BlueCat Integrity provides a single pane of glass view of your IP address space when you are a small company. But if you acquire multiple other companies, there are other products on the market that provide a better view than the way BlueCat handles it, although Integrity still does provide that functionality. Our company has been acquired, and has acquired other companies, and we have address conflicts because a company we purchased is using the same address space and it gets very difficult to see it in one view. The way that Integrity handles it is that it creates multiple configurations and you have to bounce back and forth to see how that address space is being used. It does provide us with a way to manage multiple environments but it requires some additional hardware for some of the Microsoft integration when it comes to handling dynamic updates. Also, a problem with integrating Integrity with ServiceNow, for example, is that we're in the cloud with ServiceNow, and there is a compatibility issue with that in terms of communicating back and forth. And one of the big pushes within our organization is multi-factor authentication. Integrity is not up to snuff yet for supporting some of the new standards for multi-factor authentication, specifically on the BDDS. One more negative is that, while the product is IPAM, DNS, and DHCP, it does provide NTP functionality, but one of the things that they have yet to correct or catch up with is NTP authentication. There are new standards being pushed out and they are lagging a little bit in supporting them. One of the other pieces that has been a sticky point for our organization is some of the API functionality. A lot of it used to be SOAP. In the new versions they're releasing it's going to be RESTful APIs, which is what we were always looking for. It's just taken BlueCat a little bit of time to catch up with some of the other vendors that provided that already.
Senior Security Consultant at a consultancy with 1-10 employees
Consultant
Top 20
2024-10-16T14:51:00Z
Oct 16, 2024
The user interface could be improved, as the implementation of BlueCat can be complicated and requires personnel with expertise in DNS, DHCP, and IP management.
Senior Network Engineer, DDI at a wireless company with 10,001+ employees
Real User
Top 20
2024-10-16T07:07:00Z
Oct 16, 2024
Some areas need improvement, especially the issue with stale entries in the BlueCat tenancy. I have heard that it is already fixed in BlueCat Integrity 10. I have not used that yet. Additionally, they can integrate DIG into BlueCat Integrity.
Engineering Specialist at Community Health Systems
Real User
Top 10
2024-07-08T19:39:00Z
Jul 8, 2024
We're still reviewing our architecture and design. We are having some challenges when it's integrated into our VMware environment. We've fixed a lot of those issues. That said, we're still going through an architectural review to make sure that our high-availability design is going to be okay. High availability is an area of weakness. In terms of questions such as what does it take to produce high availability, and what is the configuration standard that must be met to maintain the high availability, we've had some challenges there. There are multiple ways you can achieve high availability. We're using one that they call XHA, a high-availability backbone. It is where you have two BlueCat devices that share a heartbeat. In the event that one device goes offline, the other one takes over completely. It acknowledges and understands that the first one is offline, and so you still maintain your service level. If that heartbeat didn't exist, we would have a failure. In a Windows configuration, we would previously configure both DHCP servers to be active-active, and it was always a race condition, a problem there. The real challenge that we've had in high availability is within a virtual environment. XHA was not designed for a virtual environment, yet we are using it in a virtual environment. So we're trying to figure out ways to make that better. XHA has some very unusual requirements. If you're running just two BlueCat appliances for a given area of responsibility, then in VMware, if they land on the same VM host, you can run into challenges with XHA, which we are learning. We have to make sure that we have to keep our BlueCat appliances separate. They have to run on separate hosts, and that's a little burdensome and has caused trouble for us in the past. We're learning how to make that better so that they can't end up on the same host.
A common complaint about BlueCat is that adding new features or making even small changes requires a full deployment process, which can be time-consuming. This is especially problematic for deployments using SSP (hidden primary), the business-critical DNS server, which can take up to seven minutes to deploy depending on network size. Unfortunately, BlueCat Integrity doesn't support bulk Content Security Policy configuration. We'll need to set these policies manually for each element or develop a script to automate the process.
BlueCat Integrity could benefit from several improvements. First, faster log processing would be beneficial. Ideally, the system would adopt a similar approach to BlueCat Edge for improved efficiency. Second, the IPAM dashboard could be enhanced to display more information and provide data analysis features. This could include visualizations, log analysis, and improved reporting with insights and metrics. Similar to BlueCat Edge, reports should be presented in a modern way that leverages more data for analysis. Ultimately, the goal is to visualize logs and gain insights directly within reports.
