dns, dhcp, ip address management time to get serious! · dns, dhcp, ip address management time to...
TRANSCRIPT
![Page 1: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/1.jpg)
DNS, DHCP, IP Address Management Time to get serious!
Paul Roberts Calleva Networks Ltd
![Page 2: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/2.jpg)
• 28 years combined experience with DNS, DHCP and IPAM technologies
• Many large deployments across all verticals
Who are we?
© Calleva Networks Ltd. 2013 2
Paul assessed and balanced a set of
very complex technical dependencies
and steered the project to successful
completion.
BT Global Services
Providing outstanding customer
service to all, Paul is both motivated
and customer focused.
HSBC
Kier provided the Lloyds Integration
programme with sound advice and is a
trusted member of the team.
Lloyds Banking Group
Paul completed an installation of a DNS
& DHCP management solution and it
will be a pleasure to work with him in
the future.
Heineken
Paul was always on hand to resolve any
issues with good humour. The cutover
was handled so professionally that the
users were unaware that the work had
been completed.
Orange
![Page 3: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/3.jpg)
What IPAM solution are you using today?
• Excel spreadsheet(s)
• Open source
• In-house custom system
• Feature of another product
• Another solution
© Calleva Networks Ltd. 2013 3
![Page 4: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/4.jpg)
Existing DNS environment?
• Are you using BIND on Linux
• ...and Microsoft DNS, due to Active Directory?
• Keeping BIND updated can be a challenge
• Constant security vulnerabilities
• How do you patch? • Install latest binaries with yum/apt-get or rpm/dpkg?
• Download sources and compile with gcc?
• Enter #dependencyhell
• Do you integrate BIND and AD?
© Calleva Networks Ltd. 2013 4
![Page 5: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/5.jpg)
DNS support & resilience
• Can you count on a vendor for support?
• Have you configured any kind of resilience?
• E.g. CARP/VRRP VIPs or Windows/Linux Cluster
• RAID 1 to combat HDD failure? • Dual PSU?
• Are you doing any monitoring?
© Calleva Networks Ltd. 2013 5
![Page 6: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/6.jpg)
DNS zone file maintenance
• How are you updating zone files? • vi is fine for small changes, provided you know
what you are doing • But do others? • Is all the knowledge in one persons head?
• How are zones synchronised? • Zone transfer? Multi-master? • What about named.conf?
• Any discrepancies sneaking in? • What about audit an trail? Or role-based access?
© Calleva Networks Ltd. 2013 6
![Page 7: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/7.jpg)
DHCP
• Linux and/or Microsoft?
• Microsoft – Windows 2012 now supports failover
• Linux – has supported failover for some time
• However, are you monitoring it?
• How are you synchronising the configs?
• Have you tested it recently?
• Support/management/monitoring
• How do you document static allocations?
© Calleva Networks Ltd. 2013 7
![Page 8: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/8.jpg)
Management headaches
• Microsoft DNS/DHCP use separate MMC consoles
• And you have to know which server to connect to
• Linux is primarily command line driven
• IPAM normally done elsewhere
• No integrated management or global view
• Can lead to errors
© Calleva Networks Ltd. 2013 8
![Page 9: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/9.jpg)
The DDI market is growing
• Gartner coined the term DDI for their first MarketScope report in 2009
• Both Gartner and IDC predict annual growth > 20% per annum
9 © Calleva Networks Ltd. 2013
Source: IDC, 2011
![Page 10: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/10.jpg)
How does this relate to the education sector?
• Student fees have increased
• Students now expect/demand a commercial grade service
• Explosion in number of devices
• IP addresses
• Wireless AP’s
• Subnet/VLAN partitioning
• Adoption of new (well, old really) technology such as IPv6
© Calleva Networks Ltd. 2013 10
![Page 11: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/11.jpg)
Introducing a DDI solution
• IP address plan management
• Integrated network services engines: DNS-DHCP-NTP-TFTP
• Multi-vendor DNS & DHCP services management
• Microsoft – ISC – Cisco – SOLIDServer™
• Active IP address tracking with IPLocator module
• Built-in work flow
• Unified system management • Integrated zero admin database
• Hardened OS with embedded stateful firewall
• Simplified upgrades, backups and disaster recovery
11 © Calleva Networks Ltd. 2013
![Page 12: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/12.jpg)
Data Center B
Centralized DDI Management
and backup Recovery mode
Multi-vendor/heterogeneous support
12
Centralized DDI
Management and backup Active mode
Agency 1 Agency 2
SOLIDserver
DNS-DHCP-NTP-TFTP
High Availability
Data Center A
Cisco IOS
Existing DNS DHCP
architecture
management
© Calleva Networks Ltd. 2013
![Page 13: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/13.jpg)
Resilience and support options
• Built-in database replication to hot standby
• Network link aggregation/failover
• Single or multiple VIPs
• DHCP Failover (one-to-one or star)
• 24 x 7 support option
• 4 hour on-site advanced replacement service available
© Calleva Networks Ltd. 2013 13
![Page 14: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/14.jpg)
SMART Architectures™: Changing DNS-DHCP Deployments
• Classic deployment process of DNS-DHCP architectures • Each server is individually configured to build an
architecture • Deployment of 10 zones on one master and
3 slave servers = Multiple repetitive tasks !
