The Men & Mice Blog

Men & Mice

Recent Posts

The Men & Mice Guide to RIPE-javik

Posted by Men & Mice on 5/15/19 7:40 AM

RIPE 78 is barely a week away! We feel it's our duty, both as locals to the city and as sponsors to the event, to compile a guide to help you make the most  of your stay.

ripe

What to attend at RIPE

You're coming to attend sessions and talks at RIPE, so let us start there. There'll be an excellent lineup of speakers, making it hard to choose. May we suggest starting with Carsten Strotmann?

Carsten has been supporting customers with Unix and PC/Windows networks in Germany and abroad for more than 27 years. His specialties are Unix systems, DNS, DNSSEC and IPv6 security. He's a trainer in the field of DNS/DHCP/IPv6/Linux/Unix security for Internet Systems Consortium (ISC), Linuxhotel and Men & Mice. He also is the author of various articles on IT security topics in specialist magazines.

Carsten will give two talks at RIPE:

  1. Unwind, a Validating DNS Recursive Stub-Resolver: a short introduction on what unwind(8) is, and how this always-running, validating DNS recursive nameserver on OpenBSD can help to secure DNS name resolution for mobile devices and laptops in hostile public networks.
  2. Overview of the DNS Privacy Software landscape: new DNS privacy protocols have sparked a number of new open source software tools that make use of DNS-over-TLS and DNS-over-HTTPS - however, functionalities and software quality differ greatly. This talk will give an overview of available tools, the functions they provide and their availability on popular operating systems and also a brief look on missing pieces in the DNS privacy software landscape.

Apart from the Plenary and BoF (Bird of a Feather) Sessions and Tutorials, RIPE78 features no less than 10 Working Group sessions, on DNS, IPv6, IoT, Open Source, Anti-Abuse and more.

Talks and sessions not to be missed include:

  •        Tutorial by Enno Rey on IPv6 Security for Enterprise Organisations (Monday, 20 May)
  •        The plenary session dedicated to current DDoS threads and how to mitigate them (Tuesday, 21 May),
  •        High Performance Traffic Encryption on x86_64 (Max Rottenkolber), part of the Open Source Working Group Agenda (Wednesday, 22 May)
  •        IPv6 reliability measurements (Geoff Huston) and Large-scale Deployment of IPv6-enabled Wi-Fi Hotspots (Enno Rey) – both on Thursday, 23 May
  •        Revisiting the Root (David Hubermann, ICANN), Long-Term Active Measurements for DNS Research, and That KSK Roll (Geoff Huston) – all on Tuesday, 21 May

Diversity engagement: Women in Tech Panel at RIPE78

Sponsored by Netflix with additional support from Men & Mice and WomenTech Iceland, RIPE78 will also host a Women in Tech diversity panel discussion on the 21st of May, on which our own Paula Gould will join panelists from GRID, WuXi NextCode and Lady Brewery.

Paula is the Head of Brand & Communications for Men & Mice, and has worked with IT companies for over 15 years on go-to-market, growth, and brand strategies. She founded WomenTechIceland, and has been deeply involved in notable international women-in-business and women-in-tech initiatives for two decades.

women in tech ripe

After hours: making the most of RIPE-javik

Good times don't stop at the end of the official schedule. We’ve compiled seven useful tips to make your stay during RIPE78 as pleasant as possible. (And also financially sensible.)

  1. Leave your umbrella: OK, maybe not if it’s Cisco, but if it’s one of those hand-held thingies, you may want to just let it go. There can be unexpected gusts of winds, and unless you want to re-enact Mary Poppins, there are other better (and warmer) ways to get around.
  2. Entertainment: If you want to have a good laugh at the end of a long day of DNS and IP addresses, the Secret Cellar does comedy in English every evening in a cellar on Lækjargata, smack in the middle of downtown Reykjavík.
  3. Non-alcoholic beverages: An indisputable must in almost every Icelander’s daily life is coffee: the stronger, the blacker, the better. And if you’re feeling out of sorts on your visit, why not coffee and a cat? The Cat Café, home of outstanding coffee and four-legged creatures, offers you just that.
  4. Alcoholic beverages: If coffee is not your thing, beer easily rates as the other staple Icelandic beverage. Icelanders have caught up quickly since the lift of the beer ban in 1989: these days, everyone and their brother is making their own. Micro-breweries are literally on every other corner and these bars offer an excellent selection.
  5. Hands-on fun: Beyond food and drinks, there's much else to be enjoyed in Reykjavik. You definitely can’t go wrong with karaoke Wednesdays at Sæta Svínið (The Sweet Pig) Gastropub, or Monday’s Ping Pong Tournament in "Miami". (The one on Hverfisgata, not Florida. But complete with tropical décor and cocktails to match.)
  6. Volcanic gifts: Iceland's so rife with geothermal water that we use it to heat not only our homes, but also our pavements and driveways. We love our water. And you haven’t really been to Iceland until you’ve shot the breeze with the locals in a ‘hot pot’ at one of the many public pools scattered around the country. (Note: to enter the pool area, you are required to shower naked and wash all the right spots thoroughly and with soap.)
  7. More about water: You're quite safe to drink the water from the tap in your hotel and don't hesitate to ask for tap water in restaurants. It’s pure, tastes fantastic and doesn’t cost you a krona. Bring a refillable water bottle for refreshing hydration no matter where you go.

