Summary:
Section titled “Summary:”The standard is needed to provide clarity around these devices.
Assumptions, Risks, or Dependencies:
Section titled “Assumptions, Risks, or Dependencies:”Assumptions:
Section titled “Assumptions:”To have OpenDNS virtual appliances spun up, a client must meet two requirements; they must have a local domain controller and a supportable hypervisor (Either Hyper-V or VMware).
Risks:
Section titled “Risks:”Confusion amongst the team regarding when a client is provided these devices are treated both from a technical and billing standpoint.
Dependencies:
Section titled “Dependencies:”N/A
Requirements:
Section titled “Requirements:”N/A
Standard:
Section titled “Standard:”centrexIT uses OpenDNS virtual machines to enable Active Directory connectors to collect device and user information. This allows us to search for the endpoint source of internet traffic. These virtual appliances live in our vCenter and take the load off the local DNS server from processing DNS requests to the internet. They also encrypt the DNS Traffic over DNS over HTTPs (DoH). When deployed to clients networks, we do not have to deploy Cisco Secure Client Umbrella (formerly OpenDNS Agent) to every computer. Cisco Secure Client Umbrella only needs to be deployed to Laptops, because they can roam out of the corporate network. Workstations or Desktops typically remain on the corporate network and therefore protected by the OpenDNS Virtual Appliance (OVA).
To have OpenDNS virtual appliances spun up, a client must meet two requirements; they must have a local domain controller and a supportable hypervisor (Either Hyper-V or VMware).
Best practice is to deploy 2 OpenDNS (ODNS) servers for redundancy. The hardware specs are pre-determined by Cisco within the Virtual Machine Template (1vCPU, 512MB RAM, 7GB Disk). Will show as 1vCPU, 1GB RAM on cloud report.
The naming convention when spinning up these servers is as follows: CLIENTACRONYM-LOCATION-OVA-1
This is an example of a client who has their OVA servers on prem. If a client has multiple locations some thought needs to be put in that will properly abbreviate the location and set it apart from others.
Example: MAA-TC-OVA-1 MAA-TC-OVA-2 This is March & Ash – Telegraph Canyon – OVA-1
If a client’s OpenDNS virtual appliances are in our cloud the naming convention is as follows.
Example: RCP-NOC-OVA-1 and RCP-NOC-OVA-2
We do not charge clients for these virtual machines as they are minimal resources in our cloud.
These virtual appliances do not need to be backed up.
External References:
Section titled “External References:”- EXTERNAL only – i.e., industry best practices, CIS18, this is not for cIT internal references
Definitions:
Section titled “Definitions:”- OpenDNS (ODNS)
- Virtual Appliance (VA)
- OpenDNS Virtual Appliance (OVA)
- DNS over HTTPs (DoH)
Note: Please add KB relationships to core process, process, SOPs or other WIs on the right.