TCPWave IP Address Management

Modernize your legacy DNS/DHCP solution with a faster, smarter and cheaper solution from TCPWave.

Signup for a Demo

The world’s first IPAM based on a stable non-BIND solution is ready for General availability (GA). In Q2, 2017, TCPWave Inc has released  TIMS 11.10, an IP Address Management software for DHCP and DNS. Even though multiple DDI providers are there in the market today, each one of them have numerous product deficiencies, which cause issues as enterprises scale and newer technologies rely more on the fundamental DNS and DHCP protocols. The legacy DDIs from leading providers do the job when the features expected are limited. TCPWave has taken a holistic approach and has an underlying development framework using the latest technologies in the market today. Faster IPAM with better memory management and a smaller footprint is the clear business advantage with the TCPWave DDI. The core fabric of the TCPWave’s IPAM product development is to eliminate the grief caused in the enterprises with an IPAM that cannot scale, cannot be upgraded easily, has a steep learning curve and makes the customer rely completely on vendor support. TCPWave IPAM comes with powerful ETL (Extract, Transform and Load) tools to perform the migration from your excel spreadsheets or any third party IPAM.

You can evaluate the TCPWave IPAM solution that’s entirely hosted in AWS by visiting https://cloudautomation.tcpwave.com:7443/tims. You need to contact us for your credentials. The demo account lets you get familiar with the structured management logic associated for the DNS and DHCP management of your enterprise. Users interested in Cloud DNS Automation can also communicate with the TCPWave IPAM via REST API. Contact us if you need assistance to automate your activities using a Jenkins pipeline.  The TCPWave IPAM allows you to get alerted when DNS problems arise or could potentially arise. It gives you a comprehensive set of charts for various KPIs. It has a AAA grade security rating. It protects your caches from getting poisoned. It comes with a comprehensive suite of auditing and reporting tools. It allows you to schedule jobs. It can discover your network using well known discovery methods. It can give you a peace of mind by running periodic configuration assurance policies that tell you if your IPAM, DNS and DHCP infrastructure is compliant with your enterprise engineering standards. It can build AWS cloud instances and can auto update your DNS. It has a seamless integration with your Active Directory infrastructure. It allows you to mitigate DNS exploits by toggling between two flavors of DNS. It can shield your enterprise from DDOS attacks by automatically scaling in the cloud.  It provides a powerful backup mechanism and automated disaster recovery methods.  It allows you to patch your global DNS/DHCP infrastructure from a single web interface. Finally, it allows you to reduce your costs and gives you a peace of mind.

IP Address Management

has never been so easy

Click on the tabs below to learn more about the features embedded into the TCPWave IP Address Management Software. You can also view our Whitepaper for additional information.

 

screen-shot-2016-11-02-at-2-46-11-pm

TCPWave’s IPAM provides fault management, performance management, config assurance, patch management and IPAM software in one bundle. There is no need to purchase monitoring software to manage your DNS Infrastructure. TCPWave’s IPAM integrates with EMC SMARTS and automatically sends SNMP alerts when critical events arise in IPAM operation. Scheduled changes can be managed more efficiently and automated roll backs take place if the change implementation fails. TCPWave also provides a powerful dashboard to monitor all the core components of the DDI infrastructure managed by the TCPWave IPAM with extensive graphing capabilities for performance management metrics. TCPWave’s DNS and DHCP appliances are automatically added to the fault and performance management once they are a part of the TCPWave IPAM ecosystem. Contact us to schedule a demo.

 

screen-shot-2016-11-02-at-2-37-11-pm

TCPWave has taken the monitoring of the mission critical DNS and DHCP appliances that are managed by the TCPWave IPAM to a next level. When a DNS zone or DHCP scope is added, monitoring is done automatically and metrics are reported into the TCPWave IPAM dashboard. The table below shows a few examples of events and the auto-provisioned monitoring thresholds.

