Global Office 365 Rollout at msg group: Better Performance Thanks to Local Infoblox DNS Architecture
“BloxOne DDI from Infoblox is just so convenient. The fact that such an important service can be handled so easily is enough to convince me.”
— Thorsten Jelonnek, Lead IT Consultant, Department DNS—Data Center, Network & Security at msg group
At 20 sites around the world, msg group puts its trust in the BloxOne® DDI from Infoblox. By introducing this cloud solution, msg has been able to reduce implementation times for a basic network service by more than half.
msg group focused on SAP solutions for accounting, finance, regulatory reporting, performance management and customer experience. As one of the 10 largest IT consulting and systems integration companies in Germany, msg needs to provide reliable, cutting-edge technology to its customers while maintaining the performance of its own IT systems and landscapes at all times. Throughout the company’s 40-year history, its network has undergone continuous growth while its customer portfolio has expanded to cover 10 different industries. Its current networking architecture originated in 2003, when the company’s present headquarters were built in Ismaning, near Munich. Now msg is moving toward a cloud solution.
The Challenge – Getting Top Performance from Microsoft Office 365
msg has over 8,000 employees in 27 countries. The network infrastructure that Thorsten Jelonnek, Lead IT Consultant, Department DNS—Data Center, Network & Security, and his colleagues in the Network and Security department at msg, put in place ensures that employees can work efficiently from anywhere in the world, whether it’s from company headquarters, the Philippines or Canada. Rolling out Microsoft Office 365 to the entire global workforce at the beginning of 2019, however, presented a challenge for the team.
Like many other companies, msg had previously relied on centralized DNS services. The Domain Name System (DNS) is the methodology that translates common domain names (e.g., google.com or facebook.com) to numerical IP addresses needed for locating and identifying computer services and devices, and it ensures that information from the Internet reaches users. Without DNS, hardly anything would work in many companies and definitely not SaaS solutions like Microsoft Office 365 that rely on the Internet.
Customer: msg group
Industry: msg is an independent, internationally active group of autonomous companies with a core competency in intelligent IT and industry solutions
Location: Global, headquartered in Ismaning, Germany
Initiative: Improve network reliability to ensure quality user experiences globally, especially to support SaaS applications such as Office365, Localize DNS architecture for branch offices and other sites worldwide, Shorten deployment times for new DDI implementations
Outcomes: Increased operational performance for smooth, uniform network performance worldwide, Ensured robust SaaS app performance by routing outgoing queries to the nearest point of presence on the Internet, Smoothed the transition to remote workforce, which skyrocketed almost overnight due to the COVID crisis
For over a decade, the company has used Infoblox’s NIOS solution as the central point for DNS and DHCP management. (The Dynamic Host Configuration Protocol is the system governing IP address assignment for network devices.) However, as SaaS services like Office 365 become more widespread and data has to travel long distances, this solution is no longer ideal. “The challenge we faced was that we didn’t want our globally distributed sites to all have to go through the Microsoft data center in Frankfurt, but that’s where they would have ended up using our previous architecture,” explains Jelonnek. “That would have led to totally unacceptable performance.”
DNS Architecture Determines Location Identification
Every Office 365 user sends a DNS query to his or her company’s local DNS service. Given msg’s centralized architecture, this DNS server would be the one in Ismaning. The server then forwards the query to Microsoft’s Geo DNS server, which can tell from the IP address where the user is located. For the last leg, the Microsoft Geo DNS server sends the local IP address of the Microsoft data center back to the user’s DNS server to connect it to the local Microsoft data center.
Because Microsoft Geo data would incorrectly assume that the user is located in Germany, all msg users would be connected to the Microsoft data center in Frankfurt—whether they were in India, the United States or Brazil. This mismatch would result in poor performance with huge latency. Microsoft also confirms this in its blog. Therefore, location identification is crucial in determining whether the data has to travel long routes through the company’s network, or whether queries can be resolved locally through shorter paths. Companies can configure this process using their DNS architecture.
The Solution – Decentralized Internet Breakouts Using BloxOne DDI
Jelonnek and the team at msg realized that a local DNS architecture with decentralized Internet breakouts would be ideal. This configuration could keep the transmission times short and ensure optimal user experiences. Jelonnek and his team considered all the options available at the time to solve the challenge. Linux systems at the individual locations and implementation of NIOS systems at all sites were also discussed. But all these options would have been compromises. The implementation effort or the administrative complexity left them less than 100 percent satisfied.
Given msg’s trusted relationship with Infoblox, Jelonnek learned about Infoblox’s latest BloxOne DDI cloud offering at just the right time. As a virtualized, cloud-based platform, BloxOne DDI supplies all the basic network services—DNS, DHCP, and IP address management (DDI)—in a cloud-managed package. “BloxOne DDI was exactly the solution we needed to localize DNS architecture for our sites,” says Jelonnek. “We tested the solution in our own environments and were soon convinced.”
BloxOne DDI is now responsible for creating a “route map,” as Jelonnek calls it, at 20 msg sites. The outgoing queries are routed to the Internet, specifically, to the nearest point of presence. Alternatively, internal queries are sent to headquarters. In the process, queries are cached so the local system can respond to them directly the next time.
The Results – Easy Deployment, Smooth Functionality
The ease of implementing BloxOne DDI helped persuade msg to choose it. Jelonnek compares it to the NIOS systems, which would have been an alternative for individual sites. “In the past, it took about four or five hours to get a new DDI implementation to work like it should with all the necessary configurations. Implementing a DDI system at a new site now currently takes us about an hour and a half. And the time savings aren’t limited to the implementation. To put it bluntly: We install the systems and forget them. This smooth functionality is a luxury that distinguishes Infoblox from other vendors.”
When planning for new sites, the implementation of BloxOne DDI is barely a consideration because large-scale systems planning is no longer necessary. Centralized control and administration of BloxOne DDI from the cloud is possible. “Our colleagues now know what hardware they need to use,” says Jelonnek. “All I have to do is issue an IP address, add the newsystem in the cloud and assign it.”
COVID-19: Over 400 Percent More Remote Access
Although users don’t directly perceive network services like DNS and DHCP, Jelonnek is sure that BloxOne DDI helps his colleagues who are onsite at customers’ locations, “since it allows them to work there reliably, just like anywhere else.” This architecture also paid off for msg at the start of the COVID-19 lockdown in March 2020. The company was ready to go from day one with remote work for all employees. According to Jelonnek, “Remote access skyrocketed almost overnight to about 400 percent of the usual level. Infoblox is an important part of our overall environment and helped us handle that smoothly.”
A Collaborative Partnership
But network solutions are not the only ones from Infoblox that msg finds promising. It is currently considering using Infoblox’s cloud-based BloxOne Threat Defense DNS security solution as well. “First and foremost, a lot can be resolved at the DNS level, and at the same time the approach is very resource-efficient with respect to our own systems,” says Jelonnek, explaining msg’s considerations. Above all, the positive collaboration with Infoblox is important to him. “We’ve had very good communication with Infoblox from the start and are very pleased that the company is always interested in our experiences with its products and involves us in future development.” Its subsidiary, msg services, is happy to pass on to its own customers the experience with Infoblox solutions it has gained internally. Ease, speed and performance: These features of the BloxOne DDI solution are decisive differentiators for msg. They allow the company to focus on its customers, without nerve-wracking latency and downtime.