Born in the cloud, Born for the cloud.

TCPWave IPAM is built with automation and cloud management from the beginning. The DDI tool was built specifically to securely manage and react to real-time updates in the cloud or data center, without bringing any Legacy software problems that limit cloud architecture, automation, security and performance. The full REST API has been integrated with many of the popular cloud offerings such as AWS, Google, DYN/Oracle and MS Azure. Whether you choose the traditional TCPWave hardened appliances in your data center, a multi cloud offering, or a hybrid of both, TCPWave will unify your DDI from one robust dashboard. TCPWave accelerates the traditional DNS, DHCP and IP Address Management into the future. It allows your DevOps models to seamlessly integrate with the core network services and reduces the operational overhead associated with DNS and DHCP. If you are into Terraform, Docker, Chef, Puppet, AWS, Jenkins or if you are trying to do ‘Infrastructure as a Code’ project, look no further. TCPWave IPAM is the right choice for you.


The blazing performance that enterprises obtain from TCPWave DDI is a true and significant factor that sets TCPWave apart. With thousands of cloud instances spinning up and with hundreds of on-premise DNS changes taking place, the TCPWave IPAM scales to your needs. DNS changes get replicated over the local, wide area and into the cloud providers without any latency. Thousands of them. These changes can be initiated from Terraform, AWS Lambda/SNS, Google Cloud Functions, Azure functions, Jenkins pipeline or any REST Interface. Contact us to learn more and discover the advantages of modernizing your DDI infrastructure.

Using TCPWave IPAM, your DevOps and IT teams can:
  • Manage your on-premise DNS and DHCP infrastructure.
  • Reduce costs associated with  DNS, DHCP and IP address management.
  • Manage DNS in various cloud hosted platforms using a central management console in your data center.
  • Retire legacy Perl based automation using outdated APIs and leverage modern Java REST API.
  • Perform data mining by querying  database for your in-house applications.
  • Obtain fault management, performance management, configuration assurance and numerous reporting metrics from one interface.
  • Scale your infrastructure in a linear fashion without having the hassle of purchasing additional management devices.
  • Get various reports without purchasing additional reporting appliances.
  • Discover your network without purchasing additional appliances to perform discovery.
  • Automatically update your IPAM as your network evolves.
External DNS management

Diversify by managing DNS in multiple cloud offerings such as AWS, Google, Azure, DYN, Verisign and Akamai from single pane of glass.

  • Import DNS data from the cloud providers into TCPWave.
  • Manage DNS records (Add, Modify and delete) from one screen.
  • Allows management of extended offerings from DNS cloud providers like geographic load balancing, Traffic director and active fail over.
  • Manage internal DNS from the same screen as well.
Amazon Cloud Integration

Integration with Compute, Network and Storage services of AWS. DDI Automation using Amazon CloudWatch and Lambda function.

  • Launch, Destroy and provide statistics for VPC's.
  • Manage TCPWave database in AWS S3 storage.
  • Manage cross account roles and IAM.
  • Custom Hashicorp TerraForm integration.
  • AWS CloudForm integration.
DDOS Mitigation in the Cloud

Start and Destroy many TCPWave DNS servers in multi-cloud quickly from the GUI, ensuring DNS processing power to mitigate the largest DDOS attacks.

  • Anycast to the cloud or keep adding members to the GSLB pool on the fly.
  • Secure proprietary channel eliminates any DNS UDP transmissions.
DUAL DNS provisioning

Leverage the double edged sword technology to get a robust DNS solution with high availability and business continuity.

  • ISC BIND backed up by NSD DNS on the same server for authoritative and Unbound DNS for caching servers. If a DNS vulnerability is created maliciously against the public ISC code, the ISC BIND server can be dynamically shut down and the appropriate NSD or Unbound DNS server started avoiding the vulnerability.
Multi-Cloud Management

Preconfigured integration with most popular cloud providers. AWS, Google, Azure using the Robust TCPWave REST interface.

