Managing DNS Services for Greater Network Security and Availability



Similar documents
Managing Data, Voice, and Converged IP Networks

Grid and Multi-Grid Management

I D C M A R K E T S P O T L I G H T. P r i va t e a n d H yb r i d C l o u d s E n a b l e New L e ve l s o f B u s i n e s s and IT Collaboration

I D C M A R K E T S P O T L I G H T

Workload Automation Challenges and Opportunities

MARKET BRIEF Plug and Play: Managed IP Telephony

I D C E X E C U T I V E B R I E F

Got Files? Get Cloud!

Alcatel-Lucent Services

Smart Identity Security: The Next Generation of Identity and Access Management

Migrating to Windows 7 - A challenge for IT Professionals

Network Management Services: A Cost-Effective Approach to Complexity

Building a Web Security Ecosystem to Combat Emerging Internet Threats

WHITE PAPER Assessing the Business Impact of Network Management on Small and Midsize Enterprises

I D C T E C H N O L O G Y S P O T L I G H T. I m p r o ve I T E f ficiency, S t o p S e r ve r S p r aw l

Cisco Remote Management Services for Financial Services

The Next Phase of Datacenter Network Resource Management and Automation March 2011

Virtualization Essentials

WHITE PAPER Using SAP Solution Manager to Improve IT Staff Efficiency While Reducing IT Costs and Improving Availability

U s i n g S D N - and NFV-based Servi c e s to M a x i m iz e C SP Reve n u e s a n d I n c r e ase

Security and Availability: A Holistic Solution to a Critical Problem

Taming IT Management Chaos

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Reliable DNS and DHCP for Microsoft Active Directory

Cisco Security Optimization Service

I D C T E C H N O L O G Y S P O T L I G H T. L e ve r a g i n g N e tw o r k Virtualization for B u s i n e s s D i fferentiation

I D C M A R K E T S P O T L I G H T

I D C T E C H N O L O G Y S P O T L I G H T

I D C V E N D O R S P O T L I G H T

Cisco Unified Intelligent Contact Management Enterprise 7.2

How To Protect Your Network From Attack From A Network Security Threat

Optimizing Information Management in the Cloud

I D C A N A L Y S T C O N N E C T I O N. T h e C r i t i cal Role of I/O in Public Cloud S e r vi c e P r o vi d e r E n vi r o n m e n t s

Reliable DNS and DHCP for Microsoft Active Directory Protecting and Extending Active Directory Infrastructure with Infoblox Appliances

I D C A N A L Y S T C O N N E C T I O N

Beyond Quality of Service (QoS) Preparing Your Network for a Faster Voice over IP (VoIP)/ IP Telephony (IPT) Rollout with Lower Operating Costs

Maintaining Business Continuity with Disk-Based Backup and Recovery Solutions

W H I T E P A P E R E n a b l i n g D a t a c e n t e r A u t o mation with Virtualized Infrastructure

TECHNICAL WHITE PAPER. Infoblox and the Relationship between DNS and Active Directory

Managed Security Services for Data

I D C M A R K E T S P O T L I G H T

Traffic Controller Service. UltraDNS Whitepaper

I D C V E N D O R S P O T L I G H T

W H I T E P A P E R A u t o m a t i n g D a t a c e n t e r M a nagement: Consolidating Physical and Virtualized Infrastructures

I D C T E C H N O L O G Y S P O T L I G H T

An Oracle White Paper February Centralized vs. Distributed SIP Trunking: Making an Informed Decision

Policy Management: The Avenda Approach To An Essential Network Service

How To Achieve Pca Compliance With Redhat Enterprise Linux

On-Demand vs. On-Premise Customer Relationship Management: A New Hybrid Emerges

A Link Load Balancing Solution for Multi-Homed Networks

I D C V E N D O R S P O T L I G H T. W o r k l o a d Management Enables Big Data B u s i n e s s Process Optimization

I D C T E C H N O L O G Y S P O T L I G H T

Software-Defined Networks Powered by VellOS

I D C S P O T L I G H T. Ac c e l e r a t i n g Cloud Ad o p t i o n w i t h Standard S e c u r i t y M e a s u r e s

