Trinzic DDI

DATASHEET

Integrated DNS, DHCP and IP Address Management (DDI), with Massive Scalability and Automation
The explosion of IP addresses and the rapid transitions to IPv6, virtualization and cloud computing not to mention the onslaught of new networking and personal devices (such as smart phones and tablets) have put extreme pressure on IT to deliver network services that are automated, scalable and always on. Tracking IP addresses by spreadsheets and/or relying on vulnerable server-based DNS/DHCP services are not realistic options anymore. The solution to these problems is a combination of integrated, highly scalable, fault tolerant, 24x7-available DNS, DHCP and IP Address Management.

AcTIve DDI
Infoblox Trinzic DDIis the worlds leading appliance-based, integrated DNS, DHCP and IP Address Management (DDI) product. Trinzic DDI employs state-of-the-art IP address management and automated error-checking technologies that are seamlessly integrated with Microsoft DNS/DHCP servers, and supports the Infoblox Grid architecture that enables the most advanced, highly available, fault tolerant and scalable solution in the world. With Trinzic DDI you can leverage your existing investments in Microsoft, while simultaneously incorporating collaborative IP address management and ensuring 99.999% network services uptime. We call this trend of automation, scale, real-time visualization, performance and integration Active DDI, which only Infoblox offers. Active DDI is the heart of Trinzic DDI and incorporates dynamic, automated control of network services to ensure non-stop operation.

Key BenefITs
Automate IP address management with real-time visualization and integration of advanced DNS and DHCP services Ensure unparalleled security and reliability Meet business goals with massive scalability and always available network services Conquer the challenges of IPv6, virtualization, cloud transition and growth Leverage your existing investment and integrate seamlessly with Microsoft DNS and DHCP services

coRe Technology
Trinzic DDI relies on a number of underlying, patented, core technologies to deliver world class network services: Embedded Infoblox Trinzic software delivered via physical or virtual appliances Patented Grid technology IPAM (IP Address Management) for Microsoft Powerful Infoblox API

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

Trinzic DDI
DATASHEET

Embedded Infoblox Trinzic Software Delivered via Physical or Virtual Appliances Infoblox Trinzic software, running on Infoblox appliances, delivers nonstop core network services including DNS/DNSSEC, DHCP, IPAM, HTTP, FTP, TFTP, NTP and others that are critical to the operation of all IP-based networks. Appliance-based delivery of these services has become a recommended industry best practice for any size organization because appliances are inherently more reliable, manageable, scalable and secure than software-based solutions on general purpose servers. For large organizations, distributed Infoblox appliances can be connected into unified Grids that provide unparalleled management, control, visibility and service resiliency. Infoblox Trinzic DDI is a security-hardened, real-time system that includes a built-in zero-administration database, extensive support for high-availability operation, and comprehensive capabilities that automate appliance deployment and maintenance while simplifying data management. Trinzic DDI provides a range of network services, including: Naming services via Domain Name System (DNS/DNSSEC/DNS64); Addressing services via Dynamic Host Configuration Protocol (DHCPv4 and DHCPv6); Network visibility and control via IP Address Management (IPAM); Configuration services via Trivial File Transfer Protocol (TFTP), FTP and HTTP; Time synchronization services via Network Time Protocol (NTP); Dual stack IPv6/IPv4 protocol support; Logging services via Syslog. Visit www.infoblox.com to learn more about Infoblox appliance models. Patented Grid Technology The patented technology of the Infoblox Grid links a unified, centrally managed system of appliances that share a common, real-time distributed database. Using a secure, SSL-based VPN among appliances, the Infoblox Grid maintains data integrity via a sophisticated transaction management technology that ensures all appliances in the Grid have timely and accurate data. The Grid technology also continues to deliver services without data loss or corruption in the face of device or WAN failures, and supports intelligent data replication to minimize the use of bandwidth in the Grid and to enable right-sized appliances to be deployed at each location. Learn more about Infoblox Grid at www.infoblox.com/grid. IPAM for Microsoft Trinzic IPAM for Microsoft adds enhanced management capabilities for Microsoft DNS and DHCP services. The solution extends built-in Windows DNS and DHCP management tools with visual IPAM discovery, analysis and change management tools on the Trinzic DDI platform while preserving investments in currently deployed Microsoft infrastructure. Trinzic IPAM for Microsoft requires no agent software on client or server computers because it uses native Microsoft RPC APIs to interface to Microsoft DNS and DHCP services. This integration is so seamless that administrators can be assured their changes will be properly synchronized whether they use the built-in Microsoft tools or the visual Infoblox management console. Trinzic DDI also integrates with Microsoft System Center Operations Manager (SCOM) via a SCOM Management Pack so that Infoblox appliances can be monitored from an SCOM console.

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

Trinzic DDI
DATASHEET

Powerful Infoblox API Trinzic DDI includes powerful API that enables external applications to interact with appliance services and applications. Via the API, third-party applications can import data from existing DNS and DHCP systems, read and modify the data in the Infoblox appliance database, perform administrative functions, and export data for archiving and reporting.

