Five ways to avert issues with BlueCat Infrastructure Assurance

By flagging and notifying you of hidden issues before they cause damage, you can go from reactive to proactive in your Integrity DDI environment.

Ulrica de Fort-Menares

November 6, 2023

From disabled backups to configuration drifts, many types of disruptions can slow your network down or even bring it to a grinding halt.

For example, drifts away from standard configurations among network devices, perhaps the result of ad hoc changes, can lead to erratic network behavior, instability, or even downtime.

Warning signs of these disruptions to your DNS, DHCP, and IP address management (together known as DDI) environment often lurk undetected. If you can proactively identify and address these hidden issues, configuration errors, and forgotten maintenance tasks before they escalate, you can avoid much bigger headaches down the road.

But how? It’s a tall order for network admins to catch all of this. For BlueCat Integrity enterprise customers, BlueCat Infrastructure Assurance provides proactive monitoring to root out hidden issues in your DDI environment, along with recommended steps to address them.

In this post, we’ll explain what BlueCat Infrastructure Assurance (BCIA) is, and then delve into five ways that the platform can help you go from reactive to proactive in your Integrity environment. Finally, we’ll briefly highlight what’s to come in future releases and how you can contribute to the conversation.

What is BlueCat Infrastructure Assurance?

The result of BlueCat’s acquisition of Indeni, BlueCat Infrastructure Assurance (BCIA) is a proactive monitoring and automation solution. Think of it as a virtual DDI expert, on duty 24/7.

Infrastructure Assurance provides deep visibility into BlueCat Integrity enterprise environments, including its key BlueCat Address Manager and BlueCat DNS/DHCP Server (BDDS) components, to flag early warning signs of issues. With our domain expertise codified into BlueCat Infrastructure Assurance, the platform knows what to look for, interrogating your systems to ensure they are healthy. This includes knowledge of capabilities and features of the BlueCat implementation of DDI and its entire management layer.

A diagram of how BlueCat Infrastructure Assurance provides deep visibility into BlueCat Integrity enterprise environments, including its key BlueCat Address Manager and BlueCat DNS/DHCP Server (BDDS) components

Should it find something, the platform proactively alerts customers that there might be a service failure—or any level of degradation of service—coming. And it provides a list of recommended remediation steps that admins can use as a guide to help address the problem.

Five ways to go from reactive to proactive with Infrastructure Assurance

For BlueCat Integrity enterprise customers, moving beyond the reactive mindset when things go awry is now within reach. Below, we explore five examples of issues you might encounter in your DDI environment and how BlueCat Infrastructure Assurance (BCIA) can help you identify and address them before they wreak havoc on your network.

Continuously check for Address Manager and BDDS connectivity

Address Manager or BDDSes are often not the cause of many issues. Instead, changes in other devices within the broader networking environment are often the culprit.

For example, someone made a firewall policy change and inadvertently broke the connection between Address Manager and your BDDSes. With Infrastructure Assurance, you can continuously check for connectivity among critical components to ensure successful DNS deployments or successful failover.

With Infrastructure Assurance, you can receive the following connectivity-related alerts:

  • Connectivity broken between the two DHCP failover servers
  • Communication from Address Manager to BDDSes not working
  • Communication from BDDSes to Address Manager not working

Ensure device backup is at the ready

Device backup is important to ensure that your DDI infrastructure is safe from failure and disruption. However, you are only as safe as your last successful backup. Many things can go wrong during a backup routine that can result in a failure. There’s always a chance that no one notices for an extended period of time that something failed until restoration is actually needed.

With Infrastructure Assurance, you can receive the following backup-related alerts:

  • Backup is not configured
  • Backup is disabled
  • Backup failed—another backup process is running
  • Backup is using insecure protocol
  • Local backup failed
  • Remote backup failed
  • Remote backup is not configured

Optimize your crossover high availability configuration

Using a high availability configuration ensures your services are always available.

For Integrity, BlueCat crossover high availability (xHA) enables two BDDSes to function as a single server; when one fails, the other takes over to ensure service uptime.

Numerous alerts available in Infrastructure Assurance help ensure seamless xHA. For example, it flags when the xHA configuration is not synchronized or notifies you when a DHCP failover state changes. Checks also ensure successful database replication.

With Infrastructure Assurance, you can receive the following alerts related to high availability:

  • Database replication is disabled
  • Database replication stopped
  • Database replication latency nearing critical limit
  • Database replication latency nearing warning limit
  • xHA backbone is overlapping
  • xHA backbone interface not configured
  • xHA failover detected
  • DHCP failover detected
  • One DHCP failover server down
  • DHCP failover cluster down

Flag configuration drifts

Whether they are intentional or not, configuration drifts can sometimes cause problems in your network environment. Notifications about drifts can improve network resilience and prevent unexpected downtime or service degradation.

Our new ‘config drift detected’ alert compares the Address Manager configuration and the local BDDS configuration to notify you of discrepancies.

For example, NTP, the protocol that synchronizes network clocks, is an important component of healthy DNS. While DNS can handle a certain amount of clock drift, once you exceed its threshold, things can go awry. For example, zone transfers can begin to fail, leading to secondary DNS servers dropping the authoritative domains that they host.

Catch everything else you might have missed

Other proactive alerts cover easily forgotten but no less important network elements, like SSL certificate expiration. These alerts include:

  • Certificate(s) expiration nearing
  • Certificate(s) expired
  • Concurrent connects are too high
  • Kernel connection limit has been modified
  • Kernel connection tracking is nearing limit
  • Many pending PNA files on your BDDS (PNA files are notifications from BDDSes. There should only be one; if they are stacking up, there could be an issue.)

More proactive alerts in future releases

In future releases, you can expect to see more proactive alerts.

Want to share your favorite proactive alerts? Join Network VIP (NVIP), our space on Slack for networking professionals to network. You can jump on our #bcia-integrity channel to chime in with your favorites or offer up your thoughts about what you would like to see in our next release.

Published in:

An avatar of the author

Ulrica de Fort-Menares is the Vice President of Product Management for Indeni.

Related content

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Get fast, resilient, and flexible DDI management with Integrity 9.6

With Integrity 9.6, network admins can get support for new DNS record types, architect and configure multi-primary DNS, and automate IP assignments.

Read more

Deepen your security insight with Infrastructure Assurance 8.3

BlueCat Infrastructure Assurance 8.3, with an enhanced analytics dashboard, including interactive widgets and top 10 alerts, is now available.

Read more

Security, automation, cloud integration keys to DDI solution success

Only 40% of enterprises believe they are fully successful with their DDI solution. Learn how to find greater success with new research from EMA and BlueCat.

Read more

Our commitment to Micetro customers and product investment

From CEO Stephen Devito, a word on BlueCat’s ongoing commitment to supporting Micetro customers and Micetro’s evolution as a network management tool.

Read more

Seven reasons to rethink firewall monitoring and boost automation 

With BlueCat Infrastructure Assurance, you can better protect your network with automated alerts and suggested remedies for hidden issues in your firewalls.

Read more