The Men & Mice Blog

Greg Fazekas

Recent Posts

Staying the path: lessons from Microsoft Ignite 2019

Posted by Greg Fazekas on 11/14/19 8:55 AM

Ah, Microsoft Ignite. Good times have been had, but also important lessons were learned.

Anyone who attends trade shows like Ignite can tell you: the long hours and dizzying pace of conversations yield results. Not only in terms of sales leads, which are always welcome, but also in getting a pulse reading for the industry.

ignite2019-2

We’re doing the right thing…

Of course we believe we’re on the right track, otherwise we wouldn’t be on it. But it’s an incomparable feeling to be validated by both customers (who are very happy with using the Men&Mice Suite) and visitors (who were impressed by our demo).

The landscape of networks and IP infrastructure management is changing. It used to be that you had to keep up with the latest hardware and software trends. Buy the next server; upgrade to the next version. However, increasingly it seems today’s (and tomorrow’s) task is keeping up with change itself.

Men&Mice has been building its products around that task for decades. And people are recognizing and appreciating it more and more.

… but there’s room to improve

When change is your only constant, it goes without saying that work is never done. As much as we pride ourselves on our ability for predicting change instead of catching up with it, we’re always looking for feedback.

Every trade show we visit offers plenty of opportunities to learn what ails the people running networks. We listen to people asking for support for a particular hardware or software and see an incredible yearn for automation. And we're glad to be able to tell them 'yes.'

The Men&Mice Suite has been supporting a multitude of different platforms — including our competitors! — and we’re constantly working on adding more. And our fully featured REST and SOAP APIs always get people excited: “Are we really able to do all that with a single API layer?Yes!

Onward!

All in all: with a new release of the Men&Mice Suite just around the corner, Microsoft Ignite was a great opportunity for self-reflection.

We have an awesome product, positioned right, and a growing and loyal customer base. Improvements are implemented consistently, and based on the feedback we’re focusing on the right things.

We’ll attend one more event in 2019, the Gartner IT Infrastructure, Operations & Cloud Strategies Conference in London. Our CEO Magnús Björnsson will speak about network management in this hybrid and multicloud world, and how it changes the need for DevOps, automation, and changing the way we see networks.

After that? 2020. We feel good about what’s coming next year.

Topics: DDI, IPAM, DNS, DHCP, Microsoft Ignite

Men&Mice and Azure

Posted by Greg Fazekas on 11/5/19 8:54 AM

The Men&Mice Team at Microsoft Ignite 2019

We’ve talked about Microsoft and Azure many times. Men&Mice takes pride for its deep-running synergy with the Microsoft ecosystem. The Men&Mice Suite was the first IPAM solution to fully integrate with Active Directory (AD), and now it is the only Microsoft-preferred solution for DNS, DHCP, and IPAM (DDI, or IP infrastructure management) on the Azure Marketplace.

Our team is at Microsoft Ignite to meet customers, present and prospective, and talk about how to make Azure work better with Men&Mice.

Why Azure?

For those already deeply reliant on Microsoft software (but also for those who aren’t) Azure offers convenient workflows and an array of resources in its Marketplace. Its global infrastructure backed by Microsoft. More and more Fortune 100-500-1000 companies, education and research institutions, and governmental municipalities (to name just a few) are discovering the value Azure brings to the table.

Scaling and migrating your on-prem Microsoft-based corporate network to Azure is not only beneficial on many levels but also simple with the Men&Mice Suite.

Deploying Men&Mice on Azure

Making the move to a cloud platform such as Azure has a reputation for being complex, expensive, and cumbersome. Capitalizing on the cloud is a priority for enterprises challenged by infrastructure sprawl, segmented projects, and mergers & acquisitions, but implementation is often hindered.

Men&Mice can alleviate those issues and create a straightforward path to cloud migration.

As an overlay solution deployed non-destructively, the Men&Mice Suite doesn’t restructure existing network infrastructure but facilitates communication between platforms. By treating all network resources, regardless of location, as equals, the Men&Mice Suite opens opportunities for migration at whatever pace is comfortable for the business.

How to make the most of Azure with Men&Mice?

Azure provides resilience, scaling, and security, and Men&Mice brings options to resolve obstacles in the forms of migration costs, lack of compatibility between services, and loss of control.

The native Azure Marketplace integration and support for features like Active Directory across multicloud and on-prem resources mean customers can freely move between platforms as needed.

