Reading the second installment of the JEDI series, you are. If you would like, you can check out our first post here.
Last week, we covered the basic steps an agency can take to better prepare itself for migration to the JEDI cloud. While there are several important components to keep in mind, having a solid DNS infrastructure is arguably the best place to start – just like a young Padawan’s training, having a strong foundation is key to taking on the big stuff.
Let's take a look at some of situations that could occur when migrating your agency's DNS to the cloud.
A lack of visibility becomes very noticeable
Like attempting to navigate during a snowstorm on Hoth, visibility plays a very important role in DNS. Most network administrators want “a single pane of glass”, where they can get a sense of what’s going on with their DNS quickly and easily. This is especially important when network resources are stretched between on-prem and cloud environments, where trying to keep track of resources can quickly become complicated, leaving blind spots.
What do we mean by blind spots? With decentralized DNS management systems, there is no single point of truth for resource management across the enterprise. Administrators use spreadsheets, sticky notes, or other manual processes to keep track of assets – overall, this can become very disorganized and frustrating. These problems can be avoided by working under one Enterprise DNS architecture.
You discover how much control over your network you have
In this case, having the ability to see your DNS resources goes hand in hand with having the ability to control them. Issues can arise when, for example, compute is deployed without getting the go-ahead from the system administrator or someone in a similar role (this is also known as Shadow IT). This can go unnoticed for quite some time, and security may be compromised by these new, unmonitored entryways. However, if the system is visible under Enterprise DNS, east-west traffic can quickly be seen and subsequently dealt with.
If your DNS is migrated to JEDI without the proper controls in place, you can run into unpleasant infrastructure management issues. It’s much simpler (and will save you plenty of trouble in the long run) if you have control over your network before a migration, so a centralized DNS is key here as well. A good general doesn’t just let their troops fly off to battle before ensuring communications and commands are in place, right?
Little automation leads to big problems
As mentioned above, Shadow IT – DNS management systems that are pieced together by network admins – is a genuine security threat and not supportable long term. One of the biggest causes of this risk is that it simply takes too long for services to be provided. If a system has the right automation in place, however, then there’s no need to go about things this way. When adding and removing new compute happens quickly (and access is swift), then you avoid the chance that someone in your network will use an unauthorized resource.
When network teams have reliable, secure access to automated core services, they’re able to accomplish what they need to. The trouble with home-grown solutions is that they depend on the person who makes them – when that person moves on, you’re left with no support. In contrast, an agency running on an Enterprise DNS solution such as BlueCat will have an easier time growing in tandem with new needs. When the world is moving at lightspeed, you need to be able to keep up.
Traveling through hyperspace ain’t like dusting crops
While a non-integrated DNS may function just fine for current needs, extending a decentralized DNS infrastructure across on-prem and cloud environments can eventually cause some major distress. A centralized, automated Enterprise DNS solution like BlueCat is designed to work specifically with your agency’s needs for a successful migration. Just like you wouldn’t give a Wookie a hat meant for an Ewok, you wouldn’t shove your DNS into a solution that doesn’t fit.
Want more info on what we just discussed? Contact us to learn more about preparing your agency’s DNS for the cloud.