IPAM: PREVENTING NETWORK DOWNTIME. Whitepaper

IPAM: PREVENTING NETWORK DOWNTIME Whitepaper

ii BlueCat Networks Use of this document Copyright This document and all information (in text, Graphical User Interface ( GUI ), video and audio forms), images, icons, software, design, applications, calculators, models, projections and other elements available on or through this document are the property of BlueCat Networks or its suppliers, and are protected by Canadian and international copyright, trademark, and other laws. Your use of this document does not transfer to you any ownership or other rights or its content. You acknowledge and understand that BlueCat Networks retains all rights not expressly granted. Persons who receive this document agree that all information contained herein is exclusively the intellectual property of BlueCat Networks and will not reproduce, recreate, or other use material herein, unless you have received expressed written consent from BlueCat Networks. Copyright 2010, BlueCat Networks Inc. All rights reserved worldwide. Publisher Information Published in Canada No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any human or computer language in any form or by any means without the express written permission of: BlueCat Networks Inc. 4101 Yonge Street, Suite 502 Toronto, Ontario Canada M2P 1N6 Attention: Product Manager Telephone: 416-646-8400 Fax: 416-225-4728 E-mail: info@bluecatnetworks.com Website: www.bluecatnetworks.com This publication is provided as is without warranty of any kind, express or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. All terms mentioned in this publication that are known to be trademarks or service marks are appropriately capitalized. BlueCat Networks cannot attest to the accuracy of this information. Use of a term in this publication should not be regarded as affecting the validity of any trademark or service mark. The trademarks, service marks and logos (the Trademarks ) displayed are registered and unregistered Trademarks of BlueCat Networks, Inc. and others. Users are not permitted to use these Trademarks for any purpose without the prior written consent of BlueCat Networks or the third party owning the Trademark. No Professional Advice This document is for convenience and informational purposes only. This document is not intended to be a comprehensive or detailed statement concerning the matters addressed; advice or recommendations, whether scientific or engineering in nature or otherwise; or an offer to sell or buy any product or service. BlueCat Networks does not warrant or make any representations regarding the use, validity, accuracy, or reliability of, or the results of the use of, this website or any materials on this document or any website referenced herein. This document is intended solely for the use of the recipient. It does not institute a complete offering and is not to be reproduced or distributed to any other person.

IP Address Management (IPAM) - Preventing Network Downtime iii Executive Summary A wide range of business-critical applications e-mail, web services, ERP, MRP, CRM and VoIP telephony rely on IP networks and the core network services DNS and DHCP. DHCP s primary function is the consistent, timely delivery of IP addresses to growing numbers of networked-attached devices. Once an IP-enabled device obtains an address, it must connect to a myriad of other network entities. DNS facilitates these connections by translating network destinations in the form of www.example. com into useable, numeric IP address. Clearly, reliable DNS and DHCP services are essential to dependable network operations. These services must be continuously available to ensure business applications remain on line. A simple e-mail generates many transactions to ensure that an e-mail is sent and received. Disruption to DNS / DHCP can result from hardware failures, software flaws, natural disasters and human error. BlueCat Networks Adonis DNS / DHCP appliances provide a number a failsafe technologies to ensure service availability: Redundant hardware components Crossover High Availability (XHA) for system redundancy with failover DHCP Failover for topologies in which XHA isn t a good fit Separation of Services to ensure a failure of one appliance or service does not directly sabotage another Proteus is BlueCat s advanced IP Address Management (IPAM) platform. It provides additional integrated measures that prevent outages caused by system failures, configuration errors and flawed data. Proteus Clustering with Replication allows two physically separate Proteus appliances to maintain identical copies of IPAM data. Data replication ensures one unit can failover to the other without loss of service. Proteus automates remote database backups. Restore Utilities allow blank-slate appliances to be loaded with the most current backup in minutes. Several mechanisms ensure the integrity of the data pushed out to DNS and DHCP servers. Data Checker routinely checks IPAM data, and DNS and DHCP configuration information for inconsistencies and faulty logic. Data Entry Validation automatically verifies data entry to significantly reduce syntax and logical errors within the system. Proteus Workflow allows administrators to build and stage IP address configurations and DNS / DHCP information in a sandbox, and analyze them thoroughly prior to deployment.