  • Will develop communication with your cloud provider as long as they provide a REST interface.
  • Discover and import existing objects and subnets from the cloud instance, including permissions into TCPWave DDI.
  • Provision subnets and objects (Add, Modify and Delete).
  • Monitor statistics on cloud resources.
Virtual Environments

Scale seamlessly into a hybrid cloud model. Manage a mixture of VMWare, AWS, GCP and Azure DNS remote appliances.

  • Robust VMware Plugin.
  • VMWare Discovery - discovery of the virtual instances in the VMware Infrastructure using object types "VMware vCenter" or "VMWare ESXi".
  • Compatibility with DevOps and Infrastructure as Code environments.

TCPWave’s IPAM provides fault management, performance management, config assurance, patch management and IPAM software in one bundle. There is no need to purchase monitoring software to manage your DNS Infrastructure. TCPWave’s IPAM integrates with EMC SMARTS and automatically sends SNMP alerts when critical events arise in IPAM operation. Scheduled changes can be managed more efficiently and automated roll backs take place if the change implementation fails. TCPWave also provides a powerful dashboard to monitor all the core components of the DDI infrastructure managed by the TCPWave IPAM with extensive graphing capabilities for performance management metrics. TCPWave’s DNS and DHCP appliances are automatically added to the fault and performance management once they are a part of the TCPWave IPAM ecosystem. Contact us to schedule a demo.

Capacity Planning

TCPWave IPAM offers unsurpassed capacity planning metrics. The TCPWave IPAM, built for speed, simplicity, and security, provides extensive capacity planning metrics of the hardware, operating system, network, database, DNS and DHCP. Modern charting frameworks used by TCPWave allow the customers to pinpoint DNS and DHCP problems before they can become potential widespread outages. The capacity planning engine has a seamless integration into the fault management engine so that your NOC team gets a heads up. Detection of DDOS attacks, mitigation and prevention of such attacks from happening again becomes simplified with the TCPWave IPAM. Contact us to learn more.


TCPWave has taken the monitoring of the mission critical DNS and DHCP appliances that are managed by the TCPWave IPAM to a next level. When a DNS zone or DHCP scope is added, monitoring is done automatically and metrics are reported into the TCPWave IPAM dashboard. The table below shows a few examples of events and the auto-provisioned monitoring thresholds. Contact us to schedule a demo.

IPAM Event Automatic Monitoring Threshold
IPAM is initially provisioned for the first time. IPAM monitors the CPU, Memory, Disk, TCPWave Message Service communication from IPAM to remotes, database health, web page availability and response time, license usage, user lockouts, foreign authentication availability, core processes, vulnerability checks and hardware components.
A new Master/Slave DNS appliance is added IPAM monitors for CPU, Memory, Disk, TCPWave Message Service, BIND/Yadifa functionality, vulnerability checks and hardware components such as Temperature, RAID health, power supply status etc.
A new DNS zone is added IPAM monitors the zone availability on each master and slave. It also checks for the response time and trends it via an advanced charting framework.
A new DNS caching appliance is added IPAM monitors for CPU, Memory, Disk, TCPWave Message Service, BIND/Unbound functionality, BGP/OSPF route advertisement, vulnerability checks and hardware components such as Temperature, RAID health, power supply status etc
A new DHCP scope is added. IPAM monitors the scope and alerts when the scope is exceeding a pre-defined usage threshold.
A new DHCP appliance is added. IPAM monitors the CPU, Memory, Disk, TCPWave Message Service, DHCP functionality, response time, vulnerability checks and hardware components.

The architecture and design of the TCPWave IPAM is performed in a meticulous way after reviewing the Gartner article, which highlights the deficiencies of the current available DDI products in the market. The TCPWave product development team has also discussed the challenges faced in the enterprises with a large namespace and discussed the challenges faced by the Network Services Operations team. Administrators demand for root access to the underlying operating system to use the advanced features offered by BIND is one such constraint. DDI Statistics and canned audit reports were a priority to another client.The TCPWave IPAM provides an architecture that scales in a linear fashion. Our customers need not purchase additional devices for reporting and analytics. The core IPAM comes with it. Contact us to schedule a demo.


