Financial Services | KPMG

BlueCat Brings DNS Reliability and Resiliency to KPMG’s International Network

BACKGROUND

KPMG is a global network of professional firms providing national and international organizations with Audit, Tax, and Advisory services. Operating in 144 countries with more than 104,000 professionals working in member firms around the world, KPMG aims to provide clients with a universally consistent set of multidisciplinary financial and accounting services, based on deep industry knowledge. Their history spans three centuries and features a number of high profile amalgamations, eventually leading to the merger of Peat Marwick International and Klynveld Main Goerdeler in 1987,to create KPMG as we know it today.

OPPORTUNITY

In any corporation, DNS failure results in service outages that span the entire network, causing e-mail, Internet, and Customer Resource Management (CRM) applications to grind to a halt. KPMG manages and communicates with member firms via a global IT network, making a highly reliable DNS infrastructure absolutely business-critical to them. KPMG’s network demanded a level of high availability that their Solaris 7 servers running BIND simply could not provide. Because BIND was not designed with High Availability (HA) in mind, and existing HA systems for DNS tended to handle dynamic updates poorly, DNS management was “a lot more work than it should be”, said Gregory Winklaar, a technical specialist at KPMG. With their current servers, Winklaar felt that “…we were spending the majority of our time either testing and investigating configuration errors, or administering system security patches”. The network had also grown to a size where distributed administration of DNS hosts, zones and configuration changes had become exceedingly time-consuming; network managers needed a centralized management solution that was much more efficient and cost-effective. KPMG’s internet search for a company specializing in secure and reliable DNS and DHCP led them across the ocean to BlueCat Networks. The financial services giant had reviewed three of BlueCat’s closest competitors, and found no other products that met with their requirements or expectations.

SOLUTION

To address KPMG’s business continuity concerns with respect to DNS, BlueCat’s solution was to create a High Availability cluster for DNS services using two Adonis 1000 DNS/DHCP Appliances. In an “active-passive” HA cluster, the two servers share an address that clients query. The Adonis appliances connect over the IP network. In the event that the active unit fails, control is transferred to the passive server, which seamlessly takes on the active role in less than two (2) seconds. BlueCat also combated KPMG’s vulnerability to attack when running older versions of BIND, by automatically making critical security updates to the Adonis 1000’s BIND software within 48 hours of the update being issued by the ISC.

IMPACT

BlueCat’s high availability solution enabled DNS queries to continue to be resolved even if one of KPMG’s servers were to fail. This allowed business operations to persist unabated and dramatically reduced resolution latency. Adonis’ built-in error checking feature identified existing DNS configuration errors on KPMG’s network during data migration, and ensured they were fixed before deployment. Furthermore, any possible errors that could appear from that point forward would be flagged in advance, proactively preserving the system’s data integrity and eliminating errors resulting in costly network outages. Technical staff at KPMG’s found that using Adonis shaved hours off the time required to manage the network. According to Winklaar, “Managing the DNS infrastructure is so simple now. We’ve been running the appliances for two years, and never had a problem”. Ultimately, KPMG found that implementing BlueCat’s secure, highly available, and properly configured DNS appliances cost far less than having repeated network downtime.