Major U.S. Federal Agency

The Customer

The agency plays a major role in the health of the national economy, facilitating as well as regulating progress and providing a framework within which innovation thrives and commerce is conducted profitably. Like any large agency, it depends on its computing networks to keep its services available to constituents, perform its functions efficiently, and conduct public business cost-effectively.

The Challenge

Two factors drove the agency’s decision to replace its legacy BIND DNS and QIP IPAM systems, which had become too difficult to manage and were proving unreliable. One was a government mandate to adopt IPv6, which would make IP address management (IPAM) even more difficult, and the other was dropped VoIP calls due to DNS outages—which were affecting the efficiency of the agency’s nationwide network of employees who work remotely by telephone. Central management, failover, scalability, and agentless Microsoft integration for VOIP were all key requirements.

The Solution

Infoblox responded to the agency’s evaluation with a single integrated and secure platform with high availability, agentless Microsoft integration, performance, and automated DNS blacklisting.

With the help of Infoblox Professional Services, the agency deployed core network services including DHCP, disaster recovery, internal and external DNS with Microsoft Active Directory, and IPAM. Specific components of the solution were:

14 TRINZIC DDI appliances
TE-1420s as grid masters in headquarter data centers
TE-1410s with IPAM for Microsoft
TE-820s for a guest wireless network
TR-1400
Infoblox DNS Firewall

The Infoblox appliances are configured using patented Infoblox Grid™ technology, which makes it possible to link geographically distributed appliances into a single system managed by one or more Grid Masters that push data to the other appliances. Appliances can be linked in high-availability pairs, and a designated Grid Master candidate can take over automatically if a Grid Master goes down, making the network extremely reliable.

Compatibility with Microsoft Active Directory makes it possible to use Infoblox to manage legacy Microsoft services. And the Infoblox DNS Firewall plugs a major security vulnerability in contemporary defense-in-depth strategies by blocking outgoing communications to blacklisted addresses, thwarting distributed-denial-of-service attacks and the exfiltration of sensitive data.

The Results

Now that highly-reliable architecture is in place and the Infoblox DNS Firewall has become part of the agency’s layered defense-in-depth security strategy, the network functions as the core of the agency’s responsibility to provide continually available services and protect sensitive data.

For more information, please contact your Infoblox representative or visit www.infoblox.com