See you at RIPE78 (come say hello to us in person or on social media) and have a great stay in Iceland!

Topics: DNS privacy, RIPE 78, Women in Tech

Men & Mice welcomes RIPE 78 to Reykjavik

Posted by Men & Mice on 5/9/19 10:42 AM

We are developers who build software for network infrastructure people. And not just any network infrastructure, but the most fundamental parts: DNS, DHCP, and IP address management.

For that reason, and for many more, we’re more than excited to welcome RIPE 78 to our home in beautiful Reykjavik, Iceland in May this year. (Forecast is balmy and warm expected to showcase all seasons every 15 minutes or so. 🙃)

What is RIPE?

RIPE NCC is one of the five Regional Internet Registries (RIRs) dealing with the network of networks: the internet. An independent, not-for-profit membership organisation, RIPE NCC serves Europe, Central Asia, Russia and West Asia and provides internet resource allocations, registration services and coordination activities that support the operation of the Internet globally.

Formed in 1992, RIPE NCC now supports more than 12,000 members in 76 countries in its service region.

ripe map

RIPE NCC holds two General Meetings a year, where members convene to discuss a wide range of subjects related to keeping the internet up and running.  

Men & Mice @ RIPE 78

This year, for the first time ever, RIPE NCC is coming to Iceland. It’s a match made in heaven: RIPE members’ knowledge and insight meet Iceland’s’ long-running expertise in all things computing, including networks, cloud technology, and software development.

Of course, this being not only our home ground geographically, but also professionally, Men & Mice is a proud sponsor of RIPE 78 and will be participating on a number of levels.

Long-time readers of our blog will recognize the name of DNS expert Carsten Strotmann, who has previously published RIPE reports, and who has worked with Men & Mice for many years on a number of initiatives (and from time to time hosts webinars, blog posts and training sessions with us).

This time around, Carsten will not only give two talks on behalf of Men & Mice at RIPE78, but also provide you with updates on what happens at RIPE on a daily basis.

Here’s a small taste of what hot topics are waiting to be discussed at RIPE 78:

  • current DDoS threads and how to mitigate them
  • review of the 2018 DNSSEC KSK Roll in the Root Zone and the February 2019 EDNS "Flag Day"
  • IPv6 reliability
  • large-scale deployment of IPv6-enabled Wi-Fi hotspots
  • high-performance traffic encryption
  • roundtable discussion on the role of open-source in industry hackathons
  • tutorial on IPv6 security for enterprise organizations

Diversity engagement: Women in Tech Panel at RIPE78

Sponsored by Netflix with additional support from Men & Mice and WomenTechIceland, RIPE78 will also host a Women in Tech diversity panel discussion on the 21st of May, on which Paula Gould, our Head of Brand & Communications will join panelists from GRID, WuXi NextCode and Lady Brewery.  Learn more here: https://ripe78.ripe.net/diversity/women-in-tech-session/

women in tech ripe

Topics: RIPE 78, Women in Tech

Men & Mice @ Cisco Live 2019: Hybrid and Multicloud Transition

Posted by Men & Mice on 5/3/19 12:01 PM

 

Men & Mice @ Cisco Live 2019

menmice_clus2019_2234Like with previous years, Men & Mice will return to Cisco Live in San Diego, June 10-13, 2019.

Cisco solutions are a staple of the networking world. Their hardware and software services are present in almost every enterprise, creating security and efficiencies for almost every aspect of network management. They’re also a treasure trove of research and know-how, which is why so many of today's large-scale organizations continue to rely on Cisco (and Men & Mice). 

Cisco Live events are a must-attend for anyone making decisions about network innovations and transformations. 

Network growth, fueled in part by the Internet of Things and Edge computing that permeates nearly everything in our world (and soon, out of this world), is dependent on innovations to both on-premise and cloud solutions to increase resilience and uptime.  Cloud's accelerated adoption rates can likely be attributed, in part, to its maturity, meeting the strict regulations of enterprise-grade businesses, enabling implementation of nimble hybrid and multicloud infrastructure strategies to be fast-tracked.