Sr. Manager Network Engineering and Architecture at SAIC
Real User
Top 10
2024-04-30T12:42:00Z
Apr 30, 2024
When you replace an appliance, there are many configuration steps, so adding zero-touch provisioning would be helpful. It can be quite tedious and time-consuming to replace a device if it fails or deploy a new one.
It primarily supports DNS high availability failover when the servers share the same subnet. However, it does not offer robust support for high availability failover with different subnets, especially if the servers are located in different data centers and belong to distinct IP networks. In such cases, setting up high availability becomes challenging, often requiring manual failovers.
Senior Security Engineer at a tech services company with 10,001+ employees
Real User
Top 10
2024-01-10T22:07:00Z
Jan 10, 2024
Currently, a significant portion of automation within our infrastructure relies on custom-written scripts. For instance, every time we require automated IP address space updates, we must develop the script ourselves. Looking forward, I would welcome pre-existing scripts readily deployable within our infrastructure to alleviate this burden. BlueCat currently meets our core needs, and we appreciate their service. However, we believe the platform could benefit from significant improvements, particularly in terms of ongoing maintenance and the implementation of new features. One crucial area for development is IPv6 support. As we transition to this newer networking protocol, we lack robust tools and functionalities tailored to IPv6 within BlueCat. Consequently, we'd like to see greater investment from BlueCat in building out their IPv6 feature set.
Senior Cloud Engineer at a insurance company with 10,001+ employees
Real User
Top 20
2023-10-26T17:53:00Z
Oct 26, 2023
I would like the GUI to be similar to AWS and Azure, where we can simply click on an item to expand it and see all the information on one page, without having to click to the next page.
The most important improvement is that it would be nice to have more built-in tools for bulk updates and bulk changes. I understand that there are APIs for this, but that requires coding skills. I am no longer a coder, so it would be helpful to have built-in tools for imports and other tasks. The UI is outdated and needs a modern refresh. The RFC is over 25 years old, and some record types have become obsolete. I would like newer DNS record types, even if they are not part of the RFC.
Senior Product Manager DDI & Network Automation at a manufacturing company with 10,001+ employees
Real User
Top 10
2023-09-20T09:34:00Z
Sep 20, 2023
It is not that easy to use. It's not rocket science, however, even compared to other products in the BlueCat portfolio, it's one of the most complicated. The big downside of the customization is when there are new releases and you have to customize all of it again since you’ve diverted from the standard. One of my biggest criticisms is that you need additional pieces of software. Competitors have a lot of these things built into one solution. BlueCat doesn't. I need additional resources to actually do things. You actually need a lot of add-ons from the solution's portfolio. While some of them are provided, most you have to pay for separately. In reality, they should just be part of the product. The reporting capabilities need improvement. It holds a lot of information, and that information is easily accessible in the tool and through API. However, for instance, the moment anybody who is not a user of the product asks me for some information and I just want to run a report to hand back to them or something like that, it gets utterly complicated. Quite a few times we have not been able to pull reports out of the tool and provide them. Usability needs to be better. The main structure basically hasn't changed in years. It's got a bit polished, however, it doesn't really have a modern UI-based tool. That said, the product is being used by IT professionals. Still, sometimes the old design makes things unnecessary and difficult.
The ease of use is where I got to give a little knock on them. Once you start using the tool, it becomes very easy. It's actually quite easy to use. The problem that I run into is documentation. The documentation could be a little bit richer. Documentation has always been a little pet peeve for me with them. Sometimes the documentation does not really show real-world applications. Need to get tickets into support to get more details on how an item is supposed to operate or some CLI sequence may be missing in the docs. I am hoping to see an improved robust process to mass import/export IPAM data in their next major release.
Network Engineer at a healthcare company with 10,001+ employees
Real User
Top 20
2023-04-07T19:42:00Z
Apr 7, 2023
The DNS and DHCP servers for guests are separated from the main organization. A lot of times, it doesn't allow you to choose a default IP space. When I log in to the GUI, it doesn't default to where I want it to be. So far, I haven't been able to find out how to change or specify that so that it defaults to a particular space, such as the main org. If I'm looking for the IP space for guests, I need to toggle and go to the guest site. Most of the time, I want the IP space for the org to be my main space, but it doesn't give me the ability to do that, or I haven't been able to find that over the last two years. I want the org one to be the default one, but a lot of time, it defaults to the guest.
