skip to Main Content

Symantec

“Infoblox’s stance on what they do with security is aligned with Symantec’s view of the world, and that means that we have trust.The data we rely on from Infoblox can be trusted, and that means that things will move faster.”
—Russell Moore, Lead Infrastructure Architect, Symantec

A True Partnership Based on an Aligned Worldview

There was much more involved in the decision than Infoblox’s position as market leader. “One place where Infoblox really shines,” says Moore, “is in its alignment with our principles of security.” He cites Infoblox’s substantial experience with Federal Government organizations and the attendant compliance with regulations and security standards as a key selling point.

“These are of enormous value to a company like Symantec,” he says. “Our brand is security. Infoblox’s stance on what they do with security is aligned with Symantec’s view of the world, and that means that we have trust. The data we rely on from Infoblox can be trusted, and that means that things will move faster. With Infoblox, we’re going to make sure that our data model of IP addresses and the attributes assigned to them is accurate, thus eliminating a lot of extra work for the security team as they spend less time validating data. And because the system is integrated with a discovery system, we can start to utilize more accurate data and quit wasting a lot of time with manual discovery.”

More Data, Less Hardware, and Better Service

“One of the biggest values that we’ve already seen with Infoblox,” Moore says, “is that we’ve eliminated the need for the Microsoft servers. We’ve modernized the whole DDI infrastructure—it’s all integrated, and we have practical, ready-to-use knowledge about what’s going on in our network. Before, there could be any number of teams involved in trying to get that information. Now there’s one team, and they are authoritative for all that information.”

“In addition, we’ll be stripping out somewhere in the neighborhood of 80 servers throughout the organization, and putting in closer to 40 Infoblox appliances. The duplication resulted from siloed services, with each group believing it had to have its own set of redundancies and capabilities inherent within its particular service. Once we use the capabilities of the Infoblox GridTM architecture to combine them, they get to take advantage of each other’s enhanced redundancies and capabilities.”

Symantec will also take advantage of the well-integrated Anycast capabilities of the Infoblox system. “Before,” says Moore, “if an organization wanted to create a new system in a particular area, they had to know very detailed information about where they existed in the topology to find information about DNS servers and IP addresses they could leverage. Now, all they have to know is which region they’re in.”

Moore expects this to drive down costs caused by delays in introducing systems, processing tickets, and requests for information. “Those services should just work,” he says. “It should be easy to leverage them and easy to consume them. If you talk to people about their woes and concerns in deploying services, DDI services should not be anywhere on their lists.”

“Really, Guys. It Can Take Up to a Week to Get an IP Address.”

“One of the biggest complaints about the previous system,” says Moore, “came from the Cloud Services team in the data center. It went something like, ‘Really guys, it can take up to a week to get an IP address. That’s just stupid.’ And they’re right.”

Lead Systems Engineer, Gilbert Martin, who works with the Cloud Services team, was familiar with Infoblox from another job, and asked whether the deployment team could use the Infoblox APIs to integrate with their VMware products and automate IP provisioning. “IP address requests were taking 48 to 72 hours,” he says, “and then it still had to be configured. We needed help fast.”

Infoblox rose to the occasion in the middle of the project with a contained Infoblox system that the Cloud Services team could develop against, so they could start writing their automation code and get it functional. “It was a big win for us,” says Moore. “There’s nothing like working with a partner like Infoblox, who not only has the technology and interest to go after new technologies, but steps right up in a crunch and says ‘yeah, we can do this.’ And it was a success that we could show to our management before the project was even over.”

It’s not uncommon for the organization that selects and deploys an IT solution to paint a prettier picture of the results than the organizations that ultimately have to depend on it, but that’s not so in this case. Martin says, “Nowadays we’re looking at ten minutes for the whole IP address process. It’s all integrated now as part of Infoblox. It automatically gets an IP address. It automatically registers DNS, automatically has an “A” record, and automatically gets configured in the VM. Huge, huge improvement.”

“It turns us into an agile delivery service,” Russell adds. “When our customers have services that are overloaded, or need capacity, or they want to spin up something, we can do it in our cloud infrastructure—which Infoblox is a part of now—within a few minutes. We’ve basically eliminated one entire class of tickets. Now the system says: resource needed, resource requested, request fulfilled, done. Move on.”

The Truth Is Out There—If You Can Discover It

Another situation a security company like Symantec can’t tolerate is not knowing, in detail, what assets are on its networks and
how they are allocated. “With the old system,” says Moore, “our IPAM data was so unreliable that nobody would look at it, and some people wouldn’t even believe it if they did. That was another problem we had to solve. Another big value that Infoblox delivered was the discovery component we purchased.”

Infoblox gives Symantec a central repository of information from which scanning tools can retrieve and deliver the latest tables of all the networks and their classifications. This helps uncover security vulnerabilities—and to prioritize response. “Security is about risk versus cost,” Moore says. “If we have a network that has been flagged as PCI tier-3, which should be one of our most secure networks, and there’s a vulnerability, then that has to be solved right now. That’s a live incident. We get on call and we fix that.”

Something We Truly Love about Infoblox

“Virtualization is a targeted priority at Symantec,” says Moore, “and something we truly love about Infoblox is that both virtual and physical appliances are supported and are equal to each other. If I deploy a virtual appliance from Infoblox, I expect it to behave and perform exactly the same as the same model on a hardware appliance. That enables us to structure our system so that the same models do the same things, and there are no worries or performance issues related to whether they are VMs or not.”

This, too, makes Symantec more responsive to its customers. “I wholeheartedly believe,” Moore says, “that having Infoblox as a part of our ability to automatically deploy assets and resources on demand means that our customers will see better services from us. We don’t have to predict utilization rates as far out to accommodate a build process. And in the modern IT of trial-based services where people get excited over the latest YouTube video and you see astronomical spikes and surges in a short period of time, you have to be able to respond quickly.”

“Part of the Fabric of our Ability to Deliver”

“Infoblox is part of the fabric of our ability to deliver” Moore concludes. “They’re a significant partner with aligned interests, they’re passionate about delivery of their services, and they’re interested in their customers’ success just as we are. They have the right mix of technology for DDI, and their continued focus on improving the product and expanding into other areas is of big interest to us. It’s not about what you can do now, but what you can do in the next two years, or five years. That’s why we keep investing in Infoblox.

“Going into this project, I was worried about making such a big change in what I call our ‘air and water services.’ You can’t survive without air and water, and our business can’t survive without DDI. Changing out that level of infrastructure is like trying to do maintenance on an aircraft in flight—without any delays and without any of the people in the aircraft knowing that the maintenance is going on. In the end, my worry turned into a sigh of relief.”

Let’s talk core networking and security

Back To Top