• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
F5 and Infoblox deliver complete secured DNS infrastructure
 

F5 and Infoblox deliver complete secured DNS infrastructure

on

  • 6,365 views

F5 and Infoblox have partnered to develop a solution to simplify and speed deployment of the Domain Name System Security Extensions (DNSSEC). F5 and Infoblox together deliver the market’s only fully ...

F5 and Infoblox have partnered to develop a solution to simplify and speed deployment of the Domain Name System Security Extensions (DNSSEC). F5 and Infoblox together deliver the market’s only fully integrated and complete DNSSEC solution including high-performance DNS and GSLB functions, all supporting signed DNSSEC data. This provides customers a scalable, manageable, and secure DNS infrastructure that is equipped to withstand DNS attacks. The solution is a combination of Infoblox’s purpose-built appliances that deliver highly reliable, manageable and secure DNS services with built-in, automated DNSSEC features, and F5 BIG-IP Global Traffic Manager appliances optimized with hardware acceleration facilitating real-time signing of DNSSEC signature queries.

Statistics

Views

Total Views
6,365
Views on SlideShare
6,353
Embed Views
12

Actions

Likes
1
Downloads
123
Comments
0

1 Embed 12

http://www.slideshare.net 12

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Difficult for customers to associate user, location, application, and network performance
  • TMOS:Receives requestsFilters based on typeRoutes requests to GTM or DNSLoad balances if pool is usedDoes real-time signingSends response to client LDNSGTM Module:Screens RequestsMatches the request against the GTM name list.GTM watches both LDNS requests and DNS responses, screening for a name GTM is configured to manageIf the request is for GTM initialy, GTM will answer instead of InfobloxIf the response from Infoblox is a GTM name, GTM will rewrite it appropriately

F5 and Infoblox deliver complete secured DNS infrastructure F5 and Infoblox deliver complete secured DNS infrastructure Presentation Transcript

  • F5 and Infobloxdeliver complete secured DNS infrastructure
  • F5 and Infoblox Announcement – March 1, 2010
    F5 and Infoblox partnership
    Delivers complete secured DNS infrastructure
    High availability / scalability
    Context-aware
    Simplified DNS management
    End-to-end security (DNSSEC)
  • DNS Market Drivers
    DNS is vulnerable
    Cache Poisoning
    Denial of Service
    IP address proliferation due to IPv6
    Scaling DNS services
    Global Server Load Balancing (GSLB) increasingly deployed for DR and application performance
    OPEX and management critical for enterprise IT
    “The lack of DNS security not only makes the Internet vulnerable, but is also crippling the scalability of important security technologies. DNSSEC offers the most feasible solution to a serious threat.”
    - Dan Kaminsky, Director of Penetration Testing at IOActive
  • Customer Challenges
    DNS is complex and prone to error
    DNS is the gateway to the applications and is highly critical to operations
    Application owners demand more context-aware delivery
    Operational expense must be lowered while meeting end-user SLAs and uptime requirements
    DNS is difficult if not impossible to “trust”
  • F5 and Infoblox Solution
    Fully integrated and complete DNS solution
    Superior DNS management
    Intelligent global server load balancing
    High performance scalable DNS
    Complete DNSSEC signing for all zones
    Architecture options to fit any environment
    “The combination of F5’s and Infoblox’s appliances provide enterprise customers an opportunity to build authoritative DNS infrastructure without giving up either global server load balancing or DNSSEC — it’s a no compromise solution.”
    – Cricket Liu, Infoblox VP of Architecture and author of O’Reilly book DNS and BIND
  • Real-time DNSSEC
    F5 BIG-IP LTM/GTM
    Pool of Infoblox
    Appliances
    DNS Query
    DNS Query for WIP
    GTM
    Module
    TMOS
    Real-time DNSSEC
    TMOS signs the response after GTM selects the IP answer
    Load Balancing
    DNS Response
    Real-time DNSSEC
    Signing
    Infoblox Appliance:
    • Superior DNS Management
    • Primary Zone Master
    • Contains all BIND configs
    • Performs DNS Lookup
    • Send Response to BIG-IP
    OR
    DNSSEC Response
    Hardware
    Cryptography
    Optional FIPs
    Key Storage
  • Infoblox Makes DNSSEC Quick and Easy
    Administrators can implement organizational standards by configuring DNSSEC parameters at the Grid level, including NSEC3 and trust anchor records
    Any zone can be signed with a single click by using the “Sign Zone” toolbar button
    Single click to enable DNSSEC or enable validation of records for an external zone
    Trust anchor configuration inherited from Grid level
    Automatic maintenance of signed zones
    New Zone Signing Keys are automatically generated when the current keys are due to be rolled over so Key rollover is transparent to the admin
    Admins are automatically notified in the GUI when KSK rollover is required
  • F5 and Infoblox Joint Solution: A Better Alternative
    Three integration architectures:
    Highly scalable, reliable
    Combines superior GSLB and comprehensive DNS solution
    Flexible, most secure DNS infrastructure
    High availability and DR
    Superior management removes likelihood of errors
  • Summary: No More Compromises
    Simplifies and speeds deployment of DNSSEC
    Provides scalable, manageable, and secure DNS infrastructure
    Ensures high performance and availability while mitigating DOS attacks
    Enables deployment of reliable intelligent DNS systems, integrated GSLB, and secure DNS infrastructure
  • Availability: Today
    F5 BIG-IP Global Traffic Manager and DNSSEC module
    Can be combined with Local Traffic Manager and optional FIPS hardware
    Infoblox Appliance
    F5 and Infoblox Integrated Architecture Guide
    Delegation
    Authoritative Screening
    Authoritative Slave