A Prominent Luxury Resort
“I did the swap, and nobody noticed a thing. I don’t hear anything about DNS and DHCP anymore, and if they do come to me with a problem, it’s not the Infoblox solution.” — Senior engineer, prominent luxury resort
This 200+ acre luxury resort and casino is part of a larger organization that owns and operates leisure destinations in three international locations offering restaurants, shows, nightclubs, and amenities such as spas, salons, and fitness centers.
The company has been an Infoblox customer for several years, and for the last year, they have been running primary internal and external DNS and DHCP on Infoblox. Before that, though, they handled some of these services on Microsoft servers—and there were problems.
“Before we moved everything to Infoblox,” says the senior engineer primarily responsible for the network, “we had a very big issue with scavenging.” Scavenging is Microsoft process for sniffing out obsolete records and removing them to conserve server space and prevent conflicts with active records. “Microsoft was not playing nicely with Infoblox,” he says. “One system would create records, and then the other would delete them.”
When the number of trouble tickets became unacceptable, the engineering team decided to act. They had anticipated the day when it might be necessary to transfer all DNS services to Infoblox—all the DHCP functions were already being performed on the Infoblox appliances, and the clients and servers were already pointed to Infoblox as a DNS server. So when they decided to make the move, the configuration was already in place. The fact that DNS and DHCP had been kept separate helped to make the transition go smoothly.
The Infoblox Solution
The engineering team works with the Windows team on a day-to-day basis, and the senior engineer knew he would quickly hear about any problems the shift might create. There were none. “I did the swap,” he says, “and nobody noticed a thing. I don’t hear anything about DNS or DHCP anymore, and if they do come to me with a problem, it’s not the Infoblox solution. It’s more likely to be something like someone giving two servers the same name, which is something I can easily detect and resolve using Infoblox.”
Now both DNS and DHCP run on Infoblox Grid™ technology and Infoblox DDI. The solution consists of Infoblox 1410 appliances as the Grid Master and Grid Master candidate, several external and internal Infoblox 820s in high-availability pairs in the production environment, and more in a lab. The granular role-based administration feature is used to delegate levels of responsibility between engineering the NOC. Senior engineers have all-encompassing access, while NOC administrators are limited to account creation.
When asked what the shift from Microsoft to Infoblox improved, the senior engineer says, “The biggest thing was efficiency. We don’t have to second-guess ourselves about where to look if there is an issue. As far as troubleshooting goes, it just makes us faster. The issues surrounding DNS pretty much disappeared.”
One part of that efficiency has been the ease with which the Microsoft technicians have been trained to use Infoblox. The engineering team can bring staff in other locations up to speed remotely, and then use the role-based administration to allow them to perform a subset of functions and to require them to call the NOC to restart the grid. “It’s like a system of checks and balances,” the senior engineer says. “It prevents trainee administrators from making mistakes.”
He also likes having a single interface for managing DNS, DHCP, and IP addresses. “It’s a one-stop shop,” he says, “and the information it pulls is detailed. I could locate a troublesome device, for instance, by its MAC [media access control] address. It helps with trouble-shooting.”
He likes one-click upgrades even more. “One of the features that I love about it is the upgrade feature,” he says. “You’re able to download the upgrade file, validate it, and then the box itself runs the upgrade. It’s a little scary because it doesn’t say anything while it’s doing it, but I’ve learned that if it’s not saying anything, everything is OK.”
For the future, the engineering team is looking closely at Infoblox DNS Firewall, which protects against malware-driven DNS queries to malicious domains by disrupting the ability of infected clients to communicate with botnets and command-and-control servers, and Infoblox Reporting, which provides pre-built reports for easier administration and more effective monitoring.