BlueCat recently asked Enterprise Management Associates (EMA), an IT and data management market research firm, to provide some insight on DDI use. They shared survey data around the strategic initiatives and long-term challenges faced by users of different DDI solutions. (DDI is the integration of DNS, DHCP, and IPAM into one management solution.)
Along with EMA’s report, Network Management Megatrends 2020: Enterprises Embrace NetSecOps, the Internet of Things, and Streaming Network Telemetry, BlueCat got a hold of their all raw data. And our deeper analysis of it yielded some surprising insights. The data shows four key takeaways:
- There is an inverse relationship between the use of commercial DDI solutions and business size. The threshold is around $1 billion.
- For companies that consume DDI as a managed service, around two-thirds are using Microsoft DNS or homegrown BIND solutions. This is a big missed opportunity.
- Companies that use software-defined networking (SDN) and hybrid cloud environments are more likely to have a commercial DDI solution. And they report that it performs far better.
- And—perhaps not so surprising—there is a direct correlation between using a commercial DDI solution and a networking team’s overall success.
The bigger the business, the more decentralized the DDI solution
One of the biggest takeaways is that the pattern of adoption for DDI solutions is completely upside down.
Decentralized DDI simply doesn’t scale well. Trying to manage Microsoft DNS or homegrown BIND architectures across high-performing global networks is an enormous task. There’s also a built-in complexity threshold: Network teams quickly become overwhelmed by the sheer volume of service requests. This particularly true when they’re dealing with DevOps and cloud teams.
So it would stand to reason that the largest, most complex organizations would be the most likely to adopt purpose-built commercial solutions for DDI management, right? Wrong. The EMA data actually showed that the opposite is true.
The metrics show an inverse relationship between the use of commercial DDI solutions and business size, with a threshold of around $1 billion.
If a company has annual revenue under $1 billion, it is more likely to use commercial DDI solutions to manage core network infrastructure. Only around a third use Microsoft DNS or homegrown BIND solutions. On the other hand, a whopping 84% of companies with $1 billion or more in revenue are still using decentralized, manual DDI solutions.
Largest budgets spent least effectively
There’s a similar pattern when it comes to IT budgets. Ironically, companies with the largest IT budgets are actually more likely to use these “free” DDI solutions. Around 65% of companies with IT budgets over $50 million still use IP address spreadsheets. In comparison, only a third of companies with IT budgets under $50 million are still using spreadsheets.
Why are the biggest companies furthest behind?
The numbers are a bit shocking. How is it that the largest organizations with the most complex networks and most challenging operational requirements are the least likely to use a modern DDI solution?
It may very well come down to one thing: inertia.
Most billion-dollar companies aren’t forced to be scrappy. Their environments change at a more measured, deliberate pace over time. And they have resources to throw at just about any problem. In these environments, it can be easier to staff up than it is to change a global network architecture.
Furthermore, decentralized networks are managed by multiple teams, many of which have divergent ideas on how that architecture should evolve. For some teams, management of critical systems is a source of power that they are unwilling to give up in the interest of centralized visibility and control. Certainly, politics plays a part.
At a certain point, the DDI you have becomes so complex and entrenched in your operations that migrating away from it can seem nearly impossible. The cost of relying on decentralized DDI may grow and system reliability might decline—perhaps to unacceptable levels for both. Yet it’s still the devil you know.
DDI as a [mis]managed service
Another interesting data point concerns the delivery of DDI as a managed service, either by an outside provider or by a centralized IT team to multiple business units.
Of the survey respondents who consume DDI as a managed service, around two-thirds are using Microsoft DNS or homegrown BIND solutions. Only one-third are using commercial solutions.
This suggests that managed service providers are missing a considerable opportunity to deliver future-ready DDI infrastructure to their clients. Specifically, Microsoft DNS and homegrown BIND solutions:
- have no support for DNS automation,
- can’t compile or leverage DNS data for security,
- have no pre-built integrations with third-party tools,
- make DNSSEC deployments a nightmare,
- and lack the ability to optimize routing pathways for DNS traffic.
On their own, these features might be easy to write off. Yet over time, across a complex network architecture, these things save a lot of time and effort.
