The Men & Mice Blog

How to explain Network Management to relatives and friends over the holiday (GIFs)

Posted by Greg Fazekas on 4/18/19 8:15 AM

 

Life isn’t always easy for network managers and architects. The C-suite is constantly demanding more efficiency and smoother operations, at low cost. Your colleagues are asking for more user-friendly policies and services. And you have to keep up with an ever-changing landscape of technology (infrastructure sprawl) and its ripples into your domain. (Pun absolutely intended.) Uptime and security are everything. Then, you constantly have to explain to people what you actually do for a living.

Over the holiday weekend, there’s a good chance, in addition to being asked to fix someone’s computer, phone or tablet, you’ll be asked “what is it you do again?”

How do you illustrate what you do? Maybe it’d be a lot easier to explain being a fireman, astronaut, or brain surgeon? We've pulled together some helpful GIFs to make this conversation more efficient. 

 

 

via GIPHY

Enter Ralph Breaks the Internet. (holiday movie idea!)

If ever there was an indicator that networking has permeated our everyday lives it’s an animated family movie centered around it. Some concepts are so fundamental to modern life that we aren’t even consciously thinking about them anymore.

ICYMI: Released in the fall of 2018, Ralph Breaks the Internet provided the subtext and pop culture references we all needed, while depicting basically your everyday.

 

 

via GIPHY

From the moment Ralph and Vanellope slide down the wire, to the hilarious popup advertisers and the wonderfully subtle depiction of DNS —  most every aspect of your job comes to life in a tangible, easy-to-explain-to-relatives way, every aspect of the complexities of networking in a network-driven world.

 

via GIPHY

DNS isn’t specifically named in the movie, but there are plenty of references. Knowsmore, although depicted as a search engine, certainly has his business rooted (see what we did there?) in being a DNS server of sorts. For instance, when Vanellope and Ralph decide to go to Ebay, they were automatically routed to their destination.

Ralph Also Teaches us DDoS

But if you had to showcase just one thing about your work, it could be how you have to prevent DDoS attacks against your company’s network — essentially how you have to be the hero against a million or billion Ralphs.

Explaining DNS to anyone, particularly to people not in networking (and let’s face it, even some people IN networking don’t really get DNS), is easier when you can point to the colorful transport GIFs from an animated movie. Grasping the concept of a botnet or a crippling DDoS attack is more memorable when it’s an ever-replicating bunch of clones of a funny character like Ralph. And you do get malware by clicking unscrupulous links.

tumblr_pgyjbw4Wy01s40634o6_540

via 'Disney' on Blogberth

DDoS is essentially the towering Ralphzilla of mindless objects with a single goal. Exploiting vulnerabilities in web servers, they overwhelm the system with a repeated, single query. Not only is this meant to disrupt user experience, more sinister objectives may be in play, such as bringing down firewalls.

We’ve talked a lot on this blog about DNS education. Education for both professionals — training, if you will — and for everyone, in order to understand new technologies and challenges affecting our businesses. Knowing why and how insecure networks are a liability and how important it is to defend against malicious attacks that can wreck the internet is useful for everyone.

The movie exaggerates concepts to either serve the plot or get a laugh. But the foundation for showcasing how networks and the internet work (or occasionally don’t work) is solid.

tumblr_p9ta2xlRol1tfb0neo2_540

via 'Disney' on Blogberth

Come this holiday (provided you don’t have to work because of some real-world Ralph threatening your company’s network) sit down at the family dinner, armed with GIFs and your favorite streaming service, to explain what you do and why.

And since it is a holiday weekend, here's a blog about all of the Ralph Breaks the Internet Easter Eggs. 

Image credits:Not a Real Company Productions and Disney via Giphy and Blogberth

Topics: DDoS, Disney

DNS Privacy: DNS-over-HTTPS

Posted by Men & Mice on 4/16/19 5:24 AM

DNS-over-HTTPS (DoH for short) is a standard developed by the IETF (under the RFC 8484 designation) to solve privacy concerns in DNS communication.

DNS Privacy: a primer

As we’ve talked about before, using DNS has been done in cleartext: the queries and responses between both the end user (applications, or stub resolvers, such as a browser) and the (first-hop) DNS resolver and the resolver and the DNS nameserver(s) are unencrypted by default.

While DNSSEC extensions were developed early on, they only added response integrity and not privacy. As IETF states, “either privacy was not considered a requirement for DNS traffic or it was assumed that network traffic was sufficiently private.

In recent years, however, that changed. Privacy has become a central concern and addressing it has spawned numerous solutions, such as DNS-over-HTTPS (DoH).

DNS-over-HTTPS

DoH conducts DNS operations using secure http urls and mapping DNS queries and responses into http exchanges, using default media formatting types.doh

While DoH uses existing protocols for communication, the IETF emphasizes that “[The] described approach is more than a tunnel over HTTP.” Aligned with existing http features, DNS servers and clients supporting DoH are called ‘DoH server' and ‘DoH client’ respectively, as they can be used for more than only DNS.