I D C T E C H N O L O G Y S P O T L I G H T. F l e x i b l e Capacity: A " Z e r o C a p i t a l " Platform w ith On- P r emise Ad va n t a g e s

Securing Converged Networks

F5 and Oracle Database Solution Guide. Solutions to optimize the network for database operations, replication, scalability, and security

DNS Architecture Case Study: Resiliency and Disaster Recovery

Global Headquarters: 5 Speen Street Framingham, MA USA P F

IBM Tivoli Netcool Configuration Manager

I D C V E N D O R S P O T L I G H T. C o n ve r g e n c e Ar e C h a n g i n g t h e C o r p o r a t e N e tw o r k

DNS Appliance Architecture: Domain Name System Best Practices

The Financial Benefits of Using LiveAction Software for Network QoS

I D C V E N D O R S P O T L I G H T. F l a s h, C l o u d, a nd Softw ar e - D e f i n e d Storage:

IP Address Management: Smoothing the Way to Cloud-Based Services

QRadar SIEM 6.3 Datasheet

I D C V E N D O R S P O T L I G H T. S t o r a g e Ar c h i t e c t u r e t o Better Manage B i g D a t a C hallenges

I D C A N A L Y S T C O N N E C T I O N

Cisco Wide Area Application Services Software Version 4.1: Consolidate File and Print Servers

C l o u d - B a s e d S u p p l y C h a i n s : T r a n s f o rming M a n u f a c t u r ing Performance

Global Headquarters: 5 Speen Street Framingham, MA USA P F

I D C T E C H N O L O G Y S P O T L I G H T

Worldwide WAN Optimization Management Forecast and Analysis

Securing Your Business with DNS Servers That Protect Themselves

I D C A N A L Y S T C O N N E C T I O N

THE QUEST FOR A CLOUD INTEGRATION STRATEGY

Empowering the Enterprise Through Unified Communications & Managed Services Solutions

Virtualization Beyond the Data Center: Increase Network Infrastructure Utilization and Efficiency to Reduce Operational Costs

Global Outsourcing / Infrastructure Management. Instinct 2.0. Bridging the Gap between the Disparate Needs of Organizations and End-Users

Addressing Cloud, Mobile, and Workflow Efficiency Demands with the Next Generation of Multifunction Peripherals

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Solution Brief. Secure and Assured Networking for Financial Services

Infoblox Core Network Services solution

IBM Tivoli Netcool network management solutions for enterprise

Reasons to Choose the Juniper ON Enterprise Network

Desktop Solutions SolutioWhitepaper

How To Protect Your Cloud From Attack

The Importance of a Resilient DNS and DHCP Infrastructure

How to Painlessly Audit Your Firewalls

WAN Traffic Management with PowerLink Pro100

Security. Security consulting and Integration: Definition and Deliverables. Introduction

IP Telephony: Reliability You Can Count On

Payment Card Industry Data Security Standard

Enterprise Security. Moving from Chaos to Control with Integrated Security Management. Yanet Manzano. Florida State University.

Virtualized WAN Optimization

White paper. Keys to SAP application acceleration: advances in delivery systems.

Helping Enterprises Succeed: Responsible Corporate Strategy and Intelligent Business Insights

Actionable Security Intelligence: Preparing for the Next Threat with a Proactive Strategy

Enterprise Buyer Guide

I D C V E N D O R S P O T L I G H T

Transcription:

