TCPWave IPAM

Born in the cloud, Born for the cloud.
IPAM
Gartner

TCPWave IPAM is built with automation and cloud management from the beginning. The DDI tool was built specifically to securely manage and react to real-time updates in the cloud or data center, without bringing any Legacy software problems that limit cloud architecture, automation, security and performance. The full REST API has been integrated with many of the popular cloud offerings such as AWS, Google, DYN/Oracle and MS Azure. Whether you choose the traditional TCPWave hardened appliances in your data center, a multi cloud offering, or a hybrid of both, TCPWave will unify your DDI from one robust dashboard. TCPWave accelerates the traditional DNS, DHCP and IP Address Management into the future. It allows your DevOps models to seamlessly integrate with the core network services and reduces the operational overhead associated with DNS and DHCP. If you are into Terraform, Docker, Chef, Puppet, AWS, Akamai, Ansible, Jenkins or if you are trying to do ‘Infrastructure as a Code’ project, look no further. TCPWave IPAM is the right choice for you.

IPAM
DNS with Blazing Performance

The blazing performance that enterprises obtain from TCPWave DDI is a true and significant factor that sets TCPWave apart. With thousands of cloud instances spinning up and with hundreds of on-premise DNS changes taking place, the TCPWave IPAM scales to your needs. DNS changes get replicated over the local, wide area and into the cloud providers without any latency. Thousands of them. These changes can be initiated from Terraform, AWS Lambda/SNS, Google Cloud Functions, Azure functions, Jenkins pipeline or any REST Interface. Contact us to learn more and discover the advantages of modernizing your DDI infrastructure.

DDNS
IPAM
IPAM
Using TCPWave IPAM, your DevOps and IT teams can:
  • Manage your on-premise DNS and DHCP infrastructure.
  • Reduce costs associated with  DNS, DHCP and IP address management.
  • Manage DNS in various cloud hosted platforms using a central management console in your data center.
  • Retire legacy Perl based automation using outdated APIs and leverage modern Java REST API.
  • Perform data mining by querying  database for your in-house applications.
  • Obtain fault management, performance management, configuration assurance and numerous reporting metrics from one interface.
  • Scale your infrastructure in a linear fashion without having the hassle of purchasing additional management devices.
  • Get various reports without purchasing additional reporting appliances.
  • Discover your network without purchasing additional appliances to perform discovery.
  • Automatically update your IPAM as your network evolves.
IPAM
External DNS management

Diversify by managing DNS in multiple cloud offerings such as AWS, Google, Azure, DYN, Verisign and Akamai from single pane of glass.

  • Import DNS data from the cloud providers into TCPWave.
  • Manage DNS records (Add, Modify and delete) from one screen.
  • Allows management of extended offerings from DNS cloud providers like geographic load balancing, Traffic director and active fail over.
  • Manage internal DNS from the same screen as well.
Amazon Cloud Integration

Integration with Compute, Network and Storage services of AWS. DDI Automation using Amazon CloudWatch and Lambda function.

  • Launch, Destroy and provide statistics for VPC's.
  • Manage TCPWave database in AWS S3 storage.
  • Manage cross account roles and IAM.
  • Custom Hashicorp TerraForm integration.
  • AWS CloudForm integration.
DDOS Mitigation in the Cloud

Start and Destroy many TCPWave DNS servers in multi-cloud quickly from the GUI, ensuring DNS processing power to mitigate the largest DDOS attacks.

  • Anycast to the cloud or keep adding members to the GSLB pool on the fly.
  • Secure proprietary channel eliminates any DNS UDP transmissions.
DUAL DNS provisioning

Leverage the double edged sword technology to get a robust DNS solution with high availability and business continuity.

