Five ways to avert issues with BlueCat Infrastructure Assurance

From disabled backups to configuration drifts, many types of disruptions can slow your network down or even bring it to a grinding halt.

For example, drifts away from standard configurations among network devices, perhaps the result of ad hoc changes, can lead to erratic network behavior, instability, or even downtime.

Warning signs of these disruptions to your DNS, DHCP, and IP address management (together known as DDI) environment often lurk undetected. If you can proactively identify and address these hidden issues, configuration errors, and forgotten maintenance tasks before they escalate, you can avoid much bigger headaches down the road.

But how? It’s a tall order for network admins to catch all of this. For BlueCat Integrity enterprise customers, BlueCat Infrastructure Assurance provides proactive monitoring to root out hidden issues in your DDI environment, along with recommended steps to address them.

In this post, we’ll explain what BlueCat Infrastructure Assurance (BCIA) is, and then delve into five ways that the platform can help you go from reactive to proactive in your Integrity environment. Finally, we’ll briefly highlight what’s to come in future releases and how you can contribute to the conversation.

What is BlueCat Infrastructure Assurance?

The result of BlueCat’s acquisition of Indeni, BlueCat Infrastructure Assurance (BCIA) is a proactive monitoring and automation solution. Think of it as a virtual DDI expert, on duty 24/7.

Infrastructure Assurance provides deep visibility into BlueCat Integrity enterprise environments, including its key BlueCat Address Manager and BlueCat DNS/DHCP Server (BDDS) components, to flag early warning signs of issues. With our domain expertise codified into BlueCat Infrastructure Assurance, the platform knows what to look for, interrogating your systems to ensure they are healthy. This includes knowledge of capabilities and features of the BlueCat implementation of DDI and its entire management layer.

Should it find something, the platform proactively alerts customers that there might be a service failure—or any level of degradation of service—coming. And it provides a list of recommended remediation steps that admins can use as a guide to help address the problem.

Five ways to go from reactive to proactive with Infrastructure Assurance

For BlueCat Integrity enterprise customers, moving beyond the reactive mindset when things go awry is now within reach. Below, we explore five examples of issues you might encounter in your DDI environment and how BlueCat Infrastructure Assurance (BCIA) can help you identify and address them before they wreak havoc on your network.

Continuously check for Address Manager and BDDS connectivity

Address Manager or BDDSes are often not the cause of many issues. Instead, changes in other devices within the broader networking environment are often the culprit.

For example, someone made a firewall policy change and inadvertently broke the connection between Address Manager and your BDDSes. With Infrastructure Assurance, you can continuously check for connectivity among critical components to ensure successful DNS deployments or successful failover.

With Infrastructure Assurance, you can receive the following connectivity-related alerts:

• Connectivity broken between the two DHCP failover servers
• Communication from Address Manager to BDDSes not working
• Communication from BDDSes to Address Manager not working

Ensure device backup is at the ready

Device backup is important to ensure that your DDI infrastructure is safe from failure and disruption. However, you are only as safe as your last successful backup. Many things can go wrong during a backup routine that can result in a failure. There’s always a chance that no one notices for an extended period of time that something failed until restoration is actually needed.

With Infrastructure Assurance, you can receive the following backup-related alerts:

• Backup is not configured
• Backup is disabled
• Backup failed—another backup process is running
• Backup is using insecure protocol
• Local backup failed
• Remote backup failed
• Remote backup is not configured

Optimize your crossover high availability configuration

Using a high availability configuration ensures your services are always available.

For Integrity, BlueCat crossover high availability (xHA) enables two BDDSes to function as a single server; when one fails, the other takes over to ensure service uptime.

Numerous alerts available in Infrastructure Assurance help ensure seamless xHA. For example, it flags when the xHA configuration is not synchronized or notifies you when a DHCP failover state changes. Checks also ensure successful database replication.

With Infrastructure Assurance, you can receive the following alerts related to high availability:

• Database replication is disabled
• Database replication stopped
• Database replication latency nearing critical limit
• Database replication latency nearing warning limit
• xHA backbone is overlapping
• xHA backbone interface not configured
• xHA failover detected
• DHCP failover detected
• One DHCP failover server down
• DHCP failover cluster down

Flag configuration drifts

Whether they are intentional or not, configuration drifts can sometimes cause problems in your network environment. Notifications about drifts can improve network resilience and prevent unexpected downtime or service degradation.

Our new ‘config drift detected’ alert compares the Address Manager configuration and the local BDDS configuration to notify you of discrepancies.

For example, NTP, the protocol that synchronizes network clocks, is an important component of healthy DNS. While DNS can handle a certain amount of clock drift, once you exceed its threshold, things can go awry. For example, zone transfers can begin to fail, leading to secondary DNS servers dropping the authoritative domains that they host.

Catch everything else you might have missed

Other proactive alerts cover easily forgotten but no less important network elements, like SSL certificate expiration. These alerts include:

• Certificate(s) expiration nearing
• Certificate(s) expired
• Concurrent connects are too high
• Kernel connection limit has been modified
• Kernel connection tracking is nearing limit
• Many pending PNA files on your BDDS (PNA files are notifications from BDDSes. There should only be one; if they are stacking up, there could be an issue.)

More proactive alerts in future releases

In future releases, you can expect to see more proactive alerts.

Want to share your favorite proactive alerts? Join Network VIP (NVIP), our space on Slack for networking professionals to network. You can jump on our #bcia-integrity channel to chime in with your favorites or offer up your thoughts about what you would like to see in our next release.