The Men & Mice Suite allows:

  • bulk migration and import into Azure DNS
  • workflow extensions,
  • audit trails and tracking changes,
  • granular, role-based access and delegation,
  • support for multiple subscriptions,
  • use of unified APIs to manage all network data, wherever its kept.

Moving to the cloud made easy

Cloud networking, whether single, hybrid, or multi-cloud, is undoubtedly a sensible business decision. Increased service levels, improved network security, and overall uptime of critical network resources serve as validation.

Men&Mice is devoted to helping customers simplify IP infrastructure management and embrace (multi)cloud networking. Visit us at Booth #807 at Microsoft Ignite, download the Men&Mice Suite from the Azure Marketplace, or reach out to us to learn how we can help you.

The Men&Mice team at Microsoft Ignite 2019

 

Topics: Microsoft Ignite, Azure DNS, azure, Microsoft Azure

Men&Mice @ MS Ignite 2019

Posted by Greg Fazekas on 10/29/19 2:00 PM

Why come and meet us at MS Ignite? Let’s list a few reasons.

We’re recognized Microsoft experts

MS Ignite with its particular bend of focus is like home away from home for us.

Not only have we been recognized for a prestigious award here in Iceland, but in 2019 we've also won the Microsoft Partner Award for Infrastructure Innovation.

Men&Mice turns 30 next year, and from the very beginning we’ve been embedded deeply in Microsoft’s ecosystem. We were the first to offer comprehensive support for Windows Server 2016 (including zone scope and DNS policies) and Azure DNS.

After decades of working with Microsoft, we intend continuing our exceptional compatibility with their software and services. Including “one-click install” on Azure.

Yes, you can try the Men&Mice Suite directly from the Azure Marketplace

It literally takes 5 minutes to set it up.

Evaluate it for free, and see how it can help you optimize and drastically cut down deployment and management time to minutes rather than hours.

Whether you deploy it before MS Ignite and come with questions, or would like to learn more before trying it out, we’ll be happy to answer your questions.

The Men&Mice Suite is valuable for Azure and Windows 2016 environments

The Men&Mice Suite's architecture is designed to intuitively integrate with whatever infrastructure you have or want to have. Whether a pure Microsoft infrastructure environment or utilizing multi-vendor, multi-platform networks.

Thanks to our efforts customers can take advantage of the Men&Mice Suite to gain:

  • Visibility over all DDI operations across on-prem and single, hybrid, and multicloud environments.
  • Audit trails across all changes to DNS, DHCP, and IPAM.
    Granular, role-based access to objects residing with MS servers, services, and cloud subscriptions.
  • Easy and automated migration of data from server to server, or between on-prem and cloud.
  • Reliable and widely compatible APIs to automate and manage all your DDI operations and data.
  • Monitoring of data integrity and usage, such as DHCP scope and subnet utilization.

You can BYOAD (Bring Your Own Active Directory)

Moving from on-prem to cloud or deploying a multi-cloud strategy is not always easy. Existing deep investments in services like AD can prove prohibitive.

The Men&Mice Suite was the first IPAM solution to fully integrate with MS AD, and it keeps boasting exceptional Active Directory synergy into the age of cloud.

  • Synchronization ensures real-time system integrity, allowing and propagating changes through both the Men&Mice Suite or Active Directory.
  • Role-based granular access (both for users and groups), tracking, and auditing fortifies security and boosts administrative efficiency. Users can be authenticated through Active Directory (AD) and use single sign-on (SSO) to access Men&Mice Suite.
  • Global overview and administration of Sites and Subnets directly through the Men&Mice Suite.

Our booth experts at MS Ignite will be happy to assist you in how to preserve your existing AD setup.

You can make it easy to migrate to Azure DNS from another provider

If you’re on AWS or some other cloud service, but visiting MS Ignite to explore Azure, we’re the right people to talk to.

The most appealing features in the Men&Mice Suite for enterprise organizations looking to transition to Azure and Azure DNS from another provider are:

  • Cloud-native integration.
  • Bulk migration or import of DNS zones into Azure DNS.
  • Workflow extensions to automatically tag zones during the migration phase for indicating migration status.
  • Tracking changes, delegating access, and seeing all zones across multiple subscriptions, and managing data through APIs after migration.

We’ll have cool stuff and would love to meet you!

We’ll be at Booth 807 where you can talk to us about DDI and industry insights, get a demo from our experts, and score some sweet Icelandic swag. (Quite literally: our chocolate is second to none.)

