Why Managed DNS Services and Why Now? June 23, 2011 Jennifer M. Pigg, VP of Research, Yankee Group
Why Managed DNS Services and Why Now? Jennifer M. Pigg, VP of Research, Yankee Group Rohit Kinra, Senior Manager, VeriSign June 23, 2011 © Copyright 2011. Yankee Group Research, Inc. All rights reserved. Page 1 Agenda A Network Without Boundaries What Are Your DNS Options? Managed DNS Services, Why Now? © Copyright 2011. Yankee Group Research, Inc. All rights reserved. Page 2 New Behaviors Are Challenging Operators … © Copyright 2011. Yankee Group Research, Inc. All rights reserved. Page 3 … And the Network • • • • • Mobile app downloads are skyrocketing. It took the Apple App Store just 2.2 years to reach 6 billion downloads; it took Apple’s iTunes five years to reach that milestone. Of course, many of those apps are free. Netflix’s streaming traffic is growing. According to statistics from deep packet inspection (DPI) vendor Sandvine, streaming video content provider Netflix now accounts for 20.61 percent of downstream traffic in North America during peak hours, second in traffic volume only to generic HTTP sessions. Smartphones sales are outstripping PC sales. Yankee Group forecasts that sales of smartphones will reach 475 million units in 2012, exceeding the sales of PC and notebook computers combined for the first time. Apple’s iPad continues to sell like crazy. Apple released the iPad in Q2 2010 and sold 3 million of the tablet computers in 80 days. By the end of 2010, the company had sold over 14.8 million iPads. Apple is targeting sales of 100 million iPhones in 2011. That’s double what they sold in 2010 (47.5 million), which was double what they sold in 2009 (25 million), which was double what they sold in 2008 (13.8 million) © Copyright 2011. Yankee Group Research, Inc. All rights reserved. Page 4 DNS: The Force That Surrounds Us Is used to connect to every Web site and every e‐mail address box • Allows us to turn this: 206.19.46.107 into this: yankeegroup.com • Works so well that we forget about it (until it breaks) • © Copyright 2011. Yankee Group Research, Inc. All rights reserved. Page 5 Where Is the Enterprise? © Copyright 2011. Yankee Group Research, Inc. All rights reserved. Page 6 The Network Is Growing in Complexity, and DNS Is No Exception Cloud computing and virtualization • IPv4 address depletion • IPv6 implementation complexity • DNSSec • … and then there’s security • © Copyright 2011. Yankee Group Research, Inc. All rights reserved. Page 7 DNS: Both a Target of and a Conduit for Attack WikiLeaks • The great firewall of China • Twitter’s DNS hijacking • Cyxymu • Brazil’s Bradesco Bank • Pakistan blocks YouTube • © Copyright 2011. Yankee Group Research, Inc. All rights reserved. Page 8 DDoS Attacks Overwhelm the Network Source: Arbor Networks’ 2010 Infrastructure Security Report © Copyright 2011. Yankee Group Research, Inc. All rights reserved. Page 9 Agenda A Network Without Boundaries What Are Your DNS Options? Managed DNS Services, Why Now? © Copyright 2011. Yankee Group Research, Inc. All rights reserved. Page 10 Decisions, Decisions © Copyright 2011. Yankee Group Research, Inc. All rights reserved. Page 11 D.I.Y. OSs, including Windows, Unix and Linux, come with a DNS server IPAM solutions are available at a cost of between U.S.$15,000 and U.S.$30,000 for a large enterprise • Pros • Cost and control • Cons • • • • Can you exert enough control? Operational costs: personnel, administration, security Scale: performance, geo reach, latency, bandwidth, availability Outage costs © Copyright 2011. Yankee Group Research, Inc. All rights reserved. Page 12 Ask Your ISP • Pros • Has the potential to resolve almost all the vulnerabilities of in‐ house managed DNS • Cons • It rarely does • DNS management is not the main function of an ISP. As a result, DNS performance is likely to suffer in terms of: • • • • • Bandwidth Latency Support Coverage Updates © Copyright 2011. Yankee Group Research, Inc. All rights reserved. Page 13 Managed DNS Services • Interest in managed service is driven by: • • • • • • DNS importance DNS vulnerability DNS and IPAM complexity Increased and increasing importance of external network Better control Cost considerations