The Men & Mice Blog

Men & Mice Sensible IPAM Part 5: Security of IP Infrastructure

Posted by Greg Fazekas on 12/28/18 11:18 AM

In the final instalment of our 5-part series on IPAM (and really, more broadly, DNS, DHCP and IPAM), we’re taking a look at sensibly managing security in a scattered network environment. From large-scale DDoS attacks to mitigating human error, security measures come in all shapes and sizes — often overwhelmingly so. Here’s what you can do to stay ahead.

(TL;DR version: you need a DDI overlay to increase security on your network... and we happen to offer a great one).

This Playbook series consists of five parts:

Each part presents real-world problems for which Men & Mice has provided solutions.

Opposites attract… security problems?

Imagine that you are:

  • The CTO of a Managed Service Provider, whose own network is the first line of defense to protect customers. Your services are sensitive, as gaining access to or bringing down your network would compromise those utilizing your MSP solution. 

  • The Lead Network Administrator of a mid-sized enterprise company recently expanding with new employees (and devices), through M&A activities, arriving daily. Onboarding new people is your technological challenge, balancing their need for autonomy and network resources with your requirement to maintain security protocols.

While opposite in scale, these problems can wreak the same amount of havoc in both cases, and network security is of paramount importance, more than ever.

What You Need

Much of network security is inherently present in the technology used. Orchestration and synchronization between different software providers, interfaces and hardware, however, needs to be done well.

Good security practices have to be sensible to be ubiquitous across the network, instead of obstructive. They have to be simple at their core and robust in their execution to prevent and solve problems. Let’s face it, your network is complicated enough.

How not to approach IP infrastructure management (1)

Some of the more overlooked security vulnerabilities in network management today include:

  • Visibility challenges, or lack of central, unified overviews resulting from incompatible or simply different services (i.e. the variety of interfaces and functionality of each individual service that comprises the entirety of a network)

  • Misconfigurations or incompatibilities (what you do in one area of your network may not synchronize or be compatible with another area of the network, particularly with cloud vendors).

  • Human error (Hey, we all make mistakes. But automating can remove this ever-present challenge, increasing the health of the network).

  • Loss of control (how can you restrict access to increase security and focus on providing autonomy only where needed.)

Where Men & Mice Can Help

How to approach IP infrastructure management

Retaining network security on the DNS, DHCP and IP address level has been a core design principle for the Men & Mice Suite from day one (which was nearly 30 years ago). Managing the fundamental components of the network means great responsibility: if the foundations are compromised or out of sync, the entire network is at risk.

The first security risk the Men & Mice Suite has addressed in the evolving world of hybrid network management, was to eliminate synchronization and misconfiguration hurdles between on-prem services and cloud services, then across cloud providers, enabling greater automation and utilization of network resources, independent of what are the services themselves. Then, we centralized management of these diverse and otherwise incompatible resources into one place.  

This backend-agnostic, API-first overlay approach gave way to the xDNS Redundancy feature, which helps further mitigate DDoS and other malicious attacks.

If parts of the network become unavailable during an event like a DDoS attack, xDNS Redundancy prevents shutdown by switching to alternate resources. Once the affected resources are once again accessible, changes and updates are automatically synced across the entire network.

Due to the Men & Mice Suite's powerful, compatible APIs different network resources are processed and managed the same way within the Men & Mice Suite. This means that replicating or migrating DNS zones or DHCP scopes between network environments requires no special consideration or prolonged processes, making your DNS, DHCP and IPAM more nimble.

In addition, health alerts within the Men & Mice Suite provide the visibility necessary to proactively address misconfigurations, address space overlaps and malicious attacks while minimizing its effect on user experience.

Likewise, unified audit trails within the Men & Mice Suite help identify the source of an issue and on what area of the network, providing richer data to inform proactive decisions.

More often than any company would like to admit, especially in the age of post-Bring Your Own Device (BYOD) enterprise culture, security breaches can occur through human error. A simple password used across multiple mission-critical logins, a laptop stolen or left digitally unguarded, a malicious email attachment downloaded with malware, trojans or droppers, all can quickly take down or manipulate areas of your network, wreaking havoc.

The Men & Mice Suite’s granular access controls, including its integration with Microsoft Active Directory, provide solid security templates for preventing unnecessary access (and therefore unnecessary vulnerabilities) on the network. Retaining existing configurations and implementing new ones is easy, replicated, synched and scales as needed.