To make sure you don’t have to wait in line, click here to schedule a meeting ahead of time.

Topics: Microsoft Ignite, hybrid cloud, Azure DNS, azure, multi-cloud, windows 2016

Change is our constant; innovation is our tradition

Posted by Greg Fazekas on 10/25/19 7:47 AM

This week Men&Mice received a prestigious award, recognized for our accomplishments in innovation.

That doesn’t happen often to the likes of us. We’re nearly 30 years old.

Except it’s the perfect way to describe who we are.

Change is everyone’s constant

As network connectivity became a commodity, pressure grew on our customers managing those networks. Hunger for IP addresses has never been stronger. And companies need DNS and DHCP to manage and support them.

Change is all over the IP infrastructure landscape, and businesses have to rethink their network strategies.

That’s where we come in.

Innovation is our tradition

“Nothing endures but change.” (Heraclitus)

There’s good reason we chose this quote to display on our home page. Our job at Men&Mice is, and always has been, to anticipate changes and solve challenges for businesses.

But we are responsible for enabling change. We do not force it. We position ourselves to be ready when our customers arrive at an inflection point. We did it when they moved from on-prem to multi-prem, from local to cloud, and now from cloud to multi-cloud.

And we’re working to make the next change as smooth as it can be.

(Digital) transformation is (y)our future

Benefit and cost always balance themselves out.

Digital transformation, be it migrating from on-prem to hybrid or multi-cloud or enabling IoT and BYOD practices within the company, come with clear benefits but often muddled and runaway costs. Men&Mice helps companies see and manage those costs as clearly as the resulting benefits are.

The Men&Mice Suite allows for transparency and optimization over any network at any scale. But as an overlay solution Men&Mice doesn’t change the way you run your network: we change the way you see it. No mandatory (and expensive) appliances. No required architecture. We want to make sure you have the freedom to run your networks from wherever you, or they, are.

With this award under our belt and the long-standing mandate to innovate, we invite you to try the Men&Mice Suite for free.

Men & Mice Suite Free TrialBecause being recognized is a great thing, but we have a job to do: changing the way you see your networks.

 

Topics: Men & Mice Suite, DDI, Men & Mice

IPv6 cheat-sheet, part 3: IPv6 multicast

Posted by Greg Fazekas on 10/18/19 8:56 AM

3_IPv6-cheat-sheet

Now that we’ve familiarized ourselves with the IPv6 header and the IPv6 address space, let’s take a look at multicast.

Unicast, anycast, multicast

IPv6 packets can be sent, depending on the intended purpose, in a variety of ways:

  • unicast: used for 1-to-1 communication; it sends the packet to a specific node. (Certain unicast addresses within the IPv6 address space are reserved. See the previous post for details.)
  • anycast: used for 1-to-1-of-many communication; it sends the packet to multiple nodes but only intended to the closest on its route.
  • multicast: used for 1-to-many communication; it sends the packet to multiple nodes.

We’re not covering anycast in detail at this moment, but we can — do let us know if that’s something of interest to you!

IPv6 multicast

IPv6 multicast works by nodes* joining multicast groups by sending Multicast Listener Discovery (MLD) report messages.

(*Little terminology from IETF: node is an interface enabled for IPv6. Router is any node that forwards IPv6 packets that are not expressly addressed to it. Host is any node that’s not a router.)

Multicast groups aren’t constrained by local or global (network) geography. Whether the host is on the local network or on the internet, as long as it’s signaling to join a multicast group, it can receive multicast packets sent to that group.

Any host can be a sender, whether it’s part of the multicast group or not. Only hosts part of the multicast group are receivers. Hosts can join or leave multicast groups dynamically at any time.

IPv6 multicast addresses: FF00::/8

All IPv6 multicast addresses share the prefix of FF00::/8.

  • The first octet is FF (1111 1111). This way you can tell at a glance if an IPv6 address is intended for multicast or not.
  • The second octet defines:
    • the lifetime (0 for permanent multicast; 1 for temporary)
    • and scope (1 for node, 2 for link, 5 for site, 8 for organization, and E for global scope).

The multicast address ends with the interface ID.