There are a lot of choices out there. What do you look for in a managed DNS service? © Copyright 2011. Yankee Group Research, Inc. All rights reserved. Page 14 10 Things to Look for in a Managed Service Provider © Copyright 2011. Yankee Group Research, Inc. All rights reserved. Page 15 10 Things to Look for in a Managed Service Provider © Copyright 2011. Yankee Group Research, Inc. All rights reserved. Page 16 Agenda A Network Without Boundaries What Are Your DNS Options? Managed DNS Services, Why Now? © Copyright 2011. Yankee Group Research, Inc. All rights reserved. Page 17 Managed DNS Services, Why Now? VERISIGN CONFIDENTIAL About Verisign • • • • • • • Founded 1995; NASDAQ: VRSN Billions of times each day, Verisign helps companies and consumers all over the world to engage in trusted communications and commerce. Two businesses: Domain Name Services and Network Intelligence + Availability Headquartered in Dulles, VA 2010 Revenues: $681M S&P 500 company 1,100 employees Note: As of 9/30/10 19 What We Do Internet Infrastructure • Scalable directories • Interoperability • Security Billions of times each day, Verisign helps companies and consumers all over the world to engage in trusted communications and commerce. Domain Name Services • Domain Name Registries: .com .net .tv .cc .name .jobs • • • • 20 International Domain Names - IDNs DNSSEC Registry Lock Service Internet Visibility - IPS Network Intelligence + Availability • DDoS mitigation – Verisign Internet Defense Network (VIDN) • Managed DNS • Security Intelligence - iDefense Verisign Managed DNS 21 Unmatched DNS Experience & Expertise – DNS is in Verisign’s DNA • Verisign is the trusted provider of Internet infrastructure services for the networked world • Set the standard for DNS uptime • Managed .com/.net Top-Level Domains (TLDs) for over 12 years without interruption • Proven DNS Expertise Managing A and J Root and .com/.net Resolution • Owned and Operated Attack-Resistant, Global DNS Infrastructure • Verisign manages ~100 million domain names and processes over 60 billion DNS queries daily • Involved in establishing New Standards in DNS Management (DNSSEC) Verisign Enables and Protects the World’s Networked Interactions 22 Verisign’s Infrastructure Is Unique Scale/Capacity • 200Gb+ of network bandwidth Operational Expertise • Track record of delivering 100% SLAs • 4+ trillion queries/day capacity • 15 years of investment in the core infrastructure • Global database updates in less than 15 seconds • Tested continuity and disaster recovery abilities Unique Technology • 200+ patents for internet security and infrastructure • Proprietary DNS lookup technology with 100x the processing capacity Average user interacts 30+ times per day with our infrastructure1 Our infrastructure enables $8T of online commerce2 Sources: 1 Verisign; 2 IDC - Sep 2009 23 Verisign Managed DNS Global Resolution Sites Multiple, geo-distributed name servers to deliver 100% DNS resolution and network uptime over the past 12+ years 6 Unicast and 17 Anycast sites Among the first to notice DNS attacks through exclusive real-time view of DNS traffic patterns of .com/.net zones Process approximately 60+ billion DNS queries daily 4 trillion queries / day capacity Proprietary, Award-winning DNS Software for Greater Security and Speed Verisign Managed DNS reduces the cost and burden of maintaining your own external DNS infrastructure Managed DNS Locations Verisign Managed DNS is a DNS hosting service that delivers 100% DNS resolution, improving the availability of Web-based systems 24 Verisign CONFIDENTIAL Verisign DNS Infrastructure Highlights • Enhanced security measures • • • • Redundant, scalable, and modular architecture • • No single point of failure Each resolution site has multiple network connections • Front-facing for queries/resolution and back-end for management and monitoring • Intelligent traffic load balancing for DNS servers • Proactive 24x7x365 network performance monitoring • • 25 Over-provisioned global infrastructure proven resistant to DNS-based DDoS attacks ATLAS Non-BIND proprietary technology platform reduces vulnerabilities associated with DNS (open-source) software Ongoing patch and vulnerability management Direct