TCPWave’s IPAM comes with an extensive audit capability, which provides accurate forensics for IP Audit, subnet audit, network audit, domain audit etc. You can customize the auditing policies to audit what the Security team is interested in for better audit reviewing. The Login audit enables detection of unauthorized intrusions into the system. A combination of failure and success authentication audits help determine when the breach of security occurred. Isolation and preservation of the security events logs helps track users who gained unauthorized admin privileges. The preservation of logs also avoid login failure logs to be overwritten through Denial of Service Attacks. The Network, Subnet, and Domain audits provide extensive information related to network traffic, IP allocations etc. These audits help in detecting unusual network traffic, IP address allocation and de-allocation rates, DNS query rates etc. Contact us to schedule a demo.

Active Directory

While most IPAM and DNS solutions allow only one Domain Controller per name server for synchronizing the DNS data and where the synchronization too is mostly insecure as the IPAM providers often avoid the complex and error prone Kerberos authentication, TCPWave IPAM goes one step ahead to allow a seamless and secure integration of multiple Active Directory Domain Controllers per name server. This unique integration of Active Directory Forest with TCPWave IPAM managed DNS appliances help organizations minimize their costs by spending only on optimum number of name servers. How it works? Create as many Active Directory servers in the TCPWave IPAM. Upload the Active Directory Kerberos keytab file to the IPAM Web Interface. Map the Active Directory servers to the TCPWave DNS Appliances for synchronization. Contact us to schedule a demo.

Cloud Computing

TCPWave’s IPAM can automatically update itself with the cloud orchestration layer. TCPWave’s IPAM goes a step further and provisions the compute, storage and network infrastructures using simple and configurable RESTful APIs. The TCPWave workflow editor allows you to automatically communicate with the cloud management when specific events take place in the TCPWave’s IPAM. The workflow manager allows Admins to generate predefined workflows for provisioning VMs, allocating and deallocating IP addresses and destroying the VMs. These workflows can be scheduled periodically for automating certain processes. Integration with VMWare, OpenStack, CloudStack, Eucalyptus is a seamless operation with TCPWave’s Powerful REST API. The TCPWave IPAM solution also includes prebuilt virtual appliances with IPAM, DNS and DHCP services that work out of the box and a cloud orchestrator plugin with customized workflows for allocating IP addresses to all your virtual instances across your cloud. Contact us to schedule a demo.

Cloud DNS Management

The TCPWave IPAM takes the DNS management of enterprises to the next level with the built-in Cloud Integration. TCPWave customers can now mix and match DNS hosted in public cloud, private cloud, and dedicated TCPWave Remote DNS servers to create an ideal environment. Cloud DNS hosting provides a highly available and scalable DNS service and improves the resiliency of the TCPWave managed DNS infrastructure in the private enterprises. Data center disaster recovery is tremendously improved when single points of failure are eliminated at the DNS authoritative service layer. TCPWave IPAM ensures that the DNS zone data gets a constant validation to ensure that the cloud provider’s DNS is in perfect harmony with the TCPWave managed DNS. When an object is updated in the TCPWave IPAM, the cloud providers are automatically updated too. Enterprises are shielded from exposing their internal DNS servers to the cloud and opening up DNS ports on the firewall for DNS zone transfers with the cloud providers.


TCPWave customers can also choose to have all the three providers listed above to provide cloud DNS hosting for every DNS zone managed by TCPWave IPAM. DNS Zones created in the TCPWave IPAM support Zone Mirroring with Amazon’s Route 53 DNS, Rackspace DNS and Google DNS. DNS records added to the TCPWave IPAM are automatically synchronized with the cloud providers listed above using TCPWave’s powerful RestAPI methods. The management communication uses encrypted SSL thereby preventing man in the middle attacks. Contact us to schedule a demo.

