III.1 Registry Operator’s Technical
Capabilities (RFP Section D15.1)
JVTeam offers comprehensive technical capabilities
in the areas of registry operation, software development, database management,
and standards development. These abilities are founded on expansive experience
in all areas related to technical service provision for a critical public
resource. JVTeam is the best choice to design, deliver and maintain the next
generation domain name registry.
A new top level domain registry must be capable of improving
the reliability and effectiveness of domain name registration, contribute
responsibly to a competitive environment, and preserve the Internet’s continuing
stability. In addition the registry must bring the technical know-how to specify
and design a solution that ensures the continuing evolution of the domain name
system.
There are many complexities within the DNS and Registry
environment that require a detailed understanding of the issues and their
implications on the technical solution.
For instance, a minor change in policy can have far-reaching implications
on how a database needs to behave in order to ensure the integrity and
efficiency of domain name registration and administration. Management of a TLD
registry also brings with it an immense responsibility in the secure administration
of personal and business contact information. It is essential for the success
of the current program that the registry operator understand the entire
operating environment and has the experience and ability to deliver a solution
which benefits all relevant stake holders. JVTeam has the technical
capabilities to deliver that solution.
JVTeam Technical Capabilities
Shared, mission-critical, registry infrastructure services
are our sole corporate focus. We
specialize in developing and operating unique support services for the Internet
and communications industries, using innovative solutions, operated to the
highest of standards and practices, as a trusted third party in an impeccably
evenhanded fashion.
NeuStar serves as the North American Numbering Plan
Administrator (NANPA). It operates the
telephone numbering registry for the North American Numbering Plan as a public
numbering resource. NeuStar is also the
Local Number Portability Administrator (LNPA) for the US and Canada, operating
the telephone number routing registry (called the