Implementing a Well-Behaved Network for Your...
Transcript of Implementing a Well-Behaved Network for Your...
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2017 Infoblox Inc. All Rights Reserved.
David Veneski | October 31, 2017
Implementing a Well-Behaved Network for
Your Cloud
2 | © 2013 Infoblox Inc. All Rights Reserved. 2 | © 2017 Infoblox Inc. All Rights Reserved.
What We’ll Talk About
• The changing landscape
• Network services and the cloud
• The network service imperatives you/we see
• The desired outcomes for a well-behaved network
• A case study
3 | © 2013 Infoblox Inc. All Rights Reserved. 3 | © 2017 Infoblox Inc. All Rights Reserved.
What You Knew: Datacenter in Transition
Data Center Stages
CLOUD & CONTAINERS
CONTAINER CONTAINER
KERNEL
SQL Server
NET
Ubuntu
Tomcat
Java
Debian
YESTERYEAR’S
DATA CENTER
APP APP APP
CPU CPU CPU
CapEx Efficiency
VIRTUALIZED
DATACENTER
APP APP APP
Manage
OpEx Agility
Every stage remains essential
4 | © 2013 Infoblox Inc. All Rights Reserved. 4 | © 2017 Infoblox Inc. All Rights Reserved.
Critical Network Services
• Unseen, but every network needs them
DHCP: To get an address
DNS: To make web-based services reachable
IP Address Management: To keep addresses in order, save
time and manage resources
• “DDI” on an appliance, virtualized or in the cloud
DDI remains essential to your cloud journey
5 | © 2013 Infoblox Inc. All Rights Reserved. 5 | © 2017 Infoblox Inc. All Rights Reserved.
Manage DNS manually
or with custom scripts1
Want discovery, control on new
spun-up assets 1
DNS - most common
application layer attack2
8/10 81% 79% #1
Obsolete Processes
Disparate Platforms
Limited Oversight
Security/ Compliance
Yesterday’s DDI
methods:
unsuited to
tomorrow’s
requirements
Operational
inefficiencies and
silos across
platforms
Lack of single
pane of glass
visibility for
traditional, virtual
and cloud assets
Inconsistency
and DNS-based
exploits expand
security and
compliance risks
1. Infoblox Study: ReRez Research on behalf of Infoblox 2. Arbor WISR2016 report
Of cloud deployments use 3 or more
platforms1
DDI Issues and the Cloud
DDI is (too) often an afterthought in cloud network
deployments
6 | © 2013 Infoblox Inc. All Rights Reserved. 6 | © 2017 Infoblox Inc. All Rights Reserved.
Four DDI Imperatives for the Cloud
Insight for
management,
compliance reporting
and planning
Defense against
DNS-based
attacks and
network-based
threats
1. Scalability 2. Visibility 3. Manageability 4. Security
Automation across
environments and
integrated with cloud
orchestration platforms
DDI that scales
across network
subnets, zones,
sites and clouds
A well-behaved network has/will have these needs
7 | © 2013 Infoblox Inc. All Rights Reserved. 7 | © 2017 Infoblox Inc. All Rights Reserved.
Imperative #1: Scalability
Increase efficiency and
effectiveness by consolidating
DNS, DHCP and IPAM
Centralized management of IP
addresses, hosts and resources
A distributed architecture to
support expansion while providing
reliability and fault-tolerance
Branch
Office
DDI
DDI
DDI
DDI Recovery
Site
Microsoft
DNS/DHCP
8 | © 2013 Infoblox Inc. All Rights Reserved. 8 | © 2017 Infoblox Inc. All Rights Reserved.
Imperative #2: Visibility
Procure insight across
environments for reporting,
analysis and planning
Granular DNS and DHCP data
Integrates data from the network
infrastructure
Dashboards and data
visualization
Built-in and ad hoc reports
Analytics that inform planning
Branch
Office
DDIDDI
DDI
DDI
9 | © 2013 Infoblox Inc. All Rights Reserved. 9 | © 2017 Infoblox Inc. All Rights Reserved.
Managing DDI for a
cloud or can be
slow with potential
for errors
Increase efficiency
and confidence in
results
Imperative #3: Manageability
Desired DDI process with a cloud
Common DDI processes with a cloud
Provision Virtual
Instance
1 2 3 4
AUTOMATED MANUAL
5 6
DAYS
Provision Virtual
Instance1
AUTOMATED
MINUTES
2 3 4
AUTOMATED
5 6
Implement change anytime: DNS names, IP addresses
No tickets between network, server teams for DNS, IP
Automatically reclaim resources on spin down
Manual processes and record-keeping. Possibly open loop.
10 | © 2013 Infoblox Inc. All Rights Reserved. 10 | © 2017 Infoblox Inc. All Rights Reserved.
Imperative #4: Security
Protect against DNS-based
threats and exploits
Up-to-date safeguards against
evolving threats
Contain data exfiltration and
malware
Outbound APIs to link DDI data
to synergistic security products
i
11 | © 2013 Infoblox Inc. All Rights Reserved. 11 | © 2017 Infoblox Inc. All Rights Reserved.
Infoblox DDI for a cloud network
1. Scalability 2. Visibility 3. Manageability 4. Security
12 | © 2013 Infoblox Inc. All Rights Reserved. 12 | © 2017 Infoblox Inc. All Rights Reserved.
“Infoblox offered simplicity of
deployment, ease of management,
market-leading functionality, and
most importantly, excellent APIs for
data center automation.”
- Abhay Kulkarni, VP of Engineering and
Operations, Netskope
Problem
• 50% of data in cloud applications outside of
the locked-down network
• Needed a solution that offered automation,
ease of management and scale on a secure
platform
Solution: Infoblox DDI
• Scales: Seven globally distributed data
centers
• Visibility: Single-pane-of-glass, across
subnets and environments
• Management: Automates spin-up of new
virtual machines as workload increases
Case Study: Netskope
13 | © 2013 Infoblox Inc. All Rights Reserved. 13 | © 2017 Infoblox Inc. All Rights Reserved.
Why
●
●
●
Protects the network and data,
coupled with an ecosystem of
3rd party integrations●
7,000+ customers, over 300 of
the Fortune 500 companies
Scalable and secure DDI
services that cross networks,
platforms and environments
Comprehensive visibility across
environments to accelerate
troubleshooting and planning
14 | © 2013 Infoblox Inc. All Rights Reserved. 14 | © 2017 Infoblox Inc. All Rights Reserved.
Q&A