Protecting Those Who Protect Us
In the 21st Century, the U.S. federal government has had to expand how it defines “defense” to include cyberthreats. That’s why the Department of Defense has ramped up its cyberstrategy efforts (outlined here) to encompass defending DoD networks, defending national interests against cyberattacks, and providing cyber support to military operations.
Within its Cyber Mission Force, DoD plans to have 133 teams in place by 2018: 68 for cyber protection, 27 for combat missions, 25 for analytic and planning support, and 13 for cyberattacks.
Infoblox is proud to be part of the team that’s helping a key agency within the U.S. Department of Defense protect the country’s strategic digital interests. This agency has been an Infoblox customer for more than five years, and was an early adopter of Infoblox virtual appliances. It frequently adds new capabilities, including most recently virtualization, in a complex network architecture.
“We’re not unlike any other IT organization that’s large, and has a large number of servers that are mission critical,” says the agency’s IT architect. “We run Windows and Linux, and in our heterogeneous environment, we needed a single centralized management resource.” Previously, the agency used a number of disparate management tools for core network services, including Microsoft MMC as well as multiple text files across servers running BIND, ISC, and DHCP, but those tools didn’t allow the agency to react fast enough to handle frequent global Domain Name System (DNS) name refreshes.
“One huge factor for us is that Infoblox is a Microsoft Gold Partner and its DDI solution ties in with Active Directory. [Thanks to that capability], we’ve seen significant savings in time—it’s night and day,” the IT architect says. Prior to the Infoblox deployment, all IP management was done manually, which too often led to errors without giving the visibility the agency needed. Deploying Infoblox has been “a life changer for our environment.”
The IT team is currently running six Infoblox 1410 physical appliances in a high-availability configuration and nine virtual ones for DNS, DHCP, and IP address management (DDI) in the production environment, and is also using Infoblox adapters for VMware vCloud Automation Center and vCenter Orchestrator in a development lab. This lets the agency’s internal customers “spin up and spin down resources in an elastic cloud utilizing vCloud Automation Center. We’ve created workflows that are going to allow us to select an IP address, be given a host name from Infoblox by accessing the API, and when the machine is torn down, make another call to actually remove it from Infoblox, including the host name and IP.”
The goal: complete automation. “Instead of humans being involved, we’re going to dynamically build and destroy servers on the fly,” says the IT architect.
Security compliance, of course, is an important issue in any defense organization, and Infoblox helps with that, too. IT teams in the DoD agency can address BIND vulnerabilities quickly because the solution is baked into the Infoblox operating system. Its automated patching capability simplifies Microsoft Patch Tuesday, while at the same time, the attack surface of the Infoblox appliances is much smaller, and Infoblox provides reporting, so compliance audits are accomplished a lot more quickly.
For the full case study, click here.