Yes, networking can extend DNS control into the cloud

When cloud and on-premises DNS are separate, enterprise-wide control is out of reach. Learn how BlueCat can provide a single source of truth for DNS.

Maintaining centralized visibility and control over core infrastructure resources is critical to error-free, rapid delivery of network services across the enterprise.

But when DevOps and cloud teams create autonomous areas in the public cloud that have their own cloud DNS, the centralized system erodes.

The result is conflicts that slow the network or bring it down altogether. Adding insult to injury, cloud and DevOps teams emerge unscathed while network teams get the blame.

Setting up cloud and on-premises infrastructure as separate entities prevents centralized control and management of enterprise-wide DDI. (DNS, DHCP, and IPAM are together known as DDI.)

This post will explore some of the outcomes observed when siloed cloud compute erodes central control. It will also delve into how BlueCat’s platform can provide a single source of truth and control for DNS and IP records, regardless of where or how those records are assigned on the network.

This post is part of a blog series exploring some of the challenges network teams experience in the face of enterprise cloud adoption—and how BlueCat can help solve them.

Why centralized DNS is necessary

At global enterprises, few cloud-native applications and services can operate unfettered from legacy on-premises or hosted data systems. They contain critical customer, financial, or product information. Even cloud-first solutions must often go back to the data center to complete transactions. In the end, everything must traverse fractured DNS resolution paths.

How control over DNS becomes–and stays–fractured

Imposing change controls on application developers doesn’t work. Even asking these teams to simply document their rapid changes and feed these back to teams responsible for network infrastructure is viewed as archaic and bureaucratic. After all, the cloud logs this stuff for its own purposes (just not somewhere network teams can usually access). So, why should the cloud teams take on extra work?

The impacts of siloed DNS across hybrid cloud environments

Again, correctly plugging compute in the cloud into on-premises DNS takes skill and knowledge of the network. The inevitable result of this is that service delivery becomes delayed. This often sparks shadow IT, and unnecessary or unknown cloud expense. Orchestrating or automating changes that straddle both cloud and on-premises infrastructure becomes nearly impossible. Governing cloud provisioning activity is a lost cause. Costs climb, as simply locating the source of an issue becomes harder. Security controls enforcement is inconsistent.

In the end, the promise of the cloud—speed, scalability, cost efficiency—becomes difficult to realize. The broader impacts of inadequate integration offset local gains at the developer level.

Why do 72% of enterprises struggle to realize the full value of the cloud? This report by EMA breaks it down.

Who’s to blame?

Too often, IT teams are left holding the bag. Their plans to properly manage IP space across single clouds or hybrid cloud environments become impossible to implement. When the lack of a centralized authority for DNS resolution results in data conflicts that bring down the network, the cloud and DevOps teams somehow avoid the blame.

Developers rarely have to wait. Instead, fault assignment goes to network teams for “slowing things down.” It’s a classic problem of network admins having all the responsibility but only some of the authority over the network infrastructure.

The antidote: establish a consistent, centralized platform for DDI

Gaining visibility into cloud DNS, for purposes like reconciliation of cloud provisioned IP and DNS records, is certainly a big step forward for network teams struggling to keep up with application development and deployment in the cloud. However, it is only the first step. Why settle for visibility when IT staff can gain control and management of DNS services in the cloud equal to what is done on-premises? And if they can do so without sacrificing the speed and agility that DevOps teams crave?

BlueCat ensures that its address management system reflects any change to network infrastructure made in the cloud. This ranges from cloud assignment of a single IP address to the creation of entire networks via orchestration tools. It allows application and cloud teams to operate unfettered in hybrid environments while ensuring that infrastructure teams can see, and get out ahead of, potential IP conflicts. These conflicts may cause errors that pose serious risks to business continuity.

Screenshot of BlueCat address manager IP space workflow

Extending on-premises DDI management capabilities to cloud environments allows administrators to provide consistent, localized, secure services to those locations, resulting in several key benefits for cloud teams.

Improved DNS performance

By providing local DNS services from a centrally managed platform, DNS administrators can ensure that cloud applications and services have local access to the DNS data that they require to operate. Instead of sending recursive DNS queries to the data center to find the authoritative information required to process a user request, it retrieves local data instantly to service the need.

Consistent automation

Cloud experts demand as much automation as possible for the everyday tasks required to build and maintain services. This allows them to focus on delivering value to customers. Extending DDI to cloud environments is a critical step in automating DNS tasks since many automation requirements must extend beyond a cloud-native DNS platform in order to be fully effective. Providing a local automation endpoint that can span multi-cloud and on-premises environments builds automation once and applies it globally. Integrations with cloud orchestration solutions such as Terraform allow cloud teams to work in tools that they are familiar with. Meanwhile, it ensures back-end consistency and visibility into their changes.

Centralized control

Cloud teams routinely utilize multiple cloud platforms, multiple instances, and hundreds or thousands of individual networks. Managing all of the various DNS and IPAM capabilities that those environments may require can slow down the real work of the cloud team. With BlueCat, network teams can manage centralized control on a common platform from a single point. But it also has the flexibility to delegate management of cloud-facing data to the right consumers. This allows for speed and flexibility while maintaining control and consistency across all locations.

Upcoming blog posts will explore the biggest hybrid cloud challenges for DDI. And they will highlight the solutions that BlueCat offers to alleviate them. In the meantime, read the Using BlueCat Adaptive DNS in the Cloud whitepaper.

An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Get fast, resilient, and flexible DDI management with Integrity 9.6

With Integrity 9.6, network admins can get support for new DNS record types, architect and configure multi-primary DNS, and automate IP assignments.

Read more

Deepen your security insight with Infrastructure Assurance 8.3

BlueCat Infrastructure Assurance 8.3, with an enhanced analytics dashboard, including interactive widgets and top 10 alerts, is now available.

Read more

Security, automation, cloud integration keys to DDI solution success

Only 40% of enterprises believe they are fully successful with their DDI solution. Learn how to find greater success with new research from EMA and BlueCat.

Read more

Our commitment to Micetro customers and product investment

From CEO Stephen Devito, a word on BlueCat’s ongoing commitment to supporting Micetro customers and Micetro’s evolution as a network management tool.

Read more

Seven reasons to rethink firewall monitoring and boost automation 

With BlueCat Infrastructure Assurance, you can better protect your network with automated alerts and suggested remedies for hidden issues in your firewalls.

Read more