I D C V E N D O R S P O T L I G H T Managing DNS Services for Greater Network Security and Availability July 2008 Adapted from The Business Case for IP Address Management by Elisabeth Rainge, IDC #34276 Sponsored by UltraDNS, a NeuStar service Organizations are accelerating their network convergence strategies through simplification of legacy systems to an IP-based network. More streaming and multimedia IP applications are being released into fixed broadband and mobile wireless networks. Enterprises are also increasing the adoption of VoIP and WLAN and are rolling out related business applications across their IP infrastructures. However, as the number of IP devices increases, the demand and stress put on their network infrastructures increase proportionately as well. This paper examines what IT organizations must do to improve their current domain name system/dynamic Host Configuration Protocol (DNS/DHCP) strategies to maintain the performance, security, and availability of their IP networks. The paper also looks at the role of NeuStar's UltraDNS Managed Services in this increasingly important market. The Changing Landscape for DNS/DHCP DNS converts host names and domain names into IP addresses on the Internet or on local networks that use the TCP/IP protocol. DHCP software automatically assigns temporary IP addresses to client stations logging onto an IP network, eliminating the need to manually assign permanent IP addresses. While many enterprises have implemented some form of a DNS/DHCP solution, most organizations still rely on manual scripting or homegrown solutions to manage tens of thousands of IP addresses. Others have invested in packaged software and hardware applications. As network security and regulatory compliance tighten, these manual and productized methods are not scalable or easily managed and will prove to be too time consuming to maintain and update. Given the strategic importance of network-based business processes, any downtime can have serious impact on business continuity, productivity, and revenue. Further, today's business environment relies on networks to an increasingly greater extent, where a minute of downtime often has a direct negative effect on corporate results. DNS/DHCP solutions may not always be seen as a top-priority IT budget item because they often compete for resources against other security, network management, and file services needs within the enterprise. However, IT managers and CIOs must understand that the proper distribution and utilization of IP resources are the very foundation of establishing a reliable IP-centric network for the organization and that dynamic change management is critical to supporting the corporate IT infrastructure in terms of availability and security. IDC research has determined that 75% of all downtime occurrences are caused by poor technology in the network and application infrastructure. As they become increasingly complex, IT organizations that fail to focus on incremental infrastructure projects designed to reduce downtime will see that downtime impact revenue as infrastructure moves from passive monitoring to active, real-time analysis tied to business innovation, revenue streams, and IT service delivery. IDC 456

Therefore, sound investments in and proper attention paid to DNS/DHCP will bring tremendous return on investment expressed beyond monetary terms. In particular, the role of services-based offerings could help IT departments to deal with issues associated with the public Internet, as well as their organizations' use of the public and private Internet and WAN resources. Accelerating trends in network and IP convergence, as well as today's business climate of distributed organizations and related stakeholders (partners and employees), are clearly changing the competitive landscape and importance of DNS/DHCP. In a nutshell, the fluidity of today's businesses and their staff (traveling, shifting positions, M&As) requires the introduction of fluidity into key underpinnings of IT such as DNS/DHCP. Business and Technology Challenges IT infrastructure managers, network engineers, and system administrators face business and technology challenges in managing DNS/DHCP infrastructure that can be generalized into three areas: Management (Accounting, Automation, Mean Time to Repair) A significant challenge facing enterprise network managers is administration of the DNS/DHCP infrastructure within their corporate firewalls (e.g., intranets, internal domains). Many IT organizations struggle to manage internal DNS environments that require a high level of technical understanding. Large enterprises tend to have only one or two individuals with the requisite administrative knowledge to make changes, which often causes significant delays in deploying DNS changes and hinders dayto-day business operations. Setting up, maintaining, and administering a DNS server are time-consuming, tedious, and errorprone tasks. For example, errors in DNS and DHCP management are the major sources of downtime in IP networks. A single mistyped character in the DNS/DHCP configuration could bring down the entire network. The burden is increasing as networks grow in size and complexity. DNS administration requires highly skilled technical staff who are expensive and in short supply and could add more value on other tasks. Security risks and operator errors also threaten DNS failure. DNS servers are the prime targets for cyberterrorists. One of the more common architectural misconfigurations is when organizations locate all their DNS servers on the same network segment as their major Web traffic sources, thus creating a single point of failure with regard to DNS. An unexpected network outage with such incorrectly configured DNS servers, combined with a subsequent hacker attack, could completely shut down an enterprise's entire internal environment, including email, network applications, file services, and print services, bringing serious consequences to the enterprise. Business Process (Compliance, Workflow) With the recent push to comply with regulations such as HIPAA, Sarbanes-Oxley, GLBA, ISO 17799 and FIPS, as well as best-practice standards such as ITIL, COBIT, and Six Sigma, a great deal of attention is placed on auditing and reporting and the need to trace an IT service back to an accountable user. The DNS/DHCP service can be an expensive and significant administrative headache. 2 2008 IDC

