What’s the Purpose of Having a VA?
To begin, a Virtual Appliance (VA) is an on-premise virtual machine. The VA provides a higher level of reporting granularity by providing insight inside your network through functionalities such as active directory (AD) integration or domain/IP routing.
Why Do I Need Two?
To fully protect customers from vulnerabilities, security service providers like OpenDNS use VAs to update their services. To receive these updates automatically, we strongly recommend that all of our customers install two VAs.
Customers with a single VA installed will not receive automatic updates, as it would cause downtime. Having two VAs installed means one install can continue running while the other automatically updates. OpenDNS Engineering Manager Justin Swift explains, “The main benefit of having a second VA is for redundancy; in the event that there is a problem with the primary DNS server, the secondary server keeps end users from experiencing downtime. This is particularly important when considering updates. Customers with redundant VAs can be sure they’ll always have the most up-to-date version of the VA, without needing to worry about scheduling downtime.”
With a single VA, a customer needs to stay on top of new VA releases and apply updates manually.
Basically, we want to do the work for you, and when you install a second VA, we can.
Why does it matter?
The recent GHOST exploit is an example where OpenDNS took extreme precaution by updating the VA software to prevent any future attacks. We were unable to automatically deliver updates for this vulnerability to customers with only a single VA deployed.
Worried that installing multiple VAs might take too long?
OpenDNS has been working on new features to save our customers time when installing multiple VAs. In the past, in order to set up a new VA, a customer would need to enter a list of all internal domains that should go to the local resolver. According to OpenDNS Product Manager James Brown, “To set up a second VA, the customer would need to type this list twice. Installing 20 VAs would require typing the list 20 times, as there were no copy and paste shortcuts to this process.”
With our new Internal Domains feature, we give you the ability to manage all of your VA internal domains without having to access each and every one to make changes. We’ve taken this manual process and added domain management to your OpenDNS dashboard. Now it’s even easier to install multiple VAs, and you can learn exactly how to get the feature here.
Regardless of how many VAs you have deployed, we recommend that customers subscribe to the Umbrella Release Notes section of OpenDNS’s Support Portal to receive an email notification whenever new updates become available. For VA setup instructions, see the video below:
For information on setting up a second VA for Umbrella, find the OpenDNS setup guide here. You can also use the Upgrade VA button in the dashboard to force the update on your current VA. With a single VA deployed, the update will require approximately 20 minutes of downtime.