IT is no longer a department but a holistic and critical business resource. In 2019, we’ll be placing emphasis on closing the gap between IT professionals and IT users, on-prem and cloud teams as well as the increasing importance of overlays. It is our goal to showcase the importance (and value) of  proper DNS and IPAM for businesses, and the effects (and context) of eliminating network hindrances that complicate or slow business decisions.

Lesson 1: A quick way to learn about DNS Protocols

Here's a recent discussion during EuroBSDCon on DNS protocols and what will be changing in the future (DNS over TLS vs. DNS over HTTPS) by Carsten Strotmann on behalf of Men & Mice. We'll elaborate on this topic a bit more in 2019 during our talk at UTmessan in Reykjavik, February 8 & 9. 

What you need to know about DNS Protocols_ The good, bad and ugly of DoH and DoT

 

Topics: network management, hybrid ipam, hybrid dns, ip infrastructure, network security, Security

Men & Mice Sensible IPAM Part 4: Managing Everyday DHCP, DNS, and IPAM

Posted by Greg Fazekas on 12/17/18 5:06 AM

We’re continuing our series on implementing sensible solutions to rein in scattered network resources, specifically IP infrastructure management such as DNS, DHCP and IPAM (DDI). In this post, we examine how to simplify day-to-day IP infrastructure operations, in-house or in the field, by rethinking priorities and streamlining the interface between you, your engineers and the network.

This Playbook series consists of five parts:

Each part of the blog series presents real-world scenarios that Men & Mice has helped solve.

When response time > features (agility)

Imagine that you are:

  • An infrastructure director of an enterprise company that’s recently experienced a merger. You’re evaluating newly acquired resources, and how to integrate them into the network. For the moment, however, you simply need to keep everything running smoothly while you evaluate how to merge the network resources. You need to quickly see network resource usage statistics, identify overlaps and bottlenecks, and monitor network health.

  • A network administrator delegating day-to-day management across teams and offices distributed over multiple international geographies. To minimize manual changes, cut network overhead and mitigate misconfiguration errors, you have to automate processes and set up local access controls that complement your network security strategy, in tandem with helping your team have the autonomy they need to operate unencumbered.

The integrity of enterprise IP infrastructure (DNS, DHCP, IPAM), factors heavily towards the business’s ability to execute on operations and even generate revenue. Yet, there’s very little knowledge, outside of core IT departments, about the functions and responsibilities of the company’s network. Likewise, IT operators don’t always have the full scope of understanding about how network complexities can hinder business efficiencies. What is known, however, is that agility is becoming more important as networks scale or adapt to meet changing demand, with speed and simplicity proving equally valuable to the robustness of the DNS, DHCP and IP address management solution.

What You Need from your DNS,DHCP and IPAM

How not to approach IP infrastructure management (2)

Instead of lugging the proverbial kitchen sink everywhere you go, or retro-fitting your network needs into a uniform solution (especially when doing so creates greater hurdles), that, well, doesn’t actually serve your needs, choose a lightweight overlay solution that lets you resolve common issues and manage network functions quickly, every day and provides the visibility necessary to maintain the network’s integrity.

As Elias KhnaserSenior Director Analyst, Gartner, pointed out in a recent Gartner IOCS talk entitled,“Technical Insights: Top AWS and Microsoft Azure Mistakes You’ll Want to Avoid,”  3rd party solutions (eh em) should be used to bridge gaps between on-prem and cloud for hybrid / multicloud environments. Likewise Bob Gill encouraged the use of overlays “to bring order to the chaos.” (Thanks, Bob! We agree.)

This will enable you to simplify workflow and minimize the complexities between you and the network, no matter which area of the network you are focused on any given day and no matter the underlying architecture behind it. Complete visibility helps you make informed decisions. Coupled with the flexibility to quickly maneuver, the solution you choose must enable you to adapt to changing needs without disruptions in network functionality.

Where Men & Mice Can Help with day-to-day IP infrastructure managment

With the robust and complete feature set of the Men & Mice Suite and the built-in visibility it offers,  you can tackle large projects and deep (re)organization all while getting a much clearer view of IP infrastructure management holistically. The newest version of the Men & Mice Suite, introduced a few months back, delivers the management power and day-to-day operational functionality through our light-weight overlay software, neatly packaged with an improved web application.  

