How DNS Management Can Resolve Today’s DevOps, SecOps and NetOps Conflicts
NS1 sponsored this post.
IT admins during the data center era were often responsible for maintaining the server infrastructure as much as they were in charge of ensuring LAN and even WAN network connections, including the DNS, DHCP and IP address management (DDI). Their jobs might even involve ensuring that the data center’s heating, ventilation, and air conditioning (HVAC) systems and power supplies were working as they should.
However, IT operations have since shifted away from being infrastructure-centric to application development-centric, especially for deployments in highly distributed cloud environments.
Today, as organizations increasingly seek to speed up the cadence of developing and deploying software, the status quo of DDI tools that many NetOps teams continue to use often remains outdated. This is because these tools were largely designed to maintain infrastructure- and not application development-centric operations. DevOps and SecOps teams, meanwhile, often rely on processes that are sometimes incompatible in key ways in this context.
“Any organization that has not pulled its Dev, Net and SecOps teams together by now will struggle” — Clive Longbottom, Clive Longbottom and Associates.
In his keynote during NS1’s INS1GHTS2020 virtual summit, Jonathan Sullivan, NS1 chief technology officer and co-founder, said DevOps, NetOps and SecOps consequently have network-related conflicts — but he also described how they issues can be resolved.
“These are teams that are working on high-velocity deployment and continuous integration/continuous delivery (CI/CD) and, all of these teams are kind of at odds when it comes to managing DDI or DNS infrastructure because they all want different things from it,” Sullivan said. “One of the real challenges that DevOps and SecOps teams are facing is that once the DevOps team gets some IP addresses or once they just carve out some… space and deploy Kubernetes, all of a sudden SecOps loses all visibility into that and then NetOps is no longer required.”
One for All
The containerized platform NS1 provides “is able to sort of play nicely with all of these [DevOps, SecOps and NetOps] groups, and give them levers to pull and coexist,” Sullivan said.
“Our platform gives all of these teams visibility and tools and automation frameworks so that they can coexist alongside each other,” Sullivan said.
The idea, Sullivan said, is to allow organizations to adopt the platform so it meets its customers deployment needs “wherever they’re deployed,” including if they are entirely on-premises, in data centers, or within multicloud and serverless environments. “You can just download the containerized version of our full platform and deploy that behind the firewall and use that to augment or replace traditional DDI solutions or open source DNS solutions.”
One of the “key differentiators” for the NS1 platform is it’s ‘the same technology that powers all of this stuff,” Sullivan said. “So, your team learns one platform. It’s able to service all of your use cases: internal, external and private cloud.
“You can automate and learn and get services for any one of these things,” Sullivan said. “It solves use cases across all of the places where you might have applications on your infrastructure.”
Indeed, NS1 “is right in what it says,” Clive Longbottom, an analyst for Clive Longbottom and Associates, said, since traditional DDI tools “are no longer really fit for purpose.
“It does make sense for organizations to take on tools that help in managing the environment both internally and — as far as is possible — externally,” Longbottom said.
With a modern hybrid platform where workloads may move from one area to another, having DDI tools does allow for IP addresses to be maintained with the DDI tool managing the physical or logical target, Longbottom said.
“These tools also allow developers to create code that works without the need to reset any addresses from one part of the platform to another, as the development area can be cordoned off from the operational environment with the same IP addresses in use on both environments — that is, if an organization is stupid enough to want to do things that way,” Longbottom said. “The capability to load balance, to migrate, to redirect and do everything else that a bog-standard physical DNS/DHCP environment cannot do is well worth looking at even without thinking about how it can also help in the needs of a highly dynamic, virtualized, microservices-based environment.”
The concept behind the NS1 solution is to also help to facilitate collaboration and remove any conflict between the respective DevOps, SecOps and NetOps teams. Indeed, “any organization that has not pulled its Dev, Net and SecOps teams together by now will struggle,” Longbottom said.
“There is a need for modern IT platforms to be designed, built and maintained as a single platform. You cannot layer security on top of apps developed by development, who cannot layer their apps on top of a highly virtualized platform without making sure that everything is glued together as required,” Longbottom said. “Apps need to understand the network; security needs to permeate throughout everything to maintain data/information security. Any concept of a ‘team’ within IT has to be cognizant of all aspects of what is needed — and must work hand in glove with each other to maintain the capabilities and deliver on the promise of the overall platform.”
Feature image via Pixabay.
