DDI in a Hybrid, Multi-Cloud World
Market research shows that organizations are increasingly adopting a multi-cloud strategy. A recent Forrester report1 found 86% of respondents identified as “multi-cloud,” which Forrester described as, “Using multiple public and private clouds for different application workloads,” “leveraging multiple cloud technologies at once,” “using public cloud in parallel with traditional non-cloud systems,” and “using multiple public clouds simultaneously for different workloads.”
Why are organizations adopting multi-cloud strategies? According to a recent SANS 2022 Multicloud Survey1: organizations value cloud agnosticism to avoid vendor lock-in by running apps on multiple cloud providers. They also want to leverage the best services at the best price to maximize time to value and cost savings. Another motivating factor is the ability to utilize innovative features and unique vendor service offerings. Finally, some organizations become multi-cloud through mergers and acquisitions (M&A).
Fortunately, Infoblox NIOS is designed to meet the challenges of hybrid and multi-cloud strategies, with options to deploy enterprise-grade DNS, DHCP, and IP address management (DDI) across your entire environment. NIOS stands on its own as a full solution for DDI services in hybrid/multi-cloud environments. However, it can become even more powerful when integrated with cloud provider services. For example, the SANS Survey2, identified taking advantage of innovative features and unique vendor service offerings. One of those unique features that integrate well with Infoblox NIOS is Azure Private Link and Private DNS.
Azure Private Link and Private DNS
Azure Private Link allows you to connect privately to many types of services within Azure without sending data through the public internet. Azure Private DNS works alongside Private Link, providing the DNS zones and records needed to resolve the addresses for these privately accessible services. These two services are designed to work together and should be used together whenever possible. But, by default, Azure Private DNS zones can only be resolved by clients running in Azure virtual networks (VNet). If you want to make these services available for clients on-prem or in another cloud, you will need to use a DNS platform such as NIOS to solve this hybrid/multi-cloud challenge.
So, how do we accomplish this with Infoblox NIOS?
As an example scenario, I have a single Azure Private DNS zone containing a single record for the private endpoint of a storage account. I have some VMs running in another cloud or on-premises data center, which need to access this storage account via a private connection, a site-to-site VPN in this case. The other cloud or data center has a NIOS member serving DNS.
In the below screenshot, you can see my Private DNS zone, containing the single A record for demostore34.privatelink.blob.core.net.
In Azure, I will need an Azure DNS Private Resolver inbound endpoint in a VNet linked to the private DNS zone. For guidance on setting this up, refer to Azure documentation. Note the IP address of this resolver; we’ll need that soon.
To set up the forwarding zone in NIOS, on the Data Management -> DNS tab, use the Add dropdown in the toolbar to select Zone -> Forward Zone.
On step 1 of the Add Forward Zone Wizard, select Add a forward forward-mapping zone.
In step 2, add the name of the forward zone. In this example, I use the name blob.core.windows.net, the public DNS zone forwarder for privatelink.blob.core.windows.net. For a full list of public-to-private zone name mapping for Azure Private Link, refer to Azure documentation.
In step 3, add the Private Resolver inbound endpoint as a name server for this zone.
In step 4, add name servers or a name server group that will be used to forward this zone.
Save and close the wizard. Restart services as prompted. At this point, we are ready to test the configuration. I’ll use dig, pointing to the IP of my NIOS name server, on an Ubuntu client to resolve my storage account at demostore34.blob.core.windows.net.
As you can see in the screenshot, I am able to resolve the private address for the storage account.
Hybrid and multi-cloud strategies are here to stay. If you aren’t using one now, you probably will be in the near future. Infoblox NIOS is designed to operate and integrate into these environments. Using Infoblox NIOS alongside cloud offerings like Azure Private Link gives you the power of the cloud with the stability and ease of management from NIOS.
- Forrester 2018: “Multi-cloud: Everything You Need to Know About the Biggest Trend in Cloud Computing”
- SANS 2022 Multi Cloud Survey: Exploring the World of Multicloud, Dec. 2022.