iv BlueCat Networks The following table shows BlueCat s failsafe technologies and the familiar sources of service outage they help prevent. It also highlights those safety measures that affect the time to recovery from failure scenarios. To summarize: Adonis and Proteus appliances offer a number of safeguards that collectively provide availability for DNS, DHCP and IPAM services. These measures contribute significantly to business continuity and disaster recovery initiatives. Causes of Network Outage Hardware Failures Software Flaws Natural Disasters Human Errors Time to Recovery Hardware Redundancy Proteus Clustering Adonis Crossover High Availability Bluecat Failsafe Technologies DHCP Failover Separation of Services Database Backup/Restoration Data Checker Data Entry Validation Proteus Workflow Data Restoration (Undo)

IP Address Management (IPAM) - Preventing Network Downtime v Contents Executive Summary... iii Introduction...1 Causes of Network Outages...1 Hardware Failures...1 Software Flaws...2 Natural Disasters...2 Human Errors...2 Disaster Planning - Time to Recovery...2 BlueCat s Failsafe Technologies Addresses Business Continuity... 3 Appliance Hardware Redundancy...3 Proteus Clustering with Data Replication...3 Adonis Crossover High Availability...3 DHCP Failover...4 Separation of Services...4 Database Backup / Restoration...5 Data Checker...5 Data Entry Validation...5 Data Restore...5 Proteus Workflow...6

1 BlueCat Networks Introduction Next to TCP/IP connectivity, DNS, DHCP and IPAM are the most critical components of an IP network. While TCP/IP provides basic connectivity, DNS, DHCP and IPAM services link applications to applications, applications to services, and applications to users so that work is carried out. With the majority of IP-enabled devices configured through the DHCP, this service is critical for reliable network operations. DHCP must be ever-present on the network, enabling IP devices to obtain viable addresses for their own use, address co-ordinates of available DNS servers, and other critical configuration information. A DHCP failure can prevent large numbers of devices from obtaining or renewing IP addresses. This translates to lost connectivity and lost productivity when business applications are not accessible. Often an IP-enabled device obtains an address, it must be able to consistently and quickly resolve host names into useful numeric addresses to carry out normal network connectivity. DNS provides a mechanism to turn familiar network destinations (e.g. www. example.com) into the complex, numerical addresses used by IP networks. Most IP devices are intensive DNS clients, requiring address resolution to execute almost every task. Because DNS is essential to network connectivity, outages have the same effect as DHCP failures the network is down and applications are offline. For example: Without real-time DNS resolutions networks services like e-mail cease to function due to an irresolvable failure to look up the e-mail server through which or to which e-mail must flow; Web services, internet, intranet, and extranet communication no longer functions and users are left abandoned; Other services such as SCM, ERP, CRM, that rely on DNS to resolve host names and connect to them fail to function. As a hierarchical system, DNS has some built-in redundancy but there is certainly room for improvement. DNS is prone to outages or latency caused by a failed server. For example, DNS queries can timeout before moving on. For example, take a typical office scenario: DHCP has been configured to offer DHCP clients two DNS servers to use (dns1.example.com and dns2.example.com). A PC boots up on the network and is allocated an IP address through DHCP. Then, the user enters an address in their web browser. The PC attempts to connect to one of the DHCP specified DNS servers in order to lookup the DNS information for the website entered in order to resole the web name entered. If the PC chooses dns1. example.com and that server is unresponsive, the PC has to wait for a timeout period before it moves on to the next DNS server in sequence on its list - dns2.example.com. This timeout period before trying the next DNS server translates to lag on the PC. While it is sometimes brief, it is most often interpreted as an outage because the transaction was not instantaneous as most people expect. DNS timeouts result in a perceived disruption in network connectivity. A network may be configured with multiple DNS servers to use Master/Slave or otherwise, timeouts between hitting an unresponsive server and a responsive server are always noticeable, and often unacceptable. Complicate this simple situation with a DNS intensive process such as an email RBL (Realtime Black List) and the issue quickly compounds into a serious degradation of services. With the seemingly endless number of IP devices, sub networks, DNS zones and related information, data management in large IP networks is an ever-increasing challenge. IPAM is the overarching mechanism that allows organizations to easily manage this immense volume of data. IPAM solutions provide utilities to model, deploy, manage and maintain distributed IP addresses to improving network reliability and increasing efficiency in network administration. BlueCat Networks offers industry-leading solutions for DNS / DHCP and IPAM. Fully scalable and secure, the Adonis family of purposebuilt DNS / DHCP appliances allows administrators to manage multiple DNS and DHCP configurations from a single management console. BlueCat s Proteus IPAM appliance provides sophisticated tools to rapidly reorganize IP networks, streamline configuration changes and forecast changing IP address requirements. It offers