Maintaining centralized visibility and control over core infrastructure resources is critical to error-free, rapid delivery of network services across the enterprise.
But when DevOps and cloud teams create autonomous areas in the public cloud that have their own cloud DNS, the centralized system erodes.
The result is conflicts that slow the network or bring it down altogether. Adding insult to injury, cloud and DevOps teams emerge unscathed while network teams get the blame.
Setting up cloud and on-premises infrastructure as separate entities prevents centralized control and management of enterprise-wide DDI. (DNS, DHCP, and IPAM are together known as DDI.)
This post will explore some of the outcomes observed when siloed cloud compute erodes central control. It will also delve into how BlueCat’s platform can provide a single source of truth and control for DNS and IP records, regardless of where or how those records are assigned on the network.
This post is part of a blog series exploring some of the challenges network teams experience in the face of enterprise cloud adoption—and how BlueCat can help solve them.
Why centralized DNS is necessary
At global enterprises, few cloud-native applications and services can operate unfettered from legacy on-premises or hosted data systems. They contain critical customer, financial, or product information. Even cloud-first solutions must often go back to the data center to complete transactions. In the end, everything must traverse fractured DNS resolution paths.
How control over DNS becomes–and stays–fractured
Imposing change controls on application developers doesn’t work. Even asking these teams to simply document their rapid changes and feed these back to teams responsible for network infrastructure is viewed as archaic and bureaucratic. After all, the cloud logs this stuff for its own purposes (just not somewhere network teams can usually access). So, why should the cloud teams take on extra work?
The impacts of siloed DNS across hybrid cloud environments
Again, correctly plugging compute in the cloud into on-premises DNS takes skill and knowledge of the network. The inevitable result of this is that service delivery becomes delayed. This often sparks shadow IT, and unnecessary or unknown cloud expense. Orchestrating or automating changes that straddle both cloud and on-premises infrastructure becomes nearly impossible. Governing cloud provisioning activity is a lost cause. Costs climb, as simply locating the source of an issue becomes harder. Security controls enforcement is inconsistent.
In the end, the promise of the cloud—speed, scalability, cost efficiency—becomes difficult to realize. The broader impacts of inadequate integration offset local gains at the developer level.
Who’s to blame?
Too often, IT teams are left holding the bag. Their plans to properly manage IP space across single clouds or hybrid cloud environments become impossible to implement. When the lack of a centralized authority for DNS resolution results in data conflicts that bring down the network, the cloud and DevOps teams somehow avoid the blame.
Developers rarely have to wait. Instead, fault assignment goes to network teams for “slowing things down.” It’s a classic problem of network admins having all the responsibility but only some of the authority over the network infrastructure.
The antidote: establish a consistent, centralized platform for DDI
Gaining visibility into cloud DNS, for purposes like reconciliation of cloud provisioned IP and DNS records, is certainly a big step forward for network teams struggling to keep up with application development and deployment in the cloud. However, it is only the first step. Why settle for visibility when IT staff can gain control and management of DNS services in the cloud equal to what is done on-premises? And if they can do so without sacrificing the speed and agility that DevOps teams crave?
BlueCat ensures that its address management system reflects any change to network infrastructure made in the cloud. This ranges from cloud assignment of a single IP address to the creation of entire networks via orchestration tools. It allows application and cloud teams to operate unfettered in hybrid environments while ensuring that infrastructure teams can see, and get out ahead of, potential IP conflicts. These conflicts may cause errors that pose serious risks to business continuity.
Extending on-premises DDI management capabilities to cloud environments allows administrators to provide consistent, localized, secure services to those locations, resulting in several key benefits for cloud teams.
Improved DNS performance
By providing local DNS services from a centrally managed platform, DNS administrators can ensure that cloud applications and services have local access to the DNS data that they require to operate. Instead of sending recursive DNS queries to the data center to find the authoritative information required to process a user request, it retrieves local data instantly to service the need.
Cloud experts demand as much automation as possible for the everyday tasks required to build and maintain services. This allows them to focus on delivering value to customers. Extending DDI to cloud environments is a critical step in automating DNS tasks since many automation requirements must extend beyond a cloud-native DNS platform in order to be fully effective. Providing a local automation endpoint that can span multi-cloud and on-premises environments builds automation once and applies it globally. Integrations with cloud orchestration solutions such as Terraform allow cloud teams to work in tools that they are familiar with. Meanwhile, it ensures back-end consistency and visibility into their changes.
Cloud teams routinely utilize multiple cloud platforms, multiple instances, and hundreds or thousands of individual networks. Managing all of the various DNS and IPAM capabilities that those environments may require can slow down the real work of the cloud team. With BlueCat, network teams can manage centralized control on a common platform from a single point. But it also has the flexibility to delegate management of cloud-facing data to the right consumers. This allows for speed and flexibility while maintaining control and consistency across all locations.
Upcoming blog posts will explore the biggest hybrid cloud challenges for DDI. And they will highlight the solutions that BlueCat offers to alleviate them. In the meantime, read the Using BlueCat Adaptive DNS in the Cloud whitepaper.
9.3 Integrity Deep Dive On-Demand Replay
Learn how you can get more security data, ramp up automation, and adopt cloud without compromising performance.
For DNS server caching, what is the ideal TTL?
Many factors affect how to set time to live (TTL) for DNS servers. Learn more, plus how BlueCat Edge’s TTL features can bolster your network.
Comparing AWS, Azure, and GCP cloud DNS services
The public cloud presents major challenges for DNS management. Examine various capabilities and limitations of Azure, AWS, and GCP with BlueCat.
Five network pros’ manual error horror stories
Members of BlueCat’s Network VIP community detail the errors they committed, the resulting fallout, and what important lessons they learned.