It is common knowledge that hybrid cloud adoption is exploding, with Gartner predicting 90% of enterprises adopting hybrid infrastructure management capabilities by 2020. This growth includes increased use of the internet to deliver applications, sites and services to employees, partners and customers. As DNS is a foundation for application routing, it makes sense for DNS to be extended to public cloud.
DNS delivers a critical network service that allows users to reach online business applications, ensuring accessibility of services you offer. For hybrid cloud environments, deploying DNS servers only in-house brings limitations regarding internet visibility. Conversely, relying solely on DNS servers hosted in public cloud can have significant negative impact on resiliency, consistency control and security of DNS resources. As for all business-critical applications, the optimum solution is undoubtedly to move to a mix of in-house and public cloud DNS – a hybrid cloud DNS solution. However, recommendations such as those listed below need to be followed to ensure service availability, performance, security and efficient management of resources across the hybrid landscape.
SPoF’s & cyber attacks will make you invisible… and perhaps broke
When it comes to DNS in cloud environments, internet visibility is essential for ensuring availability of your business-critical services/website at all times. First and foremost, single points of failure (SPoF) must therefore be avoided. Relying only on a single public cloud DNS provider for internet visibility is a risky business. How can you ensure 100% availability for accessing all your services (intranet, supplier portal etc.) or website if your public cloud hosted DNS server a) goes down or b) suffers a cyber attack ?
Losing DNS services could significantly impact a business’s profitability. Imagine the case of an automobile vendor whose business portal is accessed by suppliers as well as customers. If the company relied only on a public DNS server for access to their portal, and the DNS server went down just for an hour or so, all users would lose visibility to the site. As the average cost of downtime is around $22,000 per minute (Ponemon Institute study), the results to the company’s bottom line and brand image would be catastrophic.
Because of the fundamental role they play in IT infrastructure, DNS servers are constantly exposed to internet-based attacks – a threat enhanced by the proliferation of non-secure IoT devices. The consequences can be dire, as was the case when public DNS provider Dyn was attacked in 2016 causing inaccessibility to websites of some of the most sophisticated organizations on the planet
How consistent is your data?
Businesses moving or already moved to hybrid cloud DNS often ask questions around how to overcome the complexity of managing both internal & public DNS ? Amazon Route 53 DNS service offers limited support beyond pure AWS environments, which means enterprises cannot create a single, unified DNS-DHCP-IPAM (DDI) solution to serve their entire enterprise with Route 53 alone.
Having a lack of visibility across the hybrid cloud means that the IT manager is forced to use several tools to access DNS and IP address data. This leads to inconsistencies in the DNS and IP address space across the enterprise, as well as making network planning more difficult.
Stay available and control your landscape
Hybrid clouds are here to stay for many years. To ensure availability, performance, security and ease-of-management, it is imperative to:
- Eliminate single points of failure – implementing a hybrid cloud DNS architecture guarantees 100% availability for both public and private services. DNS lets you use multiple servers to host your DNS zones – servers that can all be accessed simultaneously. Further security is provided by the fact that internal DNS will often be running a different DNS engine to public DNS, thus protecting against zero-day attacks.
- Maximize customer experience & meet SLAs – by providing multiple access points and duplicating DNS records across them. SLA and customer experience is greatly improved by routing end users to the AWS region that provides the lowest possible latency. This can be further improved by duplicating DNS records across multiple points of presence via Anycast functionality, allowing you to access a DNS server much closer to you.
- Unify operational management across your hybrid landscape – implementing an integrated DDI solution provides a centralized, global view, with consistent, automated configuration to keep your DNS servers in sync. Advanced DDI’s, such as the one offered by EfficientIP, are able to integrate with the Route 53 DNS service to provide a centralized console to manage combinations of on-premise, AWS public cloud and private cloud deployments. This brings complete visibility, consistent & error-free DNS records, reduced time and cost of configuration modifications, and rapid distribution of your DNS services across worldwide locations. Adding 1-click reversibility provides an easy way to test a cloud infrastructure and revert to in-house in one quick step.
Always up and running
It is industry best practice to not rely on a single technology, in order to avoid any single point of failure, so why not apply this best practice to DNS architecture. To future-proof your cloud strategy beyond AWS, it would be wise to select DNS solutions which are cloud-agnostic, with multi-vendor support for virtualization and orchestration. Furthermore, by leveraging internal DNS Security solutions as part of a comprehensive strategy to protect against cyber attacks and data theft, your business is sure to stay always up and running.
For more details on SOLIDserver DNS Cloud, have a look to the datasheet "Secure DNS Infrastructure in the Internet Environment"SOLIDserver DNS CLOUD