DDI Security

Diamond IP offers a rich set of DDI security features and capabilities to enable you to secure your DDI infrastructure within a centralized, holistic IP address management solution. For one, our virtual and hardware Sapphire appliances are built from scratch to mitigate operating system, server, or poisoning attacks. In addition, we build our proprietary operating system based on a non-commercial Linux distribution built from scratch in a secure environment with a non-modular kernel, uninterruptible boot, and protections against networking attacks such as spoofing, route and ICMP redirections, and more. The file system includes only necessary binaries which run in a sterile jailed environment and have non-privileged attributes.

Sapphire DNS appliances support standard DNS query logging to log collectors or full DNS query and response capture with transmission to our Sapphire A30 IPAM Auditor appliance. Sapphire DHCP appliances support multiple resiliency features including hardware clustering (TwinMirror), split scope and DHCP failover server deployments. Sapphire DHCP and DNS appliances also support SNMP MIBs and traps to view and report address pool capacity exhaustion, DNS firewall hits, DNSSEC validation failures, all alerting administrators to a possible threat or to supplement address capacity.

IPControl software or Sapphire Executive (EX) appliances provide centralized configuration, monitoring and management of deployed Sapphire DNS and DHCP appliances. IPControl provides a web graphical user interface (GUI) to configure all Sapphire, ISC, CNR or Microsoft DHCP and DHCPv6 attributes on all deployed DHCP servers, including pools, shared subnets, manual DHCP (“reservations”), options, polices, client classes and more. IPControl provides threshold and alert definitions to enable administrators to be notified in advance of address pool exhaustion.

Our prediction models facilitate planning and can dictate urgency for proactive actions. Beyond notification, alert conditions can trigger automated actions, such as provisioning of additional address space for added capacity. And IPControl supports centralized staging and distribution of updates and patches to deployed Sapphire appliances. IPControl’s Appliance Dashboard provides a centralized summary of each deployed appliance’s service status and enables drill-down for appliance level configuration and diagnostics.