Adding a highly compatible network overlay software, opens significant opportunities for network managers and architects to use the best-in-class services that are right for them, while leveraging the native features in both their on-premise and cloud solutions, gaining more out of their investments and positioning their network for future transition and innovation. 

Join us for our Best Practices Think Tank Session

Monday,  June 10 2019 at 3:30pm PDT

This year at Cisco Live, Paul Terrill, Men & Mice’s Director of Sales Operations, North America, will also take to the Think Tank stage to discuss New Best Practices for Future-Ready Hybrid and Multicloud Network Strategies. This session will explore new best practices and the advantages to adapting hybrid network strategies to take advantage of service-native features in all IP infrastructure solutions, whether on-premise, cloud or multicloud.

Beyond our talk, Cisco Live is also a great opportunity for us to connect with customers, old and new, and catch up on discussions with the most prominent minds of our industry.

Click here to find out more, or book a time at Cisco Live that suits you for meeting up with sales engineers from Men & Mice. Alternatively, just stop by booth #2234, any day from June 10th to June 13th, and stock up on great networking. (And nice goodies!)

 

Topics: Cisco Live

The ABC's of DNS: a select glossary from the Men & Mice training archives - Part 1

Posted by Men & Mice on 4/26/19 9:43 AM

As you’ve probably discovered by now, we have an honest passion for teaching and training. For the past 20 years, Men & Mice has been offering DNS and BIND courses across the globe. Always updated and always practical, from the start we've constructed classes to address real world challenges and solve problems that our students actually face.


Beyond this series, you can also catch us in person (outside of the training courses): we’re really proud to be sponsoring RIPE78 in Reykjavik next month!

In addition to the diversity programming, we’ll also be giving two talks, presented by Carsten Strotmann, about DNS privacy and Unwind.


And the onslaught of new challenges never stops. Public and private networks. Cloud and on-prem resources. Hybrid and multiclouds. Privacy, security, efficiency.

Being on top of our game means constantly learning.

In this new series, we'd like to give you a small taste of the Men & Mice training courses. Organized alphabetically, we'll cover a glossary of select tips, tricks, and trivia that will deepen your understanding of DNS and BIND.

Without further ado, let's get started - we have a whole alphabet to cover.

A is for "anonymizing IP addresses in logfiles"

Anonymizing IP addresses is a handy trick to know, with (DNS) privacy features often requested and businesses becoming increasingly liable for traffic to and from their servers.

ipv6loganon is a Linux command line tool for anonymizing IP addresses in HTTP server logfiles. By default your webserver (be it Apache, nginx, or something else) logs every connection.This is useful for diagnosing connection issues or find malicious actors - but during normal operations it's also a liability from a privacy standpoint.

You can type man ipv6loganon in your server terminal to see all the options. Run it as a cron job or automate some other way.

B is for "BIND features roundup"

BIND is a fantastic suite of software. Whether you consciously use it or not, it's one of the most fundamental pieces in almost any network puzzle (that's why our most popular training course is titled "DNS and BIND").

Lot of people are surprised just how many tools BIND offers. For example:

  • dig is the Swiss Army Knife of network tools. So much so, that we'll be giving it its own entry at the letter 'D' in the next post. In the meantime, read man dig in your terminal, and learn to love it.
  • delv can be used to verify DNSSEC trust. It's as easy as typing delv +v www.domain.com.
  • named-checkconf -z can be used to test manual changes to DNS zonefiles.
  • dnstap is a faster alternative to query logging. (During the training courses we go deep into how to use it.)

BIND also comes with a host of security features like DNS cookies, Response Policy Zones, Response Rate Limiting, and more. The DNSB-W and DNSB-A courses cover these in detail.

C is for "catalog zones"

C is not just for cookies, but also: catalog zones. Catalog zones are special DNS zones, used to quickly propagate DNS zones from master to slave servers. Slave servers use catalog zones to recreate member zones, and if any changes occur "upstream", they're also synced across slaves using the catalog zones.

Use catalog zones for redundancy, so if your slave servers go out of commission for any reason, you can resume normal operations by quickly spinning up backups.

Want to learn more?

In this DNS glossary series, we focus on just a handful of concepts in each post. Bite-sized, they're but the tip of the iceberg. Our training program is where all of these concepts come to exist in the right context - and you get to try your hand at putting newly learnt skills in action.

  • If you’re new to DNS, we offer the DNS & BIND Fundamentals (DNSB-F) course. It’s part of the DNS & BIND Week (DNSB-W) and serves as a shorter introduction to the world of DNS and BIND.
  • If you’re already familiar with the basics, the full five-day DNS & BIND Week (DNSB-W) course takes you deeper into DNS, including a heavy emphasis on security, stopping just short of DNSSEC (for which we offer a separate course).
  • And if you're looking for even more, we offer the DNS & BIND Advanced (DNSB-A) program, getting into the deep end of things.