Key features
High-availability Services: High-availability (HA) services are supported by bloxHA technology, which uses industry-standard Virtual Router Redundancy Protocol (VRRP) for sub-5-second network failover between active and backup appliances, and bloxSYNC technology to ensure real-time database synchronization with no loss or duplication of data. Together, these two technologies allow critical DNS/DNSSEC, DHCP, FTP, HTTP, TFTP and other services to remain always responsive and up-to-date, and they eliminate common but challenging problems such as issuing duplicate IP addresses. Integrated, Zero-admin Database: Trinzic DDI stores all network data including IP addresses, host names, MAC addresses, user credentials, and other data in the integrated bloxSDB database. This zero-admin database is specifically designed to support integrated network services, and provides unmatched consistency between service and management views of IP network data without compromising performance. Integrated Web GUI: The Infoblox Web GUI allows administrators to deploy and manage the entire DNS/DNSSEC, DHCP and IPAM infrastructure with just a few mouse clicks. The powerful, Web-based Infoblox GUI is the only solution that manages all aspects of the infrastructure and data including software updates and upgrades, backup and restore, disaster recovery, and all services and data management without resorting to client-based or command-line interfaces. The Infoblox Web GUI manages all aspects of the product including DNS/DNSSEC, DHCP, IPAM and Grid management, monitoring and reporting. Wizards and visual tools make configuration and monitoring easy and error-free. Closed Loop Automation: Infoblox Trinzic DDI provides practical operational efficiencies that lower total cost of ownership. For example, creating a DHCP range automatically creates an associated DNS record, reducing the number of tasks or network administrators required. Files can be uploaded to the Grid Master and automatically distributed to all appliances, serving files via FTP, TFTP and HTTP. All of these features save time and improve service delivery. Granular, Role-based Administration: Role-based administration is a powerful way to ensure that administrators are given access to view and modify only specific core network services and attributes consistent with their organizational and functional role. For example, a senior DNS administrator might be authorized to define new domains and add new appliances to a Grid, while a Help Desk administrator might be authorized to view only specific subnets and issue IP addresses to new devices only by picking from a pre-defined list. Infoblox has created a very scalable, yet very granular rolebased administration framework that lets customers delegate administration down to the object level and yet maintain permissions for a large, complex administration model. Some specifics include:

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

Trinzic DDI
DATASHEET

Easy workflow to manage permissions. The administrator can quickly set permissions by right-clicking on any object to bring up a list of permissions and to view a comprehensive list of which permissions have been granted to each administration group. The use of roles to ease administration. Roles can be mapped to an organization or job (e.g., Printer Admins, DNS Admins), and then roles can be assigned to administrative groups. This abstraction model allows a set of permissions to be defined once, such that any changes to the role are inherited by all groups that are associated with it.

Security Hardened: Infoblox Trinzic DDI is security hardened, and consistently withstands security scans and attacks from the most demanding government and military organizations. In the event that a new exploit is discovered, the underlying Trinzic software can be upgraded in minutes via a single, simple operation. This constantly upgraded protection makes it much more difficult to penetrate than general-purpose operating systems with known vulnerabilities. Additionally, Secure Sockets Layer (SSL)encrypted VPNs protect management communication against management compromise. Extensibility and Customization: The online bloxTools community is a way for customers to develop, deploy and support customized, web-based applications that extend the power of the Infoblox Grid. Based on powerful and popular Web 2.0 technologies, the bloxTools community unleashes the full power and potential of the Trinzic DDI platform and the creativity of our customers and partners. bloxTools lets customers develop light-weight, custom applications (SNAPins) to meet unique workflow and other requirements, and to support integration with other enterprise applications. Task Automation: Infoblox simplifies the management of your network through built-in automation tasks. Select the Task Board as your home page and easily access commonly performed tasks, such as network services tasks, like adding networks and host records, fixing addresses including the CNAME record, TXT record, and MX record, all with a click of the button. It also provides seamless and automated network device configurations within the same user interface. Automation tasks consists of two types of actions, user initiated and triggered tasks. Examples of user initiated tasks are: Enable and Disable switch ports Move ports from one VLAN to another Create a new network Triggered tasks leverage DHCP lease allocations to automatically respond to events such as: When unauthorized DHCP servers are connected to the network, the automation engine will discover them and take the action to isolate them As new network devices are added to the network, as bare metal, it will detect and provision them by automatically configuring them with their correct configuration

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

Trinzic DDI
DATASHEET

IPv6 Support: Internet Protocol version 6 (IPv6) greatly improves on IPv4 by vastly increasing the number of available addresses (from 4 billion for IPv4 to essentially unlimited for IPv6) and by enabling more efficient routing, simpler configuration, built-in IP security, better support for real-time data delivery, and other essential enhancements. Infoblox Trinzic DDI has full and complete support for IPv6, including the following key features: DNS AAAA records for IPv6 DNS resolution IPv6 DHCP - same highly available and solid services as IPv4 DHCP IPv6 IPAM for simplifying the complex tasks of managing IPv6 subnets and IP address allocation DNS64 to translate DNS lookups across IPv4 islands on an IPv6 backbone IPv6 prefix delegation to help large enterprise and ISPs delegate management to subnet managers Task delegation and automation for complex addressing Network troubleshooting and security IP discovery for network inventory and IPv6 address planning Discovery of IPv6 enabled devices and integration with IPAM IPv6 Network Map, provides a visual display of the network infrastructure, and the ability to configure and manage individual networks Automated IPv6 network change and configuration management for keeping your IPv6 network secure and compliant Compliance monitoring and reporting for an ever-changing network environment

