Boise State U. builds a better way to manage its DNS
University taps BlueCat appliance to improve control over a complex network
Boise State University runs a Cisco Systems network, with Cisco switches, routers, IP phones and wireless access points. But when Version 5.5 of Cisco’s Network Registrar naming and address tool approached its end of life with no upgrade path available, the university went shopping for a user-friendly Domain Name System and Dynamic Host Configuration Protocol management platform with more functionality.
“The old system was functional on a basic level,” said Boise State network engineer Diane Dragone. “But there were a lot of things lacking.”
Changing a name in the DNS with the Cisco suite required scrolling through a list to find the proper entry, and the vendor tags needed for the DHCP had to be customized for Registrar. “We were looking for more functionality in management,” Dragone said.
The university, Idaho’s largest, settled on the Adonis DNS-DHCP management appliance from BlueCat Networks. The 1000 model server was installed in a test mode in June, moved to production in July and fully implemented by early August.
“Once I tested the features and reliability and we were satisfied, I just made an aggressive schedule” for rolling the new management service out across 175 buildings on the 170-acre campus, Dragone said. “The first three weeks or so that I played with it there was a learning curve,” but there have been no problems since.
DNS and DHCP are critical services that underlie IP networks. DNS associates domain names used by people with the numeric IP addresses used by computers and networking equipment to route and deliver traffic. DHCP lets systems dynamically assign IP addresses from a range of available addresses as devices come onto and leave a network.
DNS had been a static service that required little active management, making it what Branko Miskov, BlueCat director of product management, called the forgotten service. DHCP often requires even less attention.
“For the most part, DHCP works in the background,” Miskov said. “The value added by management has been in monitoring and reporting activity, providing visibility.”
For those reasons, until recently, management tools for DNS and DHCP have focused on larger enterprises that require staff members to keep up with network name and address changes. “In a large network, you could be making dozens of DNS changes a day,” he said.
But as network complexity has increased, the market for management tools has moved downstream. “It’s not just large organizations that have large networks,” he said. The proliferation of mobile networked devices and services, such as voice over IP, have made active management of those resources more important.
Universities can be particularly complex environments. They typically have a number of buildings spread across a campus and support multiple populations of users with widely differing needs. Students have laptop and desktop PCs, Internet-capable phones and online gaming systems and are looking for fast access with a minimum of restrictions. Administrative offices need access for business systems and applications, and they must ensure the security and privacy of data. Academic departments must support power users with access to advanced research networks and the bandwidth and processing power to transfer large files and run complex modeling, simulation and other computations.
“They are the ones who push the limits of our products,” Miskov said of universities, which use all of the features and demand new ones. Georgia Tech, one of the larger BlueCat customers, works closely with the company on the development of new functionality. “They are pushing the envelope.”
Boise State is a little larger than average for a university customer, with about 21,000 students and 2,400 faculty and staff served by a fiber-optic backbone. The university is in the process of upgrading to a 10 gigibits/sec backbone and provides 100 megabits/sec to the desktop.
“In some places, we’re pushing 1 gig to the desktop,” Dragone said.
The school has a Class B address space license that can support more than 65,000 addresses per network on more than 16,000 networks. It has 208 DNS zones with 22,000 host records and 56 DHCP pools for dynamically assigning addresses. It also has 2,300 IP phones.
“We used to have the largest implementation of VOIP in the state,” Dragone said. “We were cutting-edge in going to IP phones.” The university began installing VOIP to replace the separate voice network in 2002.
The first several dozen campus guinea pigs to get VOIP experienced some performance problems, but since the implementation, “it’s worked really well,” she said. “We don’t have any complaints related to the phones.”
The adoption of VOIP has allowed the university to consolidate its voice and data network administrative and support staffs. It also recently moved desktop data connections to the back of the IP phone handset, further simplifying the system with few switches and connections required.
But that also created more need for actively managing domain names and address assignments. The school began researching available products several years ago, but the program was put off because of budget restrictions. With Cisco’s Network Registrar moving to a new version, the search resumed this year. The school looked at a number of products, including Mice and Men and BIND, but Dragone zeroed in on products from BlueCat and InfoBlox.
“I pushed hard for the BlueCat,” she said. “I thought it would fill all our needs.” She also was attracted by the company’s customer base. “I didn’t want to be the only big user.”
The school uses two of the appliances for failover, although “my preference would be for three,” Dragone said. Deploying the system was easy, she said. She was able to copy Media Access Control addresses from the previous system’s DHCP reservations and reserve the same addresses for users without creating new assignment lists or changing firewall rules.
With more than 50 DHCP address pools, “the help desk was really happy that I figured that out,” she said. “That would have been a lot more work if I had not been able to keep the reservations.”
Since the implementation, “there haven’t been any issues,” Dragone said. “Since the system went up, I’ve sort of forgotten about it.” She has scheduled DNS changes for once a week, which she said is less disruptive and forces people to plan for their needs and changes.
“I try to look at the logs more than once a week,” but the system does not demand her attention. She has even done a software upgrade on the appliance in the middle of the day. “I was a little nervous” about making the upgrade during business hours, she said, but there were no interruptions in service. “It was great not having to schedule that at 0-Dark:30 hours.”