NOC coordination with multiple upstream network providers Network designed and monitored to operate at below 20% capacity to support traffic bursting VERISIGN CONFIDENTIAL Verisign Managed DNS Solution Verisign Managed DNS is a cloud-based DNS hosting service that offers unmatched DNS performance and benefits over in-house management and third-party providers . Key Features • Simplified DNS Management through Intuitive, Error-Checking Console • Managed DNS Reporting Service • Geo Location • DNSSEC • Failover Service • Web Forwarding • Web Parking Service 26 Key Benefits • Guaranteed 100% DNS resolution • Reduced Cost and Complexity • Improved Security of DNS Zones and Response Integrity (DNSSEC) • Enhanced DNS Response Time • Access to DNS Experts • Quick and Efficient New Protocol Integration (IPv6) Anycast vs Unicast DNS Routing • Unicast (one-to-one) • Communication between a single client and a single server • Anycast (one-to-one-of-many) • Communication between a single client and the topologically closest instance of a network service that is represented in multiple places by a common IP address 27 Verisign’s Hybrid (Anycast + Unicast) Routing Approach • Anycast only resolution approach implies a tradeoff between performance and availability • Better served by a hybrid solution • A smaller number of name servers within a zone is Anycasted, while the remaining servers are Unicasted • Minimizes transactional latency while optimizing availability • Provides customer with ability to determine their tolerance between performance and availability • Verisign has used this approach to manage DNS resolution for .com and .net 28 Verisign DNS Management Portal DNS Manager is an intuitive, permissions-based tool that presents a user friendly interface for DNS management Improved Web Performance Without Sacrificing Control Bulk-add multiple domains Auto Error Checking Real-time Data Propagation DNS queries and Web Forwarding Usage Reports 29 Verisign CONFIDENTIAL What to Look for in a Managed Service Provider 30 How does Verisign Managed DNS Stack Up? 31 1. Security: Proprietary, Award-winning DNS Software (ATLAS) with a proven attack-resistant Global DNS Infrastructure 2. Performance: Hybrid routing architecture minimizes DNS resolution latency, while ensuring availability 3. Change Management: Real-time Propagation for DNS Changes 4. Scalability and Latency: 17 globally distributed DNS resolution centers located at major telecommunications peering points. Verisign’s network infrastructure is redundant within each facility and across facilities 5. Recoverability: Redundant, scalable, and modular architecture with no single point of failure. Verisign is among the first to notice DNS attacks through exclusive real-time view of DNS traffic patterns of .com/.net zones. Additionally, DNS infrastructure has become a prime target for DDOS attacks How does Verisign Managed DNS Stack Up? 6. Service and support: 24X7 customer support and monitoring included at no additional charge 7. SLAs: 100% DNS Resolution Guarantee with 12+ year track record without a single service interruption 8. Internal and external DNS management: Verisign's Managed DNS portal is an intuitive, permissions-based tool that presents a user friendly interface for DNS management 9. ROI: Verisign Managed DNS reduces the cost and complexity/burden of maintaining your own external DNS infrastructure 10. Proven track record: Verisign has proven track record of DNS Expertise Managing root/.com/.net Resolution and proven Attack-Resistant Global DNS Infrastructure 32 ROI for External DNS Hosting Customer Profile • $4-5 million in annual online sales • ~100 employees • Web site traffic: ~100,000 visitors per day Revenue Protection Revenue lost per hour $5000 DNS related downtime 0.3% Hours of downtime/yr 26 $130,00 Increased Productivity Sys Admin time 25% x 1 FTE 80% reduction End User Productivity 0.3% loss due to DNS Avg. salary $85K Total Benefit 33 Verisign CONFIDENTIAL $17,000 $25,500 $172,500 Questions? Jennifer M. Pigg VP, Research Yankee Group Rohit Kinra Senior Manager Product Management, DNS Products Verisign © Copyright 2011. Yankee Group Research, Inc. All rights reserved. Page 34
© Copyright 2024