consolidated management of all DNS and DHCP activity from one platform. All DNS information, DHCP configurations, host records, reverse address space, master / slave relationships, audit trails and event logs are maintained in Proteus IPAM database. Proteus and Adonis work together such that changes in the DNS and DHCP environments are reflected in the IPAM data and vice versa. This paper outlines the failsafe technologies that BlueCat Networks has incorporated into Proteus and Adonis to protect against wide variety potential failure conditions. Causes of Network Outages A number of factors can cause outages to DNS, DHCP and IPAM services. This section describes some of them. Hardware Failures Communications hardware comprises many small interconnected components that will fail from time to time. Localized failures such as inoperative network interface cards, failed hard disks and malfunctioning power supplies are common. In designing resilient hardware, the objective is to strike the right balance between component redundancy and cost. It is possible to design-in redundancy for every component, but it is

IP Address Management (IPAM) - Preventing Network Downtime 2 not economically feasible to do so, nor it is always desirable from a functionality perspective. By building redundancy for the most likely points of failure, the overall resiliency of hardware devices can be improved significantly. Appliance clustering and failover also combat the likelihood of hardware failure and related outages. These mechanisms allow a failed system and the services it delivers to be replaced automatically by an identical system in standby mode. It is important to remember that hardware is only as robust as the weakest link in the communications path. For example, a DHCP server may have all kinds of hardware redundancy built-in, but if a router between the server and its clients fails, the service is unavailable. Software Flaws In spite of vendors best efforts to develop quality software, defects including infinite loops, race conditions and buffer overflows can adversely affect service availability and lead to an outage. As a general rule, software complexity increases the likelihood of undetected problems making their way into the field. Like hardware failures, software flaws are not restricted to the server software providing the service. Devices situated between a server and its clients are vulnerable to software defects. Routing protocol blips, incorrect traffic identification by IDS, and crashing operating systems within the communications path can lead to service outages. Natural Disasters Labor strikes, shortages, riots, insurrections, earthquakes, fires, floods, storms, explosions, terrorism, acts of war all fall into the broad category of natural disasters. Beyond the reasonable control of most individuals and organizations, these events can have catastrophic effects all operations, including the provisioning of network services. Recently, organizations of all types have put greater emphasis on risk assessment and management, including business continuity initiatives and disaster recovery plans. Human Errors Given the complexity of DNS, DHCP and IPAM technologies, it s easy to see that without proper safeguards, human errors can manifest themselves in service disruptions. Even the most knowledgeable and diligent administrators have transcribed IP addresses incorrectly or misspelled host names. Further, who among us has not made a misinformed decision due to inexperience or a misunderstanding of a complex scenario or simply not having all of the information available before a decision is rendered? Disaster Planning - Time to Recovery Identifying the issues that can lead to network failure is the first step in developing a disaster recovery plan. A second step often involves setting objectives for time to recovery. Two common objective measures are Mean Time to Recovery (MTTR) - the average time that a system or device will take to recover from any failure, and Maximum Time to Recovery - the maximum length of time before network operations must be restored. These measures usually depend on the anticipated likelihood of failure and related consequences for the organization. The Time to Recovery objectives are useful in designing disaster recovery procedures. For example, when a plan is designed to address DNS / DHCP outages, how quickly and efficiently can it be implemented? If a Master DNS server experiences a massive hardware failure, do the procedures for resolving the failure meet MTTR goals? Offsite backups are an excellent failsafe measure, but time for retrieval may be inappropriate for many failure scenarios. For this reason, they are often reserved as the means of last resort. BlueCat s Failsafe Technologies Addresses Business Continuity BlueCat Networks has incorporated a number of failsafe technologies into its Proteus and Adonis appliances to ensure the availability of DNS, DHCP and IPAM services. BlueCat s designing includes a number of objectives: Assist enterprises and organizations in protecting themselves against potential causes of network outages Aid in developing or further complimenting existing business continuity network management programs Provide continued delivery of essential core network services Protect critical infrastructure and assets necessary to sustain business continuity BlueCat s failsafe technologies are an integral part of the design, creation and development of both our Proteus and Adonis product lines. Our solutions are purpose built to include a methodology centric to planning, developing, implementing and monitoring business continuity and recovery activities, as they relate to DNS, DHCP and IPAM.

