Netskope
Allow the Application, but Govern its Usage
Netskope helps some of the biggest brands in business today to confront one of IT’s biggest challenges—the fact that 50 percent of all data today is in applications and cloud applications, outside of the traditional locked-down network, and access is via devices that are not managed.
The Netskope solution? Allow the application, but govern its usage. Netskope provides a platform that lets customers discover the application that they’re using, whether it’s a sanctioned app such as Box or Salesforce that IT knows about, or an unsanctioned but useful enterprise application that end users have acquired themselves. Netskope helps companies discover these apps and then enact policies to manage them. The end goal is to protect sensitive data and ensure compliance while allowing end users to employ applications that help their companies succeed.
This is a much-needed and popular service. Netskope’s average customer has 900 applications being accessed by end users, and the larger ones typically have several thousand. “We help them discover and analyze applications and manage the behavior by determining who can upload, download, share, publish, or edit within the app, based on the sensitivity of the data,” says Abhay Kulkarni, Netskope VP of Engineering and Operations. “We give them very granular control of the activities in the applications based on the context of the activity.”
But the effectiveness of this valuable service depends on the reliability, security, and performance of the platform it is built on.
A Key Building Block in a State of the Art Platform
The Netskope infrastructure is composed of best-of-breed solutions from a variety of vendors—components such as load balancers and storage servers. For managing the critical Domain Name System (DNS) protocol, without which users and applications can’t connect and networks can’t function, Netskope uses Infoblox DDI, the market-leading integrated solution for DNS, DHCP, and IP address management.
This centrally managed solution for core network services runs in globally distributed data centers on an infrastructure built on the patented Infoblox Grid™. The Grid is centrally managed from a “Grid Master,” from which changes and upgrades can be pushed out across the network with a click of a button. A shared central database ensures consistent information, and gives administrators detailed visibility into network data.
Start with the Leader and Stay Ahead of the Pack
When asked why Netskope chose Infoblox over competing products, Kulkarni says, “We didn’t evaluate anyone else. We started with Infoblox.” Kulkarni’s job is to develop product features, test them, deploy them in Netskope’s seven data centers, monitor them, keep them up to date, and keep them secure and working correctly for customers.
“We considered developing our own system,” he says, “and decided it would be too hard to secure and manage. We were looking for turnkey solutions that work out of the box, and Infoblox offered simplicity of deployment, ease of management, and market-leading functionality.”
Another appealing factor was the cluster-like architecture of the Grid. “A lot of the things that we are doing require clustering,” says Kulkarni, “and the Infoblox hardware and software scheme fits right in with that.”
Rock-solid Support for the Key Mission
With an Infoblox Grid in place, Netskope is able to perform its key mission of enabling IT organizations to direct the usage of sanctioned and unsanctioned cloud applications, protect sensitive data, and ensure compliance in real time so that businesses can move quickly, with confidence.
Anycast and the stability of the DNS infrastructure are key to achieving this goal. “In terms of performance monitoring and scale,” says Kulkarni. “We have to be proactive to make sure that services are set up correctly and are available. If you’re running out of resources, you need to know beforehand. And the insight into subnets that IP address pools and IPAM functionality give us is essential not just to delivering service, but to scaling to meet the demands of our large enterprise customers as well.”
With seven globally distributed data centers, Netskope finds Infoblox’s Anycast capabilities invaluable. Using dual redundancy that Anycast enables allows Netscope to route users to the data center nearest their location and increase performance. And if an entire data center were to go down, queries can be routed to the next available data center, ensuring the reliability that Netskope’s large enterprise customers demand.
Netskope also launches new services on a regular basis, and spins up new machines for existing services. So they use Infoblox to monitor user workload and customer load. When the load hits a designated threshold, they start adding capacity. “If the whole thing weren’t automated,” Kulkarni says, “we couldn’t do that with our nimble operations team. We’d never be able to survive the customer demand.”
But the Grid Master’s single pane of glass and Infoblox IPAM allow administrators to see what IP addresses are blocked and pick the right IP address in the right subnet. It also tells them when they’re running out of addresses in a /24 block. Being able to know in advance helps Netskope increase its service pool. “Without Infoblox,” says Kulkarni, “it would be impossible to handle all the customers that we have.”
He concludes by saying, “The world-class DDI functionality of Infoblox, the Grid Master view from the high level to the macro level, and the options Infoblox has for automation with APIs take our network capabilities far beyond what we could do with something like BIND.“