Check out our training calendar for 2019, and reach out to us with any questions. 

Topics: IT best practices, DNS training, RIPE 78

DNS Privacy: DNS-over-HTTPS

Posted by Men & Mice on 4/16/19 5:24 AM

DNS-over-HTTPS (DoH for short) is a standard developed by the IETF (under the RFC 8484 designation) to solve privacy concerns in DNS communication.

DNS Privacy: a primer

As we’ve talked about before, using DNS has been done in cleartext: the queries and responses between both the end user (applications, or stub resolvers, such as a browser) and the (first-hop) DNS resolver and the resolver and the DNS nameserver(s) are unencrypted by default.

While DNSSEC extensions were developed early on, they only added response integrity and not privacy. As IETF states, “either privacy was not considered a requirement for DNS traffic or it was assumed that network traffic was sufficiently private.

In recent years, however, that changed. Privacy has become a central concern and addressing it has spawned numerous solutions, such as DNS-over-HTTPS (DoH).

DNS-over-HTTPS

DoH conducts DNS operations using secure http urls and mapping DNS queries and responses into http exchanges, using default media formatting types.doh

While DoH uses existing protocols for communication, the IETF emphasizes that “[The] described approach is more than a tunnel over HTTP.” Aligned with existing http features, DNS servers and clients supporting DoH are called ‘DoH server' and ‘DoH client’ respectively, as they can be used for more than only DNS.

While DNS-over-HTTPS and DNS-over-TLS are colloquially used as different protocols, because DoH uses https it also includes TLS security. The key difference between DoH and DoT is the manner in which DNS operations are conducted.

DoH in action

DoH clients are configured with a URI template containing the url structure for DNS resolution. The client then uses a GET or POST method to send an encoded DNS query.

DNS-over-HTTPS uses standard https traffic (via port 443) to communicate. Because DNS communication is done through standard https methods and resides within https traffic, overhead for DoH is low.

DoH challenges

DNS-over-HTTPS is a newer protocol than DNS-over-TLS. DoH has had less testing and research than DoT, but because it aligns with https as an underlying transport protocol, it is less susceptible to issues other than those associated with https itself.

DoH, though still young, has successfully leveraged the existing ecosystem of native web applications and APIs. It can create more efficient (and private!) communications with DNS.

Arguments against DNS-over-HTTPS (in its current form) stem more from operational considerations. Whereas DoT can be controlled because of its use of a single and unique port, DoH is almost impossible to control or filter.

DNS privacy (DoH, as well as DoT and other solutions) is a good representation of the operational shifts network managers and architects face. DNS-over-HTTPS in particular is a solution born from a public networking mindset. Traditional corporate network operations that are increasingly dependent on cloud services and experience an influx of connected devices through IoT and BYOD, have to re-adjust.

But DNS privacy also means that the opportunity for corporate network managers and architects is more pertinent than ever before. DoH, DoT, and other solutions are young and still forming. Whereas the question before centered around ‘adoption’ of protocols, these new technologies offer a chance to ‘influence’. Ongoing participation in the conversation and debate over the merits and shortcomings of each is necessary.

Additionally, pilot programs, particularly those run in regulated, corporate environments, are invaluable to both the developers of DNS privacy solutions as well as the network managers and architects who will be charged with implementing it.

Topics: DNS privacy, DNS-over-HTTPS

DNS privacy: DNS-over-TLS

Posted by Men & Mice on 4/10/19 11:05 AM

DNS-over-TLS (DoT for short) is a standard developed by the IETF (under the RFC 7858 designation) to solve privacy concerns in DNS communication.

DNS Privacy: a primer

As we’ve talked about before, until recently,  DNS has been done in cleartext: the queries and responses between both the end user (applications, or stub resolvers, such as a browser) and the (first-hop) DNS resolver and the resolver and the DNS nameserver(s) are unencrypted by default.

While DNSSEC extensions were developed early on, they only added response integrity and not privacy. As the IETF states, “either privacy was not considered a requirement for DNS traffic or it was assumed that network traffic was sufficiently private.

In recent years, however, that changed. Privacy has become a central concern and addressing it has spawned numerous solutions, such as DNS-over-TLS.dot

DNS-over-TLS

DoT approaches privacy by encrypting DNS queries and responses between entities (predominantly between the stub resolver and the first hop resolver) using TLS (Transport Layer Security).

DoT uses a standard port (853) to initiate and accept DNS queries. It is possible to use a mutually agreed different port, but it is not the default. Once the connection is made, a TLS handshake is attempted, and after authentication the encrypted DNS communication can commence.

