Global logistics leader
With a turnover of billion and around 1,600 locations in over 120 countries, Exel is a global leader in supply chain management. As a worldwide e-business, Internet connectivity is central to the group’s operations. For this reason, Exel conducts regular reviews of its communications infrastructure. Recently, this review included the re-evaluation of its processes for Domain Name System (DNS) management.
Exel took a rigorous approach to managing the risks associated with DNS, which has become a major security consideration for corporations after a spate of recent cyber terrorism and hacker attacks. Moreover, even seemingly mundane problems such as a single typing error in a DNS record could bring down more exposed networks. Should DNS information be incorrect or incomplete, an organisation could be cut-off completely from email and the Internet.
The high costs of DNS management
The company spent a significant sum with its ISP to outsource DNS record management. Despite this major spend, the quality of the ISP’s service was poor, as Geoff Hall, Exel’s IT Infrastructure Manager, explained: “Exel’s dependency on its ISP for DNS management represented a major cost and performance issue. We had to email DNS changes to them, then wait up to 48 hours for the changes to be applied.”
The fact that such a major aspect of its Web presence was outsourced to a third party also presented concerns over control of risk. As the review took place, Exel experienced a DNS failure as a result of mistakes by its ISP.
“Our emails weren’t getting through, and we were unable to do anything about it – other than make irate calls to our ISP,” said Hall.
In all, it took 48 hours for the ISP to identify and resolve the problems and during that time, Exel experienced significant delays in sending and receiving email. While the reviewers were already concluding that the best way to improve responsiveness and control would be to bring DNS in-house, these serious email problems provided final confirmation that this was the way to go. Yet, with over 12 global companies, 50 web ‘zones’ and more than 1,000 unique records, bringing DNS in-house would prove no easy feat.
Bringing it in-house
Exel’s security-conscious review team quickly rejected Microsoft’s DNS platform because of its vulnerability to hackers, and settled on BIND, the industry standard for DNS implementations. However, it also rapidly ruled out simple text editing of plain BIND configuration files, judging this too risky and costly, particularly as it had only limited inhouse BIND experience.
Editing BIND files manually is a tedious and error-prone process. For example, domain addresses are entered in reverse of convention, so input mistakes can be made even by experienced operators. Exel faced a major DNS administration task. This was a function of both the complexity and volume of records as well as the almost daily frequency at which Exel makes changes to web domains, web, mail and other services. So the total man-hours needed – and the risk of costly errors – was high.
Instead, the company examined the market for a different kind of solution – one that would provide powerful DNS management capabilities without requiring specialist BIND technical skills. Following an evaluation of rival products, the company chose ApplianSys’ server appliances.
Secure DNS manager in a box
“The ApplianSys solution pretty much sold itself to us the first time we saw it in action. It offered three key criteria in one neat package: enhanced security, increased reliability and ease-of-use,” said Hall.
“However the biggest benefit is that we can make DNS changes instantly and adhere to the BIND industry standard, while also achieving a minimal administrative burden – with ApplianSys, DNS is so easy to manage.”
“The use of CompactFlash card storage technology really sealed the deal. We knew that with no moving parts, the potential for device failure was very low, ensuring a low total cost of ownership,” he added.
Exel purchased one ApplianSys DNSBOX300 master to manage its DNS records and two ApplianSys DNSBOX100 slave appliances to ensure a robust and secure Internet service. Installation of the ApplianSys solutions was virtually instantaneous. In keeping with all server and Internet appliances, a key benefit of ApplianSys is that its products offer a straightforward ‘plug and go’ capability.
“Deploying DNSBOX master and slaves enables us to retain secure core DNS structure management. It provided a comprehensive DNS manager’s toolkit in the form of easy-to-install devices that included hardware, software and operating system,” said Hall. “In addition, we benefit from the secure protocol, IPSEC, between the master and slaves at out hosting centres.”
One of the major benefits of ApplianSys server appliances is they do not require technical expertise. “With its easy-to-use web interface and user-friendly management tools, we don’t need to employ a Unix or Linux specialist to manage our DNS – almost anyone can do it.”
As well as managing DNS records, a second solution, the ApplianSys DNSBOX100 provides Exel with a more robust method of accessing the Internet. The DNSBOX100 is a slave DNS server appliance equipped with the latest version of BIND.
“DNSBOX100 enables us to automate the resolution of common queries and ensures a high reliability DNS service,” said Hall. When it comes to service, Exel has few complaints either.
“We’ve been really pleased by the support and responsiveness offered by ApplianSys. The company’s staff take great pride in their work and ensure that any issues or questions are dealt with quickly and comprehensively,” added Hall.
Delivering on its promises
With ApplianSys, Exel now has a more secure and flexible approach to managing its worldwide DNS records. Today, all of Exel’s domains are managed by DNSBOX300 with virtually no intervention from Exel staff. External email works more reliably and effectively. In addition, with tight in-house control, Exel now has maximum confidence managing the risks inherent to DNS management.
“With ApplianSys, we no longer have to put up with the hefty bills and poor service levels of our ISP’s DNS management service. ‘ApplianSys does exactly what it promises to do’, which is virtually eliminate a major business risk and slash costs. We couldn’t ask for more,” he concluded.