F5 and Infobloxdeliver complete secured DNS infrastructure<br />
F5 and Infoblox Announcement – March 1, 2010 <br />F5 and Infoblox partnership<br />Delivers complete secured DNS infrastr...
DNS Market Drivers<br />DNS is vulnerable<br />Cache Poisoning<br />Denial of Service<br />IP address proliferation due to...
Customer Challenges<br />DNS is complex and prone to error<br />DNS is the gateway to the applications and is highly criti...
F5 and Infoblox Solution<br />Fully integrated and complete DNS solution <br />Superior DNS management<br />Intelligent gl...
Real-time DNSSEC<br />F5 BIG-IP LTM/GTM<br />Pool of Infoblox<br />Appliances<br />DNS Query<br />DNS Query for WIP<br />G...
Primary Zone Master
Contains all BIND configs
Performs DNS Lookup
Send Response to BIG-IP</li></ul>OR<br />DNSSEC Response<br />Hardware<br />Cryptography<br />Optional FIPs<br />Key Stora...
Upcoming SlideShare
Loading in …5
×

F5 and Infoblox deliver complete secured DNS infrastructure

5,364
-1

Published on

F5 and Infoblox have partnered to develop a solution to simplify and speed deployment of the Domain Name System Security Extensions (DNSSEC). F5 and Infoblox together deliver the market’s only fully integrated and complete DNSSEC solution including high-performance DNS and GSLB functions, all supporting signed DNSSEC data. This provides customers a scalable, manageable, and secure DNS infrastructure that is equipped to withstand DNS attacks. The solution is a combination of Infoblox’s purpose-built appliances that deliver highly reliable, manageable and secure DNS services with built-in, automated DNSSEC features, and F5 BIG-IP Global Traffic Manager appliances optimized with hardware acceleration facilitating real-time signing of DNSSEC signature queries.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
5,364
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
148
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Difficult for customers to associate user, location, application, and network performance
  • TMOS:Receives requestsFilters based on typeRoutes requests to GTM or DNSLoad balances if pool is usedDoes real-time signingSends response to client LDNSGTM Module:Screens RequestsMatches the request against the GTM name list.GTM watches both LDNS requests and DNS responses, screening for a name GTM is configured to manageIf the request is for GTM initialy, GTM will answer instead of InfobloxIf the response from Infoblox is a GTM name, GTM will rewrite it appropriately
  • F5 and Infoblox deliver complete secured DNS infrastructure

    1. 1. F5 and Infobloxdeliver complete secured DNS infrastructure<br />
    2. 2. F5 and Infoblox Announcement – March 1, 2010 <br />F5 and Infoblox partnership<br />Delivers complete secured DNS infrastructure<br />High availability / scalability<br />Context-aware<br />Simplified DNS management<br />End-to-end security (DNSSEC) <br />
    3. 3. DNS Market Drivers<br />DNS is vulnerable<br />Cache Poisoning<br />Denial of Service<br />IP address proliferation due to IPv6<br />Scaling DNS services<br />Global Server Load Balancing (GSLB) increasingly deployed for DR and application performance<br />OPEX and management critical for enterprise IT<br />“The lack of DNS security not only makes the Internet vulnerable, but is also crippling the scalability of important security technologies. DNSSEC offers the most feasible solution to a serious threat.” <br />- Dan Kaminsky, Director of Penetration Testing at IOActive<br />
    4. 4. Customer Challenges<br />DNS is complex and prone to error<br />DNS is the gateway to the applications and is highly critical to operations<br />Application owners demand more context-aware delivery<br />Operational expense must be lowered while meeting end-user SLAs and uptime requirements<br />DNS is difficult if not impossible to “trust”<br />
    5. 5. F5 and Infoblox Solution<br />Fully integrated and complete DNS solution <br />Superior DNS management<br />Intelligent global server load balancing<br />High performance scalable DNS<br />Complete DNSSEC signing for all zones<br />Architecture options to fit any environment<br />“The combination of F5’s and Infoblox’s appliances provide enterprise customers an opportunity to build authoritative DNS infrastructure without giving up either global server load balancing or DNSSEC — it’s a no compromise solution.”<br /> – Cricket Liu, Infoblox VP of Architecture and author of O’Reilly book DNS and BIND<br />
    6. 6. Real-time DNSSEC<br />F5 BIG-IP LTM/GTM<br />Pool of Infoblox<br />Appliances<br />DNS Query<br />DNS Query for WIP<br />GTM<br />Module<br />TMOS<br />Real-time DNSSEC<br />TMOS signs the response after GTM selects the IP answer<br />Load Balancing<br />DNS Response<br />Real-time DNSSEC<br />Signing<br />Infoblox Appliance:<br /><ul><li>Superior DNS Management
    7. 7. Primary Zone Master
    8. 8. Contains all BIND configs
    9. 9. Performs DNS Lookup
    10. 10. Send Response to BIG-IP</li></ul>OR<br />DNSSEC Response<br />Hardware<br />Cryptography<br />Optional FIPs<br />Key Storage<br />
    11. 11. Infoblox Makes DNSSEC Quick and Easy<br />Administrators can implement organizational standards by configuring DNSSEC parameters at the Grid level, including NSEC3 and trust anchor records<br />Any zone can be signed with a single click by using the “Sign Zone” toolbar button<br />Single click to enable DNSSEC or enable validation of records for an external zone<br />Trust anchor configuration inherited from Grid level<br />Automatic maintenance of signed zones<br />New Zone Signing Keys are automatically generated when the current keys are due to be rolled over so Key rollover is transparent to the admin<br />Admins are automatically notified in the GUI when KSK rollover is required<br />
    12. 12. F5 and Infoblox Joint Solution: A Better Alternative<br />Three integration architectures:<br />Highly scalable, reliable<br />Combines superior GSLB and comprehensive DNS solution<br />Flexible, most secure DNS infrastructure<br />High availability and DR<br />Superior management removes likelihood of errors<br />
    13. 13. Summary: No More Compromises<br />Simplifies and speeds deployment of DNSSEC<br />Provides scalable, manageable, and secure DNS infrastructure<br />Ensures high performance and availability while mitigating DOS attacks<br />Enables deployment of reliable intelligent DNS systems, integrated GSLB, and secure DNS infrastructure <br />
    14. 14. Availability: Today<br />F5 BIG-IP Global Traffic Manager and DNSSEC module<br />Can be combined with Local Traffic Manager and optional FIPS hardware<br />Infoblox Appliance<br />F5 and Infoblox Integrated Architecture Guide<br />Delegation<br />Authoritative Screening<br />Authoritative Slave<br />
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×