BlueCat sells “a DDI for a complex, hybrid world”. Bluecat are at least partially responsible for this complexity, because no one knows what DDI means except people who became Bluecat customers in the past week and they’ll all forget what it means in a few hours as well.
This is a shame, because BlueCat’s tools look really nice and I am impressed with how easy they look to use.
DDI stands for DNS, DHCP and IPAM because nested acronyms are the key to clear communication. DNS: Domain Name System (the thing that breaks all the time), Dynamic Host Configuration Protocol (the thing that tells hosts which broken DNS to use), and IP Address Management (who is supposed to be using which IP address to talk to the broken DNS).
These systems run the basic bits you need for IP networks once you’ve gotten sick of hand-configuring BIND and isc-dchp-server in Vim, which usually happens about 12 minutes after you start doing it. At any kind of scale, you need a system to handle this, and that’s what BlueCat sells.
It’s Always DNS
DNS is really important for modern networks because humans are terrible at remembering random numbers and that’s all IP addresses are. Giving them human-readable names and hiding the complexity of what computers actually do is how you can type ‘eigenmagic’ into your browser window and end up on my blog. When that breaks, everything else tends to break.
Many years ago, I personally set up an IP address management ‘system’ using Excel and a document management tool for a division of a very large company. It was a vast improvement over the previous “random sticky notes and fun with IP collisions” system that they were using. It was very much a stop-gap, but I have experienced the very real pain that basic, boring admin can cause when you don’t have systems to manage it. These basic systems are the first step towards easy-to-use and automated systems.
I really recommend watching the BlueCat whiteboard session that goes through a bunch of the complexity involved with modern IP space and DNS zone management. There are all kinds of weird and wonderful configurations that grow up over time (split horizon is particular fun) and adding cloud to existing on-site deployments is even more exciting.
Excitement in operations management is the opposite of what you want. Excitement usually means something is broken, and if something is broken, it’s probably DNS.
See It In Action
BlueCat provided a solid demo of the tools working which is worth a watch. BlueCat can use its Cloud Discovery and Visibility to pull in your AWS or Azure or GCP configuration (and keep up to date with any changes) into BlueCat Address Manager. If you stop an instance, it’ll show up as a stopped device in BlueCat Address Manager, but it will also be automatically removed from the BlueCat DNS information. That’s a nice level of sync so you can trust BlueCat’s DNS information as being correct.
BlueCat also has a Terraform provider, so you can automate your DNS with infrastructure-as-code processes that line up nicely with the same operational processes that people are moving to for everything else they’re doing.
It’s all about integrations with other systems, and embracing automations through standard APIs to those other systems. This is the future I was dreaming of when I was building a basic IPAM solution to stop operations ignoring the design and architecture team’s documented solutions for storage endpoints and breaking important applications when they cut&pasted the wrong things into switch consoles.
We still have so much to do, but let’s just bask for a moment in how much progress has been made. It’s excellent.
Now you’ll have to excuse me while I look longingly at BlueCat and see if it supports PiHole because I’m sick of hand-configuring DNS zones like a savage.