One of the Largest Companies in the World
“DNS is the air our network breathes, and when it goes away, the network can die in a heartbeat—even if the servers, switches, routers, and circuits are all working. Infoblox keeps us breathing.” —DNS architect
Location: Connecticut, U.S.A.
Number of Users: 250,000 employees and IoT devices ranging from jet engines to turbines in power plants to healthcare machines
Solution: Infoblox DDI, Advanced DNS Protection, NetMRI, and Reporting and Analytics
One of the Largest Businesses on the Planet
The customer is one of the biggest companies in the world, with more than 250,000 employees. It has presence in electricity, gas, oil, Internet, and other commercial endeavors as well as manufacturing.
Size + Diversification = Networks That Can’t Afford to Fail
The sheer size of the company, the diversity of the industries it does business in, and the advanced state of the technologies involved in the functions it performs make Internet connectivity and core network services critical in the extreme.
Eighty percent of what the company does is moving to the cloud, increasing the complexity of managing networks, exacerbating security risks, and threatening to reduce control of a massive class-A IP address infrastructure that spans in-house and outsourced networks. The company will soon have IPv4 and IPv6 running together, and will need DNS and DHCP that can respond to both.
But the biggest challenge of all, according to the DNS architect, is the Internet of Things (IoT). “IoT is going to be the future,” he says. “It’s going to be in everything you do. We already collect data on jet engines, turbines in power plants, healthcare machines. All that data is being collected, and we need DNS to make sure it’s getting to the right places. We need secure DNS to make sure it isn’t being hacked.”
In short, it is hard to imagine an enterprise with a greater need for industrial-grade core network services and highly trained staff to manage them.
Core Network Services That Can Step Up to the Challenge
For the last seven years, the DNS architect has managed the Infoblox DNS, DHCP, and IP address management (DDI) solution that controls and protects the company’s vast web of networks. “Security is a big concern, with the possibility of man-in-the-middle attacks and tunneling for data exfiltration,” he says, “and we’ve got some one-million-query-per-second Infoblox 4030 appliances running Infoblox Advanced DNS Protection, which has been working very well the way we’re set up.”
Advanced DNS Protection intelligently detects and mitigates DNS attacks while responding only to legitimate queries, and uses Infoblox Threat Adapt™ technology to automatically update its defense against new and evolving threats as they emerge—without the need for patching. “It gives us the flexibility to set rules,” he says, “so that legitimate traffic continues while it blocks attack traffic. We also have Infoblox Reporting and Analytics, and NetMRI.”
The DNS architect once worked for an outsource provider of DNS that had Fortune 500 companies among its clients, so when he joined this international corporation, he was eminently qualified to help select a DDI solution to replace the antiquated legacy BIND system. “I’d worked with everything,” he says, “BlueCat, VitalQIP, Nominum. All of them have great features and functionality, but few of them had the ability to upgrade without touching every single box. Infoblox is all controlled from one place. We make a change and it’s propagated, no worry whether it got there. So I can sleep at night.”
Reminiscing about his original evaluation of Infoblox, the DNS architect says, “We’re known for breaking a lot of stuff. When we went to Infoblox and started testing, we asked it to do a whole lot of things at once, and it never failed. The guy who was with me said, ‘I’ve never seen anything like that.”
Infoblox Technical Training: A Well-Trained DNS Architect Builds Savings into Your Bottom Line
The features of the solution aside, the DNS architect emphasizes the importance of knowing DNS inside out. “People who really know DNS are very hard to come by, and have been for years. A good DNS architect can save you a lot of money.”
He says he learned much of what he knows from Infoblox Technical Training. “The first Infoblox Technical Training class I ever took was Fundamentals,” he says, “and I loved it. I had been doing DNS for a year, trying to figure out on my servers at work what was happening, before I took Infoblox classes.
“When I took the class, I thought, oh, man, so that’s what’s been happening! I was sitting there in class fixing the real problems I’d been struggling with at work. I still have the slides from that Fundamentals class. It’s great for someone starting out, and I still show it to my new admins. I’ve taken all the other Infoblox courses.”
Nice to Be Able to Sleep at Night
When you ask him what he likes most about Infoblox, the DNS architect laughs and rattles off a list. “It’s been an awesome improvement over BIND. It’s refreshing to be proactive instead of reactive. It’s nice to be able to sleep at night knowing that I have Infoblox protecting my back end.” But then he gets serious.
“We couldn’t function without our Infoblox Grid™,” he says. “The ability to upgrade hundreds of boxes within an hour—and not have to worry about whether they will work when they come back up—is critical to us. The Infoblox Grid is so well designed, we don’t even have to worry about what order to go in. Services are not affected. We’ve had the Grid for four years, and it has not gone down once during an upgrade. We also deal with regulatory agencies a lot, and Infoblox helps with that. The IPAM part, especially the metadata—which is often more important than the addresses—helps us manage our databases and clean up defunct projects.” He says the network team is constantly pulling data in, transferring it out, and moving things around, and Infoblox helps to keep track of it all. “DHCP Fingerprinting is fantastic,” he says.
Reporting and Analytics is another favorite product used for cleanup and a lot of other day-to-day tasks. “It makes life a lot easier,” the DNS architect says, “especially the ability to look at DHCP subnets over time and do reports every week to network teams, to help them plan resources. Virtual devices coming into our offices are eating up a lot of IP addresses—wherever we used to need one, we now need five.”
Asked about time savings, he says, “It’s not so much time savings as it is money. Some of our businesses are manufacturing businesses, and if we run out of IP addresses, manufacturing is down. And downtime can cost thousands of dollars, even hundreds of thousands. Our Infoblox reporting tools are very useful for forensics, too. They let us be proactive rather than reactive.”
He sums it all up this way: “DNS is the air our network breathes, and when it goes away, the network can die in a heartbeat—even if the servers, switches, routers, and circuits are all working. Infoblox keeps us breathing.”