Access Kenya Group was founded in 1995 and provides IT services for over 6000 corporate and residential customers.
The ISP provides bandwidth to customers across Kenya and East Africa. It also offers a range of internet services including web hosting, FTP services, MPLS, domain hosting, VoIP, video conferencing, back-up, managed security, e-mail hosting and point-to-point connectivity for customers with multiple offices/branches.
Access Kenya Group and Internet Solutions Kenya Limited have integrated to form the leading converged communication and IT infrastructure service provider in East Africa.
The ISP previously used a traditional BIND system – editing BIND directly on a NIX platform – to host authoritative DNS services for its customers. This consisted of managing name server resource records, including registering domains and mandating resource records.
However, working with BIND presented many challenges and inefficiencies, wasting time, creating overhead costs and being a barrier to future growth.
Improving Customer Quality of Service
“In any given day, we used to handle between 30 to 100 changes made within customers’ resource records. The most we could handle was 100 changes per day, but as customer demands increased, we needed to increase this capability,” says Lead Systems Engineer at Access Kenya, Samson Oduor.
“Many customers have multiple resource records and want the ability to manage each one independently.”
Using the previous system, the ISP couldn’t provide that flexibility to its customers.
Growing workload, not enough expertise
Updating and maintaining BIND servers required high technical expertise – in particular with Bash – which is scarce within the local IT community.
“Administering DNS on BIND is complex and requires high levels of expertise. All of our clients’ changes relied on the services of just a handful of skilled systems administrators.
Before automation, we’d work during normal hours, but often went home in the evening only to be called back in to work to respond to customer requests. This could have been avoided with automation,” says Samson.
“Without the skilled systems administrators, making changes to zone records, MX records etc would take much longer,” he explains. “As this expertise was limited, it sometimes meant that senior staff had to work during weekends.”
Difficult to train entry-level engineers and delegate workload
The system was difficult to use, which made it hard to train entry-level engineers to help take workload off the more skilled engineers.
“At first we tried training entry-level engineers to use BIND, but because of its complexity, it was very error-prone. It was difficult to locate mistakes and correct them. Ultimately, we had to drop training altogether.”
Managing BIND was inefficient
The old system made it extremely difficult to see who made what changes to DNS configuration, which in turn made auditing very difficult. The ISP strived to deliver its promise of service quality to customers, but the system’s inefficiency made this business-critical goal cumbersome.
The need for a future-proof DNS infrastructure
With IPv6 becoming increasingly important in Africa, many leading ISPs are already preparing for its adoption.
As Internet Solutions Kenya was growing rapidly, it needed to ensure its DNS infrastructure could manage IPv6 space – which, without automation, was impossible. So, IPAM and IPv6 management were key requirements for continued growth.
Samson comments: “The need for delegation and automation was clear, so we started looking into automated DDI solutions. We assessed a few alternatives, including a demonstration of DNSBOX’s solution.”
Samson found that DNSBOX should solve all the ISP’s problems, and impressed by its simplicity and ease of use, he decided to replace the old BIND system with DNSBOX.
A DNSBOX400 master appliance and one DNSBOX200 slave is deployed in the ISP’s data centre in Nairobi. Another DNSBOX200 slave is deployed for redundancy in a data centre in Chicago, USA.
The DNSBOX400 holds original authoritative records for all customers. Copies of these records are transferred to the slaves via secure SSH communication. Any changes to original records and zones are subsequently copied, on a frequent basis.
DNSBOX has transformed DNS management at Access Kenya, enabling it to automate its DNS management processes, reducing overhead costs. It has provided an easy way to delegate tasks, eliminating many of the inefficiencies created by the previous system..
Easy to manage DNS, delegate tasks and train staff
DNSBOX has inbuilt automation and data validation features, allowing junior staff to be easily and safely trained without the risk of errors.
The web interface makes it possible to assign permissions to view and edit specific data to individuals or groups of people.
“DNSBOX’s simple user interface makes it much easier to train entry-level engineers to carry out tasks like creating, updating and editing zone records,” says Samson.
Delegating certain tasks to junior staff allows more skilled staff to focus on the broader aspects of business growth. Now, no extra time is spent outside of normal working hours to be responsive to customers’ needs.
Increased visibility with audits and reports
From DNSBOX’s web interface, it is easy to view – at a glance – what changes were made and by whom. This makes auditing much easier.
“DNSBOX’s in-built monitoring system shows physical device health and gives a clear picture of logical resources utilization,” says Samson.
Better Quality of Service, future-proofing business growth
With DNSBOX, not only can Access Kenya continue delivering on its promise to customers, it also has the capacity to meet growing customer needs and prepare for future growth.
“DNSBOX makes it easy for us to allow our customers to handle their own domains, and manage resource records independently,” says Samson.
Managing over 4,500 individual zones is significantly easier for the ISP thanks to DNSBOX.
“Other than managing DNS entries, its IPAM feature also handles IPv6 space management. In future, we expect to operate in a dual-stack environment (IPv4 and IPv6). So we have plans to expand our solution to include IPAM and prepare for future growth.”
“We also have plans to extend the current solution and deploy more appliances across different sites for more redundancy.”
“DNS tasks once caused huge management headaches and were massive time sinks for Access Kenya’s team; these are now a thing of the past. DNSBOX has saved the team lots of time and unwanted costs by providing an automated, simple solution to facilitate business growth and effectively cater for growing customer demands,” says DNSBOX Consultant at ApplianSys, Dave Gravell.