Next Available Networks: When you add networks, you can now obtain the next available IPv4 or IPv6 network from a specific network container. The next available network address is the first unused network address in the network container to which you have administrative permissions. This feature automates the allocation of networks so you can manage your network space more efficiently. Reserved Ranges: When you define an address range, you can now reserve the IP addresses in the range for static hosts, to help you to better organize network elements. For example, you can create a reserved range called Printer Range to reserve static IP addresses for printers in your network. When you allocate IP addresses for printers, you can have Trinzic DDI search for the next available IP address within Printer Range, and then allocate the address to a new printer automatically. Infoblox Reporting Solution: A dedicated Infoblox reporting appliance provides historical data about IPAM, DNS, and DHCP activities and performance to help you better plan capacity and detect security issues proactively. Infoblox provides a collection of predefined reports, and you can also create custom report dashboards based on your organization needs. Query Redirection: You can enable Query Redirection on a recursive DNS member to control its response to queries for A records of non-existent domain names and other domain names that you specify. When enabled, the Grid Manager displays the NXDOMAIN Rulesets tab where you can create rules that specify how a DNS member responds to queries for A records for certain domain names and non-existent domain
2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012 5

Trinzic DDI
DATASHEET

names. Each rule contains a domain name specification and the action of the DNS member when the domain name in the query matches that in the rule. After you create the rules, you then enable the NXDOMAIN redirection feature and list the IP addresses that are included in the synthesized responses. HSM: You can integrate SafeNet and Thales Hardware Security Modules (HSMs) for secure private key storage and generation, and zone-signing off-loading. When using a networkattached HSM, you can provide tight physical access control, allowing only selected security personnel to physically access the HSM that stores the DNSSEC keys. When you enable this feature, the HSM performs DNSSEC zone signing, key generation, and key safe keeping. Common Criteria: Common Criteria is a US Government certification process that ensures products procured meet their security requirements. It is an extensive process that requires substantial investment by the vendor. There is an option to operate Trinzic DDI and the Grid in Common Criteria Mode. Staged Grid Upgrade: Staged Grid Upgrade provides the ability to schedule across a period of time the upgrade of Trinzic DDI across the Grid. Infoblox recommend that SGU be completed within 9 days. A Dashboard Widget can be added to quickly inform the administrator that the Grid is in the process of being upgraded. There are also additional warning banners informing the administrator that some DNS, DHCP and IPAM changes may be queued for replication because of SGU. An Administrator also has the option to pause an upgrade. IP Address Management for Virtualization: Infoblox Trinzic DDI easily identifies, tracks and shows all virtual infrastructure devices (i.e., ESX servers, virtual machines, virtual switches, virtual host adaptors and virtual IP addresses), and it correlates virtual infrastructure and physical network information into a single view. Leveraging the Infoblox Plug-in for VMware vDirector and vOrchestrator, datacenter administrators can assign IP addresses to servers in seconds, instead of waiting hours or days to receive it from network operations. Learn more about virtualization capabilities of Trinzic DDI at www.infoblox.com

IPAM discovers and shows detailed information about virtual and physical IP end points in real-time

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

Trinzic DDI
DATASHEET

Captive Portal: The Trinzic DDI captive portal function (which uses Authenticated DHCP) is a web page that can provide an option to register as an authenticated user or as a guest. When a network is segmented for unauthenticated, authenticated and guest users, the DHCP server assigns clients to the appropriate segment based on their MAC addresses and authentication credentials. For example, a network can be divided into one or more production segments for valid employees, a guest segment with access only to the Internet and a quarantine segment with access to a captive portal only.

Infoblox Captive Portal Service Configuration

The Infoblox Grid Manager application unifies the management of all services, devices, and data.
2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012 7

Trinzic DDI
DATASHEET

Trinzic DDI Modules

Infoblox software modules combine core Trinzic technologies to address different customer needs.

Dns Module
The Infoblox DNS Module provides high-performance, feature-rich DNS services that use the industry-standard BIND protocol engine, modified to work with the bloxSDB database. This combination delivers the benefits of a proven protocol engine with the strengths of a sophisticated data subsystem, ensuring transactional integrity and eliminating the data corruption, errors and loss exhibited by flat-file systems.

Infoblox DNS Service Configuration is easy to use and intuitive

Dns features and Benefits

Flexible Deployment: The Infoblox DNS module can be configured to support any role, including authoritative (primary), secondary, forwarding, and caching - all with high performance. Reliable DNS Service: If DNS services are not available, the entire network is functionally down. Therefore, this service must be available nonstop. bloxHA technology allows two appliances to be combined into an HA pair for reliable DNS service. If the active appliance fails, the passive appliance takes over and continues to provide DNS service within fewer than five seconds without any loss or duplication of data. In addition, the unique combination of the DNS protocol engine and the bloxSDB database enables many changes to occur such as adding records to a zone without restarting services, thereby eliminating many of the service interruptions that can happen when updating data in conventional BIND-based DNS servers.

