Core network services: Breaking down the disconnect

Core network services are critical to network and applications performance, but many companies are taking an ad hoc approach to DNS and DHCP.

Core network services are critical components of nearly every transaction that crosses the network. But many companies are still using a siloed approach when it comes to services like DNS, DHCP, IPAM, and RADIUS.

And while breaking down that disconnect may sound like quite an undertaking, experts agree that simplifying administration of core network services and better integrating them can save huge headaches down the road.

The Enterprise Strategy Group recently surveyed more than 200 enterprise IT representatives responsible for purchasing or managing network infrastructure and services to assess current core network services infrastructure, related management issues and applications. And while most respondents noted that core network services are critical, more than 50% said they had experienced an outage of one or more of their core network services in the previous year.

The survey also revealed that more than half of respondents classified DNS -- the naming service required for Web clicks and email and for Active Directory, ERP and CRM applications -- and DHCP -- which addresses services and is the first step before any device can connect to a network -- as "extremely critical" for their IP telephony performance, manageability and reliability.

Further, 75% of users noted that restoring DNS is "extremely critical" with regard to resuming normal business operations as part of a disaster recovery response.

Regardless of these responses and the implied criticality of core network services, the majority of respondents said they still use ad hoc combinations of software on servers to deliver DNS and DHCP.

Jon Olstik, senior analyst with the Enterprise Strategy Group, said using an ad hoc combination isn't necessarily wrong, but it can introduce some challenges.

"[There's nothing wrong with using an ad hoc approach] in general, but it gets dicey when you start to scale your infrastructure," Olstik said. "Windows boxes need to be patched and are often managed by different groups who have administrator access to the system. Purpose-built appliances can really simplify the network infrastructure and operations."

Still, Olstik said, a unified approach to core network services creates an environment of "operational efficiencies, improved security and strong auditing. Auditing is pretty poor in many products and this doesn't work in a regulated industry."

Stuart Bailey, CTO and founder of Infoblox, a vendor that makes tools to integrate core network services, said ad hoc combinations create a disconnect that cannot withstand the new demands of advanced IP network applications like VoIP and network access control (NAC). And since DNS, DHCP, RADIUS and other services are necessary to ensure that the network and its applications are running smoothly, any failure in an ad hoc scenario can bring both the network and its applications to a screeching halt.

"Core network services are the glue that binds together networks, users, devices, applications and policies," Bailey said. "They need to be managed like a single enterprise infrastructure. [Companies need to] look at it as a unified infrastructure and look for appliances to manage that complexity. It's not about connecting the dots anymore."

Bailey said many organisations still rely on legacy core network services systems, which typically include multiple siloed instances of general-purpose servers with freeware. These solutions have grown organically but can't withstand the new network demands of new applications such as VoIP and NAC. The problem is compounded when companies tackle mobility, convergence, security and compliance initiatives that demand a cohesive and systematic approach to core network services to ensure increased reliability, visibility and control over who is on the network, when they're on the network, what they are accessing, and which devices they're using.

Olstik said VoIP, NAC and other new applications introduce challenges because VoIP, for example, greatly increases the pool of IP addresses needed.

"Every IP phone needs an IP address, so you immediately double the IP address management effort," he said. "NAC has to know what type of device it is talking to, so it involves different policies, processes and configurations. IF NAC is used for identity-based networking, then core network services have to be integrated with Ethernet switches as well."

Forrester Research senior analyst Robert Whiteley agreed. In a recent report, Whiteley discussed core network services. He said that today's networks provide the dial tone of IP but that most companies fail to invest in the infrastructure necessary to support that dial tone.

"Forgotten services like DHCP, DNS and RADIUS are critical network services components that dictate availability," Whiteley wrote. "Yet most are woefully out of date, stagnating on non-enterprise-grade infrastructure, with few security mechanisms. To prevent your network from becoming an IT bottleneck, you must build a utility-grade network, one where devices and services just plug in and work. How? By first transitioning your services off commodity hardware to newer appliances and, secondly, investing in the proper IP address management (IPAM) tools."

But many organisations are still unsure of how to tie core network services together and often discover too late that an unstable core network services infrastructure can compromise application performance. Usually, that shaky infrastructure is discovered after an implementation like VoIP or NAC is rolled out.

"To prevent this and establish a solid foundation for future advanced applications deployment, enterprises should proactively take into consideration core network services infrastructure, ensuring that the house foundation is sound before adding a third story or undertaking a serious remodel," Bailey said.

Olstik said solutions like those offered by Infoblox can ease the burden.

"They can choose a third party like Infoblox or go with a Windows solution," he said. "Infoblox has some advantages in terms of scale, management and operations. Windows will improve its network services functionality in Windows Server 2008."

Whiteley said, however, that a lot of the disconnect of core network services can be solved by re-evaluating who within an organisation owns those services. He said designing a purpose-built infrastructure is key, but if that infrastructure's management is scattered across the board, managing it will be difficult.

Getting the right person in charge of the right things is imperative, Whiteley said.

"You have to assign ownership," he said. "Is it the server group or the networking group?" He added that companies need to inventory and evaluate the services they're using, how they're using them, and how prevalent those services are. If they have hundreds of DNS servers and dozens of servers running DHCP, it can create a sort of "perfect storm."

"Network services are not exciting, but they are still the infrastructure services you need to secure and route traffic," he said. "For disaster recovery, VoIP and IPv6, you need more reliable network services. They have to be there and available because you're putting more stress on the network. The key is to get centralised control but distributed execution."

Like Infoblox, other vendors such as BlueCat and INS (which was recently acquired by BT) make solutions to help centralise core network services, Whiteley said.

Bailey recently created a set of tips and best practices concerning core network services that companies should follow before taking the plunge with new applications like VoIP and NAC.

First, Bailey said, companies need to assess their current core network services infrastructure. This involves identifying all applications that depend on core network services; determining the reliability levels needed for optimal application performance; determining the manageability required to meet compliance, network usage and security initiatives; assessing resources required to maintain core network services; reviewing future network expansion plans; and identifying all shortcomings of the current approach.

Second, organisations should establish a single department owner and strategy for addressing legacy core network services' shortcomings, Bailey said. With core network services, too many owners can often lead to no one claiming responsibility and a lack of initiative to drive necessary upgrades.

Lastly, companies need to research the tools and products available to address next-generation needs. New core network services systems and appliances offer reliability; a way to automate many functions, such as DNS record changes, which can reduce administrative overhead; and data-driven models that increase enterprise-wide visibility, management, control and integrity.

These steps, Bailey said, can "highlight the current complexity of the situation."

Olstik added that companies should "take an architectural approach and think strategically in terms of scale and applications. This is especially useful when consolidating IT assets. Core network services need to be rock-solid or the network becomes useless. Large organisations have to think through core network services, disaster recovery and QoS as part of any large networking project."

Bailey cautioned, however, that updating the core network services infrastructure in one fell swoop may only create more complexity.

"The big-bang theory doesn't work here," he said. "You have to plot a course for managing the complexity over time. You have to start somewhere and verify that you're not just increasing the complexity."


Read more on Data centre networking