DNS servers supporting DoT are not accepting unencrypted data on the designated port, neither during session initiation, nor after a failed TLS authentication.

DoT overhead

Computers are powerful and efficient, but not without limits. DNS-over-TLS adds latency to DNS operations that needs to be accounted for and minimized.

DNS clients are required to adhere to a certain field length (two octets) and it is recommended to keep established, but idle, connections alive to the server. Another way to minimize latency is to pipeline multiple queries over the same TLS session. In this case, it’s the DNS client’s responsibility to match responses to queries, as they may arrive and be answered out of order.

Keeping established connections alive helps distribute the connection setup costs. Misconfigured handling of idle connections can lead to denial of service issues.

Flavors of DoT

DNS-over-TLS can be used in various ways. The IETF standard identifies opportunistic and Out-of-Band Key-Pinned privacy profiles.

Opportunistic privacy profile means the client recognizes a TLS-enabled DNS resolver and attempts to use it. If it successfully validates it, DNS-over-TLS may be used, but isn’t mandatory and the client can fall back to non-encrypted DNS.

Out-of-Band Key-Pinned privacy profile is usable where the trust between stub and recursive resolvers is already established. Enterprise DNS is one good example. With this profile, DNS clients authenticate servers by a set of (previously distributed) SPKI Fingerprints.

DoT pros and cons

DNS-over-TLS addresses privacy, but not the security of DNS operations. It is important to note that DNSSEC and DoT are not mutually exclusive, but rather compatible protocols that complement each other.

DoT is a straightforward protocol, and fairly easy to implement. TLS authentication is a mature, trusted, and well-maintained technology for encryption. But DNS-over-TLS also presents a number of challenges and concerns.

Attacks against TLS itself, such as protocol downgrade, affect DNS-over-TLS. DNS resolvers offering DoT have to be aware and be patched against TLS vulnerabilities. DNS clients can, in order to defend against person-in-the-middle attacks, discard cached data from a server stored in cleartext.

DoT isn’t fully protected against traffic analysis and SNI leaks. (Although it is in constant development to patch these vulnerabilities.) Split horizon DNS, where the DNS response may be different based on the source of the query, is also known to experience issues when used with DoT.

Network managers for both private networks and public services need to learn more about DNS privacy, DoT (and DoH and other implementations), and the solutions, and challenges, they present for their work. Education about these protocols is also important for end users — both for owning their privacy and to avoid issues resulting from unintentionally harmful configurations brought to a network.

DoT, DoH, and other protocols are in constant development, offering ways to influence their evolution. All network managers and architects, whether they’re running public or private infrastructures, should participate in pilot programs to discover and best voice and address their challenges and requirements.

Topics: DNS-over-TLS, DNS privacy

Privacy, security, and DNS: DoH & DoT

Posted by Men & Mice on 4/3/19 12:04 PM

 

 

In a world where digital privacy, whether due to concerns over surveillance or questionable use of data, is increasingly pivotal for customers and businesses alike, unsecured transmissions are simply not acceptable.

Surely DNS, the most fundamental building block of any network, is all good and set, yes? Well, let’s take a closer look.

DNS: connecting people to machines since 1983

The original standard of DNS dates back to 1983. Since then a lot of DNS queries have ‘passed’  under the (proverbial) network bridges.

A basic DNS query-response resolution process looks like this:dns-1

Spot the problem?

Looking at the communication that’s taking place in resolving even the simplest of DNS queries, there’s a whole lot of action going on -- which can lead to issues in security and privacy. One that stands out almost immediately is that the queries and responses  are in cleartext. It’s not hard to imagine a suitable man-in-the-middle attack rerouting the user to a malicious destination.

Early on, DNSSEC was created to prevent such incidents. By establishing a chain of certificates for nameservers, DNSSEC was intended to spread trust across networks.dnssec

It did not, however, change the fact that the communication is still sent in cleartext. (Also, DNSSEC adoption is about 20% and only about 3% in the Fortune 1000.)

What are we doing to resolve (pun not intended) these issues?

Two ways to secure DNS queries which are currently being explored by, amongst others, the IETF, are  doing DNS over TLS or HTTPS.

  1. DNS-over-TLS (DoT)

The user connects to the DNS resolver through a dedicated port (853). With a strict DoT it will not use any other connection, while when using an opportunistic DoT, it will take the secure port if offered, but if not, it will connect unsecured anyway.dot

The main weakness of DoT is its limits: it only addresses encryption on a system resolver level and works only on one port. Target the traffic between the resolver and the nameservers or block the port and DoT is over. It can also break split horizon DNS and spawn Server Name Indication (SNI) leaks. (TLS 1.3, however, proposes encrypted SNI.)