Well-known IPv6 multicast addresses

Many IPv6 multicast addresses are well-known to software implementing IPv6, to simplify common routing needs.

ff02::1

all nodes

ff02::2

all routers

ff02::5

all OSPF (Open Shortest Path First) routers

ff02::6

all OSPF DRs (OSPF Designated Routers)

ff02::9

all RIP (Routing Information Protocol) routers

ff02::a

all EIGRP (Enhanced Interior Gateway Routing Protocol) routers

ff02::d

all PIM (Protocol Independent Multicast) routers

ff02::f 

UPNP (Universal Plug and Play) devices

ff02::11

all homenet nodes

ff02::12

VRRP (Virtual Router Redundancy Protocol)

ff02::16

all MLDv2-capable routers

ff02::1a

all RPL (Routing Protocol for Low-Power and Lossy Networks) routers (used in Internet of Things (IoT) devices)

ff02::fb

multicast DNS IPv6

ff02::101

network time (NTP)

ff02::1:2

all DHCP agents

ff02::1:3

LLMNR (Link-Local Multicast Name Resolution)

ff02:0:0:0:0:1:ff00::/104

solicited node address

ff02:0:0:0:0:1-2:ff00::/104

node information query

ff05::1:3

all DHCP server (site)

ff05::101

all NTP server (site)

(Did we or did we not promise a veritable smorgasbord of acronyms?)

More IPv6 coming up!

Next time we’ll be taking a look at IPv4-IPv6 tunneling and the particularities of migrating from IPv4 to IPv6.

After that, we have one last post to cover the remaining sections on our cheat-sheet, including useful Linux commands.

As always, do let us know if there’s a particular part of IPv6 (whether covered in here or not) you’d like to know more about!

Topics: IPv6, IPAM, IP address management

IPv6 cheat-sheet, part 2: the IPv6 address space

Posted by Greg Fazekas on 10/11/19 8:52 AM

2_IPv6-cheat-sheet

Now that we know how an IPv6 packet header looks, let’s take a look at where it goes.

A word (or 2^128) on IP addresses

One of the primary advantages of IPv6 is that its address space is vastly larger than IPv4.

IPv4 has about 4 billion addresses available (mathematically, the practical limit is of course lower) and we’re running out of them, fast. Granted, who would’ve thought back in the day that people would want to assign IP addresses to their toasters. (And even if they didn't, 4 billion addresses don't even cover one device per human being on the planet right now by a long shot.)

IPv6, on the other hand, has a mathematical limit of 2^128 IP addresses. That’s a lot. To be exact, it’s 340,282,366,920,938,463,463,374,607,431,768,211,456 (340 undecillion, 282 decillion, 366 nonillion, 920 octillion, 938 septillion, 463 sextillion, 463 quintillion, 374 quadrillion, 607 trillion, 431 billion, 768 million, 211 thousand and 456.

Say that four times fast!)

To put that into perspective: if you took all the atoms on the surface of Earth, you could assign about a hundred(!) IPv6 addresses to each(!).

Okay, it’s a lot. Is there a point to this math trivia?

Yes!

The IPv6 address pool is impossibly large. Even with the reservations and practical limits, it’s mind-blowingly huge. And smart people at IETF came up with some navigation shortcuts to help our brains cope with managing it, as well as reserving a bunch for specific purposes.

Let’s have a look at those.

Common & reserved prefixes in IPv6 addresses

Because of the huge amount of possible IPv6 addresses, and since the format of IPv6 is 16 hexadecimal values (grouped in eight 16-bit groups) instead of IPv4’s more simple 4 decimal groups, developers of the standard came up with ways to shorten them.

One way is to use ‘::’ when a 16-bit group is all zeroes. Note that when there are multiple groups with zeroes, only the first group will get shorthanded to ‘::’. (Reason for this is the need for shortened IPv6 addresses to be reproduced in their full forms.)

Another useful “trick” is the reservation of special structures for specific purposes:

