The Infoblox ID Grid platform is a system for running core network services over a firm’s local and distributed network infrastructures. These core services include: the Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), IP Address Management (IPAM), Remote Access Dial-In User Service (Radius) and Trivial File Transfer Protocol (TFTP). An Infoblox ID Grid comprises appliances connected via Ethernet using the vendor’s Keystone package. This type of appliance-based architecture is intended to offer far greater resilience than the DNS/DHCP services bundled for free with Windows-based servers.

Each Infoblox appliance has a DNSone module for delivering integrated DNS and DHCP services and an onboard XML-based database, called bloxSDB, for storing information about the devices that require network services, such as desktop systems, web servers, IP phones and wireless access points. For example, it records which systems require static IP addresses, which require dynamic IP addresses, and which systems need authentication before they can be accessed, for instance, through a Radius server.

The central point of control for the grid is provided by a system or systems located at headquarters or in a datacentre or in a network operations centre. This unit is called the Grid Master, and although it can also serve up core network services locally, it also synchronises the information contained in the distributed appliances’ databases and provides monitoring and reporting functions for the entire grid. All communications between appliance members of the grid and management by network administrators uses certificate-based authentication and Secure Sockets Layer (SSL) encryption.

We reviewed Infoblox’s ID Grid platform using four appliances configured to simulate a central headquarters site with two branch offices. For this we used a pair of Infoblox-1550 appliances, which are designed for enterprise envi ronments, and a pair of Infoblox-550 systems, which are aimed at branch offices. Both systems are 1U appliances that can fit neatly into 19in racks in datacentres or wiring closets. The Infoblox-1550 features an Intel dual-core 3.2GHz processor, 4GB of system memory and a 300GB serial ATA (Sata) hard drive. Infoblox also sells a 1552 model, which has redundant, hot swappable power supplies. The network interfaces on the 550 and 1550 models are the same, comprising one standard console port, two Gigabit Ethernet LAN ports, a Gigabit Ethernet high-availability port and a 10/100Mbit/s management port.

We configured the two Infoblox-1550 systems as a high-availability pair for increased resilience, and nominated one of these as the Grid Master. The other 1550 appliance is designated the Master Candidate, and remains passive until the active appliance fails or starts a firmware upgrade. At this point the Candidate is promoted to Grid Master.

Initial set-up was done using the front-mounted console port on the Grid Master appliance. Infoblox appliances run under the Network Identity Operating System (Nios). Initially we used Nios 4.0r1, but later during our tests we upgraded to 4.1r2, a process that at first seemed quite complex but was in fact very easy, and involved no visible loss of service to our network devices.

Nios 4.1r2, which was released in March, adds features that network administrators may find useful, such as support for secure dynamic DNS updates from Microsoft client systems and support for DHCP API add-ons for Alcatel-Lucent’s VitalQIP IP address management software.

Installing an upgrade involves using the separate partition on the Master Candidate’s hard drive and copying the files onto that partition. The upgrade is then launched on the Master Candidate, which effectively becomes a guinea pig system for the upgrade. If the upgrade is successful, this system is designated the Grid Master and it can then upgrade the rest of the appliances over the ID grid. After the upgrade, we defined subnets for the branch office Infoblox-550 appliances and connected them to our datacentre pair.

After this we connected our management device – a laptop running Windows XP Professional – and downloaded Infoblox’s ID Grid Manager Java client. The management software is very simple to use. With just a few mouse clicks network administrators can easily define DNS zones, DHCP address pools and lease times, and add clients requiring, for example, TFTP or Radius services. The fact that the Infoblox grid system is hierarchical meant that we could apply DHCP options across all our appliances. Local administrator accounts can be set up to allow individual appliances to be tweaked, however.

We were disappointed with the reporting services available to administrators, which seemed pretty basic. We could view the system log and define a syslog server to take system messages and process audit log messages, as well as set systems to take Simple Network Management Protocol (SNMP) alerts. But with compliance issues becoming more and more important, Infoblox needs to improve these reporting functions.

The vendor said an upgrade scheduled for later this year should address this issue.