DNS, Edge and SD-WAN, winning trio for user experience, resilience and security
The DNS, beyond its historical addressing mission, now has a much more important role to play in the digital transformation of businesses. By bringing intelligence to the DNS and associating it with SD-Wan, it is indeed possible to give much more value to its simple directory mission and to make it a tool for managing application traffic. And by placing it on the Edge, this new intelligence is found closer to the users.
Today, access to an application is almost always initiated by a DNS (Domain Name System) request. Beyond its historical mission, which was to address requests, this linchpin of the Internet and corporate networks now plays a major role in the user experience and the resilience of infrastructures, especially when it is associated with SD-WAN features. By bringing intelligence to the DNS, it is indeed possible to give much more value to its simple directory mission and to make it a tool for managing application traffic. And by placing it on the Edge, this new intelligence is closer to users.
But above all, we must remember the critical mission of the DNS. It is a directory listing domain names and associated IP addresses. It is used by IT equipment to identify the destination of a requested service. For example, reach the website “www.lemondeinformatique.com” without having to enter a long IP address, which is difficult to remember.
It facilitates and therefore allows the routing of almost all requests made on the company’s network both internally and to the Internet. In summary, the DNS server is the routing of application traffic for the entire infrastructure. And an unavailable DNS service means that all applications are no longer available.
The best destination for the user from the Edge
Beyond the critical routing mission, the intelligence of the DNS, associated with SD-Wan, will play on many points, in particular the user experience. By giving the DNS the ability to continuously monitor access times, he may find that a user based in Paris wishing to use an application will be able to do so more quickly on the datacenter located in New York than on that of Paris. This application traffic management functionality is all the more effective as it is performed at the “edge” level. In other words, DNS intelligence is located as close as possible to the user, in order to direct him to the best destination, without having to go back to a central geographic load balancing service. Performance is therefore analyzed from the users’ point of view from the local DNS. user experience by detecting problems invisible to the SD-WAN solution. .
A more resilient infrastructure
Enterprises implementing SD-WAN are distributed and install multiple boxes. The objective of SD-WAN is then to find the best path to go to an application located in a given datacenter, but it will be unable to indicate whether this application is operating optimally. On the other hand, if the intelligent DNS server is placed at the edge level, it will be able to direct the user by the best path to the requested application which will be in an optimal operating state. Clearly, using a DNS on the Edge with SD-Wan brings together the best of both worlds: reaching the best destination by the best path!
Similarly, managing application traffic at the Edge DNS level is another advantage: if a server is no longer available, the search for a new machine in another datacenter is automated via the DNS. The traffic will be immediately redirected to the application server offering the best performance. This also makes it easier to implement a disaster recovery plan and better control the associated risks. It is possible to test it on a restricted perimeter such as a site or a specific application. This provides real operational comfort to regularly ensure that the recovery plan works without systematically putting all IT services at risk.
DNS on the Edge, the first link in the security chain
At the security level, knowing that hackers have understood the pivotal role of DNS in developing their attacks, it is necessary to integrate a security layer inside the DNS server itself, where this layer is often external, in order to have a better view of traffic and a unique ability to detect threats through behavioral analysis. It will even be able to be used as the first link for managing access control to applications, by applying granular filtering of traffic and authorizations per user allowing application zoning, mitigating the lateral movements of malware, and limiting the surface of attack.
To conclude, by bringing all this intelligence to the DNS and the Edge, companies can gain in security, performance and resilience. We should no longer confine the DNS to its simple role of network directory, especially since it is the first access point to applications and therefore a pivot point of the entire digital transformation strategy.