While DNS-over-HTTPS and DNS-over-TLS are colloquially used as different protocols, because DoH uses https it also includes TLS security. The key difference between DoH and DoT is the manner in which DNS operations are conducted.

DoH in action

DoH clients are configured with a URI template containing the url structure for DNS resolution. The client then uses a GET or POST method to send an encoded DNS query.

DNS-over-HTTPS uses standard https traffic (via port 443) to communicate. Because DNS communication is done through standard https methods and resides within https traffic, overhead for DoH is low.

DoH challenges

DNS-over-HTTPS is a newer protocol than DNS-over-TLS. DoH has had less testing and research than DoT, but because it aligns with https as an underlying transport protocol, it is less susceptible to issues other than those associated with https itself.

DoH, though still young, has successfully leveraged the existing ecosystem of native web applications and APIs. It can create more efficient (and private!) communications with DNS.

Arguments against DNS-over-HTTPS (in its current form) stem more from operational considerations. Whereas DoT can be controlled because of its use of a single and unique port, DoH is almost impossible to control or filter.

DNS privacy (DoH, as well as DoT and other solutions) is a good representation of the operational shifts network managers and architects face. DNS-over-HTTPS in particular is a solution born from a public networking mindset. Traditional corporate network operations that are increasingly dependent on cloud services and experience an influx of connected devices through IoT and BYOD, have to re-adjust.

But DNS privacy also means that the opportunity for corporate network managers and architects is more pertinent than ever before. DoH, DoT, and other solutions are young and still forming. Whereas the question before centered around ‘adoption’ of protocols, these new technologies offer a chance to ‘influence’. Ongoing participation in the conversation and debate over the merits and shortcomings of each is necessary.

Additionally, pilot programs, particularly those run in regulated, corporate environments, are invaluable to both the developers of DNS privacy solutions as well as the network managers and architects who will be charged with implementing it.

Topics: DNS privacy, DNS-over-HTTPS

DNS privacy: DNS-over-TLS

Posted by Men & Mice on 4/10/19 11:05 AM

DNS-over-TLS (DoT for short) is a standard developed by the IETF (under the RFC 7858 designation) to solve privacy concerns in DNS communication.

DNS Privacy: a primer

As we’ve talked about before, until recently,  DNS has been done in cleartext: the queries and responses between both the end user (applications, or stub resolvers, such as a browser) and the (first-hop) DNS resolver and the resolver and the DNS nameserver(s) are unencrypted by default.

While DNSSEC extensions were developed early on, they only added response integrity and not privacy. As the IETF states, “either privacy was not considered a requirement for DNS traffic or it was assumed that network traffic was sufficiently private.

In recent years, however, that changed. Privacy has become a central concern and addressing it has spawned numerous solutions, such as DNS-over-TLS.dot

DNS-over-TLS

DoT approaches privacy by encrypting DNS queries and responses between entities (predominantly between the stub resolver and the first hop resolver) using TLS (Transport Layer Security).

DoT uses a standard port (853) to initiate and accept DNS queries. It is possible to use a mutually agreed different port, but it is not the default. Once the connection is made, a TLS handshake is attempted, and after authentication the encrypted DNS communication can commence.

DNS servers supporting DoT are not accepting unencrypted data on the designated port, neither during session initiation, nor after a failed TLS authentication.

DoT overhead

Computers are powerful and efficient, but not without limits. DNS-over-TLS adds latency to DNS operations that needs to be accounted for and minimized.

DNS clients are required to adhere to a certain field length (two octets) and it is recommended to keep established, but idle, connections alive to the server. Another way to minimize latency is to pipeline multiple queries over the same TLS session. In this case, it’s the DNS client’s responsibility to match responses to queries, as they may arrive and be answered out of order.

Keeping established connections alive helps distribute the connection setup costs. Misconfigured handling of idle connections can lead to denial of service issues.

Flavors of DoT

DNS-over-TLS can be used in various ways. The IETF standard identifies opportunistic and Out-of-Band Key-Pinned privacy profiles.

Opportunistic privacy profile means the client recognizes a TLS-enabled DNS resolver and attempts to use it. If it successfully validates it, DNS-over-TLS may be used, but isn’t mandatory and the client can fall back to non-encrypted DNS.

Out-of-Band Key-Pinned privacy profile is usable where the trust between stub and recursive resolvers is already established. Enterprise DNS is one good example. With this profile, DNS clients authenticate servers by a set of (previously distributed) SPKI Fingerprints.

DoT pros and cons

DNS-over-TLS addresses privacy, but not the security of DNS operations. It is important to note that DNSSEC and DoT are not mutually exclusive, but rather compatible protocols that complement each other.

DoT is a straightforward protocol, and fairly easy to implement. TLS authentication is a mature, trusted, and well-maintained technology for encryption. But DNS-over-TLS also presents a number of challenges and concerns.