The solution does not export reports in a comprehensive format that allows us to see usage, administrators, VLAN, and backups. A reporting format similar to Infoblox would be beneficial because theirs include VLAN and function information, LAN or WAN determinations, number of segments, usage, and backups.
BlueCat Integrity is a comprehensive DNS security solution that provides visibility and control over all DNS traffic on your network. It offers real-time threat detection and response, as well as policy enforcement to ensure compliance with security standards. With its advanced analytics and reporting capabilities, Integrity enables you to identify and mitigate security risks before they can cause damage. It also integrates with other security tools to provide a complete security ecosystem....
BlueCat Integrity provides a single pane of glass view of your IP address space when you are a small company. But if you acquire multiple other companies, there are other products on the market that provide a better view than the way BlueCat handles it, although Integrity still does provide that functionality. Our company has been acquired, and has acquired other companies, and we have address conflicts because a company we purchased is using the same address space and it gets very difficult to see it in one view. The way that Integrity handles it is that it creates multiple configurations and you have to bounce back and forth to see how that address space is being used. It does provide us with a way to manage multiple environments but it requires some additional hardware for some of the Microsoft integration when it comes to handling dynamic updates. Also, a problem with integrating Integrity with ServiceNow, for example, is that we're in the cloud with ServiceNow, and there is a compatibility issue with that in terms of communicating back and forth. And one of the big pushes within our organization is multi-factor authentication. Integrity is not up to snuff yet for supporting some of the new standards for multi-factor authentication, specifically on the BDDS. One more negative is that, while the product is IPAM, DNS, and DHCP, it does provide NTP functionality, but one of the things that they have yet to correct or catch up with is NTP authentication. There are new standards being pushed out and they are lagging a little bit in supporting them. One of the other pieces that has been a sticky point for our organization is some of the API functionality. A lot of it used to be SOAP. In the new versions they're releasing it's going to be RESTful APIs, which is what we were always looking for. It's just taken BlueCat a little bit of time to catch up with some of the other vendors that provided that already.
The user interface could be improved, as the implementation of BlueCat can be complicated and requires personnel with expertise in DNS, DHCP, and IP management.
Some areas need improvement, especially the issue with stale entries in the BlueCat tenancy. I have heard that it is already fixed in BlueCat Integrity 10. I have not used that yet. Additionally, they can integrate DIG into BlueCat Integrity.
We're still reviewing our architecture and design. We are having some challenges when it's integrated into our VMware environment. We've fixed a lot of those issues. That said, we're still going through an architectural review to make sure that our high-availability design is going to be okay. High availability is an area of weakness. In terms of questions such as what does it take to produce high availability, and what is the configuration standard that must be met to maintain the high availability, we've had some challenges there. There are multiple ways you can achieve high availability. We're using one that they call XHA, a high-availability backbone. It is where you have two BlueCat devices that share a heartbeat. In the event that one device goes offline, the other one takes over completely. It acknowledges and understands that the first one is offline, and so you still maintain your service level. If that heartbeat didn't exist, we would have a failure. In a Windows configuration, we would previously configure both DHCP servers to be active-active, and it was always a race condition, a problem there. The real challenge that we've had in high availability is within a virtual environment. XHA was not designed for a virtual environment, yet we are using it in a virtual environment. So we're trying to figure out ways to make that better. XHA has some very unusual requirements. If you're running just two BlueCat appliances for a given area of responsibility, then in VMware, if they land on the same VM host, you can run into challenges with XHA, which we are learning. We have to make sure that we have to keep our BlueCat appliances separate. They have to run on separate hosts, and that's a little burdensome and has caused trouble for us in the past. We're learning how to make that better so that they can't end up on the same host.
A common complaint about BlueCat is that adding new features or making even small changes requires a full deployment process, which can be time-consuming. This is especially problematic for deployments using SSP (hidden primary), the business-critical DNS server, which can take up to seven minutes to deploy depending on network size. Unfortunately, BlueCat Integrity doesn't support bulk Content Security Policy configuration. We'll need to set these policies manually for each element or develop a script to automate the process.
BlueCat Integrity could benefit from several improvements. First, faster log processing would be beneficial. Ideally, the system would adopt a similar approach to BlueCat Edge for improved efficiency. Second, the IPAM dashboard could be enhanced to display more information and provide data analysis features. This could include visualizations, log analysis, and improved reporting with insights and metrics. Similar to BlueCat Edge, reports should be presented in a modern way that leverages more data for analysis. Ultimately, the goal is to visualize logs and gain insights directly within reports.
