Skip to content

The U.S. Department of Defense Gains Life-Changing Solution with NIOS DDI

“One huge factor for us is that Infoblox is a Microsoft Gold Partner and its DDI solution ties in with Active Directory. We’ve seen significant savings in time—it’s night and day. Prior to Infoblox, all IP management was done by hand, which opened us up to errors and didn’t give us the visibility we required. I don’t know how to put it into words, but certainly it’s been a life changer for our environment.”
— Preston, IT Architect, U.S. Department of Defense

THE CUSTOMER – U.S. DEPARTMENT OF DEFENSE

The U.S. Department of Defense has an IT organization that supports its mission-critical processing servers.

The government department’s IT team has challenges getting new hardware into its data center, so it has embraced virtualization and become a large VMware virtualization shop, using virtual rather than hardware appliances to deploy new services more quickly.

THE CHALLENGE

Eliminating Legacy Processes to Improve Efficiency
“We’re not unlike any other IT organization that’s large and has a large number of servers that are mission critical,” says Preston, the group’s IT architect. “We run Windows and Linux, and in our heterogeneous environment, we needed a single centralized management resource.” In the past, the organization made use of disparate management tools, including Microsoft MMC, as well as multiple text files across servers running BIND, ISC, and DHCP. These tools don’t measure up to tasks, such as frequent global DNS name refreshes as naming conventions change, so the goal was to eliminate these legacy processes to improve efficiency, eliminate errors from manual processes, and streamline operations. Additional requirements included a single sign-on and role-based access. But the overarching concern was efficiency— winning time back from manual processes and increasing productivity.

Facts

Customer: U.S. Department of Defense

Industry: Government

Location: Washington, District of Columbia

Objectives: Improve productivity by deploying servers quickly, Unify DNS management, Offer single sign-on and role-based access, Lay the groundwork for an elastic private cloud, Eliminate errors from manual processes

Results: Greater automation and increased productivity, A single source of IPAM information for troubleshooting and new development, Visibility into changes, Integration with Microsoft Active Directory, VMware vCloud Automation Center, and VMware vCenter Orchestration, Greater security compliance

Products: NIOS DDI

THE SOLUTION

Seamless Integration with Single, Unified User Interface
The U.S. Department of Defense has been an Infoblox customer for more than five years and was an early adopter of Infoblox virtual appliances. “Obviously, the product has a bullet-proof reputation,” says Preston,” and we’ve been able to add some new capabilities every year.” The IT team is currently running six Infoblox 1410 physical appliances in a high-availability configuration and nine virtual ones to manage DNS, DHCP, and IPAM in the production environment. They are also using Infoblox adapters for VMware vCloud Automation Center and vCenter Orchestrator in a development lab.

“What we intend to do,” says Preston, “is let our customers spin up and spin down resources in an elastic cloud utilizing, vCloud Automation Center. We’ve created workflows that are going to allow us to select an IP address, be given a host name from Infoblox by accessing the API, and when the machine is torn down, make another call to actually remove it from Infoblox, including the host name and IP. In other words, we’re going to do a complete automation. Instead of humans being involved, we’re going to dynamically build and destroy servers on the fly.”

The organization purchased Infoblox after some careful thought and a bake off with BlueCat Networks. “We ended up choosing Infoblox for a variety of reasons,” Preston says, “and we’re glad we did. The integration with Microsoft gave us a really solid feeling after we tried it and realized how simple it was instead of doing something by hand or relying on something in post implementation.” Infoblox IPAM was another selling point because it provided a single place for all teams to get information for troubleshooting or for starting new deployments.

THE RESULT

Complete Automation from Server Setup to Teardown
Perhaps the most conspicuous benefit the organization has gained is productivity. “Things that took too much time and had too much human error have now been automated,” says the architect, “and only takes seconds.” As an example, he cites changing a client from Windows to Linux. “We don’t actually switch the hardware out,” he says. “We provision the box with Linux, and of course, the name is going to change depending on how it fits into our Active Directory zone. You don’t have to put a ticket in and wait for the DNS update to happen overnight. It happens in real time.”

Upgrades are equally painless. In the virtual environment, IT spins up a new appliance before shutting down the old one, and then, switches the identity from one to the other and moves the license key over. It takes about an hour, and hardware doesn’t take much longer. “We reboot it once, and it is able to come right back up and start answering queries, taking the place of the old appliance. That’s pretty impressive,” Preston says.

“One huge factor for us is that Infoblox is a Microsoft Gold Partner and its DDI solution ties in with Active Directory. We’ve seen significant savings in time—it’s night and day. Prior to Infoblox, all IP management was done by hand, which opened us up to errors and didn’t give us the visibility we required. I don’t know how to put it into words, but certainly it’s been a life changer for our environment.”

Security compliance, of course, is an important issue in any defense organization, and Infoblox helps with that, too. IT can address BIND vulnerabilities quickly because the solution is baked into the Infoblox operating system. Infoblox’s automated patching capability simplifies Microsoft Patch Tuesday. The attack surface of the Infoblox appliances is also much smaller and Infoblox provides reporting, so compliance audits are accomplished a lot more quickly.

The IT team has also found creative ways to leverage product features. For instance, NIOS extensible attributes, fields in DHCP for providing additional information, enable the U.S. Department of Defense to assign information, such as VLAN IDs, to end-user devices and to utilize MAC filtering security to assist the organization’s Information Assurance division with its tasks.

“We wrote a script internally that pulls the extensible data, as well as the default database values, out of Infoblox,” says Preston. “If someone provisions a workstation, it looks at the data in this file and verifies that they’re requesting the right information. And if the admin enters a wrong value, an error pops up and says ‘go back to Infoblox and get the right information.’”

This expanded access to DHCP information enhances security as well. “DHCP was actually something that we were never allowed to utilize in our environment because of the security vulnerabilities that are inherent with it,” says Preston. “And because we proved that the security mechanisms within the product allow us to do additional checks and balances prior to handing out the IPs, we are now allowed to use DHCP for the first time.”

When asked what he likes most of all about Infoblox, Preston replies, “If I had to pick one feature, it would be the central management. A lot of tools are geared toward one discipline but this one is used by all support teams. That’s got to be the single best thing that makes it successful in our environment. I know this is a simple use of the product, but for any organization, it’s huge.”

Let’s talk core networking and security

Back To Top