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

Trinzic DDI
DATASHEET

Anycast: In order to achieve a globally distributed, highly-resilient DNS infrastructure, companies can use the Anycast feature to advertise a single IP address for DNS services that are served by multiple physical devices. The IP address is advertised via the OSPF routing protocol, and is withdrawn from the routing table when DNS is not available. This feature provides global load distribution, and automatically routes queries away from appliances that are out of service. Real-time Updates: Dynamic DNS (DDNS) updates are replicated in real-time to all DNS servers in an Infoblox Grid. No other DNS server available today provides realtime replication of DDNS updates. Real-time replication is essential for network environments that require accurate DNS data for security reasons or for locating devices like printers on the network by a simple name. DNS Attack Detection and Mitigation: Infoblox makes it possible to detect, alert and mitigate any attacks against members that are configured as recursive DNS servers. Trinzic DDI monitors two key parameters that are indicators of an attack: mis-matched DNS message IDs and mis-matched UDP ports on DNS responses. These indicators show up when an attacker is guessing on those parameters to spoof a response with the poisoned data. The administrator can set a threshold for both parameters, and when either is exceeded, the system will send an email alert and/or SNMP trap (whichever is configured for the system). This feature will give administrators an early warning that one of their servers is under attack. In addition, Trinzic DDI allows attack mitigation by implementing query rate-limiting. The administrator can implement a filter on a specific IP or network to limit or stop all traffic. This filter will slow down or stop the attack, the success of which is based on the attackers ability to try as many response guesses as possible before the legitimate DNS server can respond. One-Click DNSSEC: Infoblox has a one-click DNSSEC solution that automates the processes of signing and maintaining a signed zone. This eliminates dozens of errorprone, manual operations and the need to write and maintain custom scripts. Key generation is performed automatically using DNSSEC properties specified at the Grid or zone level; resource record signatures are maintained; and, zone signing key rollover occurs seamlessly and automatically according to best practices recommended by the National Institute of Standards and Technology (NIST-800-81) and RFC 4641 standards. GSS-TSIG from Clients to Infoblox DNS Servers: Dynamic DNS (DDNS) updates from Microsoft clients can be signed using GSS-TSIG with the clients Active Directory credentials. The Infoblox DNS server accepts GSS-TSIG-signed DDNS updates and verifies the credentials against the credentials stored in Active Directory. This enables users to offload DNS from Microsoft Windows servers without compromising security. Infoblox offers the only appliance solution that supports GSS-TSIG.

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

Trinzic DDI
DATASHEET

GSS-TSIG from Infoblox DHCP Servers: This feature enables a tighter integration of Infoblox technology into Microsoft environments. If a user wants to take advantage of the Infoblox DHCP features (failover, HA, utilization statistics, etc) but also wants to use Microsoft for DNS, this feature allows the Infoblox DHCP server to send a Microsoft DNS server dynamic DNS updates using GSS-TSIG security. IPv6 Protocol and DNS Record Support: The Infoblox DNS server provides support for native IPv6 and IPv4 protocols. IPv6 record support includes both forward zone (AAAA) IPv6 DNS records and the ip6.arpa IPv6 DNS reverse zone. The DNS server with IPv6 networking support allows administrators to configure IPv6 addresses for Zone Transfers and Query Access Lists, and will respond to both queries and zone transfers on the IPv6 address. Transition technologies, such as DNS64, allow recursive name servers to synthesize an IPv6 record when none exists to enable IPv6 clients to access legacy IPv4 assets. An IPv6/IPv4 Network Translation Gateway (NAT64) is required at the IPv4/IPv6 subnet point of egress. Single Graphical Application to Manage DNS Data and Services: The administration of DNS data can be securely delegated to administrators based on appliance, zone and resource record type. Zone Locking: The zone locking feature prevents administrative change collisions, and enables multiple administrators to work simultaneously without causing unexpected or unpredictable results. When an administrator locks a zone, the zone locking feature prevents other administrators from making changes to that zone until it is unlocked. Unlike systems that can only lock on a global basis, the Infoblox zone locking feature includes granular control that allows locking at a zone level. Hostname Templates: Administrators can enforce naming conventions by defining hostname templates that are applied on a Grid, appliance or zone basis. Administrators can also easily run reports to find and fix legacy records that fail to conform to a selected template. Name Server Templates: This powerful feature enables administrators to propagate changes automatically to multiple zones on multiple appliances. For example, in a system with 500 zones that are served on 50 appliances, changing the IP address of a name server which is secondary for all zones an operation that would require 25,000 changes with a conventional system can be done with a single operation. DNS Redirection and Filtering: Trinzic DDI DNS services support customized NXDomain redirection and policy-based DNS blacklisting. NXDomain redirection allows organizations to send users to a new location when a URL cannot be found, such as an information portal, rather than sending a non-descript 404 Error Website not available message. Through policy-based blacklisting, organizations can direct the DNS service to redirect or not resolve DNS requests for prohibited Internet locations.