::/0 default route  
::/128 unspecified address All 128 bits are set to zero. (Like 0.0.0.0 in IPv4.) Used only when a device is first looking for an IP address assignment.
::1/128 loopback address Equivalent to 127.0.0.1 in IPv4. When set as a destination the packet will get immediately routed back to its source and never exits the host. Loopback is useful for testing.
::ffff:0:0/96 IPv4-mapped address Used to help the deployment of IPv6. The last 32 bits contain the IPv4 address, with FFFF (following 5 groups of zeroes) in the preceding group.
2001:1::1/128 port-control-protocol anycast Using this will route the packet to the closest device for address translation. (Such as NAT64 or NAT44.)
2001:1::2/128 Traversal Using Relays around NAT (TURN) anycast The IPv6 address block for use with TURN (a protocol allowing host behind NAT to receive data over TCP or UDP). Known as 192.0.0.10/32 in IPv4.
2001:db8::/32 documentation prefix Used to indicate resources such as RFCs, documentation, books, etc.
2620:4f:8000::/48 AS112 DNS sinkhole servers Used in environments where private IP addresses (ie, not globally unique) may originate DNS reverse lookups to these addresses. While best practices dictate to resolve these queries locally, sometimes they are directed at public DNS, which cannot answer the queries. To resolve this issue, and relieve pressure on the authoritative servers, the AS112 project was created, and this reservation ensures its compatibility with IPv6.
fc00::/7 Unique-Local Addresses (ULA) Prefix to local IPv6 unicast addresses generated with a pseudo-random global ID.
fe80::/10 link-local unicast Equivalent to the 169.254.0.0/16 block in IPv4. Used when the host doesn’t have an IPv6 address assigned either manually or through DHCP.
fec0::/10 site-local addresses (deprecated)

While not an exhaustive list by far, it covers the most often used cases.

More IPv6 coming up!

For sake of simplicity, we’ve split this topic into two parts. The second part, common multicast IPv6 addresses, will be out next week. (And if you thought there were too many acronyms in this one, you’re in for a surprise!)

After that, we have one last post to cover the remaining sections on our cheat-sheet, including IPv4-IPv6 tunneling, and covering useful Linux commands.

In the meantime, let us know if there’s a particular part of IPv6 you’d like to know more about!

 

Topics: IPv6, IPAM, IP address management

IPv6 cheat-sheet, part 1: the IPv6 header & EUI-64

Posted by Greg Fazekas on 10/4/19 9:59 AM

IPv6 is increasingly not an option but a fact of life. We’ve talked about it a lot (and some more and more) but this time we don’t want to discuss the merits or pitfalls of IPv6.

Instead, let’s take a closer look at the IPv6 protocol itself. 

We’ll use our famed IPv6 cheat-sheet (also available as a lens cleaner — visit us at events to score one) as a guide, and examine each section in depth.

Let’s start with, just like an IPv6 packet does, the header.

The IPv6 header

When discussing the IPv6 header it’s inevitable to compare it to what came before:

(Image credit: Wikipedia.)

This is of course the IPv4 header. It’s smaller in size: IPv4 uses 32 bit binary numbers whereas IPv6 uses 128-bit binary numbers. Size matters not, however. Or at least matters less.

IPv6 headers are much less complex:

The IPv6 header is more streamlined: it contains 8 fields, compared to IPv4’s 14 fields.

  • version: 4 bits long, and corresponds to IPv4’s field of the same name. It indicates the receiver the IP version to expect. In case of IPv6 that is of course 6, making this field’s binary value 0110.
  • traffic class: 8 bits long, and replaces IPv4’s ‘type of service’ field. The first 6 bits contain the differentiated services (DiffServ) designation of the packet, and is called differentiated services code point (DSCP). DSCP classifies the type of traffic carried by the packet for quality of service (QoS) purposes. For example, streaming media like video and audio on a conference call can enjoy lower latency than non-critical traffic, such as web browsing. The last two bits are for optional explicit congestion notifications (ECN). ECN can be used to signal congestion on the network by marking it in the IPv6 header. (Instead of dropping packets.)
  • flow label: 20 bits long, and new to IPv6. Useful for real-time applications, it signals the receiving node (routers or switches) to keep packets on the same path as to prevent them from being reordered.
  • payload length: 16-bits long. Contains the size of the payload in octets (remember those?) and can include extension headers. (Extensions headers replace the ‘options’ field known from IPv4.) It’s set to zero when the packet carries a jumbo payload.
  • next header: 8-bits long. It shares its function (and values) with IPv4’s ‘protocol’ field, and as the name suggests specifies the type of the next header.
  • hop limit: 8-bits long, formerly known in IPv4 as ‘time-to-live’. Decremented by one passing each node, and the packet is discarded when the value of hop limit reaches zero.
  • source address: 128 bits long, same function as in IPv4. Contains the IPv6 address of the node originally sending the packet.
  • destination address: 128 bits long, same function as in IPv4. Contains the IPv6 address of the destination node for which the packet is intended.

MAC to EUI-64 conversion

Extended Unique Identifier (EUI-64, because it’s 64-bits long) is a new method with which IPv6 hosts can be automatically configured in DHCP. The conversion is needed because hardware MAC addresses are 48-bits long.

