As part of Tech Field Day 5, I received a briefing from Infoblox on their product line. They have some interesting products that revolve around making your life easier in the realm of network services management and network device management. While the products in and of themselves are compelling, the names affiliated with this company are just as interesting.
The VP of Architecture at Infoblox is none other than Cricket Liu. Anyone who has delved into BIND or Microsoft DNS should be familiar with Cricket. I read “DNS and BIND” well over 10 years ago, which Cricket co-authored with Paul Albitz. It’s an industry standard text as far as DNS goes.
In addition to Cricket Liu, another name affiliated with Infoblox, albeit indirectly, is Terry Slattery. Those of us in the network world who keep up with the Cisco CCIE program should be familiar with Terry. He’s CCIE number 1026. Essentially, he’s the first person to pass the lab. CCIE 1025 belongs to Stuart Biggs, who wrote and administered the first CCIE test. The room the first lab was in happened to be numbered 1024. Terry Slattery is the guy who founded Netcordia and created NetMRI. Netcordia was acquired in May of 2010 by Infoblox.
A third name you probably aren’t familiar with is Stuart Bailey. He’s the founder of Infoblox and the CTO. As he himself said during the session with Tech Field Day, he came straight out of academia at the University of Illinois at Chicago and founded Infoblox in 1999.
Infoblox has a fairly straightforward value proposition. Organizations are spending countless hours deploying and administering DNS, DHCP, IP address management, and network configuration/policy management solutions. They aim to solve that with a couple of different products.
First, we have IPAM for Microsoft DNS/DHCP. IPAM is their IP address management product and it does 3 core things:
1) Manage IP address usage. – With a fair amount of eye candy, you can see the status of your entire IP addressing space on your network. By giving you visual maps of IP address usage, you can quickly find the gaps. Need an address allocation of 45 IP’s? You can find a group that large rather easily.
2) Manage Microsoft DNS servers. – IPAM can manage all of your Microsoft DNS servers in a central location.
3) Manage Microsoft DHCP servers. – In a large organization, you might have dozens of DHCP servers. Additionally, you may be concerned about failover capabilities and want to ensure every location has a backup DHCP server provisioned in the event of a failure. IPAM can take care of that for you from a central administrative site.
Second, we have NetMRI. This product came with the acquisition of Netcordia in 2010. NetMRI does what other products like Solarwinds Orion NCM and HP Network Automation software do. It manages the configuration state of your various network devices. With an ability to talk to multiple vendors, there isn’t a lot that NetMRI cannot do. It does several things, but here are the core ones:
1) Archive device configurations. – If you lose a device due to hardware failure, you are probably going to want to put the same configuration on the replacement device. NetMRI can ensure that device configuration backups are done on a regular basis. Any changes made to those devices are logged and over time, you can see what changes were made, who made them, and when they were made. This comes in handy when you need to know specifically when a certain change was made. You won’t always get that from the device itself. Perhaps Juniper devices running JunOS are an exception to the rule as I believe they store a large number of previous configurations on the device. However, if that device is dead, that won’t do you any good unless the configurations are stored on some kind of removable flash memory.
2) Deploy mass changes to devices. – Let’s say your organization has 500 switches on the network and you need to change the NTP settings. Do you want to do that manually? Do you want to build a script to automate that? For most network people, those are not options. There will always be people out there who excel in automation and can write a script in Perl or some other language, extract the device list from a file and make the changes. For the rest of us, you use something like NetMRI.
3) Enforce device policies. – Whether it is firewalls, switches, or routers, you typically have certain things that are always configured on your devices. Some of these are done for security purposes. Others are done for network stability. Imagine that you have a strict requirement for an access list to be applied to all Internet facing interfaces. If someone were to come along and remove that access list from an Internet facing interface, as long as you have a policy configured to enforce that requirement, NetMRI would change the interface configuration back to the way it was before someone changed it. It could then notify you that a policy violation had occurred.
4) Automatic device configuration. – This goes hand in hand with the policy enforcement, but is worth discussing since the benefit here has to do with initial deployment. Imagine a company that has a bunch of remote sites that are relatively similar in nature. Retail, healthcare, and hospitality are a few industries that fit this scenario. If I can simply apply an IP address to a device along with a local user account or SNMP strings, I can have NetMRI do the rest. Why spend time configuring a dozen switches when it can be done through pre-defined policies? How much is that time savings worth to the company?
Infoblox appliances are able to interface with each other in what is known as “Grid Technology”. You can create a small ecosystem of Infoblox products and have them interact with each other. The main focus of the grid appears to be survivability. Multiple appliances can communicate with each other and provide redundancy. If one appliance fails, other appliances in the grid can take over. Every indication I got from the in person sessions as well as research from their documentation leads me to believe that this is strictly related to IPAM. NetMRI can be on a physical or virtual appliance. Although I know it interacts well with IPAM, I don’t think it is a part of the survivable grid.
One final product worth mentioning is IPAM Insight. Although it is designed to map out your network and give you better insight into the connections, one of the side benefits is that it gives you the ability to track down IP addresses and MAC addresses to an individual switch port. I would assume this is a function built into NetMRI, but maybe not. It is built in to some of the competing products. Anyone who has chased down a MAC address that is flapping would instantly see the value in something like this.
What’s the value in all of this?
To be rather simplistic, the value prop from Infoblox is “time”. How much is your engineer’s time worth? Or, to be more brutally honest, how many fewer engineers would you need if you had centralized IP, DNS, DHCP, and network device configuration management? How much is a properly documented network worth?
If you are already in a highly structured environment with defined IP subnets and standard device configurations, you might not see much value in what Infoblox provides. My personal opinion is that no matter the size or state of your network, NetMRI is a solid tool that should be looked at. If you already use one of the competing packages(Solarwinds Orion NCM, HP Network Automation software/Cisco NCM, CiscoWorks LMS, etc) there’s probably not going to be a compelling reason for you to switch to NetMRI. All of those products tend to do the same thing with some minor variations. As for the IP, DNS, and DHCP management, it will only be beneficial in those environments where good practices and documentation do not exist. If your environment is VERY large and you have a million different hands in the pot, IPAM might be a good thing. You’ll be able to lock things down a bit easier, as well as use one central location for administration. If you have everything laid out properly in your Microsoft Active Directory environment, you’ll probably have a hard time selling this to management. The native tools from Microsoft do a decent job of providing usable information. Fortunately for Infoblox, there are tons of those environments that are not managed properly.
Let me know in the comments if you agree, disagree, or need to point out any errors.
*****Disclaimer: As a delegate for Tech Field Day 5, my flight, food, lodging and transportation expenses were paid for in part by Infoblox. I am under no obligation to write anything regarding Infoblox either good or bad. Anything I choose to write are my opinions, and mine alone. **********
Thanks for posting this Matthew. Have you used Infoblox? And if so, how have you found it to work with in an enterprise environment. Have you used any Bluecat products? Any comments on how they stack up against eachother for DHCP/DNS management?
Dan,
I have not used Infoblox’s products. I have used similar products from a DHCP/DNS standpoint as well as from a network configuration management standpoint. As for Bluecat, I am aware of their offerings, but have not used them. The DHCP/DNS management piece is a great fit in certain situations. As a network guy, my interactions with DHCP/DNS are minimized as I am typically in environments where the server team would manage those services.
I think Infoblox has a neat offering of products that can tie in and work well with each other. Like anything though, “it depends” on what your needs are.
Thanks for the response.