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

10

Trinzic DDI
DATASHEET

Dhcp Module
The Infoblox DHCP module is tightly integrated with Infoblox bloxSDB database technology, and provides high-performance, feature-rich DHCP services that use an enhanced version of the industry standard ISC DHCP protocol engine. Infoblox enhancements enable DHCP server restarts to occur in seconds, and avoid restarts completely for operations such as MAC filter updates, thereby minimizing service outages. In addition, the Infoblox implementation of DHCP failover addresses known limitations in the standard approach, and has been proven to provide reliable failover operation and avoid the lockups and errors frequently exhibited by standard DHCP implementations. Last but not least, Infoblox is the leading provider of, and fully supports, DHCP for IPv6.

All DHCP Service Configurations can be done through few clicks of the mouse

Dhcp features and Benefits

Reliable DHCP Service: DHCP is a core network service that is widely used to provision IP addresses for PCs and servers automatically, and is increasingly essential for IPv6 deployment as well as for the rapidly proliferating new classes of networking devices, such as IP phones, RFID readers, cameras and others. Infoblox provides multiple approaches to ensure availability for this critical service. Infoblox bloxHA and bloxSYNC technologies enable sub-5-second failover between appliances deployed in highavailability pairs, and also ensure perfect synchronization between active and failover appliances to prevent the issuance of duplicate IP addresses. Additionally, Infoblox supports the DHCP failover protocol, allowing high-availability relationships between appliances on different networks. With DHCP failover, a central DHCP server can backup multiple remote DHCP servers, saving on the cost of providing reliability.

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

11

Trinzic DDI
DATASHEET

IPv6 DHCP: IPv6 DHCP ensures that dynamically addressed network clients are able to get either IPv6 DHCP options and/or an IPv6 address from a highly available DHCP server. Infoblox provides the industry leading appliance-based IPv6 DHCP server for delivery of IPv6 information to dynamic clients. For managing dual stack IP addresses, Infoblox provides a single pane of glass to both IPv4 and IPv6 addresses. IPv6 prefix delegation: This IPv6 DHCP option allows a large enterprise organization or an Internet Service Provider (ISP) to lease large blocks of IPv6 address space to downstream points of management, such as a customer or branch office DHCP server. Historical Reporting of DHCP Lease Information: The Infoblox DHCP service stores all the historical information about DHCP leases in the built-in bloxSDB database for future retrieval. This feature not only helps network administrators quickly troubleshoot problems with DHCP, but also is extremely valuable for tracking security problems and meeting compliance requirements. Split/Join Networks: As companies expand and grow, either organically or through acquisition, they need to be flexible with their DHCP networking configuration. Split/Join networks allow a company to adjust easily to the dynamic nature of todays networks. The Split Networks option lets an administrator quickly, easily and accurately subdivide a network and have the resulting sub-networks inherit the configuration of the parent network. The Join/Expand Networks option is unique in that it allows the administrator to grow a series of smaller networks into a bigger network without losing any of the configuration, including fixed addresses, dynamic ranges, DHCP and other options. All these options can be easily executed with a point and click web interface. Single Graphical Application to Manage DHCP Data & Services: The administration of DHCP and IP address data and DHCP servers can be securely delegated to other administrators based on appliance and subnet. The management of DHCP and IP address data and DHCP services using the graphical Infoblox Grid Manager application is fast, easy and powerful. Regulating Network Access: The Infoblox Captive Portal, included in Trinzic DDI, provides intelligent, policy-based control over Infobloxs DHCP service leasing. The captive portal will regulate guest access and/or limit DHCP address allocation to authorized users via external RADIUS or Active Directory authentication. The Captive Portal holds users in quarantine until they are properly identified, and only then gives them a DHCP address lease. Advanced DHCP Options Editor: Setting DHCP options is critical for many applications, including user configuration, VoIP, and wireless access point management. Configuring DHCP options can be complicated. Trinzic DDI includes a GUI-driven options editor that simplifies both standard and custom DHCP options configuration.

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

12

Trinzic DDI
DATASHEET

IpAM Module
IP Address Management (IPAM) lets customers manage DNS and IP address data at an enterprise-wide level, delivering unified management, monitoring and administration while providing for appropriate levels of centralized auditing and reporting. The Infoblox IPAM module has taken a fresh approach to IP address management. Specifically, Infoblox has combined todays state-of-the-art technology for data management (a distributed database) and todays state-of-the-art vehicle for delivering network services (purpose-built appliances) to provide the first and only integrated DNS/ DNSSEC, DHCP, and IPAM appliance. Unlike both new and legacy IPAM systems that are add-ons to a data delivery infrastructure, the Infoblox approach to IPAM can be best summed up as built-in, not built-on. By taking this approach, Trinzic DDI provides several unique features only available from Infoblox that greatly benefit customers, including a rich IPAM feature set, redundancy for all components of the system, seamless software upgrades, single-click disaster recovery, real-time reporting, robust data management, and lower deployment and management costs.

