The Continuous Upgrade Cycle
We’re just putting the finishing touches on our latest set of infrastructure upgrades to the UltraSecurity platform and are already planning our next set of updates. Over the past four years, Neustar has invested over $60M in upgrades across the UltraDNS and UltraSecurity Platforms. Some of the enhancements are quite evident, as we took our global DNS footprint out to 30 sites, spun up sites in China, and expanded our application security network to 14 locations and over 11 Tbps of mitigation capacity. Others are not so evident in the overall numbers but are extremely important to our ability to serve our customers.
One of the initiatives that we carried out was the expansion of the UltraDNS network to 30 locations, or as it has been known internally: “edge node redesign.” As the name implies, this was much more than just a site expansion. We took the opportunity to modernize every aspect of our DNS delivery, including new and expanded transit, faster compute nodes, built-in DDoS protection, and much faster zone propagation. The net visible effect to our customers is faster convergence of changes and lower latency resolution across the globe. The not-so-visible improvements include huge capacity increases—the network is now designed to operate over 50x our existing query volume—and continued improvement on the network’s resilience to unplanned external events. Our goal is to reduce customer risks to a minimum, so we continually invest in control-plane, data-plane, and network-level redundancy improvements, along with new forms of monitoring and alerting to avoid situations that could lead to diminished performance.
In application security, we made a large investment a few years ago to expand the network to 14 nodes globally with over 10 Tbps of total capacity. We didn’t rest on our laurels and have continued to build upon this new foundation. We have incrementally ticked up overall capacity to 12 Tbps, five times the largest attacks ever seen. Some of the most impactful changes we have made are less outwardly visible. Since the beginning of this calendar year, we have upgraded the software on most of our infrastructure, including the DDoS scrubbing equipment, to ensure we have the latest tools at our disposal to carry out our services. The DDoS scrubbing devices themselves have been upgraded to the latest hardware, ensuring even higher performance. We’ve added diverse transit across both our ingress and clean traffic return networks. New layers of switching capacity were installed in each of our datacenters, giving us even higher network resilience but also “oodles” of 100G ports, as our director of network engineering stated. We did all this while operating the service, and with our customers contending with only the occasional maintenance window.
Considering that we have a network and services that have been serving our customers effectively for years, it’s natural to ask if the continuous investment is really justified. The answer is a resounding yes! Neustar Security Solutions offers premium DNS, DDoS, and application security services to many of the world’s largest and most prominent companies. DNS name resolution is fundamental to the availability of our clients’ services, and our application security services are the barrier against the most common threats to this availability. It is our customers’ expectations and our duty to ensure that Neustar Security Solutions allows them to thrive online. This means that we must continue to operate the largest, most resilient network and run software that provides the tools to withstand the latest threats. It also means that we can never stand still, and we should always be considering what is next. That is what you can and should expect from Neustar Security Services.