When you replace an appliance, there are many configuration steps, so adding zero-touch provisioning would be helpful. It can be quite tedious and time-consuming to replace a device if it fails or deploy a new one.
BlueCat Integrity can improve by increasing the amount of updates it releases.
It primarily supports DNS high availability failover when the servers share the same subnet. However, it does not offer robust support for high availability failover with different subnets, especially if the servers are located in different data centers and belong to distinct IP networks. In such cases, setting up high availability becomes challenging, often requiring manual failovers.
Currently, a significant portion of automation within our infrastructure relies on custom-written scripts. For instance, every time we require automated IP address space updates, we must develop the script ourselves. Looking forward, I would welcome pre-existing scripts readily deployable within our infrastructure to alleviate this burden. BlueCat currently meets our core needs, and we appreciate their service. However, we believe the platform could benefit from significant improvements, particularly in terms of ongoing maintenance and the implementation of new features. One crucial area for development is IPv6 support. As we transition to this newer networking protocol, we lack robust tools and functionalities tailored to IPv6 within BlueCat. Consequently, we'd like to see greater investment from BlueCat in building out their IPv6 feature set.
I would like the GUI to be similar to AWS and Azure, where we can simply click on an item to expand it and see all the information on one page, without having to click to the next page.
The integration has room for improvement. Everything related to automation can be improved. The deployment process needs to be simplified.
The most important improvement is that it would be nice to have more built-in tools for bulk updates and bulk changes. I understand that there are APIs for this, but that requires coding skills. I am no longer a coder, so it would be helpful to have built-in tools for imports and other tasks. The UI is outdated and needs a modern refresh. The RFC is over 25 years old, and some record types have become obsolete. I would like newer DNS record types, even if they are not part of the RFC.
It is not that easy to use. It's not rocket science, however, even compared to other products in the BlueCat portfolio, it's one of the most complicated. The big downside of the customization is when there are new releases and you have to customize all of it again since you’ve diverted from the standard. One of my biggest criticisms is that you need additional pieces of software. Competitors have a lot of these things built into one solution. BlueCat doesn't. I need additional resources to actually do things. You actually need a lot of add-ons from the solution's portfolio. While some of them are provided, most you have to pay for separately. In reality, they should just be part of the product. The reporting capabilities need improvement. It holds a lot of information, and that information is easily accessible in the tool and through API. However, for instance, the moment anybody who is not a user of the product asks me for some information and I just want to run a report to hand back to them or something like that, it gets utterly complicated. Quite a few times we have not been able to pull reports out of the tool and provide them. Usability needs to be better. The main structure basically hasn't changed in years. It's got a bit polished, however, it doesn't really have a modern UI-based tool. That said, the product is being used by IT professionals. Still, sometimes the old design makes things unnecessary and difficult.
During our testing phase, we encountered some issues with Active Directory and DNS reverse lookups.
The technical support is slow and has room for improvement.
The ease of use is where I got to give a little knock on them. Once you start using the tool, it becomes very easy. It's actually quite easy to use. The problem that I run into is documentation. The documentation could be a little bit richer. Documentation has always been a little pet peeve for me with them. Sometimes the documentation does not really show real-world applications. Need to get tickets into support to get more details on how an item is supposed to operate or some CLI sequence may be missing in the docs. I am hoping to see an improved robust process to mass import/export IPAM data in their next major release.
The DNS and DHCP servers for guests are separated from the main organization. A lot of times, it doesn't allow you to choose a default IP space. When I log in to the GUI, it doesn't default to where I want it to be. So far, I haven't been able to find out how to change or specify that so that it defaults to a particular space, such as the main org. If I'm looking for the IP space for guests, I need to toggle and go to the guest site. Most of the time, I want the IP space for the org to be my main space, but it doesn't give me the ability to do that, or I haven't been able to find that over the last two years. I want the org one to be the default one, but a lot of time, it defaults to the guest.
The solution does not export reports in a comprehensive format that allows us to see usage, administrators, VLAN, and backups. A reporting format similar to Infoblox would be beneficial because theirs include VLAN and function information, LAN or WAN determinations, number of segments, usage, and backups.