Visual IPAM tools enhance visibility and simplify administration

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

13

Trinzic DDI
DATASHEET

IpAM features and Benefits

Integrated IP Management Console: Within a single GUI screen, administrators can search through all of their IPv4 and IPv6 networks and can sort by parameters, such as IP address, MAC address, usage status, device type and location, thereby simplifying many common IP management tasks. Because the IPAM functions and the real-time DNS and DHCP services operate from the same database, all information is guaranteed to stay in sync, even in the most dynamic environments. Address History Tracking: This feature enables administrators to plan, manage, and meet compliance requirements more efficiently through reports based on IP address status (dynamic, static, available and reserved/disabled), hostnames, MAC address and DHCP lease information (including lease date/time, time left on lease, time of last renewal and forced release of IP address). Dynamic Address Control: With this feature, administrators can use DHCP to deploy new devices on the network, such as a printer, without having to configure the devices network settings manually. Once the device is configured on the network, the administrator can change the address from dynamic to fixed. Next Available IP: The Next Available IP feature produces the next unused IP address in a given network. This feature is extremely useful in assigning fixed IP addresses to network devices, such as printers, security cameras, etc. Availability of this feature reduces management effort in finding an unused IP address and assigning it to a device. Furthermore, the risk of future conflict with another device is reduced since the IPAM system will not give out the same IP address for a different device. Network Discovery: Network Discovery allows administrators to search for active devices on their networks, and populate the IPAM database with information discovered during the process. Depending on the method of discovery used, an administrator can: Add new devices to the IPAM system Network discovery provides a quick mechanism to add unmanaged devices to the IPAM system without requiring administrators to input this information manually. Resolve conflicts between the IPAM system and actual network state If the IPAM system has one view of the system but actual IP address use on the network differs from this e.g., the IPAM system has a fixed IP address with a MAC address, but in reality it has a different MAC address a network discovery will show this discrepancy as a conflict that administrators can correct. Discover unauthorized devices on the network Periodically, administrators will discover devices on their network that ought not to be present there and may pose a security risk. Network discovery will show this as an unmanaged device in the IPAM report. Reclaim unused IP addresses Network Discovery reports when an IP was last discovered. This information helps in determining whether an IP address can be claimed back and reused.

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

14

Trinzic DDI
DATASHEET

Overlapping Networks: This Infoblox IPAM feature manages two or more overlapping address ranges within the IPAM system. A key functionality of an IPAM system, this capability is frequently required when managing networks created by heavy merger and acquisition activity. During M&A activity, IT departments typically do not re-architect the whole network; therefore, if the two merging entities were formerly using same network address ranges in their networks, they then end up with same address used by multiple devices. The Infoblox IPAM system can handle this situation easily by using the functionality of network views, which allows administrators to keep two or more overlapping networks separate and still use Infoblox IPAM to manage them. Split/Join Networks: As companies expand and grow, either organically or through acquisition, they need to be flexible with their DHCP networking configuration. Split/ Join Networks allows a company to adjust easily to the dynamic nature of todays networks. The Split Networks option lets an administrator quickly, easily and accurately subdivide a network and have the resulting sub-networks inherit the configuration of the parent network. The Join/Expand Networks option is unique in that it allows the administrator to combine smaller networks into a bigger network without losing any of the configuration, including fixed addresses, dynamic ranges, etc. IPAM Extensible Attributes: IPAM Extensible Attributes take the anonymity out of IP networks by allowing organizations to describe in full detail their networks, zones and devices, and to search and display them based on a wide range of criteria. IPAM Extensible Attributes enables users to categorize and report on their networks and devices based on several criteria, e.g., geographical locations, owners, department, asset class, building, campus, manufacturer, type, etc. Administrators can define attributes on the fly and specify a data type (e.g., Date, E-Mail, Integer, Lookup list, String and URL) for the attribute. In addition, they can also specify if this is a required field and if there are any object type restrictions, e.g., if an attribute is valid only for network object types, etc. IP Address Status Viewer and Threshold Alerting: The viewer displays the number of static and dynamic IP addresses in use and the percent utilization. High and low watermark thresholds can be set for each network in an enterprise, and e-mail alerts and SNMP traps tied to these thresholds can be used to signal when ranges need to be increased or re-allocated. Network Templates: Templates enable automation and enforcement of corporate standards when new networks are provisioned. They include all parameters of a network, such as fixed addresses, dynamic IP address ranges and DHCP options. These templates allow a company to clone the same configuration when performing largescale provisioning tasks, such as branch and retail store roll-outs. Global Search: The Global Search functionality lets the user search the entire database of objects, including dynamic data such as DHCP leases and DDNS hosts, with results windows that allow objects to be edited or modified directly from the search results.

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

15

Trinzic DDI
DATASHEET

Recycle Bin: The Grid Manager places all administrative deletions in a Recycle Bin file that allows an administrator to recover the deletion in a few clicks. Recycle Bin is especially useful if an admin makes an inadvertent deletion of a large amount of data. Data Consistency Checking: The Infoblox Grid Manager software automatically performs multiple levels of data consistency and checking. With the host object, the administrator can keep DNS forward and reverse zone records in sync to avoid inconsistent zone data. IP addresses are checked dynamically as theyre entered, and administrators are alerted to errors and prevented from entering invalid data.

