The Advantage of Infoblox NIOS™ 8.3 Discovery for the Government Hybrid Cloud
Why Government is Moving to the Cloud
More and more federal, state and local government agencies are moving to cloud technologies as they are saddled with billions of dollars of aging, obsolete or unsupported hardware and software in use across the government landscape. On-premise systems are costly, inefficient, siloed, difficult to maintain and fail to meet the security and data-driven decision-making needs of today’s business and workforce. Migrating services to the cloud frequently makes economic and technological sense and eliminates costly long-term investments.
Initiatives, including the Cloud First Policy, direct agencies to pursue cloud solutions for new IT projects. Cloud computing provides efficient, on-demand access to shared pools of configurable computing resources (e.g. networks, servers, storage, apps, and services) that can be quickly configured and deployed with minimal effort. Once deployed, cloud solutions automate tedious transactions, improve response, increase accessibility and flexibility, enable data analytics, provide actionable network visibility and promote user satisfaction. In one example, government HR professionals using SaaS tools transitioned their workload ratio from 20% strategic/80% transactional to 50-70% strategic activity (Excerpt: Why Government is Moving to Cloud Technologies, Sherry Amos, February 6, 2018), while using standardized tools and processes across the ecosystem to save staff retraining time and effort.
Infoblox and the Impact of Discovery
Infoblox solutions have helped customers in the government cloud since August 2016. One such feature is Infoblox Discovery, the key to enabling network efficiency, accuracy, and automation in government hybrid cloud environments. There are two types of Discovery:
- IP Discovery: This feature detects and retains data about active hosts in specified networks. An appliance can be setup to perform IP Discovery using a variety of discovery methodologies including Internet Control Message Protocol (ICMP), Network Basic Input/Output System (NetBIOS), Transmission Control Protocol (TCP) or Full (IP, MAC, OS, NetBIOS) comprehensive discovery. IP Discovery can begin right after setup, scheduled for a later time or enabled for recurring discovery.
- vDiscovery: This feature helps identify, retrieve and retain data about Subscriptions, vNets, Subnets Virtual Machines (VMs) and interfaces (such as a vSwitch or vRouter) running in private, public and hybrid environments. These are managed through Cloud Management Platforms (CMPs) including VMware, OpenStack, Amazon Web Services (AWS) GovCloud and Microsoft Azure Government.
Automated discovery is critical to the success of the organization. It enables work to operate on-demand and provides access to real-time data for a range of business-critical activities, including:
- Infrastructure protection to support app and service availability and performance
- Data protection and malware mitigation to protect users and data
- Threat containment to enable fast incident response and ecosystem alerting
- Revenue and operations to optimize efficiency, service delivery and earnings opportunities
How Discovery Helps Government
Many agencies operate multiple accounts (subscriptions). Cloud environments are often quite dynamic as VMs are created and terminated rapidly and at a moment’s notice, making them increasingly difficult to keep track of and manage. With Infoblox Discovery, tasks can be automated, allowing Infoblox to track your cloud environments and store data in IPAM. When combined with Cloud Network Automation (CNA), admins gain comprehensive visibility into the cloud environments through a centralized management console.
Infoblox makes it easy to define discovery jobs using a vDiscovery Job Wizard. It can also manage all configured vDiscovery jobs with the vDiscovery Job Manager and API. vNIOS synchronizes the successive detected data (not the associated NIOS objects) with the data in the targeted CMP. Here are some examples:
- VM IP Address Change: When you change the IP address of a VM, this data is automatically updated upon the next discovery.
- VM Termination: If you terminate a VM, the VM and its associated IPAM data is automatically deleted from the NIOS database, keeping IPAM information relevant without the need for any manual cleanup.
- CMP Data Deletion: If you delete certain data on the CMP, the respective discovered data is removed from the NIOS database.
- Cleanup: If you change the parameters of a vDiscovery Job, the last detected data from this job will be automatically cleaned-up, enabling the appliance to continue synchronizing data for successive discoveries.
- Data Retention: If you prefer not to lose detected data for a specific vDiscovery job, you can create a new vDiscovery job for the new collection rather than modifying the current job.
Once a discovery is made, the appliance updates the database with the new data using the configured settings for a variety of different types of data. For example:
- Data Management: You can merge newly discovered data, consolidate managed data, or update unmanaged data.
- Unmanaged/Conflict Data: The appliance also identifies unmanaged and conflict data:
- Unmanaged Data: This is discovered data that is not configured for DNS or DHCP and has no associated objects in the NIOS database.
- Conflict Data: This is discovered data configured for DNS or DHCP and has associated NIOS object or objects, but certain key values are different than those in the NIOS database.
- Discovered Data: The Grid Manager displays discovered data in the Discovered Data section of the IP address properties panel when viewing an individual IP, making it easy to track IP usage and view detailed information for the VM associated with it.
- Syslog: The appliance records admin operations in the audit log and discovery operations in the syslog, providing a whole new level of accountability.
The Discovery Process
The graphic below shows an overview of the discovery processes. You can set up and begin an IP discovery from the Discovery Manager wizard and a vDiscovery from the vDiscovery Job Manager wizard, where an Infoblox Grid member is assigned to run the discovery tasks. After configuring an IP discovery task and a vDiscovery job, the Grid Master sends the discovery requests to the targeted member. Based on how you configure the discovery tasks, the selected member runs the discoveries, collects data from the detected and virtual entities from the specified networks and cloud platforms. The Grid member updates the Grid Master with the discovered results, which then updates the database with discovered data based on the discovery configuration.
The Key Takeaway
With Infoblox discovery, admins gain a comprehensive and granular view of network data which includes active devices, hosts, virtual entities and cloud platforms. Discovery also brings in data for multiple CMPs and accounts under a single pane of glass, giving admins confidence that databases are current with complete and real-time data based on their discovery criteria. And they have access to robust data and analytics, providing actionable insights and empowering them to make security and business decisions to better manage resources and fulfill the agency’s mission.
To Learn More
Infoblox provides numerous resources to enable successful integrations between cloud and on-premise networks and ensure mission success. New or existing government customers seeking back-office or cloud DDI infrastructure guidance and solutions can contact the federal account team for more information.