IPAM EventAutomatic Monitoring Threshold
A new Master/Slave DNS appliance is addedIPAM monitors for CPU, Memory, Disk, TCPWave Message Service, BIND/Yadifa functionality, vulnerability checks and hardware components such as Temperature, RAID health, power supply status etc.
A new DNS zone is addedIPAM monitors the zone availability on each master and slave. It also checks for the response time and trends it via an advanced charting framework.
A new DHCP appliance is added.IPAM monitors the CPU, Memory, Disk, TCPWave Message Service, DHCP functionality, response time, vulnerability checks and hardware components.
A new DHCP scope is added.IPAM monitors the scope and alerts when the scope is exceeding a pre defined usage threshold.
A new DNS caching appliance is addedIPAM monitors for CPU, Memory, Disk, TCPWave Message Service, BIND/Unbound functionality, BGP/OSPF route advertisement, vulnerability checks and hardware components such as Temperature, RAID health, power supply status etc
IPAM is initially provisioned for the first time.IPAM monitors the CPU, Memory, Disk, TCPWave Message Service communication from IPAM to remotes, database health, web page availability and response time, license usage, user lockouts, foreign authentication availability, core processes, vulnerability checks and hardware components.

Contact us to schedule a demo.

The architecture and design of the TCPWave IPAM is performed in a meticulous way after reviewing the Gartner article, which highlights the deficiencies of the current available DDI products in the market. The TCPWave product development team has also discussed the challenges faced in the enterprises with a large namespace and discussed the challenges faced by the Network Services Operations team. Administrators demand for root access to the underlying operating system to use the advanced features offered by BIND is one such constraint. DDI Statistics and canned audit reports were a priority to another client.RestAPIv3

The TCPWave IPAM provides an architecture that scales in a linear fashion. Our customers need not purchase additional devices for reporting and analytics. The core IPAM comes with it.

Contact us to schedule a demo.

TCPWave’s IPAM comes with an extensive audit capability, which provides accurate forensics for IP Audit, subnet audit, network audit, domain audit etc. You can customize the auditing policies to audit what the Security team is interested in for better audit reviewing. The Login audit enables detection of unauthorized intrusions in to the system. A combination of failure and success authentication audits help determine when the breach of security occurred. Isolation and preservation of the security events logs helps track users who gained unauthorized admin privileges. The preservation of logs also avoid login failure logs to be overwritten through Denial of Service Attacks. The Network, Subnet, and Domain audits provide extensive information related to network traffic, IP allocations etc. These audits help in detecting unusual network traffic, IP address allocation and de-allocation rates, DNS query rates etc.

Contact us to schedule a demo.

While most IPAM and DNS solutions allow only one Domain Controller per name server for synchronizing the DNS data and where the synchronization too is mostly insecure as the IPAM providers often avoid the complex and error prone Kerberos authentication, TCPWave IPAM goes one step ahead to allow a seamless and secure integration of multiple Active Directory Domain Controllers per name server. This unique integration of Active Directory Forest with TCPWave IPAM managed DNS appliances help organizations minimize their costs by spending only on optimum number of name servers.

How it works?

  1. Create as many Active Directory servers in the TCPWave IPAM.
  2. Upload the Active Directory Kerberos keytab file to the IPAM Web Interface.
  3. Map the Active Directory servers to the TCPWave DNS Appliances for synchronization.

Contact us to schedule a demo.

TCPWave’s IPAM can automatically update itself with the cloud orchestration layer. TCPWave’s IPAM goes a step further and provisions the compute, storage and network infrastructures using simple and configurable RESTful APIs. The TCPWave workflow editor allows you to automatically communicate with the cloud management when specific events take place in the TCPWave’s IPAM. The workflow manager allows Admins to generate predefined workflows for provisioning VMs, allocating and deallocating IP addresses and destroying the VMs. These workflows can be scheduled periodically for automating certain processes. Integration with VMWare, OpenStack, CloudStack, Eucalyptus is a seamless operation with TCPWave’s Powerful REST API.

The TCPWave IPAM solution also includes prebuilt virtual appliances with IPAM, DNS and DHCP services that work out of the box and a cloud orchestrator plugin with customized workflows for allocating IP addresses to all your virtual instances across your cloud.