This process is done in three steps:

  1. First the 48-bit MAC address needs to be separated into two 24-bit parts: C0:A1:B2:C3:D4:E5 becomes C0:A1:B2 C3:D4:E5.
  2. Then insert FF:FE between them, making it C0:A1:B2:FF:FE:C3:D4:E5.
  3. Lastly, invert the 7th bit: convert the first byte (C0 in this case) to binary (resulting in 11000000), check the 7th bit (0) and flip it (to 1) and translate it back to hexadecimal (binary 11000010 becomes C2).

The final EUI-64 version of the MAC address C0:A1:B2:C3:D4:E5 thus becomes C0:A1:B2:FF:FE:C3:D4:E5.

More IPv6 coming up!

In the next blog post we’ll continue the examination and explanation of the Men&Mice IPv6 cheat-sheet, and take a good look at the IPv6 address space and the things you can do with it.

In the meantime, let us know if there’s a particular part of it you’d like to know more about!

Topics: IPv6, IPAM

How to explain Network Management to relatives and friends over the holiday (GIFs)

Posted by Greg Fazekas on 4/18/19 8:15 AM

 

Life isn’t always easy for network managers and architects. The C-suite is constantly demanding more efficiency and smoother operations, at low cost. Your colleagues are asking for more user-friendly policies and services. And you have to keep up with an ever-changing landscape of technology (infrastructure sprawl) and its ripples into your domain. (Pun absolutely intended.) Uptime and security are everything. Then, you constantly have to explain to people what you actually do for a living.

Over the holiday weekend, there’s a good chance, in addition to being asked to fix someone’s computer, phone or tablet, you’ll be asked “what is it you do again?”

How do you illustrate what you do? Maybe it’d be a lot easier to explain being a fireman, astronaut, or brain surgeon? We've pulled together some helpful GIFs to make this conversation more efficient. 

 

 

via GIPHY

Enter Ralph Breaks the Internet. (holiday movie idea!)

If ever there was an indicator that networking has permeated our everyday lives it’s an animated family movie centered around it. Some concepts are so fundamental to modern life that we aren’t even consciously thinking about them anymore.

ICYMI: Released in the fall of 2018, Ralph Breaks the Internet provided the subtext and pop culture references we all needed, while depicting basically your everyday.

 

 

via GIPHY

From the moment Ralph and Vanellope slide down the wire, to the hilarious popup advertisers and the wonderfully subtle depiction of DNS —  most every aspect of your job comes to life in a tangible, easy-to-explain-to-relatives way, every aspect of the complexities of networking in a network-driven world.

 

via GIPHY

DNS isn’t specifically named in the movie, but there are plenty of references. Knowsmore, although depicted as a search engine, certainly has his business rooted (see what we did there?) in being a DNS server of sorts. For instance, when Vanellope and Ralph decide to go to Ebay, they were automatically routed to their destination.

Ralph Also Teaches us DDoS

But if you had to showcase just one thing about your work, it could be how you have to prevent DDoS attacks against your company’s network — essentially how you have to be the hero against a million or billion Ralphs.

Explaining DNS to anyone, particularly to people not in networking (and let’s face it, even some people IN networking don’t really get DNS), is easier when you can point to the colorful transport GIFs from an animated movie. Grasping the concept of a botnet or a crippling DDoS attack is more memorable when it’s an ever-replicating bunch of clones of a funny character like Ralph. And you do get malware by clicking unscrupulous links.

tumblr_pgyjbw4Wy01s40634o6_540

via 'Disney' on Blogberth

DDoS is essentially the towering Ralphzilla of mindless objects with a single goal. Exploiting vulnerabilities in web servers, they overwhelm the system with a repeated, single query. Not only is this meant to disrupt user experience, more sinister objectives may be in play, such as bringing down firewalls.

We’ve talked a lot on this blog about DNS education. Education for both professionals — training, if you will — and for everyone, in order to understand new technologies and challenges affecting our businesses. Knowing why and how insecure networks are a liability and how important it is to defend against malicious attacks that can wreck the internet is useful for everyone.

The movie exaggerates concepts to either serve the plot or get a laugh. But the foundation for showcasing how networks and the internet work (or occasionally don’t work) is solid.

tumblr_p9ta2xlRol1tfb0neo2_540

via 'Disney' on Blogberth

Come this holiday (provided you don’t have to work because of some real-world Ralph threatening your company’s network) sit down at the family dinner, armed with GIFs and your favorite streaming service, to explain what you do and why.