Enterprises that have regional remote offices and isolated IT divisions could maintain multiple disparate DNS/DHCP networks. Separate servers are also necessary for security reasons to deploy internal DNS and external DNS, adding complexity and cost to the overall solution. Managing, updating, and scaling these isolated solutions simply become monumental tasks. A unified holistic DNS/DHCP approach can offer tremendous simplification to workflow, troubleshooting, reporting, and management of IP resources. For larger IT organizations, there are also different responsibilities and ownership of infrastructure assets between the network managers and IT/security managers. The question lies in whether DNS/DHCP servers are considered to be IT assets or network devices. Delays to repair are often caused by unclear workflow processes, as network managers may have repaired a network-related issue but may require the IT/server managers to access and reconfigure the DNS/DHCP server. Technology (Platforms) As security issues such as denial of service (DoS) attacks become increasing concerns for DNS/DHCP servers, these devices must efficiently process large amounts of queries with minimal latency while providing system and network redundancy, active monitoring, and mitigation of security vulnerabilities. Particularly as the deployment of VoIP networks and end devices accelerates, Electronic Numbering (ENUM) a mapping function in DNS of phone numbers to IP addresses is expected to be a key driver for DHCP and DNS servers to be much more scalable, secure, flexible, reliable, and manageable. For enterprises using Berkeley Internet Name Domain (BIND), which is open source DNS management software, administering, managing, and protecting the DNS/DHCP infrastructure are time-consuming and error-prone tasks. A small error can have a cascading effect on the network. BIND cannot meet today's dynamic business needs. As a result, while the common BIND-based systems are open source and effectively free, a number of vendors are promoting proprietary solutions in appliance form that address the performance and ownership issues for enterprises. Other risks include the following:! Lack of legitimate system, operating system, and DNS application patching and upgrade programs! Single points of failure in both hardware and software configurations! Attacks from within the firewall, including viruses, worms, botnets, and DoS attacks targeted at internal DNS/DHCP services! Third-party solutions that typically sit on top of the existing BIND infrastructure and hence are subject to its numerous security vulnerabilities and limitations Considering NeuStar's UltraDNS Services NeuStar's UltraDNS Services portfolio provides managed DNS services and custom DNS infrastructure solutions that are built upon the company's proprietary, patented technologies. NeuStar is a pioneer of advanced directory-based communication applications, and its carrier-class solutions bring new levels of security and performance to over 30 million domains on the Internet and thousands of global enterprises. The UltraDNS Services currently power, protect, and enable billions of dollars in ecommerce transactions annually. The UltraDNS global network consists of strategically placed nodes spanning four continents and provides the infrastructure that supports over 20 of the world's top-level domains (TLDs), including.org,.info, and.uk. 2008 IDC 3

