Infoblox

By John T. Scott

When you walk into a dark room and turn on the light switch, are you surprised when the lights come on? No, of course not. We come to expect that when we throw the switch, the lights will simply come on. We do not think about the hydro-electric dam that generated the power to begin with. We do not think about the miles of wire and transformers that brought the electricity to our home. We simply expect there to be light, and there is. In the Information Technology world there are many systems that should be just as invisible as this to the end user.

There are two such critical systems that almost every single computer and application must utilize in order to function on the State’s network. These are DNS (Domain Naming System) and DHCP (Dynamic Host Configuration Protocol). To a computer, DNS is like a phone book is to you and me. When you pick up the phone to call someone, you can look up their name in the phone book to find out what number to dial to reach them. DNS does the same thing for computers – matching a name to an IP address so that one computer might locate another on the network. DHCP is a tool that is used to deliver IP stack information to almost every computer on the network. This stack information provided an IP address, Gateway address, Subnet mask, DNS servers, etc to a computer dynamically whenever it is connected to the network, greatly reducing the configuration overhead for support staff.

For many years the State relied on a system called NetID to provide these essential services. NetID was a product that was designed to run on standard Microsoft servers with an Oracle database on the back end. As many might recall, this system was less then stellar in its performance. Problems with zone transfers, and accurate data being committed to the database plagued NetID throughout its tenure. In many cases, NetID failed to deliver IP information reliably, resulting in devices being unable to connect to the network. Finally after several years of working with the vendor and trying to re-design the system to be more stable, it became clear that NetID was not going to be a viable solution moving forward. In short, we would throw the switch, and hope the lights came on.

During the fourth quarter of 2005, a committee was formed to examine various other solutions that might be available to the State for delivery of these essential services. After much analysis of the various offerings available, the committee decided on the solution offered by Infoblox. The Infoblox system is a distributed, RFC compliant, highly available solution. Each individual node in the Infoblox grid is actually made up of a pair of appliances, connected together in an HA (Highly Available) configuration. If one half of the pair should fail, within one second the other half of the pair steps up and begins servicing clients. Testing of the new system began during the first quarter of 2006, with initial deployment of the first devices in April. Over the ensuing months, the Infoblox architecture was competed to form the Infoblox "Grid" now in production.

Using this "Grid" approach to distributed architecture, the Infoblox environment is made up of several members or "nodes" that are distributed across the State’s network. There is one node co-located with the State Police at the Central Maine Commerce Center, two nodes at the Edison Drive Office complex (a standard production node in addition to the controller or "Gridmaster" node) and a backup node in the DHHS office on Marginal Way in Portland. With Infoblox, each member or node shares the same data through a distributed semantic database proprietary to Infoblox called "bloxSDB". In other words, each node knows everything that every other node knows. In this way, service delivery can come from any node on the network.

Since the deployment of the Infoblox grid, the delivery of DNS and DHCP services has become the stable and reliable system it always should have been. In addition to the DNS and DHCP services that Infoblox provides it also provides TFTP services for VoIP telephony, and provides RADIUS authentication services and Microsoft AD integration for tracking wireless network users. All of these services are delivered in an RFC compliant and reliable system. When an application needs to locate a resource via its name, DNS is there. When a computer first boots-up and connects to the network, DHCP provides the necessary connection information. In short, when we throw the switch, the lights simply come on.