Gartner reviews the future of DNS diversity.

TCPWave is the answer to mitigate DDOS attacks.

Gartner Article

TCPWave delivers speed and security to meet the market demands for secure networks.

Born in the Cloud, Made for the Cloud.

Awarded top 25 Cyber Security company 2017

CIO Article

TCPWave IPAM is built with automation and cloud management from the beginning. The DDI tool was built specifically to securely manage and react to real-time updates in the cloud or datacenter, without bringing  any Legacy software problems that  limit cloud architecture, automation, security and performance. The full REST API has been integrated with many of the popular cloud offerings such as AWS, Google, DYN/Oracle and MS Azure. Weather you choose the traditional TCPWave hardened appliances in your datacenter, a multi cloud offering, or a hybrid of both, TCPWave will unify your DDI from one robust dashboard.  TCPWave accelerates the traditional DNS, DHCP and IP Address Management into the future. It allows your DevOps models to seamlessly integrate with the core network services and reduces the operational overhead associated with DNS and DHCP. If you are into Terraform, Docker, Chef, Puppet, AWS, Jenkins or if you are trying to do ‘Infrastructure as a Code’ project, look no further. TCPWave IPAM is the right choice for you.

Using TCPWave IPAM, your DevOps and IT teams can:

  • Reduce costs associated with  DNS, DHCP and IP address management,
  • Manage DNS in various cloud hosted platforms using a central management console in your data center.
  • Retire legacy Perl based automation using outdated APIs and leverage modern Java REST API.
  • Perform data mining by querying  database for your in-house applications.
  • Obtain fault management, performance management, configuration assurance and numerous reporting metrics from one interface.
  • Scale your infrastructure in a linear fashion without having the hassle of purchasing additional management devices.

IP Address Management

has never been so easy

External DNS management

  • Diversify DNS by managing external DNS in multiple External DNS cloud offerings such as DYN, CloudFlare and Amazon RT 53 in parallel from one screen.
  • Import DNS data from the cloud providers into TCPWave.
  • Manage DNS records (Add, Modify and delete) from one screen.
  • Allows management of extended offerings from DNS cloud providers like geographic load balancing, Traffic director and active fail over.
  • Manage internal DNS from the same screen as well.

DUAL DNS code provisioning

  • ISC BIND backed up by NSD DNS on the same server for authoritative and Unbound DNS for caching servers. If an DNS vulnerability is created maliciously against the public ISC code, the ISC BIND server can be dynamically shut down and the appropriate NSD or Unbound DNS server started avoiding the vulnerability.

Amazon AWS Integration

  • Complete Amazon Machine image (AMI) management.
  • Launch, Destroy and provide statistics for VPC’s.
  • Manage TCPWave database in AWS S3 storage.
  • Manage cross account roles and IAM.
  • Custom Hashicorp TerraForm integration.
  • AWS CloudForm integration.

Public and Private cloud offerings

  • Preconfigured integration with most popular cloud providers. AWS, Google, MS Azure, DYN/Oracle … using the Robust TCPWave REST interface.
  • Will develop communication with your cloud provider as long as they provide a REST interface.
  • Discover and import existing objects and subnets from the cloud instance, including permissions into TCPWave DDI.
  • Provision subnets and objects (Add, Modify and Delete).
  • Monitor statistics on cloud resources.

DDOS Mitigation in the Cloud

  • Start and Destroy many TCPWave DNS servers in multiple cloud providers quickly from the TCPWave GUI, ensuring DNS processing power to mitigate the largest DDOS attacks.
  • Anycast to the cloud or keep adding members to the GSLB pool on the fly.
  • Secure proprietary channel eliminates any DNS UDP transmissions.

Virtual Environments

  • Robust VMware Plugin.
  • VMWare Discovery – discovery of the virtual instances in the VMware Infrastructure using object types “VMware vCenter” or “VMWare ESXi”.
  • Compatibility with Devops and Infrastructure as Code environments.

Advanced Security

  • Deep packet inspection Engine
  • Dynamic DDI topology
  • Dynamic DNS Firewall
  • Configuration File Intrusion Alert

Early Adoption Offer  –  Customers transitioning from InfoBlox, Bluecat and VitalQIP get a 50% discount. Contact us to learn more.