Trinzic IpAM for Microsoft

Trinzic IPAM for Microsoft enhances built-in Windows Server DNS and DHCP services with visual IP Address Management tools to improve IT staff efficiency and eliminate manual errors that lead to network denial of service or downtime. Trinzic IPAM for Microsoft offers:

Centrally manage Microsoft DNS and DHCP servers with Infoblox IPAM for easier administration

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

16

Trinzic DDI
DATASHEET

Agentless Technology: Trinzic IPAM for Microsoft does not require any agent software on clients or servers because it uses native Microsoft RPC APIs to interface to Microsoft DNS and DHCP services. The solution will automatically synchronize changes made by either Microsoft or Infoblox tool sets. Built-in Network Discovery: In Trinzic IPAM for Microsoft, both physical and virtual (VMware) resource discovery with visual mapping by subnet are built-in. Visual Analysis and Troubleshooting: Discovery data is used to identify unknown devices, IP conflicts, range overlaps, etc., and the results are available visually for ready troubleshooting insight. Centralized Control: An appliance-based Infoblox solution can independently manage Windows Server subnets through a single management platform or, alternatively, can connect to an Infoblox Grid to consolidate administration enterprise-wide for all internal and external DNS and DHCP services. The Infoblox management platform will also integrate with Microsoft System Center Operations Manager (SCOM) so that Infoblox appliances can be monitored from an SCOM console. Support for Microsoft Split-Scope: Split-Scope provides fault tolerance capabilities by splitting DHCP scopes between multiple DHCP servers. With a split-scope configuration, if one server becomes unavailable, the other server can take its place and continue to lease new IP addresses or renew existing clients. Splitting DHCP scopes also helps to balance server loads.

Infoblox grid
Infobloxs answer to keeping your network on at all times is the Infoblox Grid. The Infoblox Grid links a collection of appliances into a unified, centrally managed, core network services platform. At the Grids foundation is a distributed database with real-time data replication across all Infoblox member appliances. This essential infrastructure allows organizations to distribute, automate and consolidate critical information and services with assured data integrity, including: Protocols (DNS/DNSSEC, DHCP, LDAP, TFTP, FTP, HTTP, NTP, etc.) Data (IP addresses, MAC addresses, meta data, user credentials, audit logs, transaction logs, time, etc.) Files (appliance software, device firmware and configuration files, policies, etc.) System comprehensive array of system management, data distribution and system availability functions

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

17

Trinzic DDI
DATASHEET

Grid Master Candidate at Recovery Site Branch Office

Grid Master
External DNS Grid Member

Internal Member

Trinzic IPAM Insight Virtual Environment

Infoblox ensures network reliability through unique and patented high availability Grid technology

grid features and Benefits

Resilient Operation: Enterprises gain resiliency using individual or HA-paired appliances deployed across a LAN or WAN environment. The Infoblox Grid is resilient against the failure of individual appliances, continues to provide service in the face of a failure of a LAN or WAN link, and automatically re-synchronizes all units in an Infoblox Grid when a failed device is replaced or a LAN or WAN connection is restored. Unified Management: Devices and data in an Infoblox Grid can be managed as a single entity, without regard for where data actually resides. This virtualization of services to the Grid level rather than the individual appliance level dramatically reduces administrative overhead and greatly lowers the possibility of configuration errors. An Infoblox Grid can be completely managed remotely, from any location. Real-time, Secure, System-wide Data Updates: Unlike conventional systems that only propagate DNS and DHCP data on a scheduled basis, the Infoblox Grid synchronizes the databases across multiple appliances in real time in response to changes as devices are added, deleted or changed. Emerging applications, such as wireless networking and VoIP, can cause frequent changes to IP addressing and DNS data, and require that these changes be made available immediately across the network to ensure that applications continue to operate properly.

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

18

Trinzic DDI
DATASHEET

No Data Corruption, Errors, or Loss: Appliances exchange data in an Infoblox Grid using sophisticated distributed database technology with full transactional integrity. Data remain complete and correct in the face of WAN and device failures and under high loads. This data integrity is critical in todays dynamic network environments in which incorrect data can render applications unusable, create security breaches and violate compliance requirements. Simplified, Role-based Management of Network Devices, Data, and Services: With configuration and data entry for a collection of appliances from a single user interface, operations are streamlined. For example, a new DNS zone can be created, mapped to several appliances (as name servers) and configured with specific zone parameters all through a single dialog box. Rather than having to set up and administer each device individually and independently. This approach simplifies the initial configuration and the ongoing lifecycle management of a Grid of devices. Intelligent Auto-provisioning for Easy Pre-Staging and Auto-Recovery of Devices: Appliances can be pre-provisioned in the management system even if they are not physically present. Likewise, should an appliance in a Grid suffer a hardware failure, recovery is as fast as swapping in a replacement unit and configuring a few parameters (e.g., IP address). The necessary software, configuration information and network are loaded and services restarted automatically. Disaster Recovery and Grid Master Promotion: Any appliance or HA pair in a Grid can be designated as a Grid Master Candidate and, as such, will continuously receive a full replication of all data and configurations in the Grid Master. Should the Grid Master fail or become unreachable, an administrator can promote any Grid Master Candidate to be the Grid Master, which will then contact all member appliances, synchronize any data changes, and take over administrative control of the Grid using a single operation in minutes.

