SOLIDserver 8.1: Simplifying Multi Cloud Management and App Access Control

The Release 8.1 of SOLIDserver enhances multi cloud agility and efficiency for organizations by simplifying and automating cloud management, as well as enabling zero trust network security by improving application access control with simpler microsegmentation.

With the addition of Google Cloud Platform (GCP) to AWS and Microsoft Azure, organizations are given the capability to move more easily between individual cloud providers according to their business needs, helping avoid cloud lock-in.

And on the network security side, the new release incorporates innovative tag-based filtering to dramatically simplify app zoning. The result is a unique solution for controlling app access at the DNS level, hence at the earliest point in the traffic flow, thus preventing the spread of attacks.

The main features introduced with Release 8.1 include the following:

1. IPAM Sync for Google Cloud Platform: Simplifying NetOps Management

After AWS and Azure, the IPAM Sync feature now supports Google Cloud Platform (GCP), in order to add visibility in the IPAM of resources deployed across the GCP ecosystem. The IPAM regularly connects to GCP for collecting all information about networks and endpoints and synchronizing this information into the IPAM. Each synchronization iteration creates, updates and deletes objects from the IPAM in order to accurately reflect what is currently present on GCP.

Being capable of discovering networks and IP-related resources deployed across Microsoft Azure, AWS and GCP, SOLIDserver 8.1 is able to gather all data deployed across the different cloud platforms into one single place. Consequently, visibility, agility, consistency control and reporting are enhanced, thus further simplifying NetOps management from a single pane of glass. The consolidation of the IPAM data and metadata allows many new usages around automation and security compliance.

2. DNS Cloud Private Zone Management: For Robust Multi Cloud

A new extension to the DNS Cloud product allows SOLIDserver to manage private zones with Azure DNS and Amazon Route 53. This builds on the existing unified management of AWS and Microsoft Azure public DNS services, ensuring robust multi cloud architectures and cross-platform automation capability.

New usages are opened up for organizations who use hybrid cloud or multi cloud architectures, in areas such as disaster recovery planning (DRP).

3. DNS Guardian Client Query Filtering: Extending Security Policies

The Client Query Filtering (CQF) feature included in DNS Guardian has been enhanced with “tag” filtering. Tags can be associated with any list record and policies can now use joining/matching functions to use these tags in order to include/exclude records from lists.

CQF is used to enable or disable client to application DNS resolution and therefore the traffic which follows (if a DNS request is not answered, the client will not have direct access to the app). This feature can be used to enforce security, provide zoning between clients (end devices and application servers), and apply zero trust principles to the network. As a result, CQF becomes a valuable complement to any other application protection mechanism, including firewalling which applies security at the connection level (DNS resolution occurs before that, so provides a much earlier security barrier for preventing lateral movement of attacks).

Adding tags and specific operators enhances CQF security by extending the policies applied to the resolution process. It also allows the number of lists used in the policy to be reduced, as each list can be refined by adding tags to any record.

This new functionality introduced in SOLIDserver 8.1 makes many new use cases possible, particularly around IoT security, SaaS app access control, Shadow IT detection and Parental Control.

4. Security Event Forwarding

The existing Event Forwarding capability already lets user tracking messages be pushed to the ecosystem. The purpose of the new Security Event Forwarding feature is to be able to push security-related events contained in system log files to the ecosystem.

The push principle is the same as for the event forwarding, with either http/https messages (e.g. API calls) or redis publication (message bus). The message categories currently available are: dns-firewall (RPZ matches), gslb health check results, dns (including Guardian) and authentication.

Initial use cases for NetSecOps teams can be based around forwarding of events at the DNS level (firewall hits and Guardian arming/disarming like messages).

Other features and enhancements in the new SOLIDserver 8.1 release include:

• IPAM Raw Data Import/Export:
  • This new version of the import/export feature allows users to be able to either transport data from one IPAM to another (without having to use the backup functionality) or to manipulate data in order to perform mass updates.
• DHCP SuperScopes for Microsoft DHCP Overlay
  • Align the shared networks management available for SOLIDserver and BIND packages/overlay with the Microsoft DNS overlay. The shared network object allows the allocation of multiple DHCP scopes to the same broadcast network.
• IPv6 Prefix Delegation Observability
  • Particularly useful for capacity planning of telcos, this feature allows observability of the used prefixes from the initial configuration. When using DHCPv6, it is possible to delegate to a user facing CPE (Customer Premise Equipment) the ability to distribute addresses from one or multiple prefixes.