Yes, networking can extend DNS control into the cloud
When cloud and on-premises DNS are separate, enterprise-wide control is out of reach. Learn how BlueCat can provide a single source of truth for DNS.
Maintaining centralized visibility and control over core infrastructure resources is critical to error-free, rapid delivery of network services across the enterprise.
But when DevOps and cloud teams create autonomous areas in the public cloud that have their own cloud DNS, the centralized system erodes.
The result is conflicts that slow the network or bring it down altogether. Adding insult to injury, cloud and DevOps teams emerge unscathed while network teams get the blame.
Setting up cloud and on-premises infrastructure as separate entities prevents centralized control and management of enterprise-wide DDI. (DNS, DHCP, and IPAM are together known as DDI.)
This post will explore some of the outcomes observed when siloed cloud compute erodes central control. It will also delve into how BlueCat’s platform can provide a single source of truth and control for DNS and IP records, regardless of where or how those records are assigned on the network.
This post is part of a blog series exploring some of the challenges network teams experience in the face of enterprise cloud adoption—and how BlueCat can help solve them.
Why centralized DNS is necessary
At global enterprises, few cloud-native applications and services can operate unfettered from legacy on-premises or hosted data systems. They contain critical customer, financial, or product information. Even cloud-first solutions must often go back to the data center to complete transactions. In the end, everything must traverse fractured DNS resolution paths.
How control over DNS becomes–and stays–fractured
Imposing change controls on application developers doesn’t work. Even asking these teams to simply document their rapid changes and feed these back to teams responsible for network infrastructure is viewed as archaic and bureaucratic. After all, the cloud logs this stuff for its own purposes (just not somewhere network teams can usually access). So, why should the cloud teams take on extra work?
The impacts of siloed DNS across hybrid cloud environments
Again, correctly plugging compute in the cloud into on-premises DNS takes skill and knowledge of the network. The inevitable result of this is that service delivery becomes delayed. This often sparks shadow IT, and unnecessary or unknown cloud expense. Orchestrating or automating changes that straddle both cloud and on-premises infrastructure becomes nearly impossible. Governing cloud provisioning activity is a lost cause. Costs climb, as simply locating the source of an issue becomes harder. Security controls enforcement is inconsistent.
In the end, the promise of the cloud—speed, scalability, cost efficiency—becomes difficult to realize. The broader impacts of inadequate integration offset local gains at the developer level.
Who’s to blame?
Too often, IT teams are left holding the bag. Their plans to properly manage IP space across single clouds or hybrid cloud environments become impossible to implement. When the lack of a centralized authority for DNS resolution results in data conflicts that bring down the network, the cloud and DevOps teams somehow avoid the blame.
Developers rarely have to wait. Instead, fault assignment goes to network teams for “slowing things down.” It’s a classic problem of network admins having all the responsibility but only some of the authority over the network infrastructure.
The antidote: establish a consistent, centralized platform for DDI
Gaining visibility into cloud DNS, for purposes like reconciliation of cloud provisioned IP and DNS records, is certainly a big step forward for network teams struggling to keep up with application development and deployment in the cloud. However, it is only the first step. Why settle for visibility when IT staff can gain control and management of DNS services in the cloud equal to what is done on-premises? And if they can do so without sacrificing the speed and agility that DevOps teams crave?
BlueCat ensures that its address management system reflects any change to network infrastructure made in the cloud. This ranges from cloud assignment of a single IP address to the creation of entire networks via orchestration tools. It allows application and cloud teams to operate unfettered in hybrid environments while ensuring that infrastructure teams can see, and get out ahead of, potential IP conflicts. These conflicts may cause errors that pose serious risks to business continuity.
Extending on-premises DDI management capabilities to cloud environments allows administrators to provide consistent, localized, secure services to those locations, resulting in several key benefits for cloud teams.
Improved DNS performance
By providing local DNS services from a centrally managed platform, DNS administrators can ensure that cloud applications and services have local access to the DNS data that they require to operate. Instead of sending recursive DNS queries to the data center to find the authoritative information required to process a user request, it retrieves local data instantly to service the need.
Consistent automation
Cloud experts demand as much automation as possible for the everyday tasks required to build and maintain services. This allows them to focus on delivering value to customers. Extending DDI to cloud environments is a critical step in automating DNS tasks since many automation requirements must extend beyond a cloud-native DNS platform in order to be fully effective. Providing a local automation endpoint that can span multi-cloud and on-premises environments builds automation once and applies it globally. Integrations with cloud orchestration solutions such as Terraform allow cloud teams to work in tools that they are familiar with. Meanwhile, it ensures back-end consistency and visibility into their changes.
Centralized control
Cloud teams routinely utilize multiple cloud platforms, multiple instances, and hundreds or thousands of individual networks. Managing all of the various DNS and IPAM capabilities that those environments may require can slow down the real work of the cloud team. With BlueCat, network teams can manage centralized control on a common platform from a single point. But it also has the flexibility to delegate management of cloud-facing data to the right consumers. This allows for speed and flexibility while maintaining control and consistency across all locations.
Upcoming blog posts will explore the biggest hybrid cloud challenges for DDI. And they will highlight the solutions that BlueCat offers to alleviate them. In the meantime, read the Using BlueCat Adaptive DNS in the Cloud whitepaper.
Published in:
BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.
Related content
Micetro 11.1 boosts DHCP management for Cisco Meraki SD-WAN
Learn how BlueCat Micetro 11.1 can help you overcome the limitations of Cisco Meraki SD-WAN devices to manage your distributed DHCP architecture.
BlueCat acquires LiveAction to drive network modernization and optimization
BlueCat’s acquisition of LiveAction will allow customers to expand their view beyond DNS and dive deeper into the health of their network.
Simplify NIS2 compliance with DNS management
Learn whether the EU’s NIS2 requirements apply to your organization and about how DNS management and BlueCat can boost your path to compliance.
Detect anomalies and CVE risks with Infrastructure Assurance 8.4
The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.