3 BlueCat Networks Appliance Hardware Redundancy The components in networking equipment that are most susceptible to hardware failure are power supplies and hard disk drives. Both Proteus platforms (2150 and 5000) provide redundant, hot swappable power supplies and hotswappable RAID 1 disk arrays to help keep IPAM data safe. Redundant, hot swappable power supplies and RAID 1 Arrays are also available in the Adonis 1750R DNS / DHCP appliance. One of the main defenses in mitigating the risk of interrupted networks services and protecting against potential network outages is the building of redundancy within the manufacturing of network appliances. In identifying critical failure points related to network appliances, hard drives and power supplies are two sources that can easily be addressed. By introducing hot swappable power supplies and RAID arrays, business continuity goals are achieved cost effectively in ensuring the network appliance stays operable. Proteus Clustering with Data Replication Proteus appliances can be deployed in two-unit clusters, with data replication between the systems in the cluster. Administrators can access either system to make configuration changes and updates. Any change made to one unit is automatically copied to the other. Administration of DNS, DHCP and IPAM services can be performed from either or both appliances. Data replication keeps both Proteus units synchronized and ensures that either unit can substitute for the other. Should one Proteus unit fail, its partner unit can assume functioning for both, thus ensuring service availability. These systems can reside at different physical locations, providing greater protection against catastrophic failures. The integration of data replication into any business continuity regime can be tied to an increased Return on Investment. In protecting against the event of an outage, accessing critical network data is imperative to guarding against the failed DNS look ups, and inability to allocate or manage IP addresses. To ensure maximum business continuity, real-time redundant data replication is employed. Redundant data sources are synchronized in real-time results, ensuring easy manageability of potential network outages, while maintaining a high level of business continuity. Adonis Crossover High Availability BlueCat Adonis DNS / DHCP appliances use Crossover High Availability (xha) to safeguard the availability of services. Crossover High Availability configures two Adonis appliances in an active-passive cluster. The appliances are connected through a Linux heartbeat monitor that enables the passive appliance to continuously check the active unit for new DNS / DHCP information. New information in the active unit is automatically replicated to its passive partner, to ensure both remain synchronized. The heartbeat monitor also detects errors or problems within the active unit and detects the potential lack of service availability. If the active unit should fail, control is transferred to the passive unit and it assumes the active role. When the original active unit is restored, it takes on the passive role, and is constantly updated by the new active partner. Replicated information includes all DNS data, from NS records to DDNS information, and DHCP lease files. Maintaining common DHCP lease information means clients do not have to obtain new IP addresses or DHCP configuration options in the event of a failover. Because both Adonis appliances are synchronized, failover is automatic. Automatic failover ensures customers do not experience a disruption in DNS / DHCP services in the event of a hardware or software malfunction. 1 RAID (Redundant Array of Independent Disks) is a technology that employs the simultaneous use of two or more hard disk drives to achieve greater levels of reliability, performance and/or larger data volumes. In formulating your business continuity program, you should use individualistic approaches in ensuring that your networks are always available and always accessible. Crossover High Availability

IP Address Management (IPAM) - Preventing Network Downtime 4 (xha) assists in mitigating the technological operational risks, and minimizes or eliminates the potential effect of disruptions. It gauges the enterprise s ability to comply with IT corporate governance applicable to business continuity and disaster recovery. By actively implementing synchronized DNS rack mounted appliances, managed DNS and DHCP core services allow you to secure your infrastructure from network outages. You will protect the network data associated with DNS and DHCP, and align your availability and business continuity objectives to your business requirements. As shown in the following figure, the two clustered appliances share an IP address that clients use for inquiries. The shared address is often referred