Did you know that a sufficiently new Cisco router can be a DNS server? Apparently this functionality is not that new (dating from 2005), but I did not hear of it until I saw the article Cisco Router: The Swiss Army Knife of Network Services. I think this is a good example of what I may start calling "functional aggregation," whereby features previously provided on separate servers are collapsed to one box. I know others call that "convergence," but that term applies to so many topics (voice + video + data, etc.) that I'll use FA here. It doesn't matter anyway, because some marketing drone will invent a catchy name that everyone will end up using at some point.
One interesting aspect of this story is that it points to a simple blog post called Use your Cisco router as a primary DNS server that shows how easy it is to configure this feature. That post is then followed by a new article called Protecting the primary DNS server on your router, which explains how a router as DNS server can be overwhelmed faster than a separate, robust server. The comments to the second post also provide a justification for DNS on router functionality, namely it saves the cost of a dedicated DNS box if your router is underutilized.
The danger not mentioned in those posts is that a DNS server is another potentially exploitable service. The greater the number of services exposed to the public on a system, the greater the likelihood for compromise. It's one of the reasons people have tried to run separate services on separate servers for years.
I think we'll see the following trends based on these sorts of developments.
- The poorest businesses (in terms of budget, expertise, and time) will seek to not maintain any IT infrastructure at all, and will rely on outsourced services. FA means nothing to them because they don't maintain gear.
- Moderately equipped businesses will adopt some FA solutions because they are "good enough" or "just good enough," given their constraints.
- Well-equipped businesses whose staff can make the case for stand-alone functionality (i.e., separate DNS servers, etc.) will avoid FA solutions for critical infrastructure. Otherwise they will outsource or use FA to save money.
I think these arguments apply equally well to security services such as those found in so-called "unified" security appliances.
0 komentar:
Posting Komentar