The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
We use our Infoblox DDI platform for everything: IPAM management, DNS, DHCP, and DNS firewall functionality with their BloxOne Threat Defense cloud.
We see DNS as the first layer of defense, so we use all the features the platform offers. We do not have DNS and DHCP in our Windows environment anymore.
For network efficiency, having IPAM and DNS together provides a singular view of the network. We know what is active and what is registered in your DNS. We can manage external and internal DNS together on the same platform.
The integrated view using IPAM and DNS is much simpler because Microsoft AD doesn't offer IPAM. It offers DNS, and it's scattered. This is the reason I like the power of the tool.
It is costly but it provides the whole integration and allows us to automate a lot of things, like server builds and virtual machine builds. The powerful API Infoblox offers allows my automation team to integrate and query for free IPs within Infoblox, allocate a name, and register it. Full automation is possible on the platform.
Also, the cloud licensing capabilities give you full visibility of what is happening in the cloud. Everything together, that's the power of the platform.
The automation capabilities have benefited the operations. People can make an API call to see the next free IP. Once they get an IP, they can register the DNS and build their server with the static IP. Then, they can assign the hostname directly through their scripting as soon as the server is live. It has benefited my automation team tremendously.
They are constantly asking me when we can have this platform in other branches, entities, or data centers because the platform is more European-centric. They have similar requirements in America and other entities separate from AMG Securities. That's how powerful it is.
It is our first line of defense. If somebody clicks on a malicious link, the DNS will not resolve it because it will not resolve the name to the IP. This stops the threat in its tracks, so your second line of defense and third line of defense don't have to kick in.
It actually prevents a lot of false alarms because if a link is blocked by antivirus, it creates an alert for the IT risk team to investigate. By not resolving the IP for a malicious link, it stops many issues before they escalate. This has improved our security posture significantly.
Instead of using the root DNS servers all over the Internet and its Threat Defense cloud. All queries from our clients go out, so we know what the clients are querying and where they are trying to go. We can see at a DNS level if something wrong is happening within the network.
Additionally, the ability to block unwanted traffic using DNS is powerful. While firewalls and other infrastructure can do this, BloxOne can also prevent the resolution of bot websites or other harmful sites; that's a powerful element.
At this stage, we are struggling to use some of the DNS features of the platform, which are more about protecting your domain from hijacking and similar threats. However, I don't think it is a problem with the platform itself. It seems to be more of an integration issue with the secondary DNS provider we are trying to use on the Internet, called Cloudflare.
So, it is more of an integration problem between Cloudflare DNS and any public DNS. I would like to improve the integration aspect of these two products. The platform should be able to work seamlessly with any other secondary DNS provider on the Internet.
If Infoblox can make their licensing cheaper, then this platform could be widely used because it does cost a fortune to have it. That's why we do not have it in every entity that we manage.
I have been using it since 2010, so it has been 14 years.
I use the latest one, which we recently updated.
I would rate the stability a ten out of ten. Active Directory is supposed to be stable, and it is. Without Active Directory being stable, none of the authentication would work. There was never an issue of stability within Active Directory services. Infoblox actually makes this better because you can use all the IP addresses in a network.
In Active Directory, you have to split the scope, so you can only use 50% or 30% of the IPs in a particular network because of how the scopes are configured. But if you are very tight on IP space, then Infoblox is your solution, depending on the use case.
I would rate the scalability a ten out of ten. It is the advantage of the platform. You can deploy multiple members in the grid at various locations depending on your requirements. You can have members in the cloud as well, and it's all managed through a central Grid Manager.
We have an enterprise license that covers all my users here, about 1500. This is the only solution for DDI, so everyone uses it. We would expand its usage if the price comes down.
We try to put the solution to another entity when the feature is available for free within Windows Active Directory. Why would you spend a million on this solution, right? That's why it is not adopted everywhere.
DNS and DHCP are free in Active Directory. It's a different way of doing things, but if you need an IP address management tool, you can get EfficientIP's tool for ten to fifteen thousand dollars. So why spend so much more? We managed to justify the presence of Infoblox, but the continuous price increase in their licensing is prohibitive. At one point, we might decide it's not worth it and go back to Windows Active Directory.
I have an ongoing issue with Infoblox and Cloudflare DNSSEC. Neither Infoblox is moving forward nor is Cloudflare. These two DNS providers are not working together in the way a customer would expect. Cloudflare is one of the biggest DNS providers on the Internet. As a secondary DNS, they have their own services.
So, these two parties are not working together to solve the problem for the customer. I would expect their professionals to work directly with each other to solve the issue because Infoblox is not a secondary DNS provider on the Internet.
Cloudflare can be a secondary DNS provider on the Internet. Their businesses are separate in terms of what they can do for customers. There is no competition, and customers need providers like this to work together. We like Infoblox, and we like Cloudflare for what it does.