to as a virtual IP address. The (then current) active unit uses the virtual address to serve DNS and DHCP information to clients. DHCP Failover Much like xha, DHCP Failover provides redundancy, but only for DHCP services. DHCP Failover establishes two DHCP servers Adonis appliances in this case as active-active peers. It allows for the two peers to communicate with each other for the purposes of maintaining a common pool of IP address leases and assessing each other s state. If one appliance fails, its peer can readily continue in its place. The benefits of DHCP Failover include both redundancy and load balancing of IP lease requests. Because both peers maintain common information (for example, how many addresses each has leased, how many leases each has free) failover and load sharing are transparent to DHCP clients. Failover peers need not be located on the same subnet. This provides great flexibility when locating DHCP servers. In fact, clustered servers are commonly placed on opposite sides of a WAN link, providing distributed services with full capability. Mitigating all risk to the provisioning of DHCP network services is the objective of the above strategy. When it comes to human error, DHCP greatly reduces the risks associated with misconfiguring internal static hosts. It is a pivotal service used to deliver mobility and next generation applications such as VoIP and wireless communication. IPAM allows organizations to improve the availability of network applications (logical services) by eliminating network conflicts and outages. IPAM systems track critical assets and ensure network security through enhanced end-user visibility. Business continuity must deal with the human element in failed processes and erroneous data entry. However, in this case business continuity is greatly enhanced as a complementary strategy to the redundancy built into the appliance hardware. Aside from possessing hot, swappable power supplies and hard drives, should an appliance happen to fail, DHCP failover assists by ensuring that DHCP network services will still be provisioned through the activeactive peer. Separation of Services Separation of Services (SoS) is the practice of separating critical applications and network services across multiple platforms in different geographical locations. Analogous to not putting all your eggs in one basket, SoS helps prevent network topologies with single points of failure. Proteus and Adonis appliances give administrators great flexibility when designing SoS into their network architectures. Proteus allows network architects to easily separate different services across different Adonis appliances. For example, DNS can be offered on one appliance, DHCP on another, and both managed from Proteus. Alternatively, both DNS and DHCP could be configured on one system, while the second is a slave to the DNS and a failover peer for the DHCP. The systems reside in different physical locations or subnets. When crossover pairs are included in the architecture, the possible scenarios expand quickly. Active DHCP Service Passive DHCP Service Shared Address The important point is that SoS strategically planned deployment of DNS and DHCP service across multiple Adonis appliances complements redundancy by providing greater resiliency in the event of failure. Managing SoS and redundancy with Proteus is a straightforward exercise. Paramount to the success of good business continuity or a disaster recovery solution is the separation of the management and services layer within IP network framework. Pinpointing and isolating the network outage is critical, however ensuring network accessibility and availability is the objective and can be maximized through this approach. If a DNS service is down, DHCP services can still keep your network up and running until the DNS problem is resolved. When dealing with this issue Time to Recovery is the critical factor. This separation of services is key to BlueCat s disaster recovery solution. Because all configuration data is stored in Proteus, the solution is resilient to a service layer failure. Should a DNS/DHCP server go down, the configuration data is not lost because it is stored within