The web application is designed specifically for day-to-day operations where speed and agility is paramount. For example, you can quickly organize and manage DNS zones and records or  IP address ranges, DHCP scopes and IP addresses. Its features are streamlined, to manage the most common tasks performed through the Men & Mice Suite with additional Quick filters and Quick command to further cut down time. If you need to deep dive into the guts of your network operations, fear not, you have the Windows management console as well.

Engineers overseeing various areas of your network can quickly respond to and solve IP allocation issues, move DNS zones and DHCP scopes, remove bottlenecks locally and experiment with moving more workloads to the cloud, without sacrificing the ever important visibility.

Automating and delegating tasks that are defined through fine-grained access controls within the Men & Mice Suite helps alleviate IT overhead and affords some localized autonomy in everyday scenarios, making day to day network management more efficient.

Infrastructure directors overseeing fragmented networks can get greater visibility and operational functionality. 

Men & Mice Suite distills powerful DDI capabilities into a non-disruptive software package, complete with an agile tool for day-to-day management, offering compatibility with Unix/Linux, Windows, and Cisco IOS as well as functionality across Azure DNS, Amazon Route 53, Dyn, NS1, Akamai Fast DNS, and IPAM in AWS, Azure and OpenStack.  Manage, sync and automate network changes and authorizations, filter and record changes through unified audit trails and get comprehensive insight into large-scale networks through one unified dashboard. 

In the last part of our playbook series, we’ll take a closer look at how to reinforce IP infrastructure security and prepare for DDoS mitigation and defense against other threats.

Topics: IPAM, IP address management, ip infrastructure, multicloud, hybrid dns, hybrid ipam, network security, network management, day-to-day IT

Fast-tracking Azure adoption with Men & Mice Suite for hybrid and cloud

Posted by Greg Fazekas on 10/29/18 9:52 AM

Creating sensible DNS, DHCP and IP address management (DDI) isn't always easy - as we've seen. Consolidating management of DNS, DHCP, and IP addresses, particularly those scattered across multi-vendor platforms both on-prem and in the cloud, is a common challenge for enterprises.

Management and migration at scale requires tools optimized for this purpose.

Fortune 100, 500 and 1000 companies as well as large-scale municipalities, education and research institutions rely on Men & Mice Suite for their IPAM and DNS. More and more are moving workloads into the cloud, which is easier with Men & Mice.

Have DNS zones scattered across different platforms and environments, and you want to migrate to Azure?

By deploying the Men & Mice Suite management solution you can:

  • bulk migrate or import DNS zones into Azure DNS
  • Use workflow extensions to automatically tag zones throughout the migration phases
  • Identify zones that have been changed at their previous provider during the migration and would need to be updated with Azure

After migration, you have the ability to:

  • track changes, delegate access,
  • see all zones across multiple subscriptions,
  • and manage the data through APIs.

In the end, you’ll have increased service levels, improved network security, and overall uptime of critical network resources.

Men & Mice: changing the way the world sees (Microsoft) networks

Utilizing cloud services is a priority for enterprises challenged by infrastructure sprawl, segmented projects, and mergers & acquisitions. But they also face obstacles in the forms of migration costs, loss of control and security, and lack of compatibility between services.

A simple, enterprise-grade product like the Men & Mice Suite offers a solution to both set of problems. It enables customers to scale with and into Azure while leveraging existing network investments.

Core benefits of Men & Mice

  • Backend-agnostic design and software-based architecture.
  • Simplifies workflows and consistency across different network operations.
  • Automates through powerful API-first design.

Intuitive integration for Microsoft environments

men_mice_DNS_IPAM_timeline

Men & Mice has been supporting Microsoft products and services since the very beginning. Working closely with Microsoft's development teams, the Men & Mice Suite was the first IP Address Management solution to fully integrate with Active Directory.

Deployed on top of Microsoft or hybrid network environments the Men & Mice Suite provides unified access and control through a single-pane-of-glass interface. Azure's built-in features for resilience, scaling, and security are integrated into an unobtrusive overlay, while gaining full Active Directory integration, network visibility, and functionality.