And since it is a holiday weekend, here's a blog about all of the Ralph Breaks the Internet Easter Eggs. 

Image credits:Not a Real Company Productions and Disney via Giphy and Blogberth

Topics: DDoS, Disney

Doing DNS better: DNS (and BIND) Training with Men & Mice

Posted by Greg Fazekas on 3/27/19 11:49 AM

DNS is the core mechanism of the internet. And, as all technology does, it keeps evolving and changing, even if its primary function hasn’t changed all that much. DNS makes networks work, but in turn we have to make DNS work.

Because it’s so critically important to networks, DNS is also a prime target for attack. With the Internet-of-Things bringing online hundreds of thousands of devices every hour (!) of every day, the attack vectors for malicious elements are multiplying exponentially. And beyond DDoS striking fear in every network manager’s heart, the most constant threat to any network still remains the most basic one: easy-to-miss configuration errors.

Safeguards from smart vendors (like our own xDNS Redundancy™) help protect against DNS errors and DNS attacks such as DDoS. Training your staff protects against human error. Learning how to configure, manage, and defend DNS effectively yields both obvious and unexpected benefits to any business’s network. If you want to keep your critical business infrastructure running smoothly,  your network staff needs to be able to grasp DNS from every angle.

That’s where we come in.

Learn DNS with Men & Mice

DNS_DNSSEC_BINDtraining

 

Men & Mice has been offering DNS training for 20 years, since 1999. Our training program has educated students throughout the birth and boom of the internet. We’ve played a critical role in strategy and management of network growth all along.

Having a comprehensive training program that allows entry for any knowledge level is instrumental, as we know students seek out our courses with various objectives in mind. Courses are designed to provide both a renewed examination of existing knowledge, with new best practices, to expert students as well as  fundamental, practical information for beginners.

New call-to-action

A new and improved courses - for everyone39

How we teach DNS is constantly evolving, in sync with innovations in DNS technology. For example, our courses have been augmented with new security and monitoring materials, new sections on RPZ, RRL, DNS Cookies and dnstap. All these sections include laboratory exercises for hands-on experience.  Other brand new material covers minimal ANY, DNS looking glasses, and packet capture (passive replication). We have added additional quizzes and several new labs, such as challenging debugging labs.

So which course is a perfect fit for you?

If you’re new to DNS, we recommend the DNS & BIND Fundamentals (DNSB-F) program. It’s part of the DNS & BIND Week (DNSB-W) and serves as a shorter introduction to the world of DNS and BIND.

If you’re already familiar with the basics, the full five-day DNS & BIND Week (DNSB-W) course takes you deeper into DNS, including  a heavy emphasis on security, stopping just short of DNSSEC (for which we offer a separate course).

For those looking for even more, we offer the DNS & BIND Advanced (DNSB-A) program. The DNSB-A gets into the full depths of DNS and BIND with topics such as

  • new ISC binary releases for Linux distributions that were added last summer,

  • the change to dnssec-keygen beginning in BIND 9.13,

  • catalog zones,

  • packet capture (passive replication),

  • and more.

And for those of you curious about whether the BIND training addresses the most recent versions of BIND:  Both DNS & BIND Fundamentals (DNSB-F) and DNS & BIND Week (DNSB-W), as well as the DNS & BIND Advanced (DNSB-A) course have not only been updated to 9.11, but also addresses changes in 9.12 and 9.13.

DNS training for the real world

Our instructors and program coordinators value comprehensive, practical teaching methods. As such, our course materials are decidedly not "animated user manuals" - they cover DNS contextually, with real-world examples and hands-on labs. As one of our recent students put it:

“I was very impressed with everything about Men and Mice. The communication, the facilities, the instructor, the material. Everything about my class was really awesome, knowledgeable, and engaging. They never let us just sit there, always brought us into the lesson, and also gave great examples to help us understand concepts. I would take any class they taught.” (Michelle Boyd, Systems Engineer, Southwest Airlines)

Upcoming course dates include courses offered near Denver, Colorado in April, as well as Gdansk, Poland and Reston, Virgina, in June. We're also adding courses for Fall 2019 across North America (US, Canada), Ireland, The Netherlands and Switzerland. Stay tuned for more details.  To learn more about the Men & Mice Training Program and see what’s available in your neck of the woods, visit https://menandmice.com/training.