Neutral
I used Microsoft Active Directory.
We decided to switch to Infoblox to get a unified view of IP addresses, networks, and host names, and to better manage the usage of the IP address space we have.
It is easy to set up, but if you are migrating from Windows Active Directory DNS and DHCP, you do need to enroll their professional services people who can help with the migration. Their professional services team is quite good, and this is how we migrated initially.
But once you have the platform, the learning curve is really easy. People can learn from each other, and we have never attended any formal training ourselves. I have people on my team who are experts in the platform.
The setup is easy if you use professional services. If you don't want to spend money on professional services, as a new product, it could be difficult for you. Most enterprises are more familiar with DNS and DHCP in Active Directory, so it will be difficult if you do not use professional services. It’s easy if you use them, and I think people should use professional services.
I would rate the complexity of the initial setup an eight out of ten, with ten being complex.
The first initial setup, ten years back, probably took us two weeks to deploy. We slowly migrated from Active Directory to BloxOne without causing any business outages.
Our deployment was done by one professional services engineer. Just one person was enough for maintenance.
We were super careful because everyone was hesitant to move away from what they knew.
But the main action was to make people learn the platform. We got the Infoblox trainers on-site to conduct training sessions for people so they could get experience directly from the trainers. Training was the main focus when we rolled it out for the first time.
It's difficult to measure. Has it stopped any attacks or prevented any data from going out? If my business asks me question about the ROI, they might consider throwing the solution out.
For the IT infrastructure team, it's a good thing because we get a good way of doing things. Automation teams find it a better way of doing things.
But can't they do automation with Active Directory DDI? They definitely can. It might be a little difficult, but once their automation scripts are ready, they can always do it. It's a one-time effort.
In terms of measuring the return on investment, in my personal view, this is one of the best tools. But from the business view, considering the money spent on this solution, it may not be the best.
I would rate the pricing a ten out of ten, with ten being very expensive. We actually pay about 900k a year.
We did have the option of EfficientIP. At that time, both Infoblox and EfficientIP were competitive. Infoblox was a new entrant in the market and had a very appealing and it was cheap and affordable solution. It wasn't based on the number of users in the entity. Last time, we had to refresh it, they changed their licensing model with their BloxOne Threat Defense. Per user, it costs around 25 to 30 pounds a year, and that's when it gets costly.
And EfficientIP may not have deployed the threat defense cloud or BloxOne Threat Defense cloud, but enterprises do have their own solutions. Multi-layered security solutions, antivirus, etc. When security budgets are constrained, why spend so much on threat defense per user? We have to look at why we're spending so much on threat defense per user.
Overall, I would rate the solution an eight out of ten.
I will recommend other users negotiate with Infoblox on their pricing, or they should look at Infoblox's competition. Infoblox moved to user-based licensing and subscription-based licensing.
We already had Infoblox in our environment, so when you have something in your environment, your reluctance to change is quite high. But if you are looking for something new to implement, to move away from Active Directory, you should look at the competition and negotiate with Infoblox for a multi-year pricing deal.
Our DDI environment is managed by BlueCat Integrity, a unified platform for our DNS, DHCP, and IP address management.
The user interface is intuitive and easy to learn. New users can navigate it confidently without confusion. Our international teams in France, India, and the US have all successfully managed the IPAM system with the UI, demonstrating its clear design. This reinforces the idea that a well-designed interface can make even complex technology accessible.
They offer a consolidated view, like a single pane of glass, of our entire IP address space. This comprehensive view is incredibly valuable. The vast amount of information is presented in a user-friendly way, similar to a database. BlueCat intelligently organizes this data, including the ERTs, for efficient exploration. A convenient dashboard provides a central location to access all this information.
It delivered immediate benefits. It offered a high degree of control, comprehensive information for log monitoring, and more. Compared to a Windows system, it streamlined log analysis with its exceptional logging capabilities. Overall, it's an excellent solution.
BlueCat Integrity helps reduce human error by automating tasks and improving data integrity. For example, its DNS features can check for typos and other configuration errors, ensuring accurate data is used. Additionally, Integrity's infrastructure creation and data organization tools promote consistency and reduce the potential for mistakes caused by manual processes.
It minimizes downtime by offering various high-availability features. One such feature is called XHA, which ensures service continuity even if individual machines or appliances experience issues. This allows services to remain online during maintenance updates, for example. Additionally, BlueCat Edge leverages Anycast technology to provide further redundancy for Integrity's DNS services.
Previously, BlueCat's reach was limited to North America. We've expanded our footprint globally. This involved decommissioning many legacy servers worldwide, particularly Windows-based ones like DNS and DHCP servers, as well as some digital services on firewalls and routers. This shift to BlueCat grants us greater control and allows for a more standardized configuration across our global network. It also facilitates easier deployment and enforcement of network-wide standards.