For more information on the benefits of using the Men & Mice Suite with Microsoft environment, download our fact sheet and watch a short introductory video:

Topics: azure, Azure DNS, network security, IP address management, DNS redundancy

Microsoft Ignite 2018 Takeaways: the four pillars of Network Management for DNS, DHCP, IPAM

Posted by Greg Fazekas on 10/3/18 5:30 AM

Microsoft's push for a global Azure cloud has not gone unnoticed. We have integrated with Azure and Azure DNS, which is why we exhibited at MS Ignite and why meeting our customers and talking to attendees was validating. Our solutions and development roadmap addresses their pain points in network management.

petur_petursson_msignite_2018-1

As Yousef Khalidi on the Azure blog writes: "Customers continue to ask for better ways to connect to the cloud, better protection of their cloud workloads, optimal application performance delivery, and more comprehensive monitoring services.

That's a great summary of the world of network management today, and a telling prediction of where it's heading. These core issues affect enterprise businesses who have to:

  • Balance between the needs for efficiency, scalability, and security;
  • Manage the increasingly scarce resource of IP addresses that connect the explosive growth of digital devices;
  • Strategize network restructuring to address overlaps in private namespaces that result from segmented projects, mergers or acquisitions,

We work with our enterprise customers on solutions that address these requirements, as well as providing centralized visibility and control for all their networks. Four pillars of effective network management while integrating with cloud services

1. Connect

Attendees at Ignite came with questions about migration to cloud environments. Enterprise businesses have invested significantly into on-premise networking and IT over the last two decades. Those investments are still precious. Migrating to a cloud platform can indeed seem a daunting - and expensive! - task.

We offer a solution that bridges the visibility gap (and increases operational efficiencies) between on-prem and cloud. Customers looking to migrate select workloads onto the cloud can still manage and scale their network as if it was one.

2. Protect

Security has always been a top priority in network management. And it is even more so, when heterogeneous environments share workloads with external cloud services. Cloud platforms like Azure have natively built-in redundancies and security guarantees, and the Men & Mice Suite takes advantage of those cloud-native features to deliver a holistic view across network environments.

Our xDNS Redundancy™ streamlines the migration and management of large DNS zones to monitor and synchronize changes, for example.

The Men & Mice Suite’s exceptional synergy with Active Directory (AD) was also well received. Customers can keep their on-prem configurations and access control intact and secure, save their previous investments in AD, synchronize and modernize their network management operations at the same time. It also enables access controls at the group and individual levels for greater security.

3. Deliver

We met a lot of network administrators and architects at Ignite who understood the value of non-disruptive deployment, and who were seeking solutions that can be integrated into their workflow unobtrusively.

Our goal is to provide a layer of abstraction through which you can better understand your networks. The Men & Mice Suite's architecture is software-based and API-driven. Deployment poses no interruption to existing services, and the performance impact is nominal.

The Men & Mice Suite gathers data from existing sources, and can control them, without overhead and performance impediments.

4. Monitor

Visibility in DDI provides a significant edge to businesses looking to optimize their resource use. We’ve always put that visibility front and center.

With a single-pane-of-glass interface we've made network management simpler and more efficient. Customers can save time and money by viewing and managing network resources regardless of where they are or what platform they're using.

Both the Men & Mice Suite and its recently improved web-based management application share the same affinity for simplicity and visibility. From customizable filters to automated reporting and alerts, your network is constantly under supervision.

'Ignite' means ‘start’ - where do we go from here?

Attendees of Microsoft Ignite came from companies whose IT is largely or entirely based on Microsoft products. They’re naturally looking at Azure as a complementary service to their existing resources. (Or as a competitive alternative by itself.) Our long-standing integration with Microsoft’s networking products is carried over to extend to Azure’s cloud services as well.

The aptly named event has been a great experience for us. In addition to meeting those who use technology and those who make technology happen in the business space, we’ve gathered feedback that both reinforced and expanded our development focus.

We may have been in the DNS, DHCP, and IP Address Management business for decades, but as cloud services like Azure rise and network architects have to keep reinventing themselves, so do we.

