Network in budget lockdown? No problem for this prison system

IT budget cuts don’t slow Nevada’s fast-growing prison network

State government IT budgets are as tight as ever, but the Nevada Department of Corrections is in a good position to hunker down and ride out the recession thanks to a recent network upgrade.

In May 2008, the NDOC purchased 12 network appliances from Infoblox that cost around $70,000. The appliances – Infoblox 250s and 550s – handle the agency’s Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) queries as well as IP Address Management (IPAM).

By automating these core network services using the appliances, the NDOC has been able to improve network reliability without adding staff.

Virtual appliances: Slow on the uptake

``DNS and DHCP and IPAM have gone from being a regular headache to being a non-issue with Infoblox,’’ says Dan O’Barr, an IT manager at NDOC who is responsible for systems, desktops and communications. ``If I didn’t have the Infoblox appliances, I’d need a couple full-time staff members to get the same functionality.’’

The NDOC operates the largest government network in the state of Nevada. The agency’s IP network connects 24 sites, including state prisons in remote locations. The wide-area network is patched together using T-1 links from seven carriers.

``We run almost everything on this network: VOIP; radio over IP; temperature controls; door controls; fire alarm controls; plus any other application you’d find on a corporate network like file sharing, email and database,’’ O’Barr says. ``It’s a very complex environment that’s hard to put your arms around.’’

With 3,000 users and 5,000 devices endpoints, the NDOC network is growing rapidly and needs to be up and running around the clock. The network’s main application is an offender management system that stores information about inmates, calculates sentences and includes current inmate counts.

``What I need is the ability to get the network back up quickly. If the network is down more than four hours, we have to start doing procedures by hand,’’ O’Barr says.

Prior to buying Infoblox appliances, NDOC provided DNS and DHCP services using servers running Novell Open Enterprise Server 1 software. However, the agency was having trouble with outages that required human intervention to re-boot the servers.

``We needed something more reliable that was independent of the servers,’’ O’Barr says. ``We decided to go with appliances because they would separate these network services from the servers and make them more reliable. We looked at all the appliance vendors…and chose Infoblox.’’

In addition to using the DNS, DHCP and IPAM features of the Infoblox appliances, NDOC is taking advantage of Network Time Protocol (NTP) and Trivial File Transfer Protocol (TFTP) services.

The appliances are “bulletproof,” O’Barr says. ``Since we implemented the Infoblox appliances, our downtime for core services was only one incident where we had an upgrade that failed on the devices, and Infoblox replaced the devices immediately….Now our core network services do not give us problems whatsoever. We went from something we had to maintain on a regular basis to something we don’t think about anymore.’’

The appliances are helping NDOC handle a rapidly growing network without buying additional gear. For example, NDOC’s network grew from 100 users in 2004 to 3,000 users today. The network also is adding new services such as telephony and video surveillance.

``From the time we bought the Infoblox appliances to now, we’ve doubled the number of subnets on our network,’’ O’Barr says. ``We’re adding new [virtual local area networks] http://www.networkworld.com/details/471.html for temperature controls, video conferencing and video surveillance…They keep adding stuff to the network even with the slowdown.’’

Abner Germanow, director of enterprise communications infrastructure at IDC, says more enterprises like NDOC are migrating their core network infrastructure services including DNS, DHCP and IPAM to appliances from Infoblox, BlueCat Networks and others.

``These services are often overlooked and yet are rising in importance,’’ Germanow says. ``You’ve got some network intensive applications like VOIP and video coming onto the network. You may have difficulty managing those applications if you don’t already have a good DNS or IPAM strategy.’’

Germanow says network appliances offer higher reliability and performance for DNS, DHCP and IPAM than server software, particularly if the server software isn’t been closely managed, upgraded and patched.

``Server software was good enough when you didn’t have very many VLANs and the response times on the network were two seconds,’’ Germanow says. ``The response time you need now are 20 milliseconds for video.''

Learn more about this topic

Slashed budgets? Think strategic, not tactical

DNS 'blacklist' unveiled

How DNS cache poisoning works

Join the discussion
Be the first to comment on this article. Our Commenting Policies