Directory Services Platform The Directory Services Platform is the core of NeuStar's UltraDNS Services Suite. With software and technology built from the ground up, the infrastructure bears no resemblance to BIND and addresses the security vulnerabilities inherent in traditional DNS software and systems. The platform contains the key technology components from which NeuStar implements large global directories and delivers UltraDNS Services offerings designed to improve and enable information exchange applications. It consists of an integrated network of globally distributed, high-performance, full failover servers running powerful commercial database technologies supported by Web-based graphical user interfaces and application-specific management tools. Its advanced replication technology uses multimaster replication techniques to distribute directory information throughout the global server network in near real time, while the advanced routing software directs each query to the closest available server for optimum speed and query resolution. The Directory Services Platform is also the first global directory infrastructure built on a commercial Oracle relational database, which enables the platform to meet today's increasing demands for reliable, scalable, high-performance data management. By connecting a user's information request to the proper directory and by ensuring a quick, accurate response, the platform plays a key enabling role in delivering content, information, and data to users. The Managed DNS Service maximizes the UltraDNS technology platform by keeping customer DNS information up to date and available worldwide. The service is a completely outsourced, hosted solution that dramatically increases the speed, performance, security, and reliability of the Internet. By utilizing advanced routing technology, the topologically closest UltraDNS name server resolves all DNS requests, significantly reducing the exposure to inherent Internet latency. Additionally, hierarchical manageability provides unprecedented levels of granular control that allows enterprises to manage their DNS according to both business and operational requirements. Consequently, the service provides significantly better performance, manageability, scalability, and security than legacy DNS implementations. The UltraDNS Managed Internal DNS/DHCP Service NeuStar has leveraged its technology and experience with external DNS management services to provide customers with a comprehensive Managed Internal DNS Service with integrated DHCP functionality to address the aforementioned challenges of managing DNS/IP infrastructure that exists within the corporate firewall. As the provider of the first managed internal DNS/DHCP service, NeuStar is able to offer enterprises the following benefits:! A secure, reliable, and massively scalable DNS/DHCP service! Common management interface for external and internal DNS services! Real-time monitoring and customer notifications for local appliances! Reduced costs hardware, software, administration, and training! Proactive customer support 4 2008 IDC

Traffic Management Determining when and how to manage network load is a decision process that is intimately linked to the business practices and processes of each company. The evolving understanding of the role of the networked infrastructure requires tactics such as load balancing to manage overall infrastructure reliability. NeuStar UltraDNS Traffic Management portfolio includes SiteBacker (Monitoring and Failover), Directional DNS (Geographic Traffic Shaping), and Traffic Controller (Global Weighted Load Balancing) services. Each of these services drives reliability and optimizes the existing traffic flows. Traffic Management benefits include the following:! A hosted managed service delivery method for low up-front costs and deployment flexibility! Technology depth for granular control of load balancing parameters, including record-level load balancing configuration granularity! Fully integrated with external and internal managed DNS services! Common, Web-based management portal for simple administration Directory Gateway Appliances As with all NeuStar UltraDNS Services, the Directory Service Platform is at the heart of the Managed Internal DNS/DHCP Service, providing the centralized data management capabilities essential for a DNS/DHCP solution. However, uniquely for UltraDNS Services, the Managed Internal DNS Service is delivered via UltraDNS appliances, known as Directory Gateways, which are deployed within the customer's network. The Directory Gateway Appliances are redundantly configured in a failover set to provide maximum reliability and resiliency in the customer environment. Having such highly available, local appliances deployed within the customer network ensures that the UltraDNS Managed Internal DNS/DHCP Service minimizes latency, which is critical for DNS and DHCP services supporting advanced IPbased communications. The Directory Gateway Appliances are also critical for the UltraDNS internal load balancing and monitoring and failover services (see Figure 1). 2008 IDC 5

Figure 1 NeuStar UltraDNS Architecture Source: UltraDNS, 2006 Local Resolution, Global Management The Directory Services Platform provides a central point for all of an organization's DNS/DHCP data management needs. The DNS/DHCP data is replicated across the Directory Services Platform to ensure global availability; UltraDNS proprietary Directory Gateway Appliances are used to resolve all local DNS requests. DNS queries from the outside world are resolved on the Directory Platform. The distributed UltraDNS appliances maintain the freshest DNS/DHCP data, which is continually synchronized with the Directory Services Platform; this replication mechanism allows the DNS and DHCP data to be available anywhere in the organization on demand. Through this combination of global data management and local resolution, NeuStar's UltraDNS Services provide significant value in reducing the overall costs of managing mission-critical DNS and DHCP services while increasing performance and scalability. 6 2008 IDC

