How DNS powers DevOps in DOD “software factories”

Last updated on May 12, 2022.

The sleekest jet.  The biggest aircraft carrier.  The most badass tank.  DOD agencies used to engage in a not-so-subtle competition to develop the coolest hardware on the planet.

In recent years, however, the measure of “cool” has shifted dramatically.  Instead of highlighting new weapons systems and platforms, DOD agencies are starting to put their resources into software. Defense leaders throughout the DOD have recognized the importance of software to winning the fight against near-peer adversaries on a modern battlefield.

Here’s how it works.  You get together a bunch of your best in-house and contract developers.  You let them all dress in jeans and t-shirts.  You give the office a “cool nerd” name, preferably one associated with Star Wars (Kessel Run, Bespin) or Star Trek (Kobayashi Maru).  You organize your workflow around a DevOps methodology.  Then you start solving problems for the warfighter.  Fast.

These DOD software factories may be the new measure of “cool”, but that doesn’t necessarily mean that they’ve reached their full potential yet.  They’re certainly moving fast and breaking things as designed.  Yet as DevOps becomes the new norm, they’re also discovering that some of the boring, old-school parts of the network can’t keep pace with the level of innovation they’re trying to maintain.

Squaring DevOps and NetOps

Here at BlueCat, we’ve seen plenty of DevOps and cloud teams hit this wall when it comes to IP address management.  For all the fast-paced methodologies they’ve developed, sometimes these teams get tripped up by the basics of back-end network architectures.

For example, DevOps and cloud teams need to spin up and draw down compute in the cloud at will.  To do this, they need to rapidly provision (and de-provision) IP addresses.  That means either asking the network team to assign an IP address (which means waiting for a service ticket) or generating one themselves (potentially creating an IP conflict which could bring down the network).

DNS can get messy when software development teams are operating in hybrid environments.  Ideally, you’re going to want a single source of truth which can assign and manage IP addresses across on-prem and multiple cloud instances.  If left to their own devices, most DevOps teams will just build IP address silos for each environment.  This creates havoc for the network teams that support them – they’ll need duelling spreadsheets to avoid an IP conflict and/or a complex tangle of conditional forwarding rules to make sure queries get where they’re supposed to go.

DOD agencies also face specific requirements around failover and network resilience which filter down to the DNS level.  The need to house and access data in redundant or compliant environments can trip up DevOps teams who just want to build cool stuff and move on.  When they have to stop and consider the connections between different environments, DevOps teams aren’t doing what they’re supposed to be doing – driving innovation.

DNS should just work

All of this boils down to the same problem:  DevOps teams shouldn’t really have to think about DNS at all.  IP address space should just be there for the taking, without any worry for how the network team manages it.  It should be available in any environment, and should automatically failover if any of those environments become inaccessible.  The whole back-end should just work.

The network teams which support these DOD software factories know, of course, that making all of this “just work” is far more complicated than it may seem.  That’s why they’re turning to BlueCat for solutions.

IP address provisioning

BlueCat solves the IP address provisioning challenge through automation.  Our platform enables self-service for IP address provisioning.  Think of it as a vending machine for IP addresses.  DevOps teams get as many IP addresses as they want, instantaneously.  Network teams get to control which IP addresses get assigned, and they receive back the IP addresses that are decommissioned, too.

Of course, this is just one way that our customers have used BlueCat’s automation platform. Our open API allows for customized workflows that are purpose-built for specific business outcomes. The bottom line: If you want to automate DNS, DHCP, or IPAM services to fit your particular needs, we can do that.

Managing hybrid environments

BlueCat also makes it far easier to manage DNS across hybrid environments.  When siloed DNS architectures are merged into a single source of truth, IP address conflicts become a thing of the past.  And with our intelligent forwarding capabilities, network admins can dramatically decrease the number of conditional forwarding rules they have to manage.

Failover is easy too – BlueCat offers multiple options for high availability which keep networks up and running even when primary assets go down.  Since our Adaptive DNS system can be deployed anywhere and everywhere, network admins have the flexibility to build resilience into their systems.

So if you’re a DOD employee who happens to be in blue jeans underneath a Star Wars logo, ask yourself:  is your DNS supporting the DevOps mission, or hindering it?  If it’s the latter, take a look at the BlueCat DDI platform and consider a change.