Attacks against TLS itself, such as protocol downgrade, affect DNS-over-TLS. DNS resolvers offering DoT have to be aware and be patched against TLS vulnerabilities. DNS clients can, in order to defend against person-in-the-middle attacks, discard cached data from a server stored in cleartext.

DoT isn’t fully protected against traffic analysis and SNI leaks. (Although it is in constant development to patch these vulnerabilities.) Split horizon DNS, where the DNS response may be different based on the source of the query, is also known to experience issues when used with DoT.

Network managers for both private networks and public services need to learn more about DNS privacy, DoT (and DoH and other implementations), and the solutions, and challenges, they present for their work. Education about these protocols is also important for end users — both for owning their privacy and to avoid issues resulting from unintentionally harmful configurations brought to a network.

DoT, DoH, and other protocols are in constant development, offering ways to influence their evolution. All network managers and architects, whether they’re running public or private infrastructures, should participate in pilot programs to discover and best voice and address their challenges and requirements.

Topics: DNS-over-TLS, DNS privacy

Privacy, security, and DNS: DoH & DoT

Posted by Men & Mice on 4/3/19 12:04 PM

 

 

In a world where digital privacy, whether due to concerns over surveillance or questionable use of data, is increasingly pivotal for customers and businesses alike, unsecured transmissions are simply not acceptable.

Surely DNS, the most fundamental building block of any network, is all good and set, yes? Well, let’s take a closer look.

DNS: connecting people to machines since 1983

The original standard of DNS dates back to 1983. Since then a lot of DNS queries have ‘passed’  under the (proverbial) network bridges.

A basic DNS query-response resolution process looks like this:dns-1

Spot the problem?

Looking at the communication that’s taking place in resolving even the simplest of DNS queries, there’s a whole lot of action going on -- which can lead to issues in security and privacy. One that stands out almost immediately is that the queries and responses  are in cleartext. It’s not hard to imagine a suitable man-in-the-middle attack rerouting the user to a malicious destination.

Early on, DNSSEC was created to prevent such incidents. By establishing a chain of certificates for nameservers, DNSSEC was intended to spread trust across networks.dnssec

It did not, however, change the fact that the communication is still sent in cleartext. (Also, DNSSEC adoption is about 20% and only about 3% in the Fortune 1000.)

What are we doing to resolve (pun not intended) these issues?

Two ways to secure DNS queries which are currently being explored by, amongst others, the IETF, are  doing DNS over TLS or HTTPS.

  1. DNS-over-TLS (DoT)

The user connects to the DNS resolver through a dedicated port (853). With a strict DoT it will not use any other connection, while when using an opportunistic DoT, it will take the secure port if offered, but if not, it will connect unsecured anyway.dot

The main weakness of DoT is its limits: it only addresses encryption on a system resolver level and works only on one port. Target the traffic between the resolver and the nameservers or block the port and DoT is over. It can also break split horizon DNS and spawn Server Name Indication (SNI) leaks. (TLS 1.3, however, proposes encrypted SNI.)

  1. DNS-over-HTTPS (DoH)

With DoH, web applications access DNS using existing browser APIs and DNS traffic is mixed in with regular HTTPS traffic.doh

The major challenge for DoH is adoption. Beyond manufacturing latency, it makes securing DNS less transparent and manageable: organizations need to solve new challenges.

YOU get a secure DNS, and YOU get a secure DNS, and…

There’s no one protocol to rule them all, nor is there a need for only one. (Although the number of protocols involved with networks can be seen as daunting -there are 8571 RFCs as of this writing.)

To make a long story short, both DoT and DoH aim to make networks safer. As such, both have their advocates, divided fairly logically by the context in which they work best:

  • on-prem private networks are generally more likely to support DoT; not surprisingly, as it provides more control and visibility that’s suited to a limited (however large) network context.
  • those developing cloud-based networking solutions, on the other hand, gravitate toward DoH; they can make their applications more efficient by leveraging the existing HTTPS ecosystem and pioneer new technologies like Server Push or resolveless DNS.

Both have their strengths to emphasize and their weaknesses to address.

Where do we go from here?

DNS is no small technology, and things tend to go slow. Both DoT and DoH are fairly young technologies. As with any other technology, we simply cannot predict the challenges they’ll invite.

What we can do is evaluate and discuss.

Whether we talk about censorship or protection of society from harmful content, whether it’s the liabilities born from DNS vulnerabilities  or the GDPR, there’s much to debate. On the other hand, technology also keeps progressing independent of such discussions, altering the course of the conversation.ripe

One such place for these debates is RIPE. Men & Mice will be at RIPE 78 in Reykjavik 20-24th May, joining ISPs and other network operators to discuss the future of networks. (And, of course, to change the way the world sees networks.)

In the meantime, you can follow our blog and social media in the coming weeks to learn more about DoT, DoH, and other ways to secure your networks, and join the conversation.

