1 / 9

Redesigning UCSF’s DNS & DHCP Architecture

Redesigning UCSF’s DNS & DHCP Architecture. Presentation to the Committee on Technology and Architecture. Mark Day Patrick Phelan. Situation. There are too many DNS servers at UCSF ITS, Medical Center IT, SOM ISU, SFGH Dean’s Office ISU, and others run more than 20 servers.

juana
Download Presentation

Redesigning UCSF’s DNS & DHCP Architecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Redesigning UCSF’s DNS & DHCP Architecture Presentation to the Committee on Technology and Architecture Mark Day Patrick Phelan

  2. Situation • There are too many DNS servers at UCSF • ITS, Medical Center IT, SOM ISU, SFGH Dean’s Office ISU, and others run more than 20 servers. • Customer experience is inconsistent and sometimes bad. • Very poor DNS performance, especially in the Medical Center. • Out of necessity, departments have come up with workarounds. • Intra-enterprise communications frequently contain broken links.

  3. Situation (cont.) • This organically-grown architecture is difficult to support • Client-side behavior depends on geographic and organizational location. • We’re unable to leverage “modern” functionality. • Our security risk exposure is significant. • The current architecture is inefficient • Artificial constraints on IP address allocation. • Duplication of administrative effort. • Software licensing inefficiencies. • DNS is a fundamental network service and is key to the proper operation of Active Directory

  4. Target Redundant, modern hardware scaled to meet the workload of the entire enterprise. Consistent customer experience, regardless of location or affiliation. Delegated administration to preserve autonomy of IT groups. Improved security & privacy through use of “split-horizon,” DNSSEC, and other technologies. Dynamic DNS (DDNS) services.

  5. Target (cont.) Economies of scale from consolidating hardware and software purchases. Universally-available DHCP services supporting modern device deployment services.

  6. Proposal Assemble stakeholders from central IT groups to re-architect DNS in conjunction with professional services. Build-out new architecture. Purchase necessary hardware and software licensing. Conduct administrator training and produce documentation. Provide contractors to assist departments with reconfiguration of endpoints.

  7. Preliminary Budget Additional IP address space licenses $100,000 Name server hardware refresh $50,000 Administrator training $25,000 Contractors to assist with endpoint reconfiguration $30,000 Technical writer for support staff and end-user documentation $10,000 Internal project management resources $30,000 $295,000

  8. Next steps • Quickly assemble team of stakeholders. • Medical Center is proceeding with DNS improvements very soon. • Not acting now to meet the needs of the enterprise would be a missed opportunity. • Secure commitment to project from both Medical Center IT and ITS. • Significant resources (time, money) will be required from both groups. • If Medical Center drivers necessitate immediate change, other stakeholders should be included in design decisions.

More Related