• No embedded architecture concept • Complexity of architecture deployment
• High risk of misconfiguration
• No Embedded Best Practices
• Difficult and risky architecture modification • Add/remove a server
• Change the architecture type : Master/slave to DNS stealth
14
Master
Slave Slave
Classic Model Per server administration
to build an architecture
Single server
configuration
© Calleva Networks Ltd. 2013 14
![Page 15: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/15.jpg)
SMART Architectures™: DNS-DHCP Architecture Management
15
SmartArchitecture™ are Templates of DNS or DHCP
architectures
Each slot has a predefined role in the SmartArchitecture™
Automated configurations of all servers according to their role in the
SmartArchitecture™
Ex: Master-Slave
DNS Slave slot
DNS Master slot
Each DNS server is inserted in the appropriate slot
Management Appliance
DNS Slave slot
© Calleva Networks Ltd. 2013
![Page 16: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/16.jpg)
16
Management appliance configures
all servers automatically
Management Appliance
Management of the SmartArchitecture
as one “Virtual server”
© Calleva Networks Ltd. 2013
SMART Architectures™: Automated Architecture Deployment
![Page 17: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/17.jpg)
SMART Architectures™: Architecture Management
• Smart Architecture™ Library
17
DHCP DNS
© Calleva Networks Ltd. 2013
![Page 18: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/18.jpg)
SMART Architectures™: Move to Architecture Management
18
Reduce Complexity : Manage Architectures rather than servers
Automate your Deployment and Management
Best practices enforcement
© Calleva Networks Ltd. 2013
![Page 19: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/19.jpg)
© Calleva Networks Ltd. 2013 19
Intuitive full function UI
Display of user defined metadata
Global Search
Unified IPAM DNS DHCP view
Navigation
Tree
IP address
template for
server object
user-defined
wizards with
metadata
![Page 20: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/20.jpg)
© Calleva Networks Ltd. 2013 20
User-defined pies
and graphs based
on Metadata
Customized
Quick searches
Customized
Top lists
Customized
Quick wizard
Customized
Bookmarks
Customized
Alerts
User defined home pages
![Page 21: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/21.jpg)
Conformity Management
• User-defined templates enable you to enforce policies • e.g. device templates, custom fields, naming conventions etc.
© Calleva Networks Ltd. 2013 21
Naming conventions
IP address template for
server
User-defined Metadata field type
User-defined list of Metadata fields
![Page 22: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/22.jpg)
© Calleva Networks Ltd. 2013 22
Dedicated IP
pool for
servers
Authorized IP
address template
within Server IP pool
Automated
DHCP server
configuration
• Streamline DDI resource deployment • Subnet templates: Automate subnet splitting into dedicated IP pools
(printer, server, DHCP)
Conformity Management
![Page 23: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/23.jpg)
DDI Reconciliation
• Active IP address tracking with IPLocator
• Identify IP/MAC address connections on the network
• Identify associated switch and switch port
© Calleva Networks Ltd. 2013 23
![Page 24: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/24.jpg)
DDI Reconciliation
© Calleva Networks Ltd. 2013 24
Switch, port, Vlan, name information
discovered with IP/MAC addresses
Port activity
monitoring
Network device
statistics
![Page 25: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/25.jpg)
• A range of hardware appliances to suit
• Software Appliance • Appliance image on a CD or download
• “Boot and Run” appliance technology • Auto-install appliance image on industry standard
hardware or Virtual server
• Benefits • Get appliance benefits without hardware constraints
• No dedicated spare platforms required
• Added value of appliance combined with world wide hardware vendor’s service
Hardware/Software Appliance Suite
© Calleva Networks Ltd. 2013 25
![Page 26: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/26.jpg)
What else do we do?
• DNS Managed Service
• Agentless NAC
• Stratum 1 NTP Servers
• Wi-Fi design and implementation
© Calleva Networks Ltd. 2013 26
![Page 27: DNS, DHCP, IP Address Management Time to get serious! · DNS, DHCP, IP Address Management Time to get serious! Paul Roberts ... very complex technical dependencies and steered the](https://reader030.vdocuments.us/reader030/viewer/2022040107/5e5271dc9e472c14640b46fe/html5/thumbnails/27.jpg)
Thank you Come and see us on Efficient IP’s stand EH23
Paul Roberts
© Calleva Networks Ltd. 2013 27