Doing DNS better: DNS (and BIND) Training with Men & Mice

Posted by Greg Fazekas on 3/27/19 11:49 AM

DNS is the core mechanism of the internet. And, as all technology does, it keeps evolving and changing, even if its primary function hasn’t changed all that much. DNS makes networks work, but in turn we have to make DNS work.

Because it’s so critically important to networks, DNS is also a prime target for attack. With the Internet-of-Things bringing online hundreds of thousands of devices every hour (!) of every day, the attack vectors for malicious elements are multiplying exponentially. And beyond DDoS striking fear in every network manager’s heart, the most constant threat to any network still remains the most basic one: easy-to-miss configuration errors.

Safeguards from smart vendors (like our own xDNS Redundancy™) help protect against DNS errors and DNS attacks such as DDoS. Training your staff protects against human error. Learning how to configure, manage, and defend DNS effectively yields both obvious and unexpected benefits to any business’s network. If you want to keep your critical business infrastructure running smoothly,  your network staff needs to be able to grasp DNS from every angle.

That’s where we come in.

Learn DNS with Men & Mice

DNS_DNSSEC_BINDtraining

 

Men & Mice has been offering DNS training for 20 years, since 1999. Our training program has educated students throughout the birth and boom of the internet. We’ve played a critical role in strategy and management of network growth all along.

Having a comprehensive training program that allows entry for any knowledge level is instrumental, as we know students seek out our courses with various objectives in mind. Courses are designed to provide both a renewed examination of existing knowledge, with new best practices, to expert students as well as  fundamental, practical information for beginners.

New call-to-action

A new and improved courses - for everyone39

How we teach DNS is constantly evolving, in sync with innovations in DNS technology. For example, our courses have been augmented with new security and monitoring materials, new sections on RPZ, RRL, DNS Cookies and dnstap. All these sections include laboratory exercises for hands-on experience.  Other brand new material covers minimal ANY, DNS looking glasses, and packet capture (passive replication). We have added additional quizzes and several new labs, such as challenging debugging labs.

So which course is a perfect fit for you?

If you’re new to DNS, we recommend the DNS & BIND Fundamentals (DNSB-F) program. It’s part of the DNS & BIND Week (DNSB-W) and serves as a shorter introduction to the world of DNS and BIND.

If you’re already familiar with the basics, the full five-day DNS & BIND Week (DNSB-W) course takes you deeper into DNS, including  a heavy emphasis on security, stopping just short of DNSSEC (for which we offer a separate course).

For those looking for even more, we offer the DNS & BIND Advanced (DNSB-A) program. The DNSB-A gets into the full depths of DNS and BIND with topics such as

  • new ISC binary releases for Linux distributions that were added last summer,

  • the change to dnssec-keygen beginning in BIND 9.13,

  • catalog zones,

  • packet capture (passive replication),

  • and more.

And for those of you curious about whether the BIND training addresses the most recent versions of BIND:  Both DNS & BIND Fundamentals (DNSB-F) and DNS & BIND Week (DNSB-W), as well as the DNS & BIND Advanced (DNSB-A) course have not only been updated to 9.11, but also addresses changes in 9.12 and 9.13.

DNS training for the real world

Our instructors and program coordinators value comprehensive, practical teaching methods. As such, our course materials are decidedly not "animated user manuals" - they cover DNS contextually, with real-world examples and hands-on labs. As one of our recent students put it:

“I was very impressed with everything about Men and Mice. The communication, the facilities, the instructor, the material. Everything about my class was really awesome, knowledgeable, and engaging. They never let us just sit there, always brought us into the lesson, and also gave great examples to help us understand concepts. I would take any class they taught.” (Michelle Boyd, Systems Engineer, Southwest Airlines)

Upcoming course dates include courses offered near Denver, Colorado in April, as well as Gdansk, Poland and Reston, Virgina, in June. We're also adding courses for Fall 2019 across North America (US, Canada), Ireland, The Netherlands and Switzerland. Stay tuned for more details.  To learn more about the Men & Mice Training Program and see what’s available in your neck of the woods, visit https://menandmice.com/training.


 

Topics: BIND, DNS training, ip infrastructure

New Men & Mice Suite Reporting Module: Cut through data congestion with a reporting superhighway

Posted by Men & Mice on 3/20/19 8:23 AM

Reports management is critical in any enterprise-level organization. Knowing who did what, when, and why — even, and especially, after months or years — is invaluable for regulatory requirements, transparency, and a clear line of responsibility. Having a good handle on reports also helps managers to identify notable efficiencies or worrying weaknesses in existing processes.

The benefits of reliable and usable reporting affect the entire business, from IT to C-Suite. Decision makers on all levels need to track available assets and spot workload trends that affect them; clear and transparent reporting can expose security vulnerabilities or reveal human error before they cascade into catastrophe; and business decisions benefit from comprehensive data deepening the understanding of what changes are needed.

