Network Optimization

Increased Mission Capabilities for IS Technicians and Unified IP Address Management Database

CHALLENGE: Defense Logistics Agency (DLA) struggled to maintain the confidentiality, integrity, and availability of Domain Name System (DNS) data spread across over 190 systems in 14 domains, with over 400 system administrators. The lack of unified administration and visibility often resulted in system outages and/or hindered the ability of technicians to resolve such outages.

SOLUTION: NES discovered and documented DLA’s existing DNS and Dynamic Host Configuration Protocol (DHCP) infrastructure design. NES collected analyzed all the appropriate network statistics to select appropriate deployment locations for the servers and the services around the world. NES created detailed design documentation specifying the location, functionality, and size of all deployed appliances. NES then deployed appliances as specified in the final design to establish a globally distributed database and updated the current network design drawings. NES worked with local administrators to collect all DNS and DHCP data for the specified domain, analyzed DNS zones and records for consistency and correctness, prepared a detailed migration plan per domain and performed migration one domain at a time. All DNS and DHCP data was verified. The design included a single anycast IP address that all DLA systems use for DNS resolution, DHCP failover associations for all networks to ensure 99.999% availability of DHCP services. The design provides for an automated deployment and management of Domain Name Security Extensions (DNSSEC) with centralized management and auditing capabilities, the ability to control delegated permissions, with a secure recursive architecture to minimize attack vectors into the agency.

RESULT: NES Associates migrated all of DLA’s DNS and DHCP data from 190 systems to 23 appliances using a distributed database architecture capable of sustaining maximum availability, security, and accuracy. The combination of migrating DNS and DHCP to a single distributed database resulted in increased mission capabilities for information systems technicians across the enterprise, and developed a unified IP address management database for DLA. The resulting solution supports in-service software and hardware upgrades, centralized and delegated administration, powerful auditing capabilities, decreased mean time to restoral (MTTR), improved availability, and established a highly secure Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG) complaint architecture.