Centralised DNS / DHCP for County Wide NHS Trust deployment
Created on 14.1.2008
Fleet, Hampshire, UK – 14th January 2008 – Khipu Networks complete centralized External and Internal DNS and DHCP Project for the Sussex Health Informatics Services (HIS) to support county wide NHS Trust sites consisting of over 270 sites within Sussex.
Challenges: Needed 24x7 core network services reliability and security
Khipu Solution: Designed a “HIS” specific centralized DHCP and DNS solution, based on “Infoblox appliances” for:
- Nonstop DNS and DHCP service delivery
- Increased scalability of wireless service
- Reduced administration overhead
- Greater visibility and control of DHCP clients
- Integration with Microsoft Active Directory
The Project
The Sussex Health Informatics Service (HIS) commenced a significant overhaul of its IT infrastructure, working towards centralization of IT services for all its customer organizations. This requires a unified approach to networking, security and application delivery to ultimately increase the level of patient care across Sussex.
Part of this forward-thinking ethos is a Community of Interest Network (COIN) that provides a Gigabit-speed WAN, linking core node sites to over 270 National Health Service (NHS) sites in Sussex. The COIN is being leveraged to provide common network services, including a single global Microsoft Active Directory repository. It also will serve as the backbone to eventually deliver IP Telephony services for all the NHS sites.
This consolidation and centralization of network services was a daunting task. Microsoft Active Directory (AD) is the distributed directory service and the information hub of Microsoft Windows Server 2003 and 2000 Server operating systems. AD provides critical services such as Windows login, and also supports a wide range of directory services for Microsoft applications. Two core network services upon which Active Directory relies are the Domain Name Service (DNS) and Dynamic Host Configuration Protocol (DHCP).
DNS and DHCP are provided as part of Microsoft AD and are often deployed on Microsoft Domain Controllers along with other services, such as print and file sharing. However, loss of these services results in loss of Microsoft application services (e.g. Windows Domain Logon, Exchange, file and print sharing) and also impacts all non-Microsoft applications (e.g. Unix) that utilize DNS services. As a result, the security and availability of DNS and DHCP services is especially critical.
Previously, many of the 270+ sites across Sussex were running Microsoft NT4 Domain Controllers. But, to achieve the levels of reliability and central manageability the team required to support the COIN, Sussex HIS set out to migrate all the sites to a resilient appliance-based platform.
Mark Walker, infrastructure consultant for the Sussex HIS team and responsible for the project commented: “Leveraging the Microsoft Domain Controllers, we previously found that DNS and DHCP services were often a source of network downtime.”
The Solution
As a result, Khipu Networks suggested the use of purpose-built Infoblox-1550 appliances, which provide a unified platform for DNS, DHCP, IP address management (IPAM) and other services, such as network time. The Infoblox appliances provide a migration path as well as many high availability features to ensure core network services are always available. The Sussex HIS team deployed eight Infoblox-1550 appliances in three consecutive days without any interruption to their network uptime. They are now able to migrate sites onto their centralized network whenever they require.
Infoblox’s appliances – certified and recommended by Microsoft as a certified Microsoft partner – are purpose built to provide non-stop availability of standards-based, Microsoft-compatible DNS and DHCP services, among others. The appliances are based on the security-hardened Infoblox NIOS™ operating system, which allows no root access and presents no unnecessary open ports.
Infoblox appliances are easy to install and manage and can load updated software with a single click. They also provide extensive built-in support for high-availability, delegated management, logging and auditing. Collections of Infoblox appliances can be easily linked into robust grids that extend these capabilities across a distributed enterprise while providing centralized management. These features, combined with transparent integration with Microsoft Active Directory make Infoblox appliances an excellent choice for offloading DNS and DHCP services from Domain Controllers.
The Result
Mark Walker commented: “We found Khipu Networks’ approach innovative. They suggested the use of Infoblox-1550 appliances so that the Sussex HIS could unify DNS, DHCP, IPAM and network time. We worked with Khipu Networks in a design workshop where our Microsoft, infrastructure and security teams discussed the minimum and ideal requirements for core network services. We were impressed by their understanding of our requirements and the related recommendations. Since installing the Infoblox devices that Khipu recommended, we have a more effective, available, secure and resilient solution that also decreases the administration overhead for us. The Infoblox appliances are essential to delivering our vision and requirements for the COIN.”
In conclusion, the Infoblox solution has positively impacted the successful implementation of the COIN and is a key infrastructure component to enabling additional applications in the future, like IP Telephony.
If you are considering centralized and resilient DNS/DHCP/IPAM this year and would like to speak any of our customers regarding Infoblox and their experiences, please contact Khipu Networks.
About Khipu Networks - www.khipu-networks.com
Khipu Networks are a UK based advanced systems integrator, focusing on supplying innovative secure compliant infrastructure solutions across the public and private sector. The company is a leading adopter of new and best in breed technology, expert technical staff ensure that customers get the solutions they need, when they want them and how they need them. The ethos is to ensure that the customer has the edge on the security and compliance of their network and not the attacker.
Hampshire based Khipu Networks Ltd are the security division of the White Clarke Group of companies.
Specialist Reseller of the year - CRN Channel Awards 2007
For further information, please contact Khipu:
- T: 01252 773184
- Register Your Interest and one of our consultants will contact you. Click Here
Khipu Networks Limited