Reporting has always had a presence within the Men & Mice Suite, but from version 9.2 a new advanced Reporting Module ups the reports management ante several levels.

The foundation

The Men & Mice Suite has been known for its robust handling of object history for all DNS, DHCP, and IP data since the very beginning.

Inspector-actionsChanges made to an object (DNS record, DHCP scope, IP address, you name it) managed through the Men & Mice Suite are logged in the system. Hand
ling these objects in the Suite’s management web application, users can view the history of changes individually per object.

Having the data, however, is just the beginning. To make these foundations satisfy the need for high-frequency, and often automated, reporting, the Men & Mice Suite Reporting Module streamlines the way users can mine this data, offering greater reports management and control.

The traffic control

The new Men & Mice Suite Reporting Module enables users and administrators to view, collect and utilize data within the Men & Mice Suite and/or export it for download. Users can:

  • create and save new report definitions

  • schedule reports to be generated

  • run reports

  • download reports in various formats

report1

The Reporting Module offers a variety of report templates, from audit trails to a list of DNS zones filtered by criticality, as well as a straightforward process for customization. Tailor-made reports can be generated by correlating data and templates in just a few steps. Users can also create reporting definitions and schedule them to run reports on a daily, weekly, or custom schedule.report2

The Reporting Module is a central tool for businesses to maintain transparency, clear communications, and scalability. Apart from  generating reports and scheduling them to run on a regular basis, the Reporting Module provides a variety of other use cases such as:

  • during internal reorganization, project leaders can quickly generate reports to list available assets;

  • objects can be organized into a report to locate vulnerabilities and prevent security incidents;

  • business expansion is aided through defining reports on resources reaching capability limits, thus helping to make smarter business decisions

The result

The Reporting Module especially shines in cases where on-prem and cloud network resources are mixed and scaled across multiple locations and platforms. With the Reporting Module, Men & Mice Suite  provides streamlined reports management, giving you an enhanced overview of your network and system processes, and taking you one step closer to unifying the way you see, and control, your hybrid and multicloud network resources.

Take a look at the following video to see the Reporting Module in action:

 

 

Try the Men & Mice Suite 9.2

The Men & Mice Suite helps to make complex enterprise IP infrastructure management, across hybrid and multicloud environments, as elegantly simple and quietly robust as customer-grade technology — but on an enterprise-grade scale.

The new Reporting Module is an important improvement in streamlining network management in the enterprise. Building on the already robust data facilities of the Men & Mice Suite, it provides valuable data and insights for making better decisions.

You can try version 9.2 of the Men & Mice Suite by clicking the button below or grab it directly from the Azure Marketplace. The new Reporting Module is part of the Men & Mice Suite and can be licensed as an add-on to versions of Men & Mice Suite v9.2 or beyond.

Men & Mice Suite Free Trial

Topics: Men & Mice Suite, Men & Mice, day-to-day IT

Streamlining DNS changes with Men & Mice Suite: introducing the new Workflow Module

Posted by Men & Mice on 3/13/19 12:17 PM

A common organizational bottleneck and security conflict exists between the users’ need for autonomy and the network administrators’ responsibility towards network health and security.

The  Men & Mice Workflow Module add-on, available from version 9.2 of the Men & Mice Suite, is designed to resolve this painful organizational inefficiency and common security challenge.  

Streamlining DNS across your entire organization

With the Workflow Module, network administrators can gain greater control and transparency over changes within their DNS infrastructure through an efficient queue of requests and approvals for DNS tasks.

The Workflow Module allows all users to make  DNS changes like

  • adding a new DNS record

  • modifying or deleting an existing DNS record

  • scheduling DNS changes

To preserve the user’s need for autonomy, and resolve it with respect to network security, changes are not applied directly, but a request is created instead. Users can review their pending requests in the Web Application, and revoke them if they change their mind.

workflow-user

In the same interface, users with administrative permissions can view all submitted DNS change requests, and approve or reject them individually or in bulk. Changes can be set to propagate immediately or be scheduled later, at a more suitable time. (Such as when network load is minimal, to avoid issues like caching.)

workflow-admin

Through this streamlined process, users can set up DNS changes ranging from small and singular to wide and sweeping, without having to wait. The approval process ensures that only those with the appropriate privileges can process the changes, in a fast and efficient manner. User autonomy and administrator responsibilities that, for a large part, seemed mutually exclusive before can now serve to augment each other’s work.

Combined with other features of the Men & Mice Suite, such as xDNS Redundancy™, the Workflow Module  enhances security and boosts network resilience, while simplifying processes and increasing organizational efficiency.

Take a look at the following video to see the Workflow Module in action:

 

 

Try the Men & Mice Suite 9.2

The Men & Mice Suite helps to make complex enterprise IP infrastructure management, across hybrid and multicloud environments, as elegantly simple and quietly robust as customer-grade technology — but on an enterprise-grade scale.

