BT Diamond IP 600w

BT Diamond IP Sapphire Appliance Range

As well as a software only solution, where you can install BT Diamond IP products on your own commodity server hardware, BT Diamond IP also offers a range of appliances to suit your requirements, as detailed below.

Sapphire x-series appliances

Sapphire x-Series appliances provide a reliable, secure, appliance-based solution for deployment and management of DNS and DHCP services across local or remote locations. Each Sapphire x-Series appliance is pre-installed with IPControl DNS and DHCP software and runs on a proprietary hardened Linux operating system. The Sapphire x5 and Sapphire x10 provide local or distributed DNS/DHCP services on a secure 1U appliance platform. The Sapphire x20 offers data centre-quality performance, redundancy and management thanks to its 2U platform with redundant power and drives. It is ideal for high-capacity, high-traffic network environments that require maximum availability of mission-critical DNS/DHCP services.

On all Sapphire appliance hardware products, BT Diamond IP offers an Integrated Platform Management Interface (IPMI). The Sapphire x10 and X20 support an optional fibre interface which enables connection to 1000-Base-SX switches or routers. Deploying Sapphire x-Series appliances in your environment can enhance your management of DNS and DHCP through centralised control, visibility and security over all of your DNS and DHCP services, regardless of vendor or location.

Sapphire DNS/DHCP appliance feature highlights
  • Centralised configuration and management with full support of the extensive IPControl feature set
  • RFC-compliant DNS and DHCP servers
  • Hardened Linux OS and kernel for secure configuration to minimise security vulnerabilities
  • Simple and secure deployment process
  • TwinMirror hardware clustering supports a high-availability configuration to provide an additional level of DNS/DHCP server reliability
  • Centralised OS and DNS/DHCP software updates via the EasyUpdate feature to perform upgrades and patches via the centralised IPControl user interface
Sapphire Sx-series appliances

DNS Security Extensions (DNSSEC) enable DNS zone administrators to digitally sign zone (resource record) information so users resolving your DNS information can be assured of its authenticity. DNSSEC utilises asymmetric cryptography, also known as public key cryptography, which utilises digital signatures to secure DNS resolutions. Digital signatures provide a means for the recipient of a given set of data to verify the integrity of that data and to authenticate the origin of the data; i.e., to confirm that it was actually sent by the claimed data sender. In the context of DNS, this assures the resolver that the zone publisher indeed published the resolved data and that it was not modified en route from the server.

Deployment and ongoing management of DNSSEC configuration offers enhanced security against cache poisoning type attacks, though the administrative effort required is not trivial. The management of multiple keys per signed zone, key rollover, signature expirations, and configuration of servers to utilise DNSSEC can be intimidating. The Sapphire Sx20 DNSSEC appliance from BT Diamond IP can help simplify these tasks through menu-driven parameter entry of policies to automate many of these functions.

DNSSEC Automation

The Sapphire Sx20 supports a dedicated DNSSEC administrator login to configure DNSSEC key and signature policies, including key types, algorithms, lengths, and rollover as well as key generation and lifetime management as well as signature expiration times. This logical functional separation provides a security policy interface differentiated from the IPAM and appliance administration interface for organisations that prefer the “security team” to administer all security policies including DNSSEC.

The Sapphire Sx20 also automatically links parent zone Delegation Signer (DS) records to simplify key rollover for managed zones. The Sapphire Sx20 also supports the PKCS#11 crypto API to enable secure storage of private keys on an optional hardware security module (HSM) appliance such as the Keyper appliance from Ultra Electronics.

The Sapphire Sx20 DNSSEC appliance is typically deployed as a hidden master for your signed zones. Sapphire x5, x10 or x20 appliances or even stock BIND servers running on your hardware can be used as secondaries or slaves of the Sx20 to provide signed resolutions to queriers seeking to resolve your DNS zone information. The IPControl system enables you to manage all signed and unsigned zones and deploy configurations to respective Sapphire or BIND DNS servers.

IPAM Integration

Deploying IPControl’s Sapphire Sx20 appliances within your environment will simplify DNSSEC management through automation and integration with your overall DNS domain plan, typically consisting of signed and unsigned zones. Deployment with the innovative IPControl system enables you to manage signed zone policies with the Sx20, and configure your caching recursive servers for DNSSEC validation as well. You can also manage all BIND options to configure all allow options (e.g., allow-query, allow-query-cache, etc.), address match lists (ACLs), TSIG keys and more for added security. The Sapphire Sx20 and all Sapphire appliances also support port level ACLs as well as DNS anycast.