  • ISC BIND backed up by NSD DNS on the same server for authoritative and Unbound DNS for caching servers. If a DNS vulnerability is created maliciously against the public ISC code, the ISC BIND server can be dynamically shut down and the appropriate NSD or Unbound DNS server started avoiding the vulnerability.
Multi-Cloud Management

Preconfigured integration with most popular cloud providers. AWS, Google, Azure using the Robust TCPWave REST interface.

  • Will develop communication with your cloud provider as long as they provide a REST interface.
  • Discover and import existing objects and subnets from the cloud instance, including permissions into TCPWave DDI.
  • Provision subnets and objects (Add, Modify and Delete).
  • Monitor statistics on cloud resources.
Virtual Environments

Scale seamlessly into a hybrid cloud model. Manage a mixture of VMWare, AWS, GCP and Azure DNS remote appliances.

  • Robust VMware Plugin.
  • VMWare Discovery - discovery of the virtual instances in the VMware Infrastructure using object types "VMware vCenter" or "VMWare ESXi".
  • Compatibility with DevOps and Infrastructure as Code environments.
IPAM
Dashboard

TCPWave’s IPAM provides fault management, performance management, config assurance, patch management and IPAM software in one bundle. There is no need to purchase monitoring software to manage your DNS Infrastructure. TCPWave’s IPAM integrates with EMC SMARTS and automatically sends SNMP alerts when critical events arise in IPAM operation. Scheduled changes can be managed more efficiently and automated roll backs take place if the change implementation fails. TCPWave also provides a powerful dashboard to monitor all the core components of the DDI infrastructure managed by the TCPWave IPAM with extensive graphing capabilities for performance management metrics. TCPWave’s DNS and DHCP appliances are automatically added to the fault and performance management once they are a part of the TCPWave IPAM ecosystem. Contact us to schedule a demo.

DDNS
IPAM
IPAM
Capacity Planning

TCPWave IPAM offers unsurpassed capacity planning metrics. The TCPWave IPAM, built for speed, simplicity, and security, provides extensive capacity planning metrics of the hardware, operating system, network, database, DNS and DHCP. Modern charting frameworks used by TCPWave allow the customers to pinpoint DNS and DHCP problems before they can become potential widespread outages. The capacity planning engine has a seamless integration into the fault management engine so that your NOC team gets a heads up. Detection of DDOS attacks, mitigation and prevention of such attacks from happening again becomes simplified with the TCPWave IPAM. Contact us to learn more.

IPAM
Monitoring

TCPWave has taken the monitoring of the mission critical DNS and DHCP appliances that are managed by the TCPWave IPAM to a next level. When a DNS zone or DHCP scope is added, monitoring is done automatically and metrics are reported into the TCPWave IPAM dashboard. Click here to view a few examples of events and the auto-provisioned monitoring thresholds. Contact us to schedule a demo.

IPAM
IPAM
IPAM
Design

The architecture and design of the TCPWave IPAM is performed in a meticulous way after reviewing the Gartner article, which highlights the deficiencies of the current available DDI products in the market. The TCPWave product development team has also discussed the challenges faced in the enterprises with a large namespace and discussed the challenges faced by the Network Services Operations team. Administrators demand for root access to the underlying operating system to use the advanced features offered by BIND is one such constraint. DDI Statistics and canned audit reports were a priority to another client.The TCPWave IPAM provides an architecture that scales in a linear fashion. Our customers need not purchase additional devices for reporting and analytics. The core IPAM comes with it. Contact us to schedule a demo.

IPAM
Auditing

TCPWave’s IPAM comes with an extensive audit capability, which provides accurate forensics for IP Audit, subnet audit, network audit, domain audit etc. You can customize the auditing policies to audit what the Security team is interested in for better audit reviewing. The Login audit enables detection of unauthorized intrusions into the system. A combination of failure and success authentication audits help determine when the breach of security occurred. Isolation and preservation of the security events logs helps track users who gained unauthorized admin privileges. The preservation of logs also avoid login failure logs to be overwritten through Denial of Service Attacks. The Network, Subnet, and Domain audits provide extensive information related to network traffic, IP allocations etc. These audits help in detecting unusual network traffic, IP address allocation and de-allocation rates, DNS query rates etc. Contact us to schedule a demo.