  1. DNS-over-HTTPS (DoH)

With DoH, web applications access DNS using existing browser APIs and DNS traffic is mixed in with regular HTTPS traffic.doh

The major challenge for DoH is adoption. Beyond manufacturing latency, it makes securing DNS less transparent and manageable: organizations need to solve new challenges.

YOU get a secure DNS, and YOU get a secure DNS, and…

There’s no one protocol to rule them all, nor is there a need for only one. (Although the number of protocols involved with networks can be seen as daunting -there are 8571 RFCs as of this writing.)

To make a long story short, both DoT and DoH aim to make networks safer. As such, both have their advocates, divided fairly logically by the context in which they work best:

  • on-prem private networks are generally more likely to support DoT; not surprisingly, as it provides more control and visibility that’s suited to a limited (however large) network context.
  • those developing cloud-based networking solutions, on the other hand, gravitate toward DoH; they can make their applications more efficient by leveraging the existing HTTPS ecosystem and pioneer new technologies like Server Push or resolveless DNS.

Both have their strengths to emphasize and their weaknesses to address.

Where do we go from here?

DNS is no small technology, and things tend to go slow. Both DoT and DoH are fairly young technologies. As with any other technology, we simply cannot predict the challenges they’ll invite.

What we can do is evaluate and discuss.

Whether we talk about censorship or protection of society from harmful content, whether it’s the liabilities born from DNS vulnerabilities  or the GDPR, there’s much to debate. On the other hand, technology also keeps progressing independent of such discussions, altering the course of the conversation.ripe

One such place for these debates is RIPE. Men & Mice will be at RIPE 78 in Reykjavik 20-24th May, joining ISPs and other network operators to discuss the future of networks. (And, of course, to change the way the world sees networks.)

In the meantime, you can follow our blog and social media in the coming weeks to learn more about DoT, DoH, and other ways to secure your networks, and join the conversation.

New Men & Mice Suite Reporting Module: Cut through data congestion with a reporting superhighway

Posted by Men & Mice on 3/20/19 8:23 AM

Reports management is critical in any enterprise-level organization. Knowing who did what, when, and why — even, and especially, after months or years — is invaluable for regulatory requirements, transparency, and a clear line of responsibility. Having a good handle on reports also helps managers to identify notable efficiencies or worrying weaknesses in existing processes.

The benefits of reliable and usable reporting affect the entire business, from IT to C-Suite. Decision makers on all levels need to track available assets and spot workload trends that affect them; clear and transparent reporting can expose security vulnerabilities or reveal human error before they cascade into catastrophe; and business decisions benefit from comprehensive data deepening the understanding of what changes are needed.

Reporting has always had a presence within the Men & Mice Suite, but from version 9.2 a new advanced Reporting Module ups the reports management ante several levels.

The foundation

The Men & Mice Suite has been known for its robust handling of object history for all DNS, DHCP, and IP data since the very beginning.

Inspector-actionsChanges made to an object (DNS record, DHCP scope, IP address, you name it) managed through the Men & Mice Suite are logged in the system. Hand
ling these objects in the Suite’s management web application, users can view the history of changes individually per object.

Having the data, however, is just the beginning. To make these foundations satisfy the need for high-frequency, and often automated, reporting, the Men & Mice Suite Reporting Module streamlines the way users can mine this data, offering greater reports management and control.

The traffic control

The new Men & Mice Suite Reporting Module enables users and administrators to view, collect and utilize data within the Men & Mice Suite and/or export it for download. Users can:

  • create and save new report definitions

  • schedule reports to be generated

  • run reports

  • download reports in various formats

report1

The Reporting Module offers a variety of report templates, from audit trails to a list of DNS zones filtered by criticality, as well as a straightforward process for customization. Tailor-made reports can be generated by correlating data and templates in just a few steps. Users can also create reporting definitions and schedule them to run reports on a daily, weekly, or custom schedule.report2

The Reporting Module is a central tool for businesses to maintain transparency, clear communications, and scalability. Apart from  generating reports and scheduling them to run on a regular basis, the Reporting Module provides a variety of other use cases such as:

  • during internal reorganization, project leaders can quickly generate reports to list available assets;

  • objects can be organized into a report to locate vulnerabilities and prevent security incidents;

  • business expansion is aided through defining reports on resources reaching capability limits, thus helping to make smarter business decisions

The result

The Reporting Module especially shines in cases where on-prem and cloud network resources are mixed and scaled across multiple locations and platforms. With the Reporting Module, Men & Mice Suite  provides streamlined reports management, giving you an enhanced overview of your network and system processes, and taking you one step closer to unifying the way you see, and control, your hybrid and multicloud network resources.

