Having talked about infrastructure and server virtualization quite a bit here, I’m sure you all are familiar with the fact that Nixu Products – DNS, DHCP and IPAM software appliances distributed as auto-installing ISO images – support VMware and XenSource virtualization platforms. After all, these two companies are our technology partners and the support is laid out quite explicitly at our website. However, what we haven’t talked much about, is the fact that as far as our software appliances are concerned, they actually install on ANY virtualization platform as long as it emulates (either by means of virtualization or paravirtualization) native x86 computing environment. This open ups some rather intriguing options for our customers going forward.
This week, one of our customers approached our helpdesk to ask how he should go about installing the software appliance version of Nixu NameSurfer Suite on Microsoft’s virtualization platform. Our technical team didn’t know because our own virtualization environment consists of VMware and Xen products, so they did a bit of testing. As it turned out, all Nixu Products run seamlessly on Microsoft Virtual PC 2007 too. Now, this is quite an advantage if your organization is Microsoft-platform-only kind of a house yet you’d like to find out ways to streamline and secure your DNS management and IP allocation processes and servers.
As some of you may know, Microsoft has announced that they will be releasing Hyper-V 180 days after Microsoft Server 2008 has been released to manufacturing. Assuming that Microsoft will continue to be able to hold on to their market share and that organizations will migrate from earlier Microsoft Server versions to version 2008, the greenfield opportunity for software appliances such as ours will explode. But, even more importantly, this move by Microsoft will actually allow organizations to hold on to their Microsoft Server platforms while opening up the door for more secure network environments: after all, by taking an advantage of the virtualization opportunity presented by Microsoft, different network services can be run side by side as dedicated (and therefore less vulnerable and more secure) virtual machines on a single physical platform.
Now how cool is that! 
As some of you may have already noticed, The Measurement Factory has published the results of their new October 2007 DNS Survey. While their previous study published in August 2006 showed that there were roughly 9,000,000 public DNS servers out there, it now seems that the number has increased by a healthy 30% to 11,700,000. That’s pretty impressive and makes DNS one of the fastest growing areas of TCP/IP networking.
After BIND 8 entered into end-of-life (EoL) in August 2007, it seems that the networking community has been busy migrating to BIND 9: according to the results, some 85% of DNS servers are now running the latest major version of BIND. Another interesting finding was that the percentage of Windows DNS servers has decreased to about 5% of the installed base. While the survey doesn’t speculate on the reasons for the lost share, we would assume it is at least in part related to the vulnerability discovered in Windows DNS servers last April.
While the migration to BIND 9 has probably improved the general security level of public DNS servers, what we found staggering was that more than 50% (52,1% to be precise) of DNS servers still allow recursive queries from anywhere. As the recursive DDoS attack of last February showed, this a serious network security threat that puts the entire Intenet at risk. Therefore, we strongly advice that all of you DNS admins out there configure your DNS servers securely: it’s not just the integrity of your own servers that’s at stake, but rather it causes an indirect threat on the stability of the entire Internet. In our view, this simply highlights the fact that managing and configuring DNS servers securely is not quite as trivial as is often thought.
If you are looking for easy and inexpensive ways to secure your DNS servers, please download Nixu Secure Name Server (SNS) for free evaluation today. Nixu SNS is a self-installing ISO image (software appliance) that auto-installs on your existing, clean x86 box or virtual machine in just 10 minutes. It includes a large number of security features on hardened CentOS platform such as secure default configurations, automated software updates (say no to vulnerabilities) and a built in Intrusion Detection / Prevention System. Oh, and you get a user-friendly WebUI in the same package too.
While centralized DHCP works nicely in network environments that are not geographically dispersed, it may become a problem in environments where DHCP servers are situated in various data centres or remote sites around the world. If your business operations rely on always being able to obtain a dynamic IP, imagine what happens if the connection between the centralized DHCP management point or server and the remote site goes down. This could happen for various reasons over which you have no control, yet before late your operations would come to a halt.
To ensure always-on DHCP setup, the network has to fulfill two criteria:
- Ideally, there should be at least two local DHCP servers in each network segment so that even if the connection to the main data centre is lost, mission-critical equipment in each segment will be able to obtain an IP. Further, by installing the two DHCP servers in failover mode, the operations will continue uninterrupted even if one of the servers in the failover pair fails.
- It should be possible manage the configurations on these two DHCP servers locally. This way, even if the connection to the main data centre was lost, it would be business as usual as the DHCP servers can be managed locally.
In the days of yore, a setup such as this would have been hugely expensive. However, now that you can implement it by running inexpensive, virtualization-ready software appliances such as Nixu DHCP Server on virtualization platforms, the costs will be significantly reduced as no dedicated hardware is required for each server. Oh, and you will be making savings in the electricity bills too!
Last week, we launched the new 1.5 version of Nixu Secure Name Server, the world’s first virtualization-ready DNS software appliance. To read the related announcement, please click here. The major features of this new version include a built-in SQLite database which boosts the scalability of Nixu SNS and has allowed our R&D to develop simplified tools for backing up and restoring the data residing on DNS servers. The new product release also incorporates a number of usability enhancements based on the feedback we have received from our customers.
And so, if you’re looking to virtualize your network services, this is a great place to start. Evaluation doesn’t cost you a penny and before you know it, you’ll have a secure, virtual DNS server up and running. That’s much easier than building up a new DNS server manually. And at $495 per server per year, it’s much more cost-efficient too. Especially as you will not need physical hardware for the DNS server installation.
Over and out.