1 TCPWave IP Address Management SolutionTIMS™ TCPWave IP Address Management Solution

2 Growing: DELL & TCPWave Impact at Citi

3 TCPWave in Citi 150+ TCPWave DNS appliances in CitiProjected at 250+ TCPWave appliances by 2016 VitalQIP product R&D is becoming a concern in the industry TCPWave continues to partner with VitalQIP in supporting the authoritative layer in Citi Performance bottlenecks seen by Alcatel-Lucent’s DNS are not seen with TCPWave’s DNS TCPWave continues to partner with ISC, NLnet Labs, and Yadifa NLnet Labs choose TCPWave to be the enterprise level distributor and support organization for Unbound DNS TIMS™ IPAM is covered by the existing three party master service agreement. TIMS™ IPAM is distributed by Dell CFI (Custom Factory Integration).

4 Introduction to TIMS™

5 Overview Core design principles of the TIMS™ Competitive advantagesInformation Security Fault Management Performance Management Audit Features Search Engine Dual DNS Patch Management Closer look at the TIMS™ When TCPWave was first getting started we knew that DNS and DHCP were going to be mission critical. Before we deployed a single server we started to focus on every aspect of DNS/DHCP, even the control panel for customers to interface with it. We'd been frustrated by the state of DNS/DHCP control panels, whose UI providers woefully underinvest in. We spent several months surveying every IP Address Management (DDI) solution in the world to see if we could build a better IPAM . The result, we think, is the easiest to use IPAM in the world. TCPWave (aka. MindBlowing IPAM) Beyond ease of use, the way that TCPWave's DNS infrastructure works means updates are extremely fast. It takes less than a second for a change from the IPAM dashboard to be propagated across a entire network with management from New York and remotes in the Philippines. And, since you can change your backend server's IP address of a cache appliance without having to change the IP TCPWave announces to the corporate network, the result is you can change from one cache appliance to without having to wait for complex routing changes. Anycast management with DNS is taken to a next level by TCPWave. It's pretty slick. We're continuing to make additional improvements to both our DNS/DHCP infrastructure and how it is deployed by our customers. One of the requested features from businesses was that they wanted a dashboard, which provides comprehensive automated fault management metrics, performance management charts, configuration assurance, DNSSEC support, various authentication mechanisms, secure communication for all management, Microsoft Active Directory integration, a powerful search engine, extensive Audit capabilities, seamless disaster recovery and an end to end appliance model as virtual and physical appliance with a global distribution model . As a result, all these features are now included with all Business and Enterprise plans from TCPWave. Going forward, TCPWave will begin offering its next generation IPAM to hosting provider partners so they can ensure their customers have the fastest, most resilient DNS service without suffering from any exploits or propagation delays. See the difference between insecure UDP versus SSL enabled TCP for all management using TCPWave’s IPAM. So while we don't talk about it much, we're spending a ton of time thinking about DNS and DHCP. As Chandra Kapate on our team just suggested, "We clearly need to change our name to something like Mind-blowing IPAM." That's probably not going to happen. But, if you've ever hesitated to sign up for TCPWave because you were concerned about changing your DNS, chances are we'll be significantly faster and more secure and resilient than whatever you were using before.

6 Core Design Principles Of IPAMBackend developed using Java. Web Interface is built leveraging the latest JavaScript frameworks. RESTful service layer to fecilitate functional reusability. Database schema enforced with various integrity checks. Dedicated search engine – Doppler™. T-Message Tunnel™ providing encrypted communication between the management and remote appliances.

7 Competitive AdvantagesFast Secure Fast Highly-tuned DB + Dedicated secure communication channels + REST API + Multi- demnsional Algorithms. Secure Encryption (SHA-512) is enforced at the highest degree for all communications between IPAM Server and remote appliances via T-Message Tunnel™. Support for secure Active Directory updates using GSS-TSIG. Scalable Designed to scale and operate over a large set of data with powerful integrity checks without performance degradation. Conflict Detection Automatic detection of A to CNAME conflict. Scalable

8 Competitive AdvantagesEasy Automated Changes done to DNS/DHCP require NO push Changes are reflected instantaneously using T-Message Tunnel™. Easy to migrate/upgrade Import 1 Million objects in under 17 minutes, not hours. Automated Discovery Discover 64k objects in under a minute, not hours. User Friendly Management Unique dasboard with automated monitoring, advanced reporting, network analytics, and full control of the system from a single pane of glass. Friendly

9 Robust Sanity Checks And Roll BacksTIMS™ is powered by a proprietary sanity checker. Any operation that requires updating DNS/DHCP configuration is thoroughly checked for syntax errors. Failing to pass through the sanity checks would reverse the operation and roll back to the last good known configuration. TIMS™ ensures to drastically bring down DNS/DHCP outages due to configuration errors.

10 Information Security FeaturesHardened OS for all appliances. TACACS+, RADIUS, Active Directory and Encrypted Database based authentication approaches. Efficient approach to mitigate DDOS attacks and efficient alerting interfaces for all 911s. Encrypted key based DNS zone transfers. Encrypted Patch Management. DNSSEC TACACS+ Authentication Information Security Compliance RADIUS Active Directory SSL TCP Secure Patch Transactions

11 Segregation of Duties Super Admin (SADM) - Has access to all the functionality of the system. Functional Admin (FADM) - Manages switching authentication mechanisms and set system level parameters. User Admin (UADM) - Manages User administration. Normal Admin (NADM) - Has privileges only to create Objects and Scopes. Power Admin (PADM) - Has access to Zone/Domain/Server/Network/Subnet/Scope/Template/Object. Read-only Admin (RADM) – Has only a read only access to the system.