IPAM
IPAM
IPAM
Active Directory

While most IPAM and DNS solutions allow only one Domain Controller per name server for synchronizing the DNS data and where the synchronization too is mostly insecure as the IPAM providers often avoid the complex and error prone Kerberos authentication, TCPWave IPAM goes one step ahead to allow a seamless and secure integration of multiple Active Directory Domain Controllers per name server. This unique integration of Active Directory Forest with TCPWave IPAM managed DNS appliances help organizations minimize their costs by spending only on optimum number of name servers. How it works? Create as many Active Directory servers in the TCPWave IPAM. Upload the Active Directory Kerberos keytab file to the IPAM Web Interface. Map the Active Directory servers to the TCPWave DNS Appliances for synchronization. Contact us to schedule a demo.

IPAM
Cloud Computing

TCPWave’s IPAM can automatically update itself with the cloud orchestration layer. TCPWave’s IPAM goes a step further and provisions the compute, storage and network infrastructures using simple and configurable RESTful APIs. The TCPWave workflow editor allows you to automatically communicate with the cloud management when specific events take place in the TCPWave’s IPAM. The workflow manager allows Admins to generate predefined workflows for provisioning VMs, allocating and deallocating IP addresses and destroying the VMs. These workflows can be scheduled periodically for automating certain processes. Integration with VMWare, OpenStack, CloudStack, Eucalyptus is a seamless operation with TCPWave’s Powerful REST API. The TCPWave IPAM solution also includes prebuilt virtual appliances with IPAM, DNS and DHCP services that work out of the box and a cloud orchestrator plugin with customized workflows for allocating IP addresses to all your virtual instances across your cloud. Contact us to schedule a demo.

IPAM
IPAM
IPAM
Cloud DNS Management

The TCPWave IPAM takes the DNS management of enterprises to the next level with the built-in Cloud Integration. TCPWave customers can now mix and match DNS hosted in public cloud, private cloud, and dedicated TCPWave Remote DNS servers to create an ideal environment. Cloud DNS hosting provides a highly available and scalable DNS service and improves the resiliency of the TCPWave managed DNS infrastructure in the private enterprises. Data center disaster recovery is tremendously improved when single points of failure are eliminated at the DNS authoritative service layer. TCPWave IPAM ensures that the DNS zone data gets a constant validation to ensure that the cloud provider’s DNS is in perfect harmony with the TCPWave managed DNS. When an object is updated in the TCPWave IPAM, the cloud providers are automatically updated too. Enterprises are shielded from exposing their internal DNS servers to the cloud and opening up DNS ports on the firewall for DNS zone transfers with the cloud providers.

TCPWave customers can also choose to have all the three providers listed above to provide cloud DNS hosting for every DNS zone managed by TCPWave IPAM. DNS Zones created in the TCPWave IPAM support Zone Mirroring with Amazon’s Route 53 DNS, Rackspace DNS and Google DNS. DNS records added to the TCPWave IPAM are automatically synchronized with the cloud providers listed above using TCPWave’s powerful RestAPI methods. The management communication uses encrypted SSL thereby preventing man in the middle attacks. Contact us to schedule a demo.

