What to ask a DNS, DHCP, and IPAM solution vendor

Have you realized that your free or otherwise DIY method to managing DNS, DHCP, and IP address management (together known as DDI) isn’t cutting it anymore? Maybe you’re still just daydreaming about the day the rest of your team does.

Either way, good on you for at least exploring an alternative to your current approach to DDI. (Can you tell we have an opinion on the subject yet?)

But now comes the hard part: You have to figure out what to replace it with.

Picking the right partner for your DDI management solution is critical—and difficult. It’s an important decision that can have lasting and wide-ranging consequences for your budget and for the health and security of your enterprise network.

We wish we could tell you the right answer here (well, we could, but it’s not exactly classy to say, “Pick us!”). This is something that your network team has to figure out for itself.

But having worked with thousands of enterprises through this process, we have some advice to help you think through it. If you embrace the right approach from the start, you’re much more likely to have a successful outcome.

In particular, this post will discuss the importance of first defining your solution requirements. Then, it will outline some key product capability and customer experience questions that any enterprise should ask potential vendors. Finally, it will touch on why BlueCat is offering up these suggestions in the first place.

First, define your requirements

Anyone who’s ever executed an IT project will certainly affirm this secret to success: know thy requirements. Your project is doomed to fail if the requirements of what you actually need your DDI solution to do aren’t clearly articulated and agreed upon by all stakeholders from the get-go.

And you must have your requirements nailed down before you go knocking on vendors’ doors.

To define your requirements, you need to understand your broader organization’s strategy and goals. From there, you’ll have a better idea of what is a must-have versus a nice-to-have.

While not an exhaustive list, here are some common requirements to consider:

Scalability: How much do you need this solution to scale to meet your organization’s potential growth?

Security: What level of security do you need this solution to offer for your networks?

Compliance: What government rules or industry standards must your solution ensure that you comply with?

Reliability: What level of reliability is acceptable to your organization?

Environment: What type of environment does your solution need to operate in—a data center, the cloud, or both?

Timeline: Are you on a deadline of some sort, such as for when your existing solution needs to sunset?

Support: Do you have a big team that will manage the project and resulting product when finished? Or are you looking for something that will effectively run itself?

Some key questions to ask in every category

Certainly, your specific priorities for your DDI solution will be unique to your organization.

That said, however, there are some key questions that all organizations should ask of a potential vendor when considering their investment. They generally fall into two categories: product capabilities and your experience working with the vendor.

Just looking for some ideas for a specific question area? Feel free to find just what you need.

Questions about product capabilities and solution architecture

Questions about ensuring resilience

Questions about risk reduction through the use of DNS

Questions about automation and speed of innovation

Questions about hybrid cloud adoption

Questions about working with the vendor

Migration experience

Pricing structure and refresh schedules

Customer success management

Roadmap

Sales model

Integrations

Questions about product capabilities and solution architecture

Below are suggested questions about product capabilities and solution architecture to ask your potential DDI solution vendor. They are organized into four categories of requirements that we see as especially important.

Questions about ensuring resilience

• Does your DDI architecture separate the management and services planes? Not every solution does. This impacts your ability to scale up without hitting artificial speed bumps when rezoning, resizing, and re-budgeting (which you will inevitably do).
• Does your DDI solution have any artificial limitations (i.e., endless licensing requirements) on the number of database objects? This impacts your ability to seamlessly and comprehensively report on various aspects of your network. Artificial limitations also usually lead to setbacks like automatic shut-offs when you reach a certain space limit.
• Is your environment centralized or siloed? When everyone’s responsible for their own little fiefdom, they tend to charge forward without understanding the consequences. This often leads to conflicts and misconfigurations that spiral out of control.
• Can your DDI solution define and enforce naming policies for DNS objects? This speaks to a solution’s built-in management and organization capabilities for the DNS space. Microsoft DNS, for example, just wasn’t designed to handle this, and that’s part of what makes it so difficult to use in the enterprise.

Questions about risk reduction through the use of DNS

• Can your DDI solution parse DNS responses based on the source of the query? Knowing where queries originate from can help locate potential threats or operational issues more quickly and reliably.
• Can your DDI platform perform threat analysis on all DNS queries in real-time to detect anomalies? This might include DNS tunneling, Domain Generation Algorithm (DGA) abuse, significant changes in DNS activity that might be a sign of a DNS attack, or divergence from client devices’ standard patterns (e.g., clients that aren’t mail servers querying MX records)? Given its location on the network, DDI is an excellent resource for protecting it. Done right, DDI is a helpful tool for network and security teams to collaborate. Whenever possible, you should be looking to get more than one specific use out of solutions in your stack.