12 Citi Ready Fault ManagementTIMS™ integrates with EMC SMARTS and automatically sends SNMP alerts when critical events arise as a result of any activity. Scheduled changes can be managed more efficiently and automated roll backs take place if the change implementation fails. TCPWave’s Remote appliances are automatically added to the fault and performance management once they are a part of the TIMS™ ecosystem.

13 Citi Ready Audit FeaturesAccurate forensics Adhoc reports for Network/Subnet/Object Audits Canned reports for Admin Audits Scheduled reports as PDF or CSV DHCP Template and Zone Definition Audits are unique to TIMS™

14 TCPWave Doppler™ Search EngineTCPWave Doppler™ is highly reliable, scalable and fault tolerant. Google like search for the entire IPAM. Supports free form text – no complex buttons like other IPAMs. User friendly interface for search results. Powered with home grown TCPWave search algorithm.

15 Dual DNS Features Two flavours of authoritative DNS implementations namely- BIND and YADIFA. The cache layer also comes with Unbound and BIND DNS servers. Unbound is a very secure recursive and caching DNS server. Built in secure communication channels between TIMS™ and DNS infrastructure for seamless dynamic updates.

16 Patch Management FeaturesTIMS™ supports encrypted patch management for all DNS and DHCP servers in the TCPWave ecosystem. Users can patch their DNS and DHCP servers straight from the TIMS™ web interface or CLI. Patch management is built with security as the primary focus. Patches are scheduled, and applied in phases and are auto-rolledback in case of a failure. Setup Infrastructure Checkouts Reports Identify Patches Deploy Patches Test Patches

17 Business Advantages to CitiPerformance 96,000 DNS requests/sec 7 million objects added in 1 hour 1900 zones added in 5 minutes 1 million scopes added in 15 minutes No manual configuration pushes after changes. 0.5 second or less propagation delay between IPAM and DNS/DHCP. Blazing fast IPAM with extensive in-memory calculations and optimization. Security Support for multiple authentication mechanisms Segregation of duties for admin roles Full SHA-512 encryption for all management. Simplified deployment of security fixes Canned and Ad-Hoc Audit reports for admins and IP Addresses/Names. Information Security for managing core network infrastructure is taken to a next level Graphs Host Resources DNS traffic DHCP traffic Network growth Admin usage Integration of performance data into fault management. Wall Street Ready IPAM comes with fault, performance management, security and auditing built in as a core fabric. Disaster Recovery Intelligent Message Queues Automated Database Synchronization Scheduled database snapshots Integrity checkers between DNS and IPAM Least Business Impact to make disaster recovery completely automated without needing a SA/DBA to switch to DR manually. Ease of Use Powerful CLIs to import DNS/DHCP data from third parties. Simplified web interface. Asset Optimization Prevents DNS/DHCP outages with a powerful front-end and backend logic. Powerful discovery engine to auto-populate the IPAM. Automated Fault Management Configuration. A treat to your infrastructure. TCPWave’s IPAM needs a least amount of user training and has excellent tooltips to help the user in managing the DNS and DHCP Infrastructure.

18 Closer Look at TIMS™

19 Adding a Network On the IPv4 Network page, click on Add button to add a new network. Enter the Network Address and Organization to which it belongs and other such details and click on OK

20 Voila! You have just created a network.Network is automatically added into monitoring, capacity planning and search engine analytics.

21 Adding a Subnet Click on a network you want to create subnets and then click on the Add button to create new subnets. Enter the Network Address and Organization to which it belongs and other such details. Next select the Mask Bits value from the dropdown and check the Show Available Subnets option.

22 Adding a Subnet (contd.)Select the subnets you want to create and click on create.

23 Voila! Subnets have been created.

24 Adding a DNS Zone Creating a DNS zone is a two step process.Create a DNS Server Template in the DNS Management page. Create a new DNS zone and assign the newly created DNS Template in the previous step. TCPWaveAuth

25 Adding a DNS Object Click on a subnet in which you want to create a DNS Object and then click on the Add button. Enter the IP address and the DNS name of the DNS object. Select the suitable DNs options and click on OK button You can create additional Resource Records in the Resource Record tab.

26 DASHBOARD AT A GLANCE

27 NETWORK UTILIZATION CHARTS

28 Interactive Performance ChartsAbility to zoom to the very minute extent. Powered with the latest JQuery/JavaScript. Accurate Compatible with any browser. Eliminates the need of any Java Run-Time Environment.

29 TIMS™ RESTful API Token based authentication that is tied to a source IP address for security. Over 180 different API methods are supported. Examples of REST API calls include Add/Modify/Delete a Network Add/Modify/Delete a Subnet Add/Modify/Delete an Domain Get the next free IP Add/Modify/Delete an Object Add/modify/delete a domain level Resource Record Add/Modify/Delete an Alias Add/Modify/Delete an Administrator Enable/Disable DNSSEC on a Zone

30 Q & A