5 BlueCat Networks Proteus IPAM Intelligence appliance, separate from the actual servers. To recover from a disaster, simply add a new server to Proteus. Proteus can then immediately deploy all configuration data to the replacement server. This takes only a few minutes and allows DNS and DHCP services to be easily recovered in the event of an outage. This adds a tertiary layer of fault tolerance in addition to appliance hardware redundancy and xha. Conversely, if a Proteus system should fail, the services layer is unaffected. BlueCat has designed the solution so that services can run headless in the unlikely event of a Proteus outage. Services continue as normal, handing out DHCP addresses and registering DNS requests. To recover a Proteus involves restoring a configuration backup to a new or reinitialized unit. To facilitate this process, Proteus includes an automated backup feature described in the next section. Database Backup / Restoration In a typical deployment, the Proteus database is entrusted with a large volume of important IPAM data. While Proteus clustering feature provides data redundancy, it may not be provide sufficient safeguards against a truly catastrophic event. For this reason, Proteus also offers complete database backup and restoration capabilities. Backups can be manually initiated or automated, based on predefined schedules. Best practices dictate that backups be maintained off site, and far removed from the primary database. Proteus backups can easily be directed to remote servers. In the event of a catastrophic failure or a simple hardware repair, database backups can be restored to spare Proteus hardware with minimal data loss and effort. The best of disaster recovery planning must maximize the value of business continuity. By allowing for database backup / restoration, factors typically inherent with network failures are minimized. Issues of hardware failures, software flaws, natural disasters and human error are minimized in the time necessary to recover from a network outage. In complying with IT corporate governance and/ or with Federal, State, local or Industry regulations, some organizations must be able to safekeep the network database separate from all network appliances and online /offline applications. For maximum availability, and in the mitigation of risk, Proteus clustering with data replication offers another failsafe complementary benefit to business network resiliency. Data Checker Proteus provides multiple levels of error checking to ensure data integrity within the system. Data Checker is an optional Proteus utility that runs in the background, periodically checking IPAM data, and DNS and DHCP configuration information for inconsistencies and faulty logic. These inconsistencies may be introduced when data is entered manually, through a migration engine or through an Application Programming Interface. Data Checker flags errors according to their potential severity critical, warning, and information. It also provides tools to easily navigate to the source of any error. Data Checker traps errors related to every facet of a DNS / DHCP configuration, including CNAME record looping, DHCP lease time, SOA values, MX record issues, reserved address space, zones missing master deployment roles, and more. The utility also examines the configuration and compares it against best practices to reveal instances where settings might not be ideal. When Data Checker detects a questionable setting, it is automatically analyzed to determine the effect it might have on the system. A setting that results in an error state is flagged and deployment is suspended until an administrator can resolve the issue. In eliminating the human factor contributing to network failure, the functionality of a data checker is invaluable. Considering this as one point of failure that could lead to network unavailability or inaccessibility, the minimization of anytime of human error is favourable contributing to a first line of defense in any business continuity planning. Data Entry Validation Proteus Data Entry Validation routine verifies data entry for syntax and logical errors. It significantly reduces bad data in the system. The routine is used for virtually every user interface within Proteus. For example, if an administrator attempted to add host www!. example.com (instead of www1.example.com ) the error message Invalid fully qualified domain name would be returned. Invalid IP addresses such as 1234.1.1.1. are also flagged. As with the Data Checker, the removal of the human error in any process or procedure is a desirable state in any business continuity planning or disaster recovery strategy. Data Restore Data Restore allows administrators to undo deletions. When an administrator deletes an item (host record, DNS zone, IP address), it is transferred to a holding area within Proteus. The administrator can easily recover deleted items from the holding area and return them to the current configuration. Data Restore can save administrators considerable time and effort when recovering from errors. Similar to a recycle bin, Proteus Data Restoration enables administrators to selectively restore deleted configuration data. For example, if an administrator deletes a DNS zone, only to find out that it is still in use, the zone, along with its host records and settings can be restored easily. Data Restoration provides a much-

