Project Description

UBC IT initiated a project in 2009 to replace the IP address management system NetID. NetID had been in place for many years and provided a good management system for its time. NetID has reached its end-of-life and is no longer supported by the vendor. An RFP process was conducted by UBC IT and the Bluecat Networks IP Address Management (IPAM) system was chosen as the replacement for NetID.

Key features of the new system include:

  • Well respected IP Address Management system
  • Granular permissions and access control
  • Modular, scalable, and very robust system design
  • All the expected features of DNS and DHCP services with continuing upgrades
  • Many successful migrations from NetID

Implementation Timeline

The implementation schedule for the Bluecat system is from April to December 2010.


System design and procurement - April to June
Product training - May
Deployment and Postponement - July
Deployment - December
Project cleanup - January


The deployment phase during December has some important dates and impacts for department administrators.

Dates Impact
July 2-23 Authentication transition from NetID to CWL. NetID administrators notified June 29 of NetID account and confirmation of CWL account name. Completed July 23.
July 5-23 Migration of some DHCP pools from NetID to myDNS. Completed July 29.
July 21 New NTP server is available. NTP servers are ntp.ubc.ca, ntp1.ubc.ca, and ntp2.ubc.ca
Dec 6-17 myDNS test site made available to department network administrators for review. Email notice to be sent to administrators of the available site. Data is a snapshot and will be overwritten on the cutover date. 
Dec 13

All DHCP reservations in NetID (an IP address reserved for a MAC address) will be transferred to the new servers along with the DHCP options.
Any NetID DHCP reservation changes made after 09:00 will not be transferred to myDNS.
Dec 16

NetID management system will not be available as of 09:00 Dec 16. Any emergency DNS updates needed between this date and the cutover date may be sent to nmc@ubc.ca for processing.
DNS and DHCP services will continue to operate normally.
Dec 19

Cutover of the DNS and remaining DHCP will be scheduled in a 5 hour maintenance window, 07:00-12:00. No impacts to DNS services are expected during this time.
The DHCP service changes may cause problems for some systems to obtain a new lease during the maintenance window. If there is an issue, restart the system following the scheduled maintenance window.
The new myDNS management interface will be available for use following the maintenance window.

Impacts

The myDNS system offers many advantages over the previous IPAM system and has resulted in a complete redesign of the underlying architecture. Refer to the System Overview section for further detail. Below is an overview of the changes impacting users and department network administrators.

  • Affected users are updated throughout the system migration process on this website, through emails, and UBC IT bulletins.
  1. Change of DNS management system from NetID to myDNS:
    The Nortel NetID Java-based GUI is replaced by a new management system. The web-based interface for the new DNS and DHCP system is called myDNS. A short customized guide for UBC network administrators on using myDNS (Proteus) is published on the UBC IT website and training sessions arranged as needed. Access is provided to a test environment prior to the cutover at the end of December. The new system procured from Bluecat Networks consists of Adonis, which provides the DNS , DHCP, and NTP services, and Proteus, which is the front end management application.
  2. CWL authentication for myDNS:
    Authentication uses CWL logins and passwords. This required a change of login name for some NetID users and has been completed. The access of users and groups to domains and networks will be preserved through this upgrade.
  3. DNS server IP address changes: This upgrade will introduce a revised architecture for DNS service. On-campus clients will be encouraged to switch to 2 new DNS servers, protected from external attacks. External clients accessing UBC domains will continue using original addresses 137.82.1.1 and 142.103.1.1. While internal clients will continue to get full service at the original addresses, after a few months external clients will be blocked from making recursive queries, the recommended secure configuration. This external blocking will be based on a broad list of networks associated with UBC, and preceded by an advertising campaign.
  4. DHCP server IP address changes:
    DHCP service will be transitioned to new internal servers. Routers that forward DHCP requests will need to be re-configured with the new servers addresses. For routers managed by UBC IT, we will apply these transparent changes over a few weeks. We will provide assistance to customers who manage their own routers and use NetID DHCP service.
    For those who have DHCP reservations in NetID (an IP address reserved for a MAC address), this will be transferred for you to the new servers along with the DHCP options (gateway, dns server ...).
    If you have servers or workstations or devices which need an unchanging IP, we will help you convert their changeable leases into reservations. A separate communication will be sent on this topic.
    Since most firewalls allow outbound connections to anywhere (including DHCP servers), they will generally not need a configuration change, unless they are set up as local gateway with "DHCP helpers".
  5. NTP service changes:
     The NTP service at 142.103.1.1 (ntp2.ubc.ca) will continue unchanged, but 137.82.1.3 (ntp1.ubc.ca & ntp.ubc.ca) will move to 137.82.1.1.
    Machines configured to get NTP service from those servers by name will need no change, unlike those configured using numeric IP addresses