DNS Firewall

TCPWave provides the best protection available for your mission critical DNS infrastructure. Powered by the constantly updated Threat Defense Feed and a built in deep packet query inspection engine embedded with a stateful firewall, our DNS Firewall stops you from getting hacked. The TCPWave IPAM threat protection leverages the same proprietary feed, alerting you quickly in the event your site is compromised. Our Live Traffic view gives you real-time visibility into traffic and hack attempts on your DNS Infrastructure. You can have a TCPWave DNS cache do a BGP/OSPF peer with your routers and control the network traffic using the TCPWave Stateful Firewall Engine with management from the TCPWave IPAM. TCPWave provides an innovative and effective security platform that protects our way of life in the digital age by preventing successful cyber attacks. The deep packet inspection engine resides in the TCPWave DNS appliance’s kernel. It examines the contents of the DNS requests at the Ethernet layer and protects the DNS application layer from malicious requests. In addition to this protection, the response inspection engine on the cache examines the packets received from the recursive lookups and determines if any of the responses are attempting to taint or poison the cache. This includes attempts to overwrite the hints file or the delegation records that allow BIND or Unbound to vulnerable to DNS hijacking. The DNS Administrator can reject all the incoming AAAA records on a cache, drop all traffic containing a string matching a regular expression such as malware or virus and can block all DNS requests from a specific IP Address or a subnet. Contact us to schedule a demo.


TCPWave’s IPAM offers Secure DNS utilizing highest level of encryption and makes DNSSEC deployments very simple, empowering service providers to provide secure DNS hosting and name resolution services Secure DNS: TCPWave’s IPAM supports DNSSEC thereby enabling service providers to provide secure DNS hosting and name resolution services. Further DNSSEC is used for secure Dynamic DNS updates that are RFC 2136 compliant. The DDNS updates ensures seamless zone updates without the need to restart the DNS server process. The DNSSEC rich set of features further include automatic key generation, zone signing, and scheduled DNSSEC key rollouts. The DNS server masters and slaves use secure TSIG transactions for full and incremental zone transfers. Traditional DNS is vulnerable to multiple security exploits. Managing DNS with DNSSEC or GSS-TSIG has many operational overheads. Sending DNS updates using UDP port 53 has been proven as an insecure way to operate the mission critical DNS infrastructure. TCPWave has designed a revolutionary method of securing dynamic changes using a robust security model. Changes made in the IP Address Management web interface are sent using a secure conduit from the management server to the remote DNS server. A powerful logic developed in Java examines the contents of the update, determines the authenticity of the source IP Address, verifies if the IPAM server sent the message and then processes. After updating the master DNS, the secure conduit service sends an acknowledgement back to the management server. If the acknowledgement is not received, the management server sends a retry. This communication uses a TCP port with a 1024bit encryption key. Malicious users cannot spoof the IP of the management server and take control of your DNS environment with this advanced protection offered by TCPWave. Contact us to schedule a demo.


The TCPWave’s IPAM is a smart and reliable IP address management for any organization with complex and dynamic network infrastructure. It offers a set of powerful network manipulation tools that let the administrators to manage and operate on an ever expanding network devices. It automatically discovers your network topology and updates itself when new subnets are discovered on the network. When a new Arista switch is provisioned, automation can automatically inform TCPWave DDI to add the router interfaces into DNS, define the subnet profiles and add DHCP scopes for a rapid provisioning. The networks and subnets can be configured to be scanned periodically to detect the changes in the network nodes and then update the objects data. The TCPWave IPAM can discover all the network devices and their configuration via ICMP, SNMP and NetBIOS protocols and consolidate the newly collected data with the existing data. The TCPWave discovery rules control the automatic provisioning of the discovered objects into the DNS Infrastructure. The discovery engine runs at a blazing fast speeds, with highly optimized parallel processing algorithms, all written in modern Java. You will be amazed to see our network crawl speed. Contact us to schedule a demo.