Men & Mice Suite free trial

Topics: windows 2016, Azure DNS, azure, network security, hybrid cloud, hybrid network, Redundant DNS, Microsoft Ignite

Men & Mice Suite IPAM and DNS with xDNS Redundancy™: security without complexity

Posted by Greg Fazekas on 8/22/18 7:12 AM

As we increased focus on cloud optimization, DNS redundancy, and compatibility across hybrid and multi-cloud networks in our latest Men & Mice Suite v9.1 release, we also went to great lengths to ensure visibility and ease-of-use across IP address management as a means of increasing network security.

Dynamic IP infrastructure challenges require dynamic DNS management

IP address management in general, and creating DNS redundancy in particular, are complex and often expensive challenges for network administrators. The possibility for human error leading to configuration errors and DNS failures, establishing where, and with which vendor in a distributed network an error has occurred, and the sheer disruptive power of DDoS attacks compound these challenges. Furthermore, increased redundancy across various environments within a network ecosystem often brings with it hindered visibility.

Without redundancies however, Networks are more susceptible to failure. Thus an important feature in the Men & Mice Suite 9.1 release is the improved xDNS Redundancy™.

xdns_new_yellow

xDNS Redundancy in Men & Mice Suite v9.1

Men & Mice Suite's xDNS Redundancy™ provides a level of abstraction that builds automation, provides centralized views, eliminates human error and removes conflicting DNS service provider platform complexities (e.g. incompatible APIs). It increases visibility and control of networks with hybrid or multiple cloud dns providers by unifying management, supporting Active Directory-hosted zones, offering the ability to create read-only zones (see below), and improving native support for Azure DNS and Amazon Route 53, all of which benefits the functionality and core health of IP infrastructure. 

We think of it as “taking the ‘daunt’ out of DNS redundancy." It streamlines the migration and management of a large number of DNS zones, such as with Azure DNS and Amazon Route 53, by utilizing cloud-native features to monitor changes to DNS made outside of the Men & Mice Suite, greatly improving synchronization of DNS data from cloud providers. It also enables the assignment of read-only zones across the network to boost resilience against DDoS attacks and other DNS failures.

xDNS Redundancy for creating read-only DNS zones

It is now possible to mark a DNS zone in an xDNS replication group as read-only. While internal changes are synced, external modifications to read-only xDNS instances will not be replicated to other zones.  

Once an xDNS zone redundancy group has been created, xDNS assists the administrator in creating identically replicated zone content, resulting in multiple equal master zones. Additional zones can be added or removed from the xDNS group as required.

If an xDNS zone is not available for updating (for instance - pun intended 😁 - if one DNS service provider experiences an outage) it will be marked as ‘out-of-sync’. Once it becomes available again, current data will be re-synchronized and updated from other zones.

All changes can be initiated by the authorized user through the Men & Mice Suite’s web-based or Windows-based management consoles or APIs, and will be applied to all zone instances in the group. All changes to xDNS grouped zones made externally, or outside of the Men & Mice Suite, will not be synchronized.

DNS management built for the cloudvisibility

A common pain point for CISOs and network managers is the lack of centralized views and the workflow automation difficulties of coordinating on multiple platforms. Whether you’re using a single-platform deployment or a combination of Cloud DNS providers (from Akamai Fast DNS to Azure DNS, Amazon Route 53 Dyn, NS1, or OpenStack), Men & Mice Suite’s xDNS gives you a convenient means to monitor and manage all your DNS resources within the Men & Mice Suite.

Simplifying the management of high-availability network resources across multiple environments is crucial for making network management intuitive and effective. To further address this, we added a web-based application in our 9.1 release, which rounds out the visibility trifecta that also includes a Windows-based management console as well as reliable and compatible REST, SOAP and JSON-RPC APIs. CISOs and network managers are able to look into their domains (again: pun absolutely intended 😉) from anywhere at any time, the way it works best for them.

The Men & Mice Suite is already known to be a robust DNS, DHCP and IPAM (DDI) solution that's easy to implement and able to leverage existing infrastructure investments to provide the visibility and ease-of-use for hybrid and multi-cloud environments that’s missing from competitive products.

Fast and efficient in heterogeneous DNS and DHCP environments, the Men & Mice Suite supports thousands of concurrent users and API connections, with millions of managed IPs and DNS records, for automation and provisioning, whether Unix/Linux, Windows, and Cisco IOS or across cloud services like Azure DNS, Amazon Route 53, Dyn, NS1 and Akamai Fast DNS, as well as IPAM in AWS, Azure and OpenStack.