 

Topics: BIND, DNS training, ip infrastructure

2019’s word of the year: multicloud (connectivity)

Posted by Greg Fazekas on 2/22/19 9:57 AM

It’s a multicloud world. (We’re just managing it.)

Whether you want to spell it multi cloud (with a space), multi-cloud (with a dash), or just ditch all of that and go full-on conjoined “multicloud”, the fact remains that multicloud utilization is on every business leader’s lips.

Whereas before enterprises viewed migration to the cloud as a distant possibility, the focus has now shifted entirely. Increasingly data intensive applications and services require that they speed up their digital transformation, and to stay competitive, explore the benefits of migrating their data, services and applications not only into one cloud, but many clouds.

Competing cloud infrastructure offerings, such as AWS and Azure, provide enterprises with undeniable benefits. Network availability, for instance, can more readily be optimized as workloads can be switched between vendors in the event of a localized failure. At the same time, utilizing one, or many clouds, also presents new challenges to network management.

How do you maintain multiple networks on multiple cloud platforms, each with their own means and methods of running their cloud environment?

In comes multicloud connectivity.

Multicloud connectivity is the software-defined, invisible layer of abstraction that takes care of communication between different (and often incompatible) vendors, platforms, and implementations (on-prem, hybrid, private, or public).

As digital transformation journeys are becoming more and more streamlined and less and less experimental, it helps network managers to consider the emerging best practices around multicloud connectivity.

Multicloud ways and woes: playing nice with each other

Organizations can and should take charge of picking services aligned with their cost-benefit vectors. From SaaS applications like Salesforce, Office 365, or Google Drive, to raw computing and storage infrastructure resources, most everything is delivered from the cloud. But that also means more moving parts, which can lead to possible service degradation.

Best practice: Cloud vendors aren’t motivated to play nice with each other, so it falls to organizations to plan for and implement multicloud connectivity in their cloud adoption strategy.

Multicloud ways and woes: security

In the charge to the cloud, there has been a huge focus on security for storage and computing resources. However, there hasn’t been a similar awareness of network vulnerabilities - and with multicloud re-defining networking it’s especially timely to pay attention to security now.  

Best practice: Beyond smart planning of networking strategies, multicloud connectivity helps to address the challenges posed by threats to network availability.

Multicloud ways and woes: disaster recovery

When disaster strikes,, cloud services are well-positioned to keep a business up and running regardless. DDoS attacks or simple human error disrupting everyday operations don’t need to  cause a total shutdown of an organization’s network. Building contingencies seem simpler in the multicloud, but disaster recovery can also put an increased strain on the network, particularly if network managers have to struggle with vastly differing operational requirements in different cloud environments.

Best practice: With such a critical role to play, networks need to rely on strong,  functional connectivity between multiple cloud environments to strengthen them.

Multicloud connectivity and the Men & Mice Suite

Multicloud makes connectivity not only crucial but defining. As a company focused on networking solutions, Men & Mice is excited about this unique emphasis on networking itself.

The Men & Mice Suite is a hybrid and multicloud DNS, DHCP, and IP Address Management solution. It’s been built to provide the multicloud connectivity by being widely compatible, secure, and reliable.

It’s software-defined. The connectivity layer provided by the Men & Mice Suite depends on no set architecture or infrastructure and requires no single-point-of-failure hardware.

It’s compatible. API-driven and backend-agnostic, the Men & Mice Suite simplifies programmatic control and automation across multiple cloud vendors.

It’s secure. The Men & Mice Suite extends the enterprise-grade security over the connectivity layer, allowing for audit trails, role-based access controls, and migrating existing security policies to the cloud.

It’s fault-tolerant. Customers can rest easier as the fall-out from human error, DDoS attacks and cloud service outages can easily be mitigated by the Men & Mice xDNS Redundancy™ feature.

Hybrid multicloud IP management

With the upcoming release of version 9.2, the Men & Mice Suite improves on its already best-in-class solution. From deep AWS and Azure integration to the flexible web application, developing the Men & Mice xDNS Redundancy™ for added security and reliability, we’ve made multicloud DNS, DHCP, and IP Address Management even better and ready to deliver on the need for connectivity.

Men & Mice Suite Free Trial

 

Topics: DNS redundancy, multi-cloud, multicloud

Why follow Men & Mice?

The Men & Mice blog publishes educational, informational, as well as product-related material for everyone and anyone interested in IP Address Management, DNS, DHCP, IPv6, DNSSEC and more.

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all