5 Tips for Migrating to Kea

In last week's blog we discussed how ISC DHCP has EOLd. We started going over some of the ways to ease your migrations to other DHCP services. We'll continue that discussion today with some tips and tricks for migrating to Kea.

Kea DHCP is ISC's more modern answer to DHCP. Besides having more modern redundancy built-in to the platform it also offers a modular and extensible design, On-line Reconfiguration with REST APIs, better integration with third parties, and a web-based graphical dashboard according to ISC's website.

So what are our tips for migrating to Kea?

1. Migrate in chunks.

There's an old joke, how do you eat an elephant? One bite at a time. Meaning, if you have a huge task, you can just think of it as taking one step at a time to complete.

So start your migrations off in a lab, then move to other low hanging fruit like small branches or the guest wifi or whatever might apply for you in your environment. Always testing and learning as you go.

2. Migrate during the off-season.

All engineers know that it's best to only make one change at a time. If you're going through a major infrastructure refresh, that's probably not the best time to plan your Kea migration. However, maybe you have a new site you're bringing up, or you're rolling out new access points to enable hybrid work. That might be a good time to start implementing Kea.

This might mean that you're running ISC DHCP and Kea DHCP at the same time, but with a DDI tool like Micetro which uses abstraction to let you manage multiple services from the same place, this should be relatively easy to manage.

3. Centralize or move to the edge?

It's always good to think of a migration as an opportunity to change the way you're currently doing things. If you're running DHCP in a very centralized way, where you're serving out IP addresses mostly from HQ because people were mostly working from HQ at the time you implemented DHCP then that made sense at the time. However, if you are now dealing with hybrid workers, several sites, or branch offices, it might be time to consider moving your DHCP servers to the edge.

DHCP can be relatively simple to implement in a decentralized way, while still managing from an abstraction layer, as you would with Micetro. Thereby having your DHCP servers in close proximity to the devices they're serving, but still simplifying operations by centralizing management.

4. What database solution should you use?

Kea uses a backend database to store configurations which allows admins to store these configurations some place other than just on the local server. This means that configuration changes can be stored for several Kea servers in a centralized place, making management much easier. This also means that changes can be made to the database without having to restart Kea servers.

The great thing about the flexibility here, and having a separate database, is that you can use the databases and hopefully the database admins you already have! Let the experts handle the database part, including building in High Availability from a backend perspective. And building in redundancy is always encouraged at every layer.

5. More on redundancy...

ISC DHCP had failover, which was perhaps a bit difficult to configure. Kea is a bit different, in that it has built-in High Availability through the use of a hot server. So the hot server is always on and up-to-date. If something goes wrong with the first Kea server, the hot Kea server will take over.

Bonus: Make Kea DHCP more secure.

Not only can you build in layers of redundancy, due to the modular nature of Kea and having a separate centralized backend. You can also build in more security. Meaning you can build ACLs/Firewall rules around your database, as well as only allow the least amount of access to these database servers. Even if you have to allow more access to the Kea servers themselves.

How do you get started on the actual migration from ISC to Kea?

There's a tool available now called Keama which can do a lot of the work for you. There's some manual work that may need to be done, but Keama is probably the best tool available now. ISC has written up a KB article which may be helpful for you to get started with Keama.

As always, you can manage several services, including DNS, DHCP, and IP information all from Micetro, so it's the perfect DDI tool to help you along with your migrations. To get started, just download the free trial and follow the YouTube Deployment playlist to get started.