 

 

 

 

 

TCPWave’s IPAM provides fault management, performance management, config assurance, patch management and IPAM software in one bundle. There is no need to purchase monitoring software to manage your DNS Infrastructure. TCPWave’s IPAM integrates with EMC SMARTS and automatically sends SNMP alerts when critical events arise in IPAM operation. Scheduled changes can be managed more efficiently and automated roll backs take place if the change implementation fails. TCPWave also provides a powerful dashboard to monitor all the core components of the DDI infrastructure managed by the TCPWave IPAM with extensive graphing capabilities for performance management metrics. TCPWave’s DNS and DHCP appliances are automatically added to the fault and performance management once they are a part of the TCPWave IPAM ecosystem. Contact us to schedule a demo.

TCPWave IPAM offers unsurpassed capacity planning metrics. The TCPWave IPAM,  built for speed, simplicity, and security, provides extensive capacity planning metrics of the hardware, operating system, network, database, DNS and DHCP. Modern charting frameworks used by TCPWave allow the customers to pinpoint DNS and DHCP problems before they can become potential widespread outages. The capacity planning engine has a seamless integration into the fault management engine so that your NOC team gets a heads up.  Detection of DDOS attacks, mitigation and prevention of such attacks from happening again becomes simplified with the TCPWave IPAM. Contact us to learn more.

screen-shot-2016-11-02-at-2-37-11-pm

 

 

 

 

 

 

TCPWave has taken the monitoring of the mission critical DNS and DHCP appliances that are managed by the TCPWave IPAM to a next level. When a DNS zone or DHCP scope is added, monitoring is done automatically and metrics are reported into the TCPWave IPAM dashboard. The table below shows a few examples of events and the auto-provisioned monitoring thresholds.

IPAM EventAutomatic Monitoring Threshold
A new Master/Slave DNS appliance is addedIPAM monitors for CPU, Memory, Disk, TCPWave Message Service, BIND/Yadifa functionality, vulnerability checks and hardware components such as Temperature, RAID health, power supply status etc.
A new DNS zone is addedIPAM monitors the zone availability on each master and slave. It also checks for the response time and trends it via an advanced charting framework.
A new DHCP appliance is added.IPAM monitors the CPU, Memory, Disk, TCPWave Message Service, DHCP functionality, response time, vulnerability checks and hardware components.
A new DHCP scope is added.IPAM monitors the scope and alerts when the scope is exceeding a pre defined usage threshold.
A new DNS caching appliance is addedIPAM monitors for CPU, Memory, Disk, TCPWave Message Service, BIND/Unbound functionality, BGP/OSPF route advertisement, vulnerability checks and hardware components such as Temperature, RAID health, power supply status etc
IPAM is initially provisioned for the first time.IPAM monitors the CPU, Memory, Disk, TCPWave Message Service communication from IPAM to remotes, database health, web page availability and response time, license usage, user lockouts, foreign authentication availability, core processes, vulnerability checks and hardware components.

Contact us to schedule a demo.

The architecture and design of the TCPWave IPAM is performed in a meticulous way after reviewing the Gartner article, which highlights the deficiencies of the current available DDI products in the market. The TCPWave product development team has also discussed the challenges faced in the enterprises with a large namespace and discussed the challenges faced by the Network Services Operations team. Administrators demand for root access to the underlying operating system to use the advanced features offered by BIND is one such constraint. DDI Statistics and canned audit reports were a priority to another client.RestAPIv3

The TCPWave IPAM provides an architecture that scales in a linear fashion. Our customers need not purchase additional devices for reporting and analytics. The core IPAM comes with it.

Contact us to schedule a demo.

TCPWave’s IPAM comes with an extensive audit capability, which provides accurate forensics for IP Audit, subnet audit, network audit, domain audit etc. You can customize the auditing policies to audit what the Security team is interested in for better audit reviewing. The Login audit enables detection of unauthorized intrusions in to the system. A combination of failure and success authentication audits help determine when the breach of security occurred. Isolation and preservation of the security events logs helps track users who gained unauthorized admin privileges. The preservation of logs also avoid login failure logs to be overwritten through Denial of Service Attacks. The Network, Subnet, and Domain audits provide extensive information related to network traffic, IP allocations etc. These audits help in detecting unusual network traffic, IP address allocation and de-allocation rates, DNS query rates etc.

Contact us to schedule a demo.

While most IPAM and DNS solutions allow only one Domain Controller per name server for synchronizing the DNS data and where the synchronization too is mostly insecure as the IPAM providers often avoid the complex and error prone Kerberos authentication, TCPWave IPAM goes one step ahead to allow a seamless and secure integration of multiple Active Directory Domain Controllers per name server. This unique integration of Active Directory Forest with TCPWave IPAM managed DNS appliances help organizations minimize their costs by spending only on optimum number of name servers.

How it works?