Data Integrity

TCPWave’s IPAM enforces strict database integrity checks. It’s the best in the industry today. No other provider guarantees this level of DNS and DHCP data integrity. Its smart logic checks the sanity of the DNS and DHCP configuration files before sending them to the remote DNS and DHCP devices. This ensures that the remote devices do not crash after getting an update from the DDI. TCPWave has eliminated a concept of a manual DNS and DHCP push. DNS updates take place in real time and DHCP configurations are updated automatically when new scopes are defined. Contact us to schedule a demo.


TCPWave’s IPAM allows you to gain a tight control over user permissions. It allows a network administrator to define what commands a user may run. This fine grain level of control allows for a more controlled delegation of IP management activities among users, without compromising on security. You can have users who can add users and can’t modify DNS data. You can then have users who can modify DNS data but cannot add other users. You can define user roles per Network, Subnet, Object, DNS, DHCP etc. Contact us to schedule a demo.


TCPWave IPAM provides comprehensive logs that can be viewed conveniently via the management interface. Remote DNS/DHCP logs, the secure message logs, syslogs, database logs etc can be viewed in real time in the product. TCPWave IPAM goes a step further and allows the users to filter the logs using a filter. The logs can be exported as CSV or PDF for further analysis. The security events log from the TCPWave IPAM is readily available in Arcsight CEF format for easier integration with Arcsight. Any log from the TCPWave IPAM can be sent into Splunk to meet the unified log integration requirements of modern enterprises. TCPWave fully supports integration of the DNS/DHCP logs using Java Streaming Messaging into Apache Flume. The configuration of the Flume Client component of all the remote DNS and DHCP appliances is centrally managed via the TCPWave IPAM. Flume is a distributed, reliable, and available service for efficiently collecting, aggregating, and moving large amounts of log data. It has a simple and flexible architecture based on streaming data flows. Contact us to schedule a demo.

Rest API Rate Limiting

As an enhanced security measure, TCPWave has implemented a RESTAPI rate limiting feature to ensure relative stability when unexpected things happen. If for some reason one client causes a spike in traffic, the API has to continue running smoothly for other users instead of crashing. A misbehaving (or malicious script) could be hogging resources, or the API systems could be struggling and they need to cut down the rate limit for “lower priority” traffic. Sometimes it is just because a poorly written network automation tool starts an unintentional DDOS against the TCPWave IPAM. The standards implemented by TCPWave leverage RFC 6585 and provide a HTTP status 429 to the individual client that breaches a threshold. The thresholds that are enforced to control an attack are defined in the global policies of the TCPWave IPAM. Contact us to learn more on how to secure your DDI infrastructure and adopt to the hybrid clouds model without compromising on availability and information security.

Global Distribution

Kickstart the installation and configuration of TCPWave’s IPAM by leveraging our fast and innovative appliance delivery model to over 101 countries. We offer our users two options, a secure physical appliance or a secure virtual appliance or an Amazon AWS AMI image. There is no need for the end user to install a separate database server. The physical devices are shipped and supported by Dell leveraging the OEM partnership that TCPWave has with Dell and the Level 3 escalation is passed to TCPWave.

Made with Jenkins

Survey after survey shows JenkinsĀ® is the most popular open source automation server - and for good reason. However, Jenkins alone often lacks what teams need as continuous delivery scales across an organization. TCPWave extends Jenkins with functionality that embeds best practices, supports rapid on-boarding, provides tools for easier admin management and is based on an architecture that was built for scalability. You get enterprise-level benefits along with the Jenkins automation you already love.

  • TCPWave Inc. has engineered an award winning IP Address Management software with security as a priority #1 and performance + scalability for rapidly evolving cloud computing demands as #2.
  • TCPWave IPAM can be used to manage the traditional data center DNS/DHCP and cloud DNS.
  • TCPWave IPAM is modern, fast, secure and scalable.
  • TCPWave IPAM is a cost effective alternative to replace your current IPAM.
  • TCPWave Professional Services simplify the migration process without causing any major business impact.
  • We guarantee you that our user friendly GUI, our RestFUL API with numerous features and our rich CLI framework will make you concur with our thinking.
  • Click here to learn more about IPAM Security.