IPAM
DNSSEC

TCPWave’s IPAM offers Secure DNS utilizing highest level of encryption and makes DNSSEC deployments very simple, empowering service providers to provide secure DNS hosting and name resolution services Secure DNS: TCPWave’s IPAM supports DNSSEC thereby enabling service providers to provide secure DNS hosting and name resolution services. Further DNSSEC is used for secure Dynamic DNS updates that are RFC 2136 compliant. The DDNS updates ensures seamless zone updates without the need to restart the DNS server process. The DNSSEC rich set of features further include automatic key generation, zone signing, and scheduled DNSSEC key rollouts. The DNS server masters and slaves use secure TSIG transactions for full and incremental zone transfers. Traditional DNS is vulnerable to multiple security exploits. Managing DNS with DNSSEC or GSS-TSIG has many operational overheads. Sending DNS updates using UDP port 53 has been proven as an insecure way to operate the mission critical DNS infrastructure. TCPWave has designed a revolutionary method of securing dynamic changes using a robust security model. Changes made in the IP Address Management web interface are sent using a secure conduit from the management server to the remote DNS server. A powerful logic developed in Java examines the contents of the update, determines the authenticity of the source IP Address, verifies if the IPAM server sent the message and then processes. After updating the master DNS, the secure conduit service sends an acknowledgement back to the management server. If the acknowledgement is not received, the management server sends a retry. This communication uses a TCP port with a 1024bit encryption key. Malicious users cannot spoof the IP of the management server and take control of your DNS environment with this advanced protection offered by TCPWave. Contact us to schedule a demo.

IPAM
IPAM
IPAM
DNS Firewall

TCPWave provides the best protection available for your mission critical DNS infrastructure. Powered by the constantly updated Threat Defense Feed and a built in deep packet query inspection engine embedded with a stateful firewall, our DNS Firewall stops you from getting hacked. The TCPWave IPAM threat protection leverages the same proprietary feed, alerting you quickly in the event your site is compromised. Our Live Traffic view gives you real-time visibility into traffic and hack attempts on your DNS Infrastructure. You can have a TCPWave DNS cache do a BGP/OSPF peer with your routers and control the network traffic using the TCPWave Stateful Firewall Engine with management from the TCPWave IPAM. TCPWave provides an innovative and effective security platform that protects our way of life in the digital age by preventing successful cyber attacks. The deep packet inspection engine resides in the TCPWave DNS appliance’s kernel. It examines the contents of the DNS requests at the Ethernet layer and protects the DNS application layer from malicious requests. In addition to this protection, the response inspection engine on the cache examines the packets received from the recursive lookups and determines if any of the responses are attempting to taint or poison the cache. This includes attempts to overwrite the hints file or the delegation records that allow BIND or Unbound to vulnerable to DNS hijacking. The DNS Administrator can reject all the incoming AAAA records on a cache, drop all traffic containing a string matching a regular expression such as malware or virus and can block all DNS requests from a specific IP Address or a subnet. Contact us to schedule a demo.

IPAM
Discovery

The TCPWave’s IPAM is a smart and reliable IP address management for any organization with complex and dynamic network infrastructure. It offers a set of powerful network manipulation tools that let the administrators to manage and operate on an ever expanding network devices. It automatically discovers your network topology and updates itself when new subnets are discovered on the network. When a new Arista switch is provisioned, automation can automatically inform TCPWave DDI to add the router interfaces into DNS, define the subnet profiles and add DHCP scopes for a rapid provisioning. The networks and subnets can be configured to be scanned periodically to detect the changes in the network nodes and then update the objects data. The TCPWave IPAM can discover all the network devices and their configuration via ICMP, SNMP and NetBIOS protocols and consolidate the newly collected data with the existing data. The TCPWave discovery rules control the automatic provisioning of the discovered objects into the DNS Infrastructure. The discovery engine runs at a blazing fast speeds, with highly optimized parallel processing algorithms, all written in modern Java. You will be amazed to see our network crawl speed. Contact us to schedule a demo.

IPAM
IPAM
IPAM
Data Integrity

TCPWave’s IPAM enforces strict database integrity checks. It’s the best in the industry today. No other provider guarantees this level of DNS and DHCP data integrity. Its smart logic checks the sanity of the DNS and DHCP configuration files before sending them to the remote DNS and DHCP devices. This ensures that the remote devices do not crash after getting an update from the DDI. TCPWave has eliminated a concept of a manual DNS and DHCP push. DNS updates take place in real time and DHCP configurations are updated automatically when new scopes are defined. Contact us to schedule a demo.