IP Address Management (IPAM) - Preventing Network Downtime 6 needed safety net, ensuring organizations can recover from errors. In this unique situation, many organizations find the functionality of being able undo deletions to networks data is extremely desirable, not only in the maintenance of an IP network from a productivity stand point, but also from a risk aversion perspective. Proteus Workflow DNS, DHCP and IPAM administration is often a shared responsibility between junior and senior network administrators. To distribute the administrative workload, senior administrators can assign access rights for the Proteus management console to junior administrators. Because these individuals may lack experience, senior administrators can restrict what junior staff can see and do. For example, administrative privileges could be assigned as follows: Inexperienced, junior administrators may only review IPAM data. Others juniors may queue up (but not implement) recommended configuration changes. More experienced staff members may modify IPAM data. Senior administrators may make modifications and implement change recommendations put forth by junior administrators. Senior administrators can also mask sections of the Proteus system and specific objects from junior staff. With these restrictions, authorized junior administrators can navigate only the IPAM data and portions of the system to which they have access rights. They are able to make changes to the network infrastructure, but only within the boundaries of their privileges. Workflow policies can be granular, with access restrictions assigned to objects such as DNS zones, resource records, networks and IP addresses. Proteus Workflow allows for delegation of work items; its combination of restricted access and management oversight helps reinforce the system against errors. Most organizations employee a team of administrators to manage their IP networks. These teams typically comprise both junior and senior staff. Proteus Workflow enables senior administrators to delegate day-to-day configuration changes adding a DNS host, reserving a DHCP address, provisioning a new subnet to junior administrators without surrendering change control. Proteus Workflow notifies senior administrators when a junior staff member requests a configuration change. The senior administrator must approve the change before it is implemented. Senior approval helps safeguard against administrative mistakes made by inexperienced staff.

About BlueCat Networks Founded in 2001, BlueCat Networks the IPAM Intelligence Company is a leader in providing enterprise-class IP Address Management (IPAM) platforms and secure DNS/DHCP network appliances. BlueCat services an account base of over 1000 accounts with thousands of units sold worldwide. Our award-winning Proteus TM IPAM platforms and Adonis TM family of DNS/ DHCP appliances has successfully garnered end-user acceptance by meeting the rising IP management demands of healthcare, government, financial services, education, retail, and manufacturing organizations. BlueCat Networks, a worldwide market leader in IPAM innovation and thought leadership, is benchmarking IPAM excellence in the networking industry. BlueCat Networks experiences overwhelming marketplace acceptance of its networking solutions, resulting in high double digit growth, year over year, since the company s inception. BlueCat Networks is headquartered in Toronto, Ontario, Canada with offices in the United States, Europe and the Asia Pacific region. It sells networking appliances and services worldwide through direct and indirect sales channels in over 32 countries. To Learn More For more information on BlueCat Networks, and our award winning Proteus IPAM solutions, please visit our website at www.bluecatnetworks.com or call us at 1-866-895-6931. North American Corporate/R&D Headquarters: 502-4101 Yonge Street Toronto, ON M2P 1N6 Phone: +1.416.646.8400 Fax: +1.416.225.4728 Toll Free: +1.866.895.6931 EMEA Head Office: United Kingdom BlueCat Networks Europe Merlin House Brunel Road Theale Berkshire RG7 4AB Phone: +44.118.902.6680 Fax: +44.118.902.6401 Germany BlueCat Networks (Zentraleuropa) Altrottstrasse 31 D-69190 Walldorf, Germany Telephone: +49.6227.38489.10 Fax: +49.6227.38489.18 www.bluecatnetworks.com US Offices: Reston, VA 1818 Library Street Suite 500 Reston, VA 20190 Phone: +1.703.956.3551 Atlanta, GA 12600 Deerfield Parkway Suite 100 Alpharetta, GA 30004 Phone: +1.678.566.3810 2010. BlueCat Networks, the BlueCat Networks logo, the Proteus logo, IPAM Appliance, the Adonis logo, Adonis are trademarks of BlueCat Networks, Inc. Microsoft, Windows, and Active Directory are registered trademarks of Microsoft Corporation. Any product photos shown are for reference only and are subject to change without notice. All other product and company names are trademarks or registered trademarks of their respective holders. Printed in Canada.