  1. Create as many Active Directory servers in the TCPWave IPAM.
  2. Upload the Active Directory Kerberos keytab file to the IPAM Web Interface.
  3. Map the Active Directory servers to the TCPWave DNS Appliances for synchronization.

Contact us to schedule a demo.

TCPWave’s IPAM can automatically update itself with the cloud orchestration layer. TCPWave’s IPAM goes a step further and provisions the compute, storage and network infrastructures using simple and configurable RESTful APIs. The TCPWave workflow editor allows you to automatically communicate with the cloud management when specific events take place in the TCPWave’s IPAM. The workflow manager allows Admins to generate predefined workflows for provisioning VMs, allocating and deallocating IP addresses and destroying the VMs. These workflows can be scheduled periodically for automating certain processes. Integration with VMWare, OpenStack, CloudStack, Eucalyptus is a seamless operation with TCPWave’s Powerful REST API.

The TCPWave IPAM solution also includes prebuilt virtual appliances with IPAM, DNS and DHCP services that work out of the box and a cloud orchestrator plugin with customized workflows for allocating IP addresses to all your virtual instances across your cloud.

Contact us to schedule a demo.

TCPWave IPAM for Cloud DNS

The TCPWave IPAM takes the DNS management of enterprises to the next level with the built-in Cloud Integration. TCPWave customers can now mix and match DNS hosted in public cloud, private cloud, and dedicated TCPWave Remote DNS servers to create an ideal environment. Cloud DNS hosting provides a highly available and scalable DNS service and improves the resiliency of the TCPWave managed DNS infrastructure in the private enterprises. Data center disaster recovery is tremendously improved when single points of failure are eliminated at the DNS authoritative service layer. TCPWave IPAM ensures that the DNS zone data gets a constant validation to ensure that the cloud provider’s DNS is in perfect harmony with the TCPWave managed DNS. When an object is updated in the TCPWave IPAM, the cloud providers are automatically updated too. Enterprises are shielded from exposing their internal DNS servers to the cloud and opening up DNS ports on the firewall for DNS zone transfers with the cloud providers.

TCPWave customers can also choose to have all the three providers listed below to provide cloud DNS hosting for every DNS zone managed by TCPWave IPAM.

AWS-Logo-01
Google-Cloud-Platform-Logo-01
rackspace-logo-01

DNS Zones created in the TCPWave IPAM support Zone Mirroring with Amazon’s Route 53 DNS, Rackspace DNS and Google DNS. DNS records added to the TCPWave IPAM are automatically synchronized with the cloud providers listed above using TCPWave’s powerful RestAPI methods. The management communication uses encrypted SSL thereby preventing man in the middle attacks.

Contact us to schedule a demo.

TCPWave provides the best protection available for your mission critical DNS infrastructure. Powered by the constantly updated Threat Defense Feed and a built in deep packet query inspection engine embedded with a stateful firewall, our DNS Firewall stops you from getting hacked. The TCPWave IPAM threat protection leverages the same proprietary feed, alerting you quickly in the event your site is compromised. Our Live Traffic view gives you real-time visibility into traffic and hack attempts on your DNS Infrastructure. You can have a TCPWave DNS cache do a BGP/OSPF peer with your routers and control the network traffic using the TCPWave Stateful Firewall Engine with management from the TCPWave IPAM. TCPWave provides an innovative and effective security platform that protects our way of life in the digital age by preventing successful cyberattacks.

The deep packet inspection engine resides in the TCPWave DNS appliance’s kernel. It examines the contents of the DNS requests at the Ethernet layer and protects the DNS application layer from malicious requests. In addition to this protection, the response inspection engine on the cache examines the packets received from the recursive lookups and determines if any of the responses are attempting to taint or poison the cache. This includes attempts to overwrite the hints file or the delegation records that allow BIND or Unbound to vulnerable to DNS hijacking. The DNS Administrator can reject all the incoming AAAA records on a cache, drop all traffic containing a string matching a regular expression such as malware or virus and can block all DNS requests from a specific IP Address or a subnet.

Contact us to schedule a demo.

TCPWave’s IPAM offers Secure DNS utilizing highest level of encryption and makes DNSSEC deployments very simple, empowering service providers to provide secure DNS hosting and name resolution services

Secure DNS: TCPWave’s IPAM supports DNSSEC thereby enabling service providers to provide secure DNS hosting and name resolution services. Further DNSSEC is used for secure Dynamic DNS updates that are RFC 2136 compliant. The DDNS updates ensures seamless zone updates without the need to restart the DNS server process. The DNSSEC rich set of features further include automatic key generation, zone signing, and scheduled DNSSEC key rollouts. The DNS server masters and slaves use secure TSIG transactions for full and incremental zone transfers.