IPAM
Made with Jenkins

Survey after survey shows JenkinsĀ® is the most popular open source automation server - and for good reason. However, Jenkins alone often lacks what teams need as continuous delivery scales across an organization. TCPWave extends Jenkins with functionality that embeds best practices, supports rapid on-boarding, provides tools for easier admin management and is based on an architecture that was built for scalability. You get enterprise-level benefits along with the Jenkins automation you already love.

IPAM
IPAM
IPAM
Rest API Rate Limiting

As an enhanced security measure, TCPWave has implemented a RESTAPI rate limiting feature to ensure relative stability when unexpected things happen. If for some reason one client causes a spike in traffic, the API has to continue running smoothly for other users instead of crashing. A misbehaving (or malicious script) could be hogging resources, or the API systems could be struggling and they need to cut down the rate limit for “lower priority” traffic. Sometimes it is just because a poorly written network automation tool starts an unintentional DDOS against the TCPWave IPAM. The standards implemented by TCPWave leverage RFC 6585 and provide a HTTP status 429 to the individual client that breaches a threshold. The thresholds that are enforced to control an attack are defined in the global policies of the TCPWave IPAM. Contact us to learn more on how to secure your DDI infrastructure and adopt to the hybrid clouds model without compromising on availability and information security.

IPAM
High Availability

TCPWave's IPAM provides a sophisticated "High Availability" (HA) feature to provide an un-interrupted service to it's large enterprise customers. The HA environment can be setup using three or more IPAM Servers located in different geographical locations. All the DNS and DHCP appliances in the enterprise can be managed from any of the IPAM, irrespective of their physical locations. The administrators can connect to any of the IPAM Servers for day today operations. The IPAM Servers form a cluster of IPAMs and are always in sync with other IPAMs; i.e. the IPAM Servers form an active-active setup. The changes done in one IPAM get reflected in other IPAMs instantaneously. If an IPAM goes down for any reason, the DNS or DHCP appliances connected to it for management purposes, automatically gets connected to other IPAM in the environment. This switch over is transparent to the user. IPAM uses latest technologies like Galera Cluster Technology to implement HA availability solution to provide resilient un-interrupted service to it's customers.

IPAM
IPAM
IPAM
Disaster Recovery

TCPWave's IPAM provides a sophisticated "Disaster Recovery" (DR) mechanism for recovery if the IPAM goes down for any reason, to provide an un-interrupted service to the users. There are two IPAM servers in the setup and one IPAM manages all the DNS and DHCP appliances. This active IPAM is known as the Master IPAM. The other IPAM is passive and is known a slave IPAM. All the data from the Master IPAM gets replicated to the slave IPAM. This forms an active-passive setup. If for any reason, master IPAM goes down, the slave IPAM can be brought up and all the DNS and DHCP appliances automatically get connected to it for management purposes. The switching of master and slave is seamless. IPAM uses latest technologies like Galera Cluster Technology to replicate the data from master to slave server and provide the disaster recovery solution to it's customers.

IPAM
Workflow Management

Workflow Management provides a fine-grained access to the IPAM Administrators with lower privilege levels to conveniently perform day to day DDI Operations without compromising on the concept of Segregation of Duties. With the workflow integration, Normal Administrators and Power Administrators with in an organization will be able to stage actions like adding a DNS entry/ Bulk adding subnets for approval and get them reviewed and approved by Super Administrators or Functional Administrators before having them executed.

The NADM and PADM users can perform Add/Modify/Delete Operations on the Web Interface. However, these operations are termed as workflows and are staged for approvals by SADM or FADM users. Every workflow action that is staged will be entitled with a unique workflow identification number. Any change ticket number that has been entered at the beginning of the session will also be automatically pulled into the data by tracking the HTTP Header.

