De Montfort University (DMU) is a dynamic institution with a long and vibrant history of improving people’s lives through education. Dedicated to providing inspirational teaching to students, DMU relies on its IT and networking systems to keep pace with the needs of the students, staff and business community it serves. The job of managing the University’s IP infrastructure and providing resilient and secure DNS, DHCP and IP Address Management Services (collectively known as DDI) sits with Senior Technical Analyst, Paul Toyne. With over 18 years experience of managing DNS and DHCP systems, Paul was responsible for implementing DMU’s original DDI solution. This started with managing BIND and ISC DHCPD directly from the configuration files on Solaris. Here, we take a look at a case study from EfficientIP with Paul Toyne.
“I initially met EfficientIP at IPExpo in 2013. I had specifically gone to the show to investigate DDI and meet various vendors; it was time well spent,” Paul explained. “We then invited potential suppliers to come in and talk to us about, and demonstrate what they could deliver, their solutions and discuss our requirements.”
DMU had been using a different system as its DDI solution at this time. However its hardware ‘end of life’ was fast approaching. The team was faced with the prospect of having to make significant investment in new hardware to continue receiving support and updates, as well as increasing frustrations with functionality and usability. At this point, Paul went out to tender to find an alternative, more cost-effective solution.
In March 2014, after a full evaluation of the DDI market, Paul and his networking team replaced its previous system with a full DDI solution from EfficientIP. The implementation took five working days to complete. EfficientIP was provided with an export of the data from the previous system several weeks before the proposed changeover. This was used to identify any potential issues before an engineer managed the implementation on-site.
The solution consisted of seven physical EfficientIP SOLIDServer appliances configured to provide the following functionality:
- Overall management and IP Location management
- A hidden DNS master
- DHCP failover
- Internal recursive DNS query management configured with two virtual IP addresses for resilience
- External DNS query management configured with two virtual IP addresses for resilience
- External DNS query management located off-site and configured with a single virtual IP address for additional resilience
In addition DMU implemented EfficientIP’s NetChange IPLocator which queries network switches and pulls information on what devices are connected to which interfaces. This is then stored in the IPAM database. DMU also purchased additional Multi Vendor Management licences from EfficientIP to enable it to manage its Active Directory DNS servers directly, rather than delegating the DNS zone to those servers.
“We chose EfficientIP for its functionality, ease-of-use and cost-effectiveness. The system is also logically laid out and making bulk changes is extremely quick,” said Paul. He added, “The entire Efficient IP solution with optional RPZ feeds came in at a cost below what one vendor wanted to charge just for the RPZ subscriptions.”
“Beyond the obvious use of the product for managing our IP address space, DNS zones and DHCP scopes, we make use of the NetChange IPLocator module to pick up where devices are physically connected in the network,” he continued. “Moving forwards, we plan on making extensive use of the workflow functionality to empower our technicians on the ground and to automate the creation of tickets in our Service Desk system as workflows are performed.”
Talking about how he finds the level of functionality built into the system, Paul explained; “I feel it is far greater than that of our previous system. The global search is an extremely powerful feature, along with the ability to see all data within one view and apply filters to further refine that list. I also like the ability that these filtered items can then be selected, either all or individually as required and bulk changes made in one quick process. This was a task that could take the best part of a day with the previous system as all changes had to be made individually, whereas it takes less than five minutes with the EfficientIP solution.”
When it comes to flexibility, Paul outlined how EfficientIP can be configured to suit different styles of working as the product can be extended via the workflow functionality and the API. “The global search facility is one thing I particularly like and makes it far quicker to manage than our previous solution as it takes you directly to objects, rather than having to follow rigid hierarchies.”
He went on to explain the ease with which he and his team can configure DHCP with EfficientIP, making it more flexible for them to deliver services in the way they want. “For example, on our previous system, to identify my IP telephones and deliver specific DHCP options, I spent a day configuring various elements. I wanted to repeat the process for my wireless access points within the Efficient IP solution and achieved this in a few minutes, without needing training on that functionality. The ability to configure rules as well to extend or automate functionality as a fully supported part of the product, further enhances this flexibility.”
The DMU team achieved security and role-based access by integrating authentication to DMU’s Active Directory to allow users to use their normal username and password for accessing the system. This has been implemented directly within the EfficientIP solution. Paul explained that the granularity to which this can be configured is extensive and that in time he hopes wider access will be achieved; “I will be expanding on who can access the system and what they can undertake. This will allow me to move some day-to-day operational work to our support team on the ground. The granularity of security available should allow this to be completed without constraints.”
As far as giving any tips to others considering implementing DDI or for doing things differently, Paul said; “The implementation went far smoother and was a lot easier than I expected and I cannot think of how it could have gone any easier. In terms of the migration exercise, there would probably be nothing we would do differently. However, from a management perspective, we would probably like to spend more time working through real-life scenarios before making the system live.”
When considering if he was happy with the solution, Paul said, “Yes. There have been some teething problems, as to be expected when changing systems, but these have either been overcome or workarounds suggested following quick e-mail or telephone conversations.”