Traditional DNS is vulnerable to multiple security exploits. Managing DNS with DNSSEC or GSS-TSIG has many operational overheads. Sending DNS updates using UDP port 53 has been proven as an insecure way to operate the mission critical DNS infrastructure. TCPWave has designed a revolutionary method of securing dynamic changes using a robust security model. Changes made in the IP Address Management web interface are sent using a secure conduit from the management server to the remote DNS server. A powerful logic developed in Java examines the contents of the update, determines the authenticity of the source IP Address, verifies if the IPAM server sent the message and then processes. After updating the master DNS, the secure conduit service sends an acknowledgement back to the management server. If the acknowledgement is not received, the management server sends a retry. This communication uses a TCP port with a 1024bit encryption key. Malicious users cannot spoof the IP of the management server and take control of your DNS environment with this advanced protection offered by TCPWave. Contact us to schedule a demo.

The TCPWave’s IPAM is a smart and reliable IP address management for any organization with complex and dynamic network infrastructure. It offers a set of powerful network manipulation tools that let the administrators to manage and operate on an ever expanding network devices. It automatically discovers your network topology and updates itself when new subnets are discovered on the network. When a new Arista switch is provisioned, automation can automatically inform TCPWave DDI to add the router interfaces into DNS, define the subnet profiles and add DHCP scopes for a rapid provisioning.The networks and subnets can be configured to be scanned periodically to detect the changes in the network nodes and then update the objects data.

The TCPWave IPAM  can discover all the network devices and their configuration via ICMP,SNMP and NetBIOS protocols and consolidate the newly collected data with the existing data. The TCPWave discovery rules control the automatic provisioning of the discovered objects into the DNS Infrastructure. The discovery engine runs at a blazing fast speeds with highly optimized parallel processing algorithms, all written in modern Java. You will be amazed to see our network crawl speed. Contact us to schedule a demo.

 

 

TCPWave’s IPAM enforces strict database integrity checks. It’s the best in the industry today. No other provider guarantees this level of DNS and DHCP data integrity. It’s smart logic checks the sanity of the DNS and DHCP configuration files before sending them to the remote DNS and DHCP devices. This ensures that the remote devices do not crash after getting an update from the DDI. TCPWave has eliminated a concept of a manual DNS and DHCP push. DNS updates take place in real time and DHCP configurations are updated automatically when new scopes are defined. Contact us to schedule a demo.

 

TCPWave’s IPAM allows you to gain a tight control over user permissions. It allows a network administrator to define what commands a user may run. This fine grain level of control allows for a more controlled delegation of IP management activities among users, without compromising on security. You can have users who can add users and can’t modify DNS data. You can then have users who can modify DNS data but cannot add other users. You can define user roles per Network, Subnet, Object, DNS, DHCP etc. Contact us to schedule a demo.

TCPWave IPAM provides comprehensive logs that can be viewed conveniently  via the management interface. Remote DNS/DHCP logs, the secure message logs, syslogs, database logs etc can be viewed in real time in the product. TCPWave IPAM goes a step further and allows the users to filter the logs using a filter. The logs can be exported as CSV or PDF for further analysis. The security events log from the TCPWave IPAM is readily available in Arcsight CEF format for easier integration with Arcsight. Any log from the TCPWave IPAM can be sent into Splunk to meet the  unified log integration requirements of modern enterprises.

TCPWave fully supports integration of the DNS/DHCP logs using Java Streaming Messaging into Apache Flume. The configuration of the Flume Client component of all the remote DNS and DHCP appliances is centrally managed via the TCPWave IPAM. Flume is a distributed, reliable, and available service for efficiently collecting, aggregating, and moving large amounts of log data. It has a simple and flexible architecture based on streaming data flows.  Contact us to schedule a demo.

Kick start the installation and configuration of TCPWave’s IPAM by leveraging our fast and innovative appliance delivery model to over 101 countries. We offer our users two options, a secure physical appliance or a secure virtual appliance or a Amazon AWS AMI image. There is no need for the end user to install a separate database server. The physical devices are shipped and supported by Dell leveraging the OEM partnership that TCPWave has with Dell and the Level 3 escalation is passed to TCPWave.

Rated #1

for security

TCPWave Inc. has engineered an award winning IP Address Management software with security as a priority #1 and performance + scalability for rapidly evolving cloud computing demands as #2. We guarantee you that our user friendly GUI, our RestFUL API with numerous features and our rich CLI framework will make you concur with our thinking. Click here to learn more about IPAM Security.

Look no further. Get started!

Contact Us