SADM and FADM users can login to the workflow management web interface and review the data. Only these users will have the privilege to Approve/Deny a workflow. A workflow that has been approved or denied cannot be revoked since the workflow manager asynchronously delegates the action to the appropriate service handler for execution upon approval. However, the underlying entity can be revoked using the Undo Functionality.

IPAM
IPAM
IPAM
Microsoft DNS/DHCP Appliances

TCPWave Facilitates the Process for Quick Integration The initial configuration of TCPWave and Microsoft integration is simplified by an easy-to-follow wizard that helps quickly guide the administrative team through the process of establishing communication between the two systems. When integration is established, TCPWave provides additional logging and tests to monitor the synchronization processes and provide an audit of AD site activities. An organization has the option to configure integration in read-only mode or read/write mode in order to actively manage and optimize AD sites. TCPWave uses role-based access controls based on Microsoft AD groups to determine which administrative teams are authorized to make changes within the TCPWave tool set. When TCPWave first communicates with Microsoft AD Sites and Services, it imports the current AD site configuration. From then on, any changes that are configured from within Microsoft Management Console will be continuously synchronized within TCPWave as incremental updates. Likewise, any networks created within TCPWave and assigned to an AD site will be synchronized within Microsoft AD Sites and Services.

IPAM
Segregation

TCPWave’s IPAM allows you to gain a tight control over user permissions. It allows a network administrator to define what commands a user may run. This fine grain level of control allows for a more controlled delegation of IP management activities among users, without compromising on security. You can have users who can add users and can’t modify DNS data. You can then have users who can modify DNS data but cannot add other users. You can define user roles per Network, Subnet, Object, DNS, DHCP etc. Contact us to schedule a demo.

IPAM
IPAM
IPAM
Logging

TCPWave IPAM provides comprehensive logs that can be viewed conveniently via the management interface. Remote DNS/DHCP logs, the secure message logs, syslogs, database logs etc can be viewed in real time in the product. TCPWave IPAM goes a step further and allows the users to filter the logs using a filter. The logs can be exported as CSV or PDF for further analysis. The security events log from the TCPWave IPAM is readily available in Arcsight CEF format for easier integration with Arcsight. Any log from the TCPWave IPAM can be sent into Splunk to meet the unified log integration requirements of modern enterprises. TCPWave fully supports integration of the DNS/DHCP logs using Java Streaming Messaging into Apache Flume. The configuration of the Flume Client component of all the remote DNS and DHCP appliances is centrally managed via the TCPWave IPAM. Flume is a distributed, reliable, and available service for efficiently collecting, aggregating, and moving large amounts of log data. It has a simple and flexible architecture based on streaming data flows. Contact us to schedule a demo.

IPAM
Global Distribution

Kickstart the installation and configuration of TCPWave’s IPAM by leveraging our fast and innovative appliance delivery model to over 101 countries. We offer our users two options, a secure physical appliance or a secure virtual appliance or an Amazon AWS AMI image. There is no need for the end user to install a separate database server. The physical devices are shipped and supported by Dell leveraging the OEM partnership that TCPWave has with Dell and the Level 3 escalation is passed to TCPWave.

IPAM
IPAM
  • TCPWave Inc. has engineered an award winning IP Address Management software with security as a priority #1 and performance + scalability for rapidly evolving cloud computing demands as #2.
  • TCPWave IPAM can be used to manage the traditional data center DNS/DHCP and cloud DNS.
  • TCPWave IPAM is modern, fast, secure and scalable.
  • TCPWave IPAM is a cost effective alternative to replace your current IPAM.
  • TCPWave Professional Services simplify the migration process without causing any major business impact.
  • We guarantee you that our user friendly GUI, our RestFUL API with numerous features and our rich CLI framework will make you concur with our thinking.
  • Click here to learn more about IPAM Security.