Multi-grid Management
Multi-Grid Management architecture is an optional technology that can be added on to the base Infoblox Grid that is an integral part of Trinzic DDI. With Multi-Grid Management, organizations can incorporate an even larger Grid deployment that supports thousands of hosts, centralized management of IPv4 and IPv6 networks, data partition by geography or departmental, as well as single sign-on and other advanced capabilities. Learn more at www.infoblox.com/grid The main benefits of the Multi-Grid Management technology are: Centralized management control across network subnets, zones, sites and countries/continents. Massive scalability and high performance High availability, disaster recovery and system integrity Partitioning of data, whether for security, regional, business line or multi-tenancy reasons
19

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

Trinzic DDI
DATASHEET

Global IPAM functionality for both IPv4 and IPv6 across multiple Grids Visualization of the IPv4 and IPv6 network space Single Sign On capabilities that allow an authenticated user to move transparently to sub-Grids for continued management without re-authenticating. User and Group management to provide granular level of access control and permission management Delegated Administration and Permission for making sure that only users assigned to specific groups with specific permissions can access a particular resources or view specific sub-Grids Advanced monitoring capabilities

Virtual Environment

Internal Grid Members Grid Master Multi-Grid Master Grid Master

Virtual Environment

Internal Grid Members Grid Master Internal Grid Members Multi-Grid Master Candidate

Master Grid
Virtual Environment
Multi-Grid Management enables flexible Grid deployments, higher performance and partitioning of data for security, regional, business or multi-tenancy reasons

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

20

Trinzic DDI
DATASHEET

Base services (hTTp, fTp, TfTp, nTp, and syslog ng proxy)

Infoblox Trinzic DDI provides a set of base services that are valuable in all distributed networks, including HTTP, FTP, TFTP, NTP and Syslog NG Proxy. For applications such as IP telephony, the value of these services alone can provide a fast return-on-investment for an Infoblox solution.

features and Benefits

Reliable Configuration Services via HTTP, FTP and TFTP: IP phones and other devices require periodic updates of their firmware and configuration files. The traditional way of supporting this requirement using standard file servers is difficult to secure, and requires extensive effort to ensure that all sites contain the right files. The Infoblox file distribution service provides a secure, reliable, manageable solution. For appliances deployed in an Infoblox Grid, firmware and configuration images are uploaded only once, and are then distributed automatically to all appliances in the Grid, saving time and ensuring that devices have access to critical files. The files can then be delivered to the local devices using HTTP, FTP or TFTP. Time Synchronization Services via Network Time Protocol: Providing accurate time service to devices on a network is not just a convenience to the user, but is critical for security and logging services. The Infoblox NTP service supports NTP authentication for environments that need to verify that network time is being supplied by a trusted source. Consolidated, Reliable Logging via Syslog NG Proxy: Syslog NG proxy allows multiple devices to send logging messages to an Infoblox appliance, which will then forward the messages to a central logging server. This functionality simplifies the configuration of logging services for network devices, such as firewalls, switches, routers and wireless access points. The centralized logging server and intervening firewalls and routers with access control lists can be configured once to accept logging messages from the Infoblox appliance, and the individual networking devices can be configured to send logging messages to the Infoblox appliance.

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012

21

Trinzic DDI
DATASHEET

DNS Technical Specifications

Rfcs supported 1034 and 1035 Dynamic update, RFC 2136 Incremental zone transfer, RFC 1995 Notication of zone changes, RFC 1996 Secret key transaction authentication (TSIG), RFC 2845 Classless IN-ADDR.ARPA delegation, RFC 2317 BIND 9.8.0 DNS64 DNSSEC Secure dynamic DNS updates using TSIG Conditional forwarding Microsoft Active Directory support Infoblox Views IP-address-based access lists on queries, zone transfers, and dynamic updates Zone import tools Customizable TTL settings

Gold Systems Management

protocol engine Additional capabilities

DHCP Technical Specifications

Rfcs supported RFCs 3046, 2131 and 1531 BOOTP, RFCs 1534, 2132 and 4388 (Leasequery) DHCP 4.2.2 VLSM (Variable Length Subnet Mask) support CIDR (Classless Inter-Domain Routing) support Multiple subnets per segment (supernetting) Static leases based on MAC address (manual allocation) MAC-address-based ltering Address availability checking before assignment IPv6 prefix delegation DHCP IPv6 DHCP relay agent/Option 82 support DHCP Vendor Class Identifier/Option 60 support Secure DHCP-DNS integration updates DNS when leases are issued Advanced DHCP Options Editor Windows, Unix, and Mac OS compatibility External syslog server supports

protocol engine Additional capabilities

Infoblox Product Warranty and Services

The standard hardware warranty is for a period of one year. The system software has a 90-day warranty that will meet published specifications. Optional service products are also available that extend the hardware and software warranty. These products are recommended to ensure the appliance is kept updated with the latest software enhancements and to ensure the security and availability of the system. Professional services and training courses are also available from Infoblox. Information in this document is subject to change without notice. Infoblox Inc. assumes no responsibility for errors that appear in this document. corporate headquarters: +1.408.625.4200 1.866.463.6256 (toll-free, U.s. and canada) info@infoblox.com www.infoblox.com 22

2012 Infoblox Inc. All Rights Reserved. Infoblox-datasheet-trinzic-ddi-march-2012