Take a look at the following video to see the Reporting Module in action:

 

 

Try the Men & Mice Suite 9.2

The Men & Mice Suite helps to make complex enterprise IP infrastructure management, across hybrid and multicloud environments, as elegantly simple and quietly robust as customer-grade technology — but on an enterprise-grade scale.

The new Reporting Module is an important improvement in streamlining network management in the enterprise. Building on the already robust data facilities of the Men & Mice Suite, it provides valuable data and insights for making better decisions.

You can try version 9.2 of the Men & Mice Suite by clicking the button below or grab it directly from the Azure Marketplace. The new Reporting Module is part of the Men & Mice Suite and can be licensed as an add-on to versions of Men & Mice Suite v9.2 or beyond.

Men & Mice Suite Free Trial

Topics: Men & Mice Suite, Men & Mice, day-to-day IT

Streamlining DNS changes with Men & Mice Suite: introducing the new Workflow Module

Posted by Men & Mice on 3/13/19 12:17 PM

A common organizational bottleneck and security conflict exists between the users’ need for autonomy and the network administrators’ responsibility towards network health and security.

The  Men & Mice Workflow Module add-on, available from version 9.2 of the Men & Mice Suite, is designed to resolve this painful organizational inefficiency and common security challenge.  

Streamlining DNS across your entire organization

With the Workflow Module, network administrators can gain greater control and transparency over changes within their DNS infrastructure through an efficient queue of requests and approvals for DNS tasks.

The Workflow Module allows all users to make  DNS changes like

  • adding a new DNS record

  • modifying or deleting an existing DNS record

  • scheduling DNS changes

To preserve the user’s need for autonomy, and resolve it with respect to network security, changes are not applied directly, but a request is created instead. Users can review their pending requests in the Web Application, and revoke them if they change their mind.

workflow-user

In the same interface, users with administrative permissions can view all submitted DNS change requests, and approve or reject them individually or in bulk. Changes can be set to propagate immediately or be scheduled later, at a more suitable time. (Such as when network load is minimal, to avoid issues like caching.)

workflow-admin

Through this streamlined process, users can set up DNS changes ranging from small and singular to wide and sweeping, without having to wait. The approval process ensures that only those with the appropriate privileges can process the changes, in a fast and efficient manner. User autonomy and administrator responsibilities that, for a large part, seemed mutually exclusive before can now serve to augment each other’s work.

Combined with other features of the Men & Mice Suite, such as xDNS Redundancy™, the Workflow Module  enhances security and boosts network resilience, while simplifying processes and increasing organizational efficiency.

Take a look at the following video to see the Workflow Module in action:

 

 

Try the Men & Mice Suite 9.2

The Men & Mice Suite helps to make complex enterprise IP infrastructure management, across hybrid and multicloud environments, as elegantly simple and quietly robust as customer-grade technology — but on an enterprise-grade scale.

The new Workflow module is an important step in delivering that streamlined network management experience to the enterprise. Extendable in future versions with further functionality, it builds on the compatibility across all major cloud and on-prem DNS platforms that has been a core advantage of the Men & Mice Suite since the beginning.

You can try version 9.2 of the Men & Mice Suite by clicking the button below or grab it directly from the Azure Marketplace. The new Workflow module is part of the Men & Mice Web Application and can be licensed as an add-on to versions of Men & Mice Suite v9.2 or beyond.

Men & Mice Suite Free Trial

Topics: DNS, DNS events, day-to-day IT

Men & Mice Suite version 9.2 released with AWS multi-account management, DNS Workflow, advanced Reporting and Azure Marketplace availability

Posted by Men & Mice on 3/6/19 7:11 AM

Men & Mice Suite Version 9.2 continues to deliver on the company’s commitment to making complex enterprise IP infrastructure management, across hybrid and multicloud environments, as elegantly simple and quietly robust as customer-grade technology, but on an enterprise-grade scale.

Men & Mice Suite Version 9.2 in a nutshell (tl;dr):

●   New Workflow module (add-on): greater ease and control of DNS management by enabling users to request and optionally schedule the fulfilment of DNS changes for administrator approval/denial.

●   New Advanced Reporting module (add-on): create tailor-made reports by correlating data and templates in just a few steps, scheduling the results to be generated daily, weekly or on a custom schedule.

●   Multiple account support for AWS: manage and retrieve data from AWS master account credentials associated with up to thousands of AWS sub-accounts.

●   Availability on the Azure Marketplace: try the Men & Mice Suite on Azure, or implement with one-click install (with step-by-step instructions).

●   Improved DHCP functionality for scopes and reservations on ISC DHCP, ISC Kea, and Cisco

●    A host of added functionality for filtering, quick commands, and data displays for further mobility and ease of operations.