Our organization heavily utilizes BlueCat Integrity's API for automation and data integrity monitoring. It effectively provides all the information necessary for our current automation needs, making it a valuable tool.
BlueCat Integrity has significantly improved our IT staff's efficiency. A centralized console streamline updates, while global configuration deployment further reduces time spent on management tasks. Overall, BlueCat Integrity offers a wide range of time-saving functionalities that benefit our environment.
While we haven't encountered any server issues, a key strength lies in our well-architected DDI infrastructure. For instance, our DHCP redundancy server resides in a separate location, ensuring failover if the primary site experiences problems. Similarly, with geographically dispersed DNS servers in India and Australia, redundancy is built-in. BlueCat Integrity's robustness further enhances network stability. Since implementing it, we haven't experienced service outages or reboots. The product's maturity is evident, but our monitoring practices also play a crucial role.
The time saved by using BlueCat Integrity translates directly to cost savings.
BlueCat Integrity helps us reduce our TCO.
BlueCat Integrity has been a game-changer. It frees up my time to focus on other projects that improve our network environment, research new technologies, and more. This robust and mature product has given me peace of mind. Since joining this team and using BlueCat, I haven't lost a single night's sleep worrying about DNS, DHCP, or IP Address Management. It simply works reliably in the background, just as it should.
BlueCat Integrity has proven to be a robust solution. We haven't encountered any problems with it, and it is reliable.
BlueCat's ability to deliver secure updates quickly is crucial for us. When it comes to DNS security, timely updates and patches are essential. Fortunately, BlueCat excels in this area, providing the peace of mind we need.
I've been impressed by BlueCat's performance and user-friendly GUI. The API allows for easy data collection, particularly for automation purposes. While external monitoring tools are available, BlueCat's built-in monitoring provides an additional layer of convenience and trust.
BlueCat Integrity could benefit from several improvements. First, faster log processing would be beneficial. Ideally, the system would adopt a similar approach to BlueCat Edge for improved efficiency. Second, the IPAM dashboard could be enhanced to display more information and provide data analysis features. This could include visualizations, log analysis, and improved reporting with insights and metrics. Similar to BlueCat Edge, reports should be presented in a modern way that leverages more data for analysis. Ultimately, the goal is to visualize logs and gain insights directly within reports.
I have been using BlueCat Integrity for ten years.
A mature solution, BlueCat Integrity has consistently demonstrated stability within our infrastructure, never exhibiting any issues.
While we rely heavily on the network, there may be times when perfect network balance isn't achievable. The impact of this depends on our specific actions. Thankfully, BlueCat Integrity is a lightweight service, making it easy to scale our work. Additionally, our infrastructure has ample resources, allowing us to easily add more if needed, solidifying this solution's scalability.
We truly value the professional support offered by BlueCat. While it is a paid service, their expertise is excellent, and we rely heavily on their assistance. They are the vendor with whom I have the best working relationship.
The technical support is quick to respond and knowledgeable.
Positive
The deployment is straightforward. The most important part is to figure out all the clients and the networks that are going to rely on the infrastructure.
One person can handle the deployment as long as they are familiar with the solution.
The implementation was completed in-house.
BlueCat Integrity's pricing is reasonable within the market.
I would rate BlueCat Integrity ten out of ten. We heavily rely on BlueCat Integrity, and it's been very dependable. When we demonstrate our network management to other teams, they're impressed by the level of control we have. There's very little to complain about – it's a well-architected and implemented solution. The built-in redundancy and global distribution are particularly helpful, contributing significantly to its overall effectiveness.
Apart from system updates, no maintenance is required for BlueCat Integrity.
For those who say they don't need a full-stack integrated DDI management solution, I simply offer good luck. Dedicated DDI solutions provide far greater visibility compared to less mature options. This is crucial – without it, we'd be flying blind. Security is paramount for our company as well. A reliable vendor should quickly release patches for any Common Criteria Evaluation issues affecting our DNS, DHCP, and IT infrastructure. This allows us to swiftly update our security team and maintain a proactive stance. Remember, while DNS, DHCP, and IPAM aren't complex products, they are critically important. A single vulnerability can cripple the entire company. A proper response and vendor support during high-impact situations are essential. While the need for a solution like BlueCat Integrity scales with company size, even smaller organizations benefit from the peace of mind and efficiency it offers. Frankly, having experienced the advantages of DDI solutions, I wouldn't dream of working without one today.
For a smooth experience with BlueCat Integrity, prioritize initializing your IPAM component. Updating BlueCat with all your IP addresses upfront helps prevent future management challenges. Since IPAM can be complex, leverage automation as much as possible to automatically collect IP address information. Additionally, security is paramount when dealing with DNS, so always prioritize security best practices.