The new Workflow module is an important step in delivering that streamlined network management experience to the enterprise. Extendable in future versions with further functionality, it builds on the compatibility across all major cloud and on-prem DNS platforms that has been a core advantage of the Men & Mice Suite since the beginning.

You can try version 9.2 of the Men & Mice Suite by clicking the button below or grab it directly from the Azure Marketplace. The new Workflow module is part of the Men & Mice Web Application and can be licensed as an add-on to versions of Men & Mice Suite v9.2 or beyond.

Men & Mice Suite Free Trial

Topics: DNS, DNS events, day-to-day IT

Men & Mice Suite version 9.2 released with AWS multi-account management, DNS Workflow, advanced Reporting and Azure Marketplace availability

Posted by Men & Mice on 3/6/19 7:11 AM

Men & Mice Suite Version 9.2 continues to deliver on the company’s commitment to making complex enterprise IP infrastructure management, across hybrid and multicloud environments, as elegantly simple and quietly robust as customer-grade technology, but on an enterprise-grade scale.

Men & Mice Suite Version 9.2 in a nutshell (tl;dr):

●   New Workflow module (add-on): greater ease and control of DNS management by enabling users to request and optionally schedule the fulfilment of DNS changes for administrator approval/denial.

●   New Advanced Reporting module (add-on): create tailor-made reports by correlating data and templates in just a few steps, scheduling the results to be generated daily, weekly or on a custom schedule.

●   Multiple account support for AWS: manage and retrieve data from AWS master account credentials associated with up to thousands of AWS sub-accounts.

●   Availability on the Azure Marketplace: try the Men & Mice Suite on Azure, or implement with one-click install (with step-by-step instructions).

●   Improved DHCP functionality for scopes and reservations on ISC DHCP, ISC Kea, and Cisco

●    A host of added functionality for filtering, quick commands, and data displays for further mobility and ease of operations.

Free Trial of the Men & Mice Suite version 9.2

Not sure yet? Read more about the Men & Mice Suite's new 9.2 features and functionality.

Artboard 1-100Five noteworthy updates in Men & Mice Suite 9.2 for a Future-ready IP Infrastructure Strategy

Beyond the consistent improvements customers have come to expect from Men & Mice, version 9.2 of the Men & Mice Suite focuses on the expansion of cloud integration, such as AWS multi-account support and Azure Marketplace availability, as well as simplifying DNS workflows and deepening reporting capabilities with new add-on modules.

AWS Multi-Account Management

Men & Mice Suite already features cloud-native integration with AWS and Azure as well as Akamai Fast DNS, Amazon Route 53, Azure DNS, Dyn DNS and NS1 to best manage and synchronize IP address management and DNS respectively. In the v9.2 release, Men & Mice has added multi-account support in AWS, to manage and retrieve data from AWS master account credentials associated with up to thousands of AWS sub-accounts.

aws-multi

DNS zones, VPCs and subnets can be listed for each AWS account subscription, dramatically cutting down administration while guaranteeing a global view/management of the cloud infrastructure.

New Workflow Module

One of the key new features in version 9.2 is the newly introduced Workflow module for efficient request and approval of DNS tasks. The Workflow module allows users to make requests for creating, modifying and deleting DNS records and optionally schedule the fulfillment of DNS changes. 

workflow

A common scenario for using the Workflow module would be a user requesting to add a new DNS record, modify or delete an existing DNS record. The request is created and is viewable to an administrator, along with other requests from other users in one comprehensive list, for approval or rejection, scheduling or immediate implementation. The new Workflow module can be licensed as an add-on to versions of Men & Mice Suite v9.2 or beyond. 

Advanced Reporting Module

In any enterprise-level organization, transparency and a clear line of responsibility are crucial. The new, advanced Reporting module, enables users and administrators with the ability to utilize, save and export for download a variety of report templates and customized reports.

reporting

In 2018, Men & Mice introduced simplified reporting features within the Men & Mice Suite. In Men & Mice v9.2, the new advanced Reporting module takes this several steps further, where reports can be tailor-made by correlating data and templates in just a few steps, scheduling the results to be generated daily, weekly or on a custom schedule. The advanced Reporting module can be licensed as an add-on to versions of Men & Mice Suite v9.2 or beyond.

We’ll cover the two brand new modules for Workflow and Reporting in detail in the coming weeks.

Men & Mice Suite goes live in the Azure Marketplace

azure-marketplace

Microsoft’s software and services are present in just about every organization’s infrastructure, making the business of keeping critical infrastructure up and running consistent, reliable, and familiar for a lot of network managers. Familiarity of technology has its benefits, particularly when it’s possible to extend your network into the cloud within the same Microsoft ecosystem, as is the case with Azure cloud services.

The first third-party solution to have integrated with Windows 2016 and Azure DNS, Men & Mice takes its long-term technological focus a step further by simplifying availability of the Men & Mice Suite for Microsoft Azure customers. From Version 9.2, the Men & Mice Suite is available through the Azure Marketplace. Deployment can be done in a matter of minutes instead of hours, with one-click install and easy-to-follow instructions. Simple as that.

