflecting on his experience with Infoblox, one aspect stands out for Fehre, beyond the capabilities the City has gained. “They worked well with us all along the way. Infoblox is a reliable partner in ensuring network operations for the City of Munich.”