This lack of functionality also means that managed service providers are probably spending a lot more time (and client money) managing and configuring DDI behind the scenes than they need to. By automating standard tasks on a purpose-built platform, managed service providers could better use their network admin resources.
There is no such thing as free DDI. Enterprises either pay for a purpose-built, commercial solution or pay to cope with the limitations of Microsoft DNS or BIND.
SDN or cloud? Not with that DDI
The data also show that centralized, automated DDI infrastructure is a necessary precursor for the implementation of both SDN and cloud solutions.
The correlation between SDN and DDI
Companies that actively use SDN solutions like Cisco ACI or VMware NSX at scale are far more likely to have a purpose-built DDI foundation that can support automation. They know from experience that SDN is only as fast as the underlying processes that support it. If ACI or NSX is provisioning IP addresses manually through help desk tickets, then it isn’t performing at its full capacity.
That’s why the data show a significant difference between companies who are investigating SDN or using it in a lab versus companies that have deployed it across the network. When that transition happens, the use of Microsoft DNS and homegrown BIND solutions decreases by around a third. Around 75% of network teams using commercial DDI solutions also use SDN to manage their networks.
The reason is clear: Zero-touch provisioning of IP addresses allows SDN solutions to realize their full potential. Few network teams think about automated DDI as an operational requirement until SDN solutions start to operate at scale. Even in a lab, it can be difficult to appreciate how critical the backend core network infrastructure will be.
The same holds true for cloud
Furthermore, for respondents who are managing DDI infrastructure across hybrid cloud environments, there’s a clear distinction between the functionality of purpose-built systems and decentralized solutions like Microsoft or BIND.
Among respondents using Microsoft and BIND, 57% reported that their DDI solution was “less capable” or “inferior” in the cloud than in the controlled world of on-prem deployments. That’s only natural—these solutions simply weren’t built with the cloud in mind. They have no off-the-shelf integrations to speak of, and building them from scratch is an enormous undertaking.
On the other hand, purpose-built DDI solutions perform far better. Survey respondents who use centralized, automation-friendly platforms noted that their DDI infrastructure performs the same in the cloud as it does on-prem. Specifically, it leverages integrations and strong feature sets to deliver a consistent user experience across the board.
DDI contributes to network team success
Finally, the survey shows a clear correlation between the use of commercial DDI solutions and the success of a networking team. When there’s a single source of truth to ensure network integrity and automated processes to speed up service delivery, network teams thrive. That’s primarily because they’re spending less time on manual service-related tasks.
The opposite is true for decentralized solutions like Microsoft DNS and homegrown BIND. The majority of respondents using these solutions reported that they were less successful as a networking team. They spend more time performing day-to-day DDI management activities. And they spend less time performing the strategic, proactive tasks they’d rather be doing.
All of this to say that DDI infrastructure should be appreciated for the critical role it plays. It forms the foundation of every activity on the network. Any decentralized, manual DDI system is going to turn every application and service above it into a decentralized, manual undertaking.
Using a centralized, automated, and secure DDI solution is the best way to deliver the strong services needed to take your network to the next level.
Are you one of these billion-dollar companies that are slowly approaching a complexity threshold? Or a managed service provider looking for a differentiator? Is your SDN solution pushing the limits of your core network infrastructure? BlueCat’s Adaptive DNS might be the answer.
Critical conversations on critical infrastructure
Find out how your peers are managing their networks through profound change. Watch this series of live interactive discussions with IT pros & join the debate in Slack.
9 tech leaders’ advice on running a technology organization (part 2)
A compilation of 8 tech leaders’ (+ BlueCat CSO Andrew Wertkin) advice on driving innovation and achieving overall success as a tech organization.
9 tech leaders’ advice on sustaining business alignment (part 1)
Now that Season 1 of the popular podcast Network Disrupted has wrapped, it’s time to parse insights from the show and share them with you.
Temporary workaround for SAD DNS
Ahead of Linux’s patch taking effect, BlueCat Labs has a temporary workaround for protecting against the revived Kaminsky DNS cache poisoning attack.
IT pros debate: Should you DIY your DDI?
Five IT pros get real about DIY vs. enterprise DNS solutions during the second Critical Conversation on Critical Infrastructure hosted in Network VIP.