Boise State U. builds a better way to manage its DNS

Featured eBooks
Whole-of-State Cybersecurity
The State of Trust in Government
Cybersecurity in State and Local Government
By William Jackson
 

Connecting state and local government leaders

By William Jackson

|

When its old DNS-DHCP solution reached its end of life, Idaho’s largest university went shopping for more functionality and ease of management for its large, complex network.

In this report

Boise State's lesson: To learn network management, do it yourself

Boise State University runs a Cisco Systems network, with Cisco switches, routers, IP phones and wireless access points. But when Version 5.5 of Cisco’s Network Registrar naming and address tool approached its end of life with no upgrade path available, the university went shopping for a user-friendly Domain Name System and Dynamic Host Configuration Protocol management platform with more functionality.

“The old system was functional on a basic level,” said Boise State network engineer Diane Dragone. “But there were a lot of things lacking.”

Changing a name in the DNS with the Cisco suite required scrolling through a list to find the proper entry, and the vendor tags needed for the DHCP had to be customized for Registrar. “We were looking for more functionality in management,” Dragone said.

The university, Idaho’s largest, settled on the Adonis DNS-DHCP management appliance from BlueCat Networks. The 1000 model server was installed in a test mode in June, moved to production in July and fully implemented by early August.

“Once I tested the features and reliability and we were satisfied, I just made an aggressive schedule” for rolling the new management service out across 175 buildings on the 170-acre campus, Dragone said. “The first three weeks or so that I played with it there was a learning curve,” but there have been no problems since.

DNS and DHCP are critical services that underlie IP networks. DNS associates domain names used by people with the numeric IP addresses used by computers and networking equipment to route and deliver traffic. DHCP lets systems dynamically assign IP addresses from a range of available addresses as devices come onto and leave a network.

DNS had been a static service that required little active management, making it what Branko Miskov, BlueCat director of product management, called the forgotten service. DHCP often requires even less attention.

“For the most part, DHCP works in the background,” Miskov said. “The value added by management has been in monitoring and reporting activity, providing visibility.”

For those reasons, until recently, management tools for DNS and DHCP have focused on larger enterprises that require staff members to keep up with network name and address changes. “In a large network, you could be making dozens of DNS changes a day,” he said.

But as network complexity has increased, the market for management tools has moved downstream. “It’s not just large organizations that have large networks,” he said. The proliferation of mobile networked devices and services, such as voice over IP, have made active management of those resources more important.

Universities can be particularly complex environments. They typically have a number of buildings spread across a campus and support multiple populations of users with widely differing needs. Students have laptop and desktop PCs, Internet-capable phones and online gaming systems and are looking for fast access with a minimum of restrictions. Administrative offices need access for business systems and applications, and they must ensure the security and privacy of data. Academic departments must support power users with access to advanced research networks and the bandwidth and processing power to transfer large files and run complex modeling, simulation and other computations.

“They are the ones who push the limits of our products,” Miskov said of universities, which use all of the features and demand new ones. Georgia Tech, one of the larger BlueCat customers, works closely with the company on the development of new functionality. “They are pushing the envelope.”

Boise State is a little larger than average for a university customer, with about 21,000 students and 2,400 faculty and staff served by a fiber-optic backbone. The university is in the process of upgrading to a 10 gigibits/sec backbone and provides 100 megabits/sec to the desktop.

“In some places, we’re pushing 1 gig to the desktop,” Dragone said.

The school has a Class B address space license that can support more than 65,000 addresses per network on more than 16,000 networks. It has 208 DNS zones with 22,000 host records and 56 DHCP pools for dynamically assigning addresses. It also has 2,300 IP phones.

“We used to have the largest implementation of VOIP in the state,” Dragone said. “We were cutting-edge in going to IP phones.” The university began installing VOIP to replace the separate voice network in 2002.

The first several dozen campus guinea pigs to get VOIP experienced some performance problems, but since the implementation, “it’s worked really well,” she said. “We don’t have any complaints related to the phones.”

The adoption of VOIP has allowed the university to consolidate its voice and data network administrative and support staffs. It also recently moved desktop data connections to the back of the IP phone handset, further simplifying the system with few switches and connections required.

But that also created more need for actively managing domain names and address assignments. The school began researching available products several years ago, but the program was put off because of budget restrictions. With Cisco’s Network Registrar moving to a new version, the search resumed this year. The school looked at a number of products, including Mice and Men and BIND, but Dragone zeroed in on products from BlueCat and InfoBlox.

“I pushed hard for the BlueCat,” she said. “I thought it would fill all our needs.” She also was attracted by the company’s customer base. “I didn’t want to be the only big user.”

The school uses two of the appliances for failover, although “my preference would be for three,” Dragone said. Deploying the system was easy, she said. She was able to copy Media Access Control addresses from the previous system’s DHCP reservations and reserve the same addresses for users without creating new assignment lists or changing firewall rules.

With more than 50 DHCP address pools, “the help desk was really happy that I figured that out,” she said. “That would have been a lot more work if I had not been able to keep the reservations.”

Since the implementation, “there haven’t been any issues,” Dragone said. “Since the system went up, I’ve sort of forgotten about it.” She has scheduled DNS changes for once a week, which she said is less disruptive and forces people to plan for their needs and changes.

“I try to look at the logs more than once a week,” but the system does not demand her attention. She has even done a software upgrade on the appliance in the middle of the day. “I was a little nervous” about making the upgrade during business hours, she said, but there were no interruptions in service. “It was great not having to schedule that at 0-Dark:30 hours.”

NEXT STORY: Boise State's lesson: To learn network management, do it yourself

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.