Contact us to schedule a demo.

TCPWave IPAM for Cloud DNS

The TCPWave IPAM takes the DNS management of enterprises to the next level with the built-in Cloud Integration. TCPWave customers can now mix and match DNS hosted in public cloud, private cloud, and dedicated TCPWave Remote DNS servers to create an ideal environment. Cloud DNS hosting provides a highly available and scalable DNS service and improves the resiliency of the TCPWave managed DNS infrastructure in the private enterprises. Data center disaster recovery is tremendously improved when single points of failure are eliminated at the DNS authoritative service layer. TCPWave IPAM ensures that the DNS zone data gets a constant validation to ensure that the cloud provider’s DNS is in perfect harmony with the TCPWave managed DNS. When an object is updated in the TCPWave IPAM, the cloud providers are automatically updated too. Enterprises are shielded from exposing their internal DNS servers to the cloud and opening up DNS ports on the firewall for DNS zone transfers with the cloud providers.

TCPWave customers can also choose to have all the three providers listed below to provide cloud DNS hosting for every DNS zone managed by TCPWave IPAM.

AWS-Logo-01
Google-Cloud-Platform-Logo-01
rackspace-logo-01

DNS Zones created in the TCPWave IPAM support Zone Mirroring with Amazon’s Route 53 DNS, Rackspace DNS and Google DNS. DNS records added to the TCPWave IPAM are automatically synchronized with the cloud providers listed above using TCPWave’s powerful RestAPI methods. The management communication uses encrypted SSL thereby preventing man in the middle attacks.

Contact us to schedule a demo.

 

TCPWave provides the best protection available for your mission critical DNS infrastructure. Powered by the constantly updated Threat Defense Feed and a built in deep packet query inspection engine embedded with a stateful firewall, our DNS Firewall stops you from getting hacked. The TCPWave IPAM threat protection leverages the same proprietary feed, alerting you quickly in the event your site is compromised. Our Live Traffic view gives you real-time visibility into traffic and hack attempts on your DNS Infrastructure. You can have a TCPWave DNS cache do a BGP/OSPF peer with your routers and control the network traffic using the TCPWave Stateful Firewall Engine with management from the TCPWave IPAM. TCPWave provides an innovative and effective security platform that protects our way of life in the digital age by preventing successful cyberattacks.

The deep packet inspection engine resides in the TCPWave DNS appliance’s kernel. It examines the contents of the DNS requests at the Ethernet layer and protects the DNS application layer from malicious requests. In addition to this protection, the response inspection engine on the cache examines the packets received from the recursive lookups and determines if any of the responses are attempting to taint or poison the cache. This includes attempts to overwrite the hints file or the delegation records that allow BIND or Unbound to vulnerable to DNS hijacking. The DNS Administrator can reject all the incoming AAAA records on a cache, drop all traffic containing a string matching a regular expression such as malware or virus and can block all DNS requests from a specific IP Address or a subnet.

Contact us to schedule a demo.

TCPWave’s IPAM offers Secure DNS utilizing highest level of encryption and makes DNSSEC deployments very simple, empowering service providers to provide secure DNS hosting and name resolution services

Secure DNS: TCPWave’s IPAM supports DNSSEC thereby enabling service providers to provide secure DNS hosting and name resolution services. Further DNSSEC is used for secure Dynamic DNS updates that are RFC 2136 compliant. The DDNS updates ensures seamless zone updates without the need to restart the DNS server process. The DNSSEC rich set of features further include automatic key generation, zone signing, and scheduled DNSSEC key rollouts. The DNS server masters and slaves use secure TSIG transactions for full and incremental zone transfers.

