Infoblox Provides Operational Efficiency, Visibility, and Customer Satisfaction at UC San Diego
“Our engineers are happy with autodiscovery and NetMRI. Our architects are satisfied with the flexibility of the product and how it reflects our campus network. Our end users are happy with the new UI,” Harris says. “By everyone’s measure I would say that our deployment has been a success, and we definitely plan to continue on with the Infoblox product into the future.”
— Crystal Harris, Manager of Network Applications Support, UCSD
Number of Users: Nearly 30,000
Solution: NetMRI, DNS Firewall and IP Address Management
From its origins at the turn of the 20th century as the Scripps Institution of Oceanography, the University of California, San Diego (UCSD) has grown into a public research university sprawling across 2,000 acres near the Southern California coast. It offers more than 200 undergraduate and graduate degree programs to 22,700 undergraduate and 6,300 graduate students. From the statue of Dr. Seuss in front of the architecturally unique Geisel Library to the 287 million pixel HIPerSpace high-resolution display wall at the California Institute for Telecommunications and Information Technology, UCSD is a jewel of imagination and innovation in the crown of the University of California system.
Managing a Network on the Leading Edge of the Digital Transformation
The nervous system of this vast research university is its IT network. “We have a campuswide presence and need to provide ubiquitous connectivity as a utility service because people rely on it,” says Crystal Harris, manager of Network Applications Support at UCSD. “We need a network that can accommodate the influx of students every semester and interdisciplinary internal and external access from diverse devices.”
The University is going through a digital transformation and Harris’ team recently upgraded the core network services as part of its ongoing mission to keep the campus network up to par with the science the school teaches and develops. The network was running on a homegrown system for IP address management (IPAM), and it wasn’t meeting Harris’s requirements. “We needed highly scriptable and flexible APIs in order to create tools or get data from other databases and data sources and put it into our IPAM product,” she says. “We also needed a way to interface with our existing BIND servers.” Harris had worked with network management products from other vendors, and had done a lengthy trial of Infoblox. So she knew that with its extensive collection of APIs and its integrations with technology from other vendors, the Santa Clara company was an obvious choice. “Infoblox met the majority of my requirements much better than other tools,” she says. UCSD was focused on four key requirements:
- Complete and continuous visibility into the network
- Network integrity and security
- Efficient and cost-effective operation
- Customer satisfaction
Visibility That Goes Deep into the Network and Extends Beyond It
Like most organizations in the age of the digital economy, UCSD needs all the visibility it can get. The visibility is essential to keep track of all the devices on the network, track the variations in the devices, and keep up to date on how the devices are being utilized and secured. The University has Infoblox DDI, which provides a single pane of glass for viewing the network, but Harris needed an even deeper dive into network discovery. Infoblox NetMRI met that requirement.
“We use NetMRI to keep track of the versions of network routers and switches,” says Harris, “and to push configuration changes and manage backup configurations. But our primary reason for purchasing it was to get discovery information about ports and Address Resolution Protocol (ARP) information for individual end nodes. We use it very much for making sure that ports are active, for knowing what’s connected to what port, and for getting an automated map of the network. As engineers provision new networks around the campus, NetMRI automatically discovers them and reports that information back to us in both the NetMRI interface and in the Infoblox Grid™ interface.”
The network team routinely sends logs to Splunk and to a variety of campus databases, and pushes data back to Infoblox for management and automation, and there are eight BIND servers on campus getting zone transfers from the primary Infoblox server. This integrated view with other elements of the network not only makes the overall network more intelligent, but also ensures that the data available is utilized to take effective and immediate actions.
Maintaining Academic Freedom While Keeping Bad Actors Out
Open exchange of information and ideas is a foundational principle of universities that can sometimes be at odds with network security. “Generally,” says Harris, “higher Education institutions have an open computing and access policy that prevents automatic blocking of domains and hosts. Legitimate research into malware, networking, and Internet communications precludes global access restrictions.”
But she points out that free access and security have to coexist. “UCSD has had an increasing problem with campus constituents accessing malware domains and receiving phishing email,” she says. “Security had a hard time keeping up with domain and host blocking. We decided that a response policy zone (RPZ) would be the solution, and Infoblox’s RPZ-based DNS Firewall conveniently met our requirements.”
DNS Firewall detects and contains malware and automatically adapts to evolving threats, effectively preventing campus users from frequenting dangerous sites. For campus members who need unrestricted access for research purposes, Harris’s team provides opt-out servers.
The People Side of the Solutions
To help with the migration of data, Berkeley leveraged Infoblox Professional Services. “We wanted somebody who could actually work with us in terms of converting everything to Infoblox, who understood the product, and who could make recommendations about how it should be deployed and so on,” explains Orr. “Infoblox Professional Services was very reasonably priced, and we were very impressed. The person we worked with had a lot of experience in the educational environment, understood what we were trying to do, was very knowledgeable, and at the end of the day, really quite helpful.”
Infoblox Support has also helped out. “We worked with the support team to develop some enhancements to the solution,” says Orr. “It’s always nice when you’re working with a vendor and you say, ‘hey, we think it should really do this,’ and the vendor says, ‘you’re probably right,’ and they make it happen. To me, that’s the best sort of support experience you can have with a vendor.”
Simplifying Tasks and Freeing Costly Resources
Operational efficiency is just as important in the world of higher education as it is in the world of business—maybe more important. Harris explains the positive impact of Infoblox IPAM on one key role in her organization. “I had one programmer who was developing our kitchen-sink in-house IPAM tool,” she says, “and he was spending 40 percent of his time adding new features that people requested, handling new import formats, or adding new data sources.” She points out that his time was needed for more strategic initiatives. With a feature-rich, automated Infoblox IPAM solution in place, this key resource can now make a more strategic contribution to the team.
She also mentions the operational benefits of running Infoblox over running straight BIND and DHCP. “We like the failover. I like the Infoblox Grid™ model. I like having multiple servers running on the Grid, and I like the GUI sitting on top of those services because it means that administrators don’t have to know all the complexities of creating configuration files. That level of abstraction has reduced the effort engineers expend to make updates.” In addition, rolling updates allow the IT team to keep servers and appliances up to date easily without a lot of support overhead.
A Campus Full of Happy Customers
University network teams typically operate more like Internet service providers than network management centers, and their customers—research centers, labs, departments, foundations—are full of independent thinkers and creators who want control over their own zones. Making their networks more intelligent and responsive to the changing needs of the university aligns well with the mission of the university to impart knowledge and intelligence to its students. “Delegation of authority is very important in our support model,” Harris says. “We delegate authority for IPv4 and IPv6 networks to our system administrators, for instance, and Infoblox makes that easy to do.” The end result is a satisfactory user experience for the network’s demanding users.