On Sun, Oct 05, 2008 at 08:55:14AM -0400, Jeff A. Earickson wrote: > On Sat, 4 Oct 2008, Larry Fahnoe wrote: > >The fundamental reasons that I chose to use Infoblox in this > >application were the need for a bullet proof GUI with logging and fine > >grained access control for less experienced admins to use when making > >DNS and DHCP changes, and the integrated database underneath BOTH bind > >and dhcpd. The need for the bullet proof GUI and appliance style > >deployment seems to be the original question that sparked this > >conversation, but to me the fact that Infoblox has implemented these > >features on top of an integrated, distributed database with a > >full-featured API to talk to it is the key differentiator between > > How much do you use the API? Someone else noted that their perl API > was not so hot.
I've used it enough to get my data imported and then layered some of the customizations that we wanted done. One of the areas that was important to me was to be able to provide my bind secondaries with updated config files as zones are added, deleted or modified. I did this via the API. I also implement a different security model and found it easier to do via the API than the GUI. Is the API good? I think that's a matter of opinion, but since their GUI uses the same API, you can do pretty much anything you want to the data using it. > >Infoblox and other bind integrators. This in my opinion represents an > >architectural enhancement to bind and dhcpd. A significant side > >benefit of the integrated database is the IP network and address > >management that comes along for the ride. > > In the course of evaluating a demo Infoblox box, I've also wondered > how difficult it would be to get one's data *out* of their appliance > if one wished to change to another product. Integrated database may > translate to "hidden data" on an appliance. Understood, but since the API is used by their GUI, you can indeed get the data out in any form that you'd like (of course you'd have to write the code to do it). I think you hit the nail on the head on one of the implications of using something other than the text files we're all used to: you'd better make sure you have access to either tools or a functional API to have full control of the data. As I commented to another poster off-list: the database is a blessing and a curse, just understand the good bits of it and what they cost to achieve. Speaking for myself, I rather like text based data files, but at some point my personal preference has to yield in order to give control to other folks who are not as mindful of syntax and to gain access to the data via other more advanced means. Translating back and forth between native text files and other tools just didn't seem like the way I wanted to go. > >For all the good that I see in the Infoblox way of doing things, they > >are far from perfect. For those who see that it is an ISC bind/dhcpd > >based appliance and therefore expect to simply import the config and > >data files without a hitch, well, you're in for a bit of a hurdle. > > Yup, I found that out right away. It totally choked on my DHCP conf > file. Their data import wizard did point out a few mistakes and typos > in our DNS setup that I had to fix (thank you), but it also had major > problems importing my data and could not do it. An infoblox engineer > called up to "help out", ie take my DNS and DHCP files and massage them > so that the wizard can import them. I will be interested to see what > changes get made to them. They offered to do that for me too, but I just rolled my own stuff to get the job done. > I did notice that their wizard did not recognize the LOC DNS directive, > which we use to denote latitude, longitude, altitude of our ntp server. > > The engineer said that they do not integrate their import wizard with > their gui manager because it changes so rapidly. Hmmm. Still in > development? And bind/dhcpd are not? ;-} I would expect any integrator writing import/export tools to be constantly updating these tools. One of the challenges I observe in writing code that imports data from bind and dhcpd is that as the file syntax changes, the import tools will also need to track that. How many different syntaxes have their been? I know that most are backwards compatible, but I also know that each of us makes use of our favorite subset of the syntax, and that sometimes different versions have slight differences in what the syntax actually does (some statements being ignored etc.). As far as Infoblox is concerned, it is worth noting that from a development standpoint, they group some things (for example the schema, the GUI and the API) together and have coordinated releases. Other componets (for example the import tool) have different release cycles. Disclaimer: I know only what I've observed from using the appliances for a few years now, and conversations with their support folk. --Larry -- Larry Fahnoe, Fahnoe Technology Consulting, [EMAIL PROTECTED] 952/925-0744 Minneapolis, Minnesota www.FahnoeTech.com