Traditional DNS is vulnerable to multiple security exploits. Managing DNS with DNSSEC or GSS-TSIG has many operational overheads. Sending DNS updates using UDP port 53 has been proven as an insecure way to operate the mission critical DNS infrastructure. TCPWave has designed a revolutionary method of securing dynamic changes using a robust security model. Changes made in the IP Address Management web interface are sent using a secure conduit from the management server to the remote DNS server. A powerful logic developed in Java examines the contents of the update, determines the authenticity of the source IP Address, verifies if the IPAM server sent the message and then processes. After updating the master DNS, the secure conduit service sends an acknowledgement back to the management server. If the acknowledgement is not received, the management server sends a retry. This communication uses a TCP port with a 1024bit encryption key. Malicious users cannot spoof the IP of the management server and take control of your DNS environment with this advanced protection offered by TCPWave. Contact us to schedule a demo.

The TCPWave’s IPAM is a smart and reliable IP address management for any organization with complex and dynamic network infrastructure. It offers a set of powerful network manipulation tools that let the administrators to manage and operate on an ever expanding network devices. It automatically discovers your network topology and updates itself when new subnets are discovered on the network. When a new Arista switch is provisioned, automation can automatically inform TCPWave DDI to add the router interfaces into DNS, define the subnet profiles and add DHCP scopes for a rapid provisioning.The networks and subnets can be configured to be scanned periodically to detect the changes in the network nodes and then update the objects data.

The TCPWave IPAM  can discover all the network devices and their configuration via ICMP,SNMP and NetBIOS protocols and consolidate the newly collected data with the existing data. The TCPWave discovery rules control the automatic provisioning of the discovered objects into the DNS Infrastructure. The discovery engine runs at a blazing fast speeds with highly optimized parallel processing algorithms, all written in modern Java. You will be amazed to see our network crawl speed. Contact us to schedule a demo.

TCPWave’s IPAM enforces strict database integrity checks. It’s smart logic checks the sanity of the DNS and DHCP configuration files before sending them to the remote DNS and DHCP devices. This ensures that the remote devices do not crash after getting an update from the DDI. TCPWave has eliminated a concept of a manual DNS and DHCP push. DNS updates take place in real time and DHCP configurations are updated automatically when new scopes are defined. Contact us to schedule a demo.

TCPWave’s IPAM allows you to gain a tight control over user permissions. It allows a network administrator to define what commands a user may run. This fine grain level of control allows for a more controlled delegation of IP management activities among users, without compromising on security. You can have users who can add users and can’t modify DNS data. You can then have users who can modify DNS data but cannot add other users. You can define user roles per Network, Subnet, Object, DNS, DHCP etc. Contact us to schedule a demo.

TCPWave IPAM provides comprehensive logs that can be viewed conveniently  via the management interface. Remote DNS/DHCP logs, the secure message logs, syslogs, database logs etc can be viewed in real time in the product. TCPWave IPAM goes a step further and allows the users to filter the logs using a filter. The logs can be exported as CSV or PDF for further analysis. The security events log from the TCPWave IPAM is readily available in Arcsight CEF format for easier integration with Arcsight. Any log from the TCPWave IPAM can be sent into Splunk to meet the  unified log integration requirements of modern enterprises.

TCPWave fully supports integration of the DNS/DHCP logs using Java Streaming Messaging into Apache Flume. The configuration of the Flume Client component of all the remote DNS and DHCP appliances is centrally managed via the TCPWave IPAM. Flume is a distributed, reliable, and available service for efficiently collecting, aggregating, and moving large amounts of log data. It has a simple and flexible architecture based on streaming data flows.  Contact us to schedule a demo.

 

Kick start the installation and configuration of TCPWave’s IPAM by leveraging our fast and innovative appliance delivery model to over 101 countries. We offer our users two options, a secure physical appliance or a secure virtual appliance or a Amazon AWS AMI image. There is no need for the end user to install a separate database server. The physical devices are shipped and supported by Dell leveraging the OEM partnership that TCPWave has with Dell and the Level 3 escalation is passed to TCPWave.

Engineered for the future IT requirements

Rated #1

for security

TCPWave Inc. has engineered an award winning IP Address Management software with security as a priority #1 and performance + scalability for rapidly evolving cloud computing demands as #2. We guarantee you that our user friendly GUI, our RestFUL API with numerous features and our rich CLI framework will make you concur with our thinking. Click here to learn more about IPAM Security.

Look no further. Get started!

Contact Us