Huddinge Kommun automates core networking operations with Infoblox
“Automating our DHCP and IPAM processes is saving us many, many hours of work that we had been putting into assigning and tracking IP addresses.”
- Henrik Carlerup, Network Specialist, Huddinge Kommun
Huddinge Kommun is a municipality in east central Sweden just outside of the Stockholm urban area. Despite its proximity to the bustling capital city and its large population—with approximately 110,000 inhabitants it’s the second most populous in Stockholm County—Huddinge is known for its undisturbed natural settings. Covering a large expanse of Södertörn peninsula near the Baltic Sea, Huddinge is home to 13 nature preserves, and more than half of the municipality’s land area consists of agriculture, forests, hills or lakes. As is common in Nordic countries, the local government does much to support social services, including housing, health services, education, elderly care and childcare. As such, Huddinge Kommun has in place an extensive modern IT infrastructure and professional network operations team to support these public services.
THE CHALLENGE
Overcoming Legacy DNS Infrastructure
Huddinge maintains a robust set of web domains to support the municipality’s vast range of public services. Citizens can log on to www.huddinge.se to apply for a building permit, register children for school or daycare, apply for elder care or transportation assistance, interact with government officials and access many other services. The team also maintains thousands of PCs, mobile devices and other kinds of endpoints for Huddinge’s approximately 8,500 municipal workers and staff, along with more than 20,000 students and educators in the municipality. Huddinge’s core network infrastructure supports all of this, along with enterprise applications for human resources, financial management, health care and many other types of IT operations.
Over the years, the IT team found itself devoting more and more time to deploying and managing IP addresses for web properties and network endpoints. “We’d been using Microsoft Active Directory (AD) for many years as our solution for managing DNS and DHCP,” recounted Henrik Carlerup, network specialist at Huddinge. “The problem with AD is that it’s adequate for basic DNS and DHCP administration, but it doesn’t handle IP address management. So, for instance, when we were bringing new network devices online – including routers, servers, switches, and so forth – we had to manually assign new IP addresses and then track them in an Excel spreadsheet.”
Customer: Huddinge Municipality
Industry: Government
Location: Sweden
Initiatives: Consolidate all DDI operations onto Infoblox NIOS DDI, Automate IP address management, Manage network from a centralized data center
Outcomes: Implemented a unified, real-time distribution, synchronization and management framework, Established an authoritative IPAM database, creating a single source of truth for full visibility into network operations and endpoints, Took advantage of NIOS high availability design to deliver reliable, continuous network uptime for all users, Boosted network performance and end-user productivity
Solutions: NIOS DDI, Trinzic appliances
Likewise, when Carlerup and his colleagues had to decommission devices and take them off the network, those IP addresses had to be reclaimed and recorded manually as well. Of course, this kind of manual practice for IPAM, while still quite common in many small to medium-sized organizations, can easily lead to errors and misassigned devices. In years past these kinds of errors would have been dealt with by Carlerup and his colleagues through time-consuming manual processes. With the added pressures of dealing with a remote workforce in recent years, Huddinge’s IT leadership decided the time had come to search out alternatives. “When we realized we needed to upgrade our DNS, DHCP and IPAM capabilities, we reached out to our IT consulting partner and asked them to present a few options and recommendations,” related Carlerup. “After seeing the alternatives, we decided to go ahead with Infoblox as the best path forward.”
THE SOLUTION
NIOS DDI
The Huddinge team decided to implement Infoblox NIOS, the industry-leading on-premises solution offering fully automated DNS, DHCP and IPAM (collectively known as DDI). Huddinge elected to deploy its new NIOS solution on Infoblox Trinzic server appliances, integrated via Infoblox Grid. By consolidating all DDI operations onto a single platform, deployed on-site and managed from a common console, NIOS significantly improves network performance in the Huddinge data center, and for branch offices and remote sites—while also boosting productivity for users working from home.
With the way forward clear, Carlerup and team began the process of migrating DHCP subnets from Microsoft DHCP onto Infoblox, followed by the migration of DNS records. The discovery and population of IP addresses in the new system was completely automated. “The Infoblox DDI solution enabled us to discover and capture all network assets in one authoritative IPAM database, establishing a single source of truth for full visibility,” explained Carlerup. “By automating DHCP and IPAM, Infoblox empowers us to better manage network infrastructure and operations and sets us up to smoothly deploy new network services and user devices going forward.”
THE RESULTS
Automation for Scalability and Staff Productivity
Huddinge has benefited in numerous ways from its upgraded DDI infrastructure. “Automating our DHCP and IPAM processes is saving us many, many hours of work that we had been putting into assigning and tracking IP addresses,” related Carlerup. The team is also much more confident now in its ability to reliably maintain its online services for Huddinge’s citizens and its network availability for staff. “We’ve been impressed with Infoblox Grid,” continued Carlerup. “Because it enables distributed Infoblox appliances to function as a unified, centrally managed system—instead of independent devices—Grid gives us consolidated and centralized management control across network subnets, zones and sites.”
He continued, “Where before we had a collection of appliances and systems that we had to configure and manage as unique entities, now we have a unified whole that works as a real-time distribution, synchronization and management framework. And with NIOS’s high availability design, we’re confident we can deliver reliable, continuous network uptime for all our users.”
LOOKING FORWARD
Strengthening Security Posture from the Cloud with Infoblox
With NIOS DDI in place, the Huddinge team has begun initial planning for implementing BloxOne Threat Defense, the cloud-based solution that strengthens and optimizes security from the foundation up. In retrospect, it has become clear that malicious hackers saw the widespread adoption of remote work in recent years as an excellent opportunity to launch ransomware attacks. In fact, 2021 was the worst year ever in terms of ransomware revenue, with one security research firm calculating that attackers extorted more than $939.9 million from victims that year1. Public sector organizations like Huddinge involved in healthcare provisioning were among the top targets2 for these attacks and remain so years later. These kinds of changes in the threat environment led Carlerup and the Huddinge team to seek out a solution that would better protect their infrastructure, users, devices and data.
“Putting in place a solution that would strengthen our defenses at the DNS layer would be a logical next step for Huddinge,” explained Carlerup. “First because increasing numbers of attacks are targeting the DNS system. And further, because integrating security capabilities from our SOAR and SIEM platforms with core networking can significantly raise our ability to uncover and stop malicious attacks before they take hold and spread. We hope to begin working with Infoblox to integrate BloxOne Threat Defense into our overall Infoblox deployment at some point in the next year.”