Free Trial of the Men & Mice Suite version 9.2

Not sure yet? Read more about the Men & Mice Suite's new 9.2 features and functionality.

Artboard 1-100Five noteworthy updates in Men & Mice Suite 9.2 for a Future-ready IP Infrastructure Strategy

Beyond the consistent improvements customers have come to expect from Men & Mice, version 9.2 of the Men & Mice Suite focuses on the expansion of cloud integration, such as AWS multi-account support and Azure Marketplace availability, as well as simplifying DNS workflows and deepening reporting capabilities with new add-on modules.

AWS Multi-Account Management

Men & Mice Suite already features cloud-native integration with AWS and Azure as well as Akamai Fast DNS, Amazon Route 53, Azure DNS, Dyn DNS and NS1 to best manage and synchronize IP address management and DNS respectively. In the v9.2 release, Men & Mice has added multi-account support in AWS, to manage and retrieve data from AWS master account credentials associated with up to thousands of AWS sub-accounts.

aws-multi

DNS zones, VPCs and subnets can be listed for each AWS account subscription, dramatically cutting down administration while guaranteeing a global view/management of the cloud infrastructure.

New Workflow Module

One of the key new features in version 9.2 is the newly introduced Workflow module for efficient request and approval of DNS tasks. The Workflow module allows users to make requests for creating, modifying and deleting DNS records and optionally schedule the fulfillment of DNS changes. 

workflow

A common scenario for using the Workflow module would be a user requesting to add a new DNS record, modify or delete an existing DNS record. The request is created and is viewable to an administrator, along with other requests from other users in one comprehensive list, for approval or rejection, scheduling or immediate implementation. The new Workflow module can be licensed as an add-on to versions of Men & Mice Suite v9.2 or beyond. 

Advanced Reporting Module

In any enterprise-level organization, transparency and a clear line of responsibility are crucial. The new, advanced Reporting module, enables users and administrators with the ability to utilize, save and export for download a variety of report templates and customized reports.

reporting

In 2018, Men & Mice introduced simplified reporting features within the Men & Mice Suite. In Men & Mice v9.2, the new advanced Reporting module takes this several steps further, where reports can be tailor-made by correlating data and templates in just a few steps, scheduling the results to be generated daily, weekly or on a custom schedule. The advanced Reporting module can be licensed as an add-on to versions of Men & Mice Suite v9.2 or beyond.

We’ll cover the two brand new modules for Workflow and Reporting in detail in the coming weeks.

Men & Mice Suite goes live in the Azure Marketplace

azure-marketplace

Microsoft’s software and services are present in just about every organization’s infrastructure, making the business of keeping critical infrastructure up and running consistent, reliable, and familiar for a lot of network managers. Familiarity of technology has its benefits, particularly when it’s possible to extend your network into the cloud within the same Microsoft ecosystem, as is the case with Azure cloud services.

The first third-party solution to have integrated with Windows 2016 and Azure DNS, Men & Mice takes its long-term technological focus a step further by simplifying availability of the Men & Mice Suite for Microsoft Azure customers. From Version 9.2, the Men & Mice Suite is available through the Azure Marketplace. Deployment can be done in a matter of minutes instead of hours, with one-click install and easy-to-follow instructions. Simple as that.

Automation and the Men & Mice REST API

Not every network task requires human interaction. In fact, the life of a network manager can be simplified by automation in the right places. Men & Mice’s REST API offers the automation and customization needed to keep teams focused on the bigger picture and help keep networks secure.

network_menmice

In addition to improved automation and customization capabilities, some other great new features introduced in Men & Mice Suite v9.2 include added IPv6 support in its network creation wizard, single-click system updates and improved management of subnets, ranges, scopes, and more.

Changing The Way The World Sees Networks

Overlay solutions, such as the Men & Mice Suite, anticipate changing network needs, focus on compatibility between services and extend network investments while combating network conflicts and vulnerabilities. Likewise, Men & Mice’s dedication to establishing both technical and business partnerships for its solutions means customers can count on DevOps-friendly automation, synchronization and the unified visibility necessary to manage the next generation of enterprise networks.”  — Sigfús Magnússon, Head of Product, Men & Mice.

Let us walk you through a demo

Free Trial of the Men & Mice Suite version 9.2

Topics: Men & Mice, DNS, DHCP, IP address management, "cloud dns", Azure DNS, aws, azure, multi-cloud, ip infrastructure, multicloud, hybrid dns, hybrid ipam

Why follow Men & Mice?

The Men & Mice blog publishes educational, informational, as well as product-related material for everyone and anyone interested in IP Address Management, DNS, DHCP, IPv6, DNSSEC and more.

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all