We’ll be at VMWorld, at booth #2124let us show you how Men & Mice Suite’s xDNS functionality can ease network management and prevent against errors, DDoS and other attacks.Book appointment

DNS, DHCP & IPAM Software Trial

Topics: Akamai Fast DNS, NS1, Dyn, Amazon Route 53, Azure DNS, Cisco IOS, network security, vmworld, DNS events, hybrid network, hybrid cloud, IP address management, network outages

Men & Mice at VMworld 2018 Las Vegas Part 2: Network and Security

Posted by Greg Fazekas on 8/14/18 12:47 PM

DNS_DHCP_IPAM_vmworld2018

As we mentioned in Part 1 of our 2-part VMWorld series, we’re returning to VMWorld in Las Vegas, August 26-30, (Booth #2124) and focusing on two main tracks from the agenda: Data Center and Cloud and Networking and Security. Our first post, discussed the advantages of our newly released Men & Mice Suite v9.1. Here we’ll discuss its networking & security advantages.

We already discussed how The Men & Mice Suite v9.1 supports Unix/Linux, Windows, and Cisco IOS and stretches into the cloud with functionality across Azure DNS, Amazon Route 53, Dyn, NS1 and Akamai Fast DNS, as well as IPAM in AWS, Azure and OpenStack.  Further, it can be dropped on top of an organization’s existing infrastructure to manage, sync and automate network changes, authorizations and provide comprehensive insight into large-scale networks through one unified dashboard.

NETWORKING AND SECURITYmen-mice-visibility-network

Organizations with well-considered DNS, DHCP and IP address management (DDI) strategy in place, are less vulnerable. Access to systems is binary; either you have access or you don't. Proper DDI management can help prevent vulnerabilities because critical resources are better protected through fine-grained access control, for both authorizing individuals and authorizing systems, which DDI offers. But DDI services vary in their offerings.

Deployed in a high-availability configuration as a management and automation layer on top of some of the world’s largest networks, the Men & Mice Suite supports thousands of concurrent users and API connections, with millions of managed IPs and DNS records, for automation and provisioning.  DNS updates and IP address allocation through workflow from provisioning systems is accomplished in milliseconds.

men-mice-network-securityThe Men & Mice Suite’s fine-grained access controls, ability to filter and record through its audit trails the network changes made across various on-prem and cloud services in a network, and reliable, compatible APIs, give organizations a strategic advantage to mitigate network vulnerabilities, limiting the impact of human error and attack probes, who otherwise would be more likely to go unnoticed.

xDNS redundancy is a focal point for our newest, 9.1 release. It’s designed to mitigate exposure to DDoS, ransomware, and other attacks; while keeping the transparency that plays a great role in security itself. We’ve also added a ‘read-only’ option within xDNS redundancy groups in Men & Mice Suite v9.1. With it, network managers can protect their configurations from spreading an otherwise isolated problem to the entire network. Together with the support of Active Directory zones in xDNS groups, organizations can easily bring their on-prem DNS configurations to a cloud environment and vice versa, proactively minimizing common network availability issues.

Enterprise organizations require exemplary network functionality and security. Much of that security comes from fine-grained control and visibility, especially when the sprawl of IT resources scale up. Recently, John P. Mello Jr. reported on the inherent, large-scale threats faced by critical infrastructure and enterprise organizations. The TechNewsWorld article, interviewed several security and network management companies, including Men & Mice, to learn various ways to protect against such threats. 

Can’t make it? No worries!

You can book an appointment to meet our team onsite at VMWorld (Booth #2124).

Or, if you’re missing the event, book a walk-thru any time by clicking the button below.

We’re always happy showcase the benefits of deploying our best-in-class overlay management solution on top of your network.

Book appointment

DNS, DHCP & IPAM Software Trial

Topics: vmworld, hybrid cloud, hybrid network, networking best practices, High availability, Redundant DNS, Men & Mice, DDI, network security, "cloud dns", Cisco IOS, Azure DNS, Amazon Route 53, Dyn, NS1, Akamai Fast DNS, azure, aws

Why follow Men & Mice?

The Men & Mice blog publishes educational, informational, as well as product-related material for everyone and anyone interested in IP Address Management, DNS, DHCP, IPv6, DNSSEC and more.

Subscribe to Email Updates

Recent Posts