While Whirlpool focuses on the business of making kitchen and laundry appliances, lead network engineer Gregory Fisbeck keeps his eye on thousands of IP addresses.
With some 80,000 employees and 200 locations worldwide, Whirlpool network staff has always had its hands full managing multiple DNS zones and thousands of IP addresses. But last year’s acquisition of Maytag increased Whirlpool’s eight or nine DNS zones under management to some 16, shining a spotlight on a much-needed operational upgrade, Fisbeck says.
“The workload not only increased, it literally doubled, and we don’t have staff dedicated solely to managing DNS and IP addresses.”
IP address management — long an IT task pushed to the back burner at many companies — was perceived no differently at Whirlpool, Fisbeck says.
“I think a lot of people mistakenly discount the criticality of DNS,” he says. “Without DNS, the Internet doesn’t work. I would venture to guess without that most companies would not work so well either.”
IP address logjam
Since starting at Whirlpool six years ago, Fisbeck says he had it on his agenda to update the company’s approach to IP address management.
The company managed DNS using BIND servers and tracked IP addresses manually, a model which was not easily supported in a growing company, he says.
DNS is the network function that translates domain names such as www.networkworld.com into an IP address like 22.214.171.124. If DNS doesn’t work properly, a user won’t gain access to the Web site, and that would become a perceived network failure. For a large company like Whirlpool, DNS had to work.
“DNS is so critical to everything we do at Whirlpool that I wanted to proceed cautiously and really respect that we were messing with the core of how our network operates,” he says.
According to Fisbeck, the few “master Unix” experts on staff who manage the company’s BIND servers could easily become swamped with requests for IP addresses from, say, the server department. In turn, the server department would be forced to wait in line as the network team labored to dole out the addresses. Such demand and time pressure coupled with manual processes could lead to error-prone work, he says. Just recently, Fisbeck reports he spent 45 minutes fixing an error that had been inadvertently made to a BIND server that downed DNS in multiple zones and held up other departments.
“BIND is a great product that works well, but it is not easy to learn unless you are a master Unix command line worker, and today there just aren’t too many of those around,” he says. “We rely so much on DNS, and almost all of the DNS knowledge at this company was in the heads of two individuals, and that’s kind of a scary place for it to be.”
Finding the right technology
While Fisbeck had been doing research on DNS, DHCP and IP address management vendors for years, his searches hadn’t turned up what he needed at Whirlpool.
“I had a very clear picture of what I needed an IP address management product to do,” he says. “And in all honestly, it just wasn’t out there yet.”
Fisbeck’s criteria included an easy-to-use interface, so even the non-Unix masters could operate the product without extensive training. He also wanted a product with failover and redundancy. Most importantly, Fisbeck says, he wanted a product that allowed him to create role-based access controls for other departments. For instance, if the server group needed IP addresses, they could access the IP address system, allocate what they need and exit without causing errors.
“The biggest advantage would be to have the ability to delegate so other groups don’t have to call me to see which IPs are available,” he explains. “They can then manage their own groups but within the guidelines I have set, and in such a way that the chance for errors is reduced and Whirlpool’s network is protected.”
Fisbeck’s research in 2006 led him to BlueCat Networks.
BlueCat bundles its software on appliances, dubbed Adonis and Proteus. BlueCat’s Adonis appliances enable network managers to centrally manage multiple DHS and DHCP configurations. Proteus is an enterprise-scale IP address-management appliance that combines name services, dynamic IP assignment and IP inventory. Companies with multiple Adonis appliances can manage them through Adonis console software.
Today Fisbeck has two Adonis appliances installed on Whirlpool’s network, and he plans to add another four as well as a Proteus system to oversee them all by the end of April.
“We intend to have all of the internal and external master DNS servers on Adonis and Proteus managing the entire environment by then,” he says.
In the meantime, Fisbeck is working to migrate existing DNS, DHCP and IP address data over to BlueCat’s devices. BlueCat provides tools to load BIND files into Adonis’ Java-based GUI. In the process Adonis has been reporting on existing errors in the BIND files, which Fisbeck has been addressing to enable more efficient DNS going forward.
“One side benefit was that the appliance showed up errors in the BIND files and we were able to clean them up quickly,” he says.
BlueCat’s technology also provides a tool to use with systems such as Microsoft’s Active Directory that creates BIND files based on the Active Directory data and imports them into Adonis in a consistent fashion. One challenge, Fisbeck reports, is extracting DNS and DHCP data from the network registrar, but BlueCat currently is working with him to ease that process.
“I expected a fair amount of difficulty in migrating all the data over, and it was surprisingly easier than I had anticipated,” Fisbeck says.
BlueCat also recently updated its product suites with support for IPv6.
“IPv6 is still a couple years off for us, but it is comforting to know the vendor supports where our network will be in five years,” he says.