Automation and the Men & Mice REST API

Not every network task requires human interaction. In fact, the life of a network manager can be simplified by automation in the right places. Men & Mice’s REST API offers the automation and customization needed to keep teams focused on the bigger picture and help keep networks secure.

network_menmice

In addition to improved automation and customization capabilities, some other great new features introduced in Men & Mice Suite v9.2 include added IPv6 support in its network creation wizard, single-click system updates and improved management of subnets, ranges, scopes, and more.

Changing The Way The World Sees Networks

Overlay solutions, such as the Men & Mice Suite, anticipate changing network needs, focus on compatibility between services and extend network investments while combating network conflicts and vulnerabilities. Likewise, Men & Mice’s dedication to establishing both technical and business partnerships for its solutions means customers can count on DevOps-friendly automation, synchronization and the unified visibility necessary to manage the next generation of enterprise networks.”  — Sigfús Magnússon, Head of Product, Men & Mice.

Let us walk you through a demo

Free Trial of the Men & Mice Suite version 9.2

Topics: Men & Mice, DNS, DHCP, IP address management, "cloud dns", Azure DNS, aws, azure, multi-cloud, ip infrastructure, multicloud, hybrid dns, hybrid ipam

2019’s word of the year: multicloud (connectivity)

Posted by Greg Fazekas on 2/22/19 9:57 AM

It’s a multicloud world. (We’re just managing it.)

Whether you want to spell it multi cloud (with a space), multi-cloud (with a dash), or just ditch all of that and go full-on conjoined “multicloud”, the fact remains that multicloud utilization is on every business leader’s lips.

Whereas before enterprises viewed migration to the cloud as a distant possibility, the focus has now shifted entirely. Increasingly data intensive applications and services require that they speed up their digital transformation, and to stay competitive, explore the benefits of migrating their data, services and applications not only into one cloud, but many clouds.

Competing cloud infrastructure offerings, such as AWS and Azure, provide enterprises with undeniable benefits. Network availability, for instance, can more readily be optimized as workloads can be switched between vendors in the event of a localized failure. At the same time, utilizing one, or many clouds, also presents new challenges to network management.

How do you maintain multiple networks on multiple cloud platforms, each with their own means and methods of running their cloud environment?

In comes multicloud connectivity.

Multicloud connectivity is the software-defined, invisible layer of abstraction that takes care of communication between different (and often incompatible) vendors, platforms, and implementations (on-prem, hybrid, private, or public).

As digital transformation journeys are becoming more and more streamlined and less and less experimental, it helps network managers to consider the emerging best practices around multicloud connectivity.

Multicloud ways and woes: playing nice with each other

Organizations can and should take charge of picking services aligned with their cost-benefit vectors. From SaaS applications like Salesforce, Office 365, or Google Drive, to raw computing and storage infrastructure resources, most everything is delivered from the cloud. But that also means more moving parts, which can lead to possible service degradation.

Best practice: Cloud vendors aren’t motivated to play nice with each other, so it falls to organizations to plan for and implement multicloud connectivity in their cloud adoption strategy.

Multicloud ways and woes: security

In the charge to the cloud, there has been a huge focus on security for storage and computing resources. However, there hasn’t been a similar awareness of network vulnerabilities - and with multicloud re-defining networking it’s especially timely to pay attention to security now.  

Best practice: Beyond smart planning of networking strategies, multicloud connectivity helps to address the challenges posed by threats to network availability.

Multicloud ways and woes: disaster recovery

When disaster strikes,, cloud services are well-positioned to keep a business up and running regardless. DDoS attacks or simple human error disrupting everyday operations don’t need to  cause a total shutdown of an organization’s network. Building contingencies seem simpler in the multicloud, but disaster recovery can also put an increased strain on the network, particularly if network managers have to struggle with vastly differing operational requirements in different cloud environments.

Best practice: With such a critical role to play, networks need to rely on strong,  functional connectivity between multiple cloud environments to strengthen them.

Multicloud connectivity and the Men & Mice Suite

Multicloud makes connectivity not only crucial but defining. As a company focused on networking solutions, Men & Mice is excited about this unique emphasis on networking itself.

The Men & Mice Suite is a hybrid and multicloud DNS, DHCP, and IP Address Management solution. It’s been built to provide the multicloud connectivity by being widely compatible, secure, and reliable.

It’s software-defined. The connectivity layer provided by the Men & Mice Suite depends on no set architecture or infrastructure and requires no single-point-of-failure hardware.

It’s compatible. API-driven and backend-agnostic, the Men & Mice Suite simplifies programmatic control and automation across multiple cloud vendors.

It’s secure. The Men & Mice Suite extends the enterprise-grade security over the connectivity layer, allowing for audit trails, role-based access controls, and migrating existing security policies to the cloud.