NeuStar's UltraDNS Services include a management portal to manage customer DNS/DHCP data and the Directory Gateway Appliances. A set of DNS/DHCP management tools simplifies administration and configuration, including any appliance-specific tasks such as automatic software update scheduling, appliance monitoring review, and local recursive Access Control List (ACL) configuration. The same portal can also be used to manage the enterprise's external DNS via NeuStar's UltraDNS Managed DNS Service. The management portal permits centralized control of an organization's network while permitting delegation to local IT through role-based access. With centralized administration, the system is optimized for simplified DNS and DHCP administration as well as troubleshooting and ongoing analysis to support complex multisite deployments. This is particularly relevant because malicious attacks are increasingly a headache for enterprises and manual errors remain a source of sometimes costly misconfigurations. Considerations and Challenges NeuStar is faced with the challenge of making organizations cognizant of the importance of DNS/DHCP and the compelling ROI associated with its carrier-grade technology. For many enterprises, the idea of investing, however little, in high-end, high-performance infrastructure is often difficult to justify. "Making do" and "best effort delivery" is the norm for businesses. Regardless of need, the network infrastructure investments by enterprises remain focused on applications and end users, among other project-related efforts. The market focus on IP address management (IPAM) often draws attention away from DNS/DHCP as core technologies and systems. Too often IT departments and senior management aim to keep desktops running while assuming that an ISP Web hosting deal for the corporate Web site or a WAN contract with a carrier will keep the resources of Internet, branch, and regional offices securely connected to headquarters. Other IT departments are content to use BIND as a lowest common denominator offering for DNS, driving maintenance efforts but minimal spending. While NeuStar's UltraDNS Services portfolio starts with its core technology, IPAM and network access control (NAC) are planned as extensions of the Managed Internal DNS/DHCP Service. Keeping DNS/DHCP as a key product-buying decision for IT departments, rather than letting alternatives such as IPAM dominate buyer selection, is a key challenge. Conclusion IDC believes that the adoption of a DNS/DHCP management strategy is poised to gain acceptance. This acceptance will accelerate in 2008 as more companies are relying on their Internet links to drive revenue, upgrading their IT infrastructures, implementing VoIP initiatives, enabling mobility through WLAN, and centralizing network and service management efforts. More IT organizations are being viewed less as cost centers than as value centers that contribute to their companies' bottom lines, as they continuously improve the management of performance, availability, and service quality of network resources. Enterprises that take the time and do not overlook the importance of IP resources to service delivery will become more operationally efficient and adaptable to scale and will be able to identify and respond to network problems proactively. 2008 IDC 7

As the majority of the DNS/DHCP/IPAM tools in use and on the market today are based on server software packages, IDC expects that many of these solutions will migrate into preinstalled, purposeful appliances specifically to address DNS/DHCP issues in the network. However, we anticipate that the cost model associated with a discrete appliance investment may not be enough to accelerate the payback for corporations. The value and ownership of these tools will be based on being an ITmanaged service that has the potential to becoming a more strategic core network infrastructure component through effective management of the DNS/DHCP resources. Managed service offerings in the DNS/DHCP space, such as NeuStar's UltraDNS Managed Services, may be more cost-effective for enterprises. Indeed, the resource utilization, scalability, and manageability benefits of DNS/DHCP as a managed service may actually accelerate adoption by enterprises. To the extent that the technologies and market strategy of NeuStar's UltraDNS Services dovetail with the aforementioned trends, IDC expects the company to experience continued success. A B O U T T H I S P U B L I C A T I O N This publication was produced by IDC Go-to-Market Services. The opinion, analysis, and research results presented herein are drawn from more detailed research and analysis independently conducted and published by IDC, unless specific vendor sponsorship is noted. IDC Go-to-Market Services makes IDC content available in a wide range of formats for distribution by various companies. A license to distribute IDC content does not imply endorsement of or opinion about the licensee. C O P Y R I G H T A N D R E S T R I C T I O N S Any IDC information or reference to IDC that is to be used in advertising, press releases, or promotional materials requires prior written approval from IDC. For permission requests, contact the GMS information line at 508-988-6710 or gms@idc.com. Translation and/or localization of this document requires an additional license from IDC. For more information on IDC, visit www.idc.com. For more information on IDC GMS, visit www.idc.com/gms. Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com 8 2008 IDC

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information