Questions about automation and speed of innovation

• Does your DDI platform provide a single source of truth for DDI management? This enables automated integration with cloud infrastructure, SD-WAN, virtualization engines, and your own applications.
• Do you offer an open and customizable automation platform that integrates with our existing technology stack? If the answer is “We have a one-size-fits-all API,” it’s a cop-out. It’s not enough. You need a partner that can get under the hood and customize automation that is right for your business.
• Does your DDI solution enable self-service provisioning for DevOps and cloud teams to quickly get the IP space they need? Otherwise, you won’t make a dent in your shadow IT problem and developers will end up tripping over themselves on their sprint to shipping applications.

Questions about hybrid cloud adoption

• Does your DDI platform provide full visibility into cloud DNS? If you’re looking for a centralized solution on-premises, you want to be able to extend visibility and control into the cloud as much as possible. Otherwise, you’ll get data errors, conflicts, and outages all over again.
• Can you centrally configure and manage DNS routing rules? Similar to the previous point, you’re trying to understand whether the new vendor can help you overcome conditional forwarding complexities, misconfigurations, and outages across a hybrid cloud environment.
• Can you consistently apply security policies across cloud and data center environments? In addition to full visibility and configuration management, you’ll want to be able to apply security policy no matter where your workload happens to be.

Questions about working with the vendor

Equally important to a product’s capabilities is how the maker behind that product treats its customers. Numerous aspects fall into this category, including pricing structure and purchasing models, customer support, migrations, and the ability to evolve with you. There’s no sense in buying what seems like the perfect product if the vendor isn’t a good fit for you to work with.

Knowing that, be sure to ask hard questions in the following areas:

Migration experience

Ask the vendor you’re evaluating if they can guarantee zero downtime during the migration. (Yes, zero.) Migrating to a new solution can be akin to major surgery. It’s delicate, with changes to moving parts that are simply too crucial to fail. Core business disruption is a real risk.

Don’t be afraid to also ask a vendor how they can guarantee zero downtime, too. For example, BlueCat conducts air-tight migrations by using DNS steady-state queries to automatically stage and build the future parallel DNS state. That’s a novel approach, but it means we can guarantee a smooth transition. If your vendor can’t explain to you exactly how their method will keep your operations steady, that’s a red flag.

Also, does the vendor offer migration services that don’t just ‘lift and shift’ your messy network, but actually help you clean it up in the process? They should help you methodically move DNS networks and workloads, all while minimizing disruption, conducting clean-up, and leaving what needs to remain in the old system.

Pricing structure and refresh schedules

Some vendors will try to squeeze every dollar that they can out of you with complicated pricing schemes. Be sure you and those in your organization who make purchasing decisions understand the fine print of a vendor’s pricing structure. It should be a good match for how your organization prefers to do business and how you plan to consume their services.

A good litmus test is to ask if the vendor provides a minimum of five years of hardware and software support. Or will you be forced to upgrade after as little as 12 months?

Customer success management

How supported you feel by a vendor can make or break your experience with them. How will the vendor help you achieve what you want to do with their products? Do they offer professional services to help with implementation? How extensive is their technical support once you’re up and running? What’s their attitude like when things go wrong?

When it comes to this sort of thing, don’t just listen to the vendor’s answers. Ask for customer references. See what other customers have to say about it. Check Gartner reviews.

Roadmap

As you evaluate a vendor’s current capabilities against your current requirements, have conversations with them about the future as well. After all, change is a given. You might undergo a merger or acquisition. Or move to a hybrid cloud environment. For something so critical and hard to change, you want to work with a vendor who will evolve with you.

Sales model

Some organizations like to buy directly from a vendor. Others prefer to go through a channel aggregator. Be sure you know your organization’s preference for enterprise IT purchases. Furthermore, be sure to find out what a vendor can offer through both types of sales models.

Integrations

What third-party technology and other ecosystems does the vendor integrate with? For example, if you’re a big ServiceNow or Ansible shop, you’ll want a solution that supports that.

Why we are sharing this advice

Regardless of how ready you are to spring for a DDI solution, you should feel comfortable knowing you’ll be able to properly vet a vendor when the time is right. We’ve been around the block enough times to help you do that.

In fact, if you call BlueCat, we’ll suggest even more conversation avenues that you can take.

Ready to ask questions about whether BlueCat is the right vendor for you? We’re ready to answer them.

PS: If you’re looking for guidance on how to talk to your boss about buying a DDI solution or how to budget for a DDI solution, we’ve got some suggestions for that, too.