Each Sapphire Sx20 appliance is purpose-built with a hardened Linux kernel to help secure your network from risk of intrusion on a 2U platform offering data centre-quality security, performance, redundancy and management. The Sapphire Sx20 supports an IPMI interface, providing a lights-out management interface for remote power control and monitoring of key hardware metrics including voltage, temperature and more.

Sapphire Sx20 DNSSEC appliances offer centralised configuration and management with full support of the extensive IPControl feature set, including:

  • Set and forget automated DNSSEC key management and zone signing policies
  • Hardened proprietary Linux operating system (OS) and kernel and secure application configuration to minimize security vulnerabilities
  • Manage DNSSEC with the context of overall IP address space and domain name space plans
  • Simple and secure deployment process
  • Sx20 platform features redundant CPUs, hard drives (RAID-5), power supplies as well as IPMI standard
Sapphire V-series appliances for VMware

Sapphire appliances from the BT Diamond IP product suite simplify deployment and consolidate monitoring and patch management for distributed DNS/DHCP services. All Sapphire platforms are purpose-built, secure appliances and are performance-engineered for a variety of deployment options. The Sapphire Virtual Appliance is a self-contained virtual machine with the proprietary Sapphire operating system which is built from the ground up by BT Diamond IP. IPControl Sapphire Virtual Appliances and can be installed on VMWare ESX servers and managed using the centralised IPControl IPAM solution in the same manner as hardware-based Sapphire appliances.

Virtual installations with centralised control

Sapphire virtual appliances are simple to deploy as DNS/DHCP servers and do not require manual application of OS patches or installation of DNS/DHCP services. Sapphire virtual appliances are shipped with IPControl DNS/DHCP services software pre-installed on a hardened proprietary (not a modified distribution) Linux operating system. Each Sapphire virtual appliance can be centrally monitored via a centralised IPControl software installation or a Sapphire EX appliance, either of which provides centralised monitoring, services control, and patch management of distributed Sapphire virtual appliances. Patch upgrades encompass DNS/DHCP services upgrades as well as those to the appliance OS and kernel.

The IPControl centralised management system provides a holistic, consistent user interface to manage all of your IP address space, subnets, address pools, DNS domains and resource records. DNS and DHCP configuration information is created and deployed to relevant DNS/DHCP servers, hardware appliances or virtual appliances accordingly. The Sapphire virtual appliance offers another deployment and IP management option for customers desiring to maximize the return on IPAM investments. The IPControl architecture features a centralised, redundant IPControl Executive system, available as software or as a Sapphire EX appliance. The centralised system is used to configure, monitor and manage a variety of deployed DNS and DHCP implementations, including Sapphire hardware appliances, Sapphire virtual appliances, stock ISC/BIND DHCP and DNS servers and stock Microsoft DNS/DHCP servers.

Virtual appliance benefits

Sapphire virtual appliances provide a similar feature set as Sapphire hardware platforms, with the added benefit of installing as a virtual machine. Virtual appliances enable organisations to realise the benefits of virtualisation, including:

  • Reduced energy consumption
  • Server consolidation
  • Reduced rack space requirements
  • Ability to leverage current virtualisation architecture

As with our software, Sapphire virtual appliances are licensed perpetually with no expiration date as with other comparable virtual appliance products. Maintenance support programs are available to enable BT Diamond IP call centre, web and email support, with all IPControl and Sapphire OS upgrades included.


Next Steps

Review: BT Diamond IP – IPControl Overview

Review: BT Diamond IP – IPControl IPAM Software features and capabilities

Download: BT Diamond IP Brochure (PDF)

Getting started with BT Diamond IP is simple. No matter what stage in the process you are at, Calleva Networks can enable you with the resources you need to help Evaluate, Design and Deploy your BT Diamond IP infrastructure.

Evaluate: Request an on-line demo or evaluation copy for your own Proof of Concept.

Design: We will create a design overview so you can assess the deployment choices.

Deploy: Utilise our professional services to assist with the deployment and migration from your current environment.

Contact Us to discuss your requirements.

Enabling and automating core network services - DNS DHCP IPAM NTP - with BT Diamond IP and Calleva Networks