It’s fault-tolerant. Customers can rest easier as the fall-out from human error, DDoS attacks and cloud service outages can easily be mitigated by the Men & Mice xDNS Redundancy™ feature.

Hybrid multicloud IP management

With the upcoming release of version 9.2, the Men & Mice Suite improves on its already best-in-class solution. From deep AWS and Azure integration to the flexible web application, developing the Men & Mice xDNS Redundancy™ for added security and reliability, we’ve made multicloud DNS, DHCP, and IP Address Management even better and ready to deliver on the need for connectivity.

Men & Mice Suite Free Trial

 

Topics: DNS redundancy, multi-cloud, multicloud

Multicloud networking: Azure and the Men & Mice Suite

Posted by Greg Fazekas on 2/15/19 10:19 AM

We’ve previously outlined the Men & Mice Suite’s deep integration with on-prem Windows and cloud-based Azure and Azure DNS, which helps extend the value of Microsoft services investments while gaining comprehensive visibility, management and scalability from the Men & Mice Suite. This is particularly helpful for network environments comprised of either several Microsoft services, including Azure, or hybrid environments where several otherwise non-compatible services need to be utilized.

If you’re already dependent on Windows servers on-prem and other Microsoft products to run your infrastructure, moving workloads to Azure makes a lot of sense. As is, many large-scale organizations, from Fortune 100-500-1000 companies, to education and research institutions or governmental municipalities, are already deeply reliant on Microsoft software, as are a good number of Men & Mice customers, many of whom have begun moving workloads into Azure over the last few years.

Why Men & Mice?

Men & Mice has a long history of technical compatibility with Microsoft products - including being the first vendor to offer Azure DNS third party support. This, combined with our presence in the Azure Marketplace, as well as our burgeoning business relationship through Microsoft’s Co-Sell program, means accessing the benefits of both Azure and Men & Mice has never been simpler.

Some of the main benefits of using the Men & Mice Suite with Azure include:

  • Bulk migration and import to Azure DNS

  • Sync between Azure DNS and other DNS platforms

  • Workflow extensions to automatically tag zones during migration

  • Unified audit trails and tracking changes

  • Granular, role-based access and delegation, including Active Directory support

  • AD Single-Sign-On with automation

  • Visibility across all VNETs, address blocks, subnets and IP addresses

  • Use of APIs to manage data.


Looking for the easiest way to evaluate Men & Mice Suite and Azure? Try the Men & Mice Suite directly from the Azure Marketplace.

As a Co-Sell partner and a recent winner of the Microsoft Partner Award for Infrastructure Innovation, we’ve further expanded our reach with Microsoft beyond technical capabilities to create new simplified, ease-of-access processes for customers of Azure and Men & Mice Suite. Microsoft-Awards-1

A few scenarios where the combination of the Men & Mice Suite and Azure really shines:

  • Mergers and acquisitions are made easier by staying in the same ecosystem (Windows Servers + Azure). Likewise, unifying a multitude of on-prem and cloud network services and environments through Men & Mice Suite, eases network transitions and provides near-immediate visibility.

  • Utilizing the Men & Mice Suite with Azure allows the dynamic scaling or migration from on-prem Microsoft DNS or BIND to Azure DNS.

  • Physical expansions are also made easier through using the Men & Mice Suite to clone already working environments, while taking advantage of Azure’s global availability to reduce local latency and support turnaround.

  • Project fragmentation causing network overlaps and conflicts can be quickly resolved through Men & Mice Suite on top of Azure, providing transparency for all IP addresses, VNETS, and subnets.

  • Network diversification. Network supply chain diversity is critical to add redundancy and  prevent against DDoS and other malicious attacks. Using the Men & Mice Suite’s xDNS Redundancy™ feature makes this easier, while the infrastructure is backed by Microsoft’s robust SLAs.

Utilizing the Men & Mice Suite with Azure

The Men & Mice Suite’s superior Windows compatibility, Active Directory integration, as well as native support for IP Address Management in Azure and Azure DNS have both attracted Men & Mice customers to Azure as well as, increasingly, Azure customers to Men & Mice Suite.

With the Men & Mice Suite you can see VNETs, address blocks, subnets and IP addresses across all of your organization’s Azure infrastructure, and sync between Azure DNS and other DNS platforms using Men & Mice’s xDNS Redundancy™ feature. Or, migrate entire zones to Azure DNS from other services and fully manage them using granular access control tied into Active Directory.

azure_dns-1600x1007

The resilience, scaling, and security of Azure combined with the hybrid and multicloud management and visibility offered through Men & Mice Suite helps to resolve obstacles in the form of runaway migration costs, lack of compatibility between the multitude of on-prem and cloud services and loss of control in managing the DNS in conjunction with the IP data.

 

 

Why follow Men & Mice?

The Men & Mice blog publishes educational, informational, as well as product-related material for everyone and anyone interested in IP Address Management, DNS, DHCP, IPv6, DNSSEC and more.

Subscribe to Email Updates

Recent Posts