When it comes to updating and securing mission-critical processing servers, there’s no room for error. That was the challenge the U.S. Department of Defense faced in trying to bring its data centers into the era of network virtualization.
Challenge: Modernize and Simplify
Sheer size and the sensitivity of its software systems made DoD’s challenge especially difficult. The organization was running on Windows and Linux and needed a single centralized management resource. In past years, the organization made use of disparate management tools including Microsoft MMC as well as multiple text files across servers running BIND, ISC, and DHCP — tools that didn’t measure up to tasks such as frequent global DNS name refreshes as naming conventions change.
DoD struggled under the weight of legacy processes that slowed work and introduced errors. It needed to modernize and simplify to gain back time and productivity. Enter Infoblox.
Objective: Automate, Build and … Destroy
The DoD was doing all IP management by hand, which increased the opportunity for error and didn’t provide the necessary visibility. Infoblox handed DoD the tools needed to achieve complete automation and dynamically build and destroy servers on the fly. Their own customers can now spin up or scale down resources in an elastic cloud utilizing the vCloud Automation Center. They’ve created workflows that allow them to select an IP address, get a hostname from Infoblox via the API, and — when the machine is torn down — make another call to actually remove it from Infoblox the Cloud — including the hostname and IP.
Success: Speed and Creativity
As with any defense organization, security compliance is top of mind. Infoblox allowed the DoD IT team the ability to address BIND vulnerabilities quickly because the solution is baked right into the Infoblox operating system. Infoblox solutions have also helped to automate patching capabilities, provide a smaller attack surface, and offer reporting to help move along compliance audits.
The IT team has been able to find creative ways to leverage certain product features. Infoblox Extensible Attributes, for instance, fields in DHCP for providing additional information — enabling them to assign information such as VLAN UDs to end-user devices.
The expanded access to DHCP information boosts security measures for the organization. Prior to Infoblox, DHCP was something DoD was unable to deploy in their environment based on the security vulnerabilities inherent with it. By proving that the security mechanisms within Infoblox solutions allowed for additional checks and balances before handing out the IPs, DoD was finally able to use DHCP for the first time.
With the deployment of Infoblox virtual appliances, the U.S. Department of Defense has been able to reclaim its productivity. Things that previously took significant time or resulted in human error, have now been automated and streamlined in a secure way, proving there is no task too big for us Infobloxers.
As we will only continue to see cyberthreats grow and evolve on a global scale, it is essential that companies take the proper measures in order to automate, secure, and optimize their networks.
To read more about DoD’s success story and others visit