The Men & Mice Blog

Multicloud networking: Integrating your AWS accounts

Posted by Greg Fazekas on 2/1/19 8:38 AM

Amazon Web Services (AWS) is probably one of the most well-known and utilized cloud (and soon to be on-prem) solutions providers. In addition to its technical robustness and market reach, enterprise businesses can rely on its proven reliability, metered billing and multitude of partner solutions.

When it comes to multicloud network environments, two questions occupy the minds of decisions makers:

  • When do you utilize cloud?

  • How do you maintain network health and integrity while utilizing cloud resources?

In this post, we present a few possible scenarios where synchronizing AWS resources with your on-prem corporate network is beneficial, as well as what to look for when evaluating the implementation.

When do you need AWS integration?

AWS, and cloud services in general are an attractive option to modernize and extend corporate networks and IT, providing resource availability at scale. Here are a few scenarios where Men & Mice customers are using AWS. 

  • Mergers and acquisitions create fast and immediate demand for resource scaling or consolidation. Both for incorporating newly acquired networks and migrating them

  • Project fragmentation, which benefits from a dynamically available pool of resources, as well as self-service, keeps management overhead low and minimizes bottlenecks. 

  • Physical expansions, whether new local offices and data centers or diverse geographies, enterprises take advantage of locally available resources or factor network architecture to reduce latency and increase performance.

  • Network diversification to prevent against DDoS and other malicious attacks.

Dynamic cloud in the slower moving enterprise

Enterprise businesses have developed networking practices to mitigate downtime and more frequently than ever, prevent against attacks. Starting from small-scale on-prem installations to utilizing large-scale private data centers, then cloud, diversifying the network supply chain is as mandatory as maintaining different logistics providers or materials suppliers.

More often than not, regulatory oversight also dictates much of what can and cannot be done. That presents an obstacle enterprise businesses have to consider or work around, particularly with regard to onboarding and utilizing cloud.

How to utilize AWS?

AWS and Amazon Route53 for DNS address the growing need for networking resources management in the cloud. But even Amazon recognizes the importance of visibility across an entire network setup,  introducing last fall the Route 53 Resolver for Hybrid Clouds, for bi-directional querying between on-prem and AWS.

This is exceptional news for AWS customers, particularly customers of Men & Mice Suite using AWS. Any cloud/multicloud configuration has to work natively, dynamically, and securely if its benefits are to be fully realized, a guiding principle of the development of the Men & Mice Suite. 

Natively

Cloud resources offer the most benefits when utilized to their full native extent, and synchronize with on-prem at the same time. Like spreadsheets were to IP Address Management, managing cloud services separately is both inefficient and enables a host of trouble down the line.

Proper multicloud networking needs a single management interface, an overlay,  that natively connects to the cloud and the cloud services’ features while providing complete visibility across the network, down to the management of zones and unification of audit trails.

Dynamically

If provisioning cloud resources is on par with the procurement of new hardware for the on-premise infrastructure, what’s the point? Scaling up or down using the cloud is an attractive concept, but unless it’s also easy to implement, adapt  and migrate when needs change, much of the benefit is lost.

Dynamic resources require, beyond native integration, a programmable and automated interface, capitalizing on APIs to simplify processes and retain security configurations.

Securely

It's critical to network security to have the ability to enforce the same property structure and protocols for network entities, regardless of whether across multiple cloud platforms, accounts or on-prem, to ensure adherence to corporate standards for network and IP provisioning. Likewise, retention of access controls, and complete visibility in network audit trails is equally important. 

Your IP infrastructure management software has to be able to handle management, synchronization and reporting, cohesively, authoritatively and securely.  

Utilizing Men & Mice with AWS

multicloud-cover

Overlay solutions, such as the multicloud-enabled Men & Mice Suite, alleviate these management, visibility and portability concerns.

The Men & Mice Suite comes with

  • native integration with IPAM and DNS residing in AWS and Amazon Route 53

  • replication and synchronization of multiple DNS zones through xDNS Redundancy™

  • an easy-to-use, web-based graphical interface for management of the entire multicloud network and a single compatible API layer for automation,

  • enterprise-grade security feature set and granular, role-based access controls.

  • Multi-account management of AWS accounts or an AWS account with multiple child accounts (note: upgrade to Men & Mice Suite 9.2 required for this feature).

The Men & Mice Suite keeps the chief advantages of multicloud networking (heterogenization of resources) while maintaining a homogenized management overview.

More clouds

What happens when your network is fairly homogenous — like, say, relying mostly on Cisco, Linux or Microsoft servers on-prem? When looking into cloud solutions, what are your deciding factors? Does multicloud help minimize latency across specific global operations? Can you increase diversity in your network infrastructure supply chain and mitigate security risks simultaneously? 

The short answer is yes. We'll dive more into these topics in the next few posts. 

Topics: hybrid cloud, hybrid network, aws, Amazon Route 53, multi-cloud, ip infrastructure, multicloud, hybrid dns, hybrid ipam

Men & Mice Suite IPAM and DNS with xDNS Redundancy™: security without complexity

Posted by Greg Fazekas on 8/22/18 7:12 AM

As we increased focus on cloud optimization, DNS redundancy, and compatibility across hybrid and multi-cloud networks in our latest Men & Mice Suite v9.1 release, we also went to great lengths to ensure visibility and ease-of-use across IP address management as a means of increasing network security.

Dynamic IP infrastructure challenges require dynamic DNS management

IP address management in general, and creating DNS redundancy in particular, are complex and often expensive challenges for network administrators. The possibility for human error leading to configuration errors and DNS failures, establishing where, and with which vendor in a distributed network an error has occurred, and the sheer disruptive power of DDoS attacks compound these challenges. Furthermore, increased redundancy across various environments within a network ecosystem often brings with it hindered visibility.

Without redundancies however, Networks are more susceptible to failure. Thus an important feature in the Men & Mice Suite 9.1 release is the improved xDNS Redundancy™.

xdns_new_yellow

xDNS Redundancy in Men & Mice Suite v9.1

Men & Mice Suite's xDNS Redundancy™ provides a level of abstraction that builds automation, provides centralized views, eliminates human error and removes conflicting DNS service provider platform complexities (e.g. incompatible APIs). It increases visibility and control of networks with hybrid or multiple cloud dns providers by unifying management, supporting Active Directory-hosted zones, offering the ability to create read-only zones (see below), and improving native support for Azure DNS and Amazon Route 53, all of which benefits the functionality and core health of IP infrastructure. 

We think of it as “taking the ‘daunt’ out of DNS redundancy." It streamlines the migration and management of a large number of DNS zones, such as with Azure DNS and Amazon Route 53, by utilizing cloud-native features to monitor changes to DNS made outside of the Men & Mice Suite, greatly improving synchronization of DNS data from cloud providers. It also enables the assignment of read-only zones across the network to boost resilience against DDoS attacks and other DNS failures.

xDNS Redundancy for creating read-only DNS zones

It is now possible to mark a DNS zone in an xDNS replication group as read-only. While internal changes are synced, external modifications to read-only xDNS instances will not be replicated to other zones.  

Once an xDNS zone redundancy group has been created, xDNS assists the administrator in creating identically replicated zone content, resulting in multiple equal master zones. Additional zones can be added or removed from the xDNS group as required.

If an xDNS zone is not available for updating (for instance - pun intended 😁 - if one DNS service provider experiences an outage) it will be marked as ‘out-of-sync’. Once it becomes available again, current data will be re-synchronized and updated from other zones.

All changes can be initiated by the authorized user through the Men & Mice Suite’s web-based or Windows-based management consoles or APIs, and will be applied to all zone instances in the group. All changes to xDNS grouped zones made externally, or outside of the Men & Mice Suite, will not be synchronized.

DNS management built for the cloudvisibility

A common pain point for CISOs and network managers is the lack of centralized views and the workflow automation difficulties of coordinating on multiple platforms. Whether you’re using a single-platform deployment or a combination of Cloud DNS providers (from Akamai Fast DNS to Azure DNS, Amazon Route 53 Dyn, NS1, or OpenStack), Men & Mice Suite’s xDNS gives you a convenient means to monitor and manage all your DNS resources within the Men & Mice Suite.

Simplifying the management of high-availability network resources across multiple environments is crucial for making network management intuitive and effective. To further address this, we added a web-based application in our 9.1 release, which rounds out the visibility trifecta that also includes a Windows-based management console as well as reliable and compatible REST, SOAP and JSON-RPC APIs. CISOs and network managers are able to look into their domains (again: pun absolutely intended 😉) from anywhere at any time, the way it works best for them.

The Men & Mice Suite is already known to be a robust DNS, DHCP and IPAM (DDI) solution that's easy to implement and able to leverage existing infrastructure investments to provide the visibility and ease-of-use for hybrid and multi-cloud environments that’s missing from competitive products.

Fast and efficient in heterogeneous DNS and DHCP environments, the Men & Mice Suite supports thousands of concurrent users and API connections, with millions of managed IPs and DNS records, for automation and provisioning, whether Unix/Linux, Windows, and Cisco IOS or across cloud services like Azure DNS, Amazon Route 53, Dyn, NS1 and Akamai Fast DNS, as well as IPAM in AWS, Azure and OpenStack.

We’ll be at VMWorld, at booth #2124let us show you how Men & Mice Suite’s xDNS functionality can ease network management and prevent against errors, DDoS and other attacks.Book appointment

DNS, DHCP & IPAM Software Trial

Topics: network outages, IP address management, hybrid cloud, hybrid network, DNS events, vmworld, network security, Azure DNS, Cisco IOS, Amazon Route 53, Dyn, NS1, Akamai Fast DNS

Men & Mice at VMworld 2018 Las Vegas Part 2: Network and Security

Posted by Greg Fazekas on 8/14/18 12:47 PM

DNS_DHCP_IPAM_vmworld2018

As we mentioned in Part 1 of our 2-part VMWorld series, we’re returning to VMWorld in Las Vegas, August 26-30, (Booth #2124) and focusing on two main tracks from the agenda: Data Center and Cloud and Networking and Security. Our first post, discussed the advantages of our newly released Men & Mice Suite v9.1. Here we’ll discuss its networking & security advantages.

We already discussed how The Men & Mice Suite v9.1 supports Unix/Linux, Windows, and Cisco IOS and stretches into the cloud with functionality across Azure DNS, Amazon Route 53, Dyn, NS1 and Akamai Fast DNS, as well as IPAM in AWS, Azure and OpenStack.  Further, it can be dropped on top of an organization’s existing infrastructure to manage, sync and automate network changes, authorizations and provide comprehensive insight into large-scale networks through one unified dashboard.

NETWORKING AND SECURITYmen-mice-visibility-network

Organizations with well-considered DNS, DHCP and IP address management (DDI) strategy in place, are less vulnerable. Access to systems is binary; either you have access or you don't. Proper DDI management can help prevent vulnerabilities because critical resources are better protected through fine-grained access control, for both authorizing individuals and authorizing systems, which DDI offers. But DDI services vary in their offerings.

Deployed in a high-availability configuration as a management and automation layer on top of some of the world’s largest networks, the Men & Mice Suite supports thousands of concurrent users and API connections, with millions of managed IPs and DNS records, for automation and provisioning.  DNS updates and IP address allocation through workflow from provisioning systems is accomplished in milliseconds.

men-mice-network-securityThe Men & Mice Suite’s fine-grained access controls, ability to filter and record through its audit trails the network changes made across various on-prem and cloud services in a network, and reliable, compatible APIs, give organizations a strategic advantage to mitigate network vulnerabilities, limiting the impact of human error and attack probes, who otherwise would be more likely to go unnoticed.

xDNS redundancy is a focal point for our newest, 9.1 release. It’s designed to mitigate exposure to DDoS, ransomware, and other attacks; while keeping the transparency that plays a great role in security itself. We’ve also added a ‘read-only’ option within xDNS redundancy groups in Men & Mice Suite v9.1. With it, network managers can protect their configurations from spreading an otherwise isolated problem to the entire network. Together with the support of Active Directory zones in xDNS groups, organizations can easily bring their on-prem DNS configurations to a cloud environment and vice versa, proactively minimizing common network availability issues.

Enterprise organizations require exemplary network functionality and security. Much of that security comes from fine-grained control and visibility, especially when the sprawl of IT resources scale up. Recently, John P. Mello Jr. reported on the inherent, large-scale threats faced by critical infrastructure and enterprise organizations. The TechNewsWorld article, interviewed several security and network management companies, including Men & Mice, to learn various ways to protect against such threats. 

Can’t make it? No worries!

You can book an appointment to meet our team onsite at VMWorld (Booth #2124).

Or, if you’re missing the event, book a walk-thru any time by clicking the button below.

We’re always happy showcase the benefits of deploying our best-in-class overlay management solution on top of your network.

Book appointment

DNS, DHCP & IPAM Software Trial

Topics: DDI, Men & Mice, Redundant DNS, High availability, networking best practices, hybrid cloud, hybrid network, "cloud dns", vmworld, network security, Azure DNS, aws, Cisco IOS, Amazon Route 53, Dyn, NS1, Akamai Fast DNS, azure

Why follow Men & Mice?

The Men & Mice blog publishes educational, informational, as well as product-related material for everyone and anyone interested in IP Address Management, DNS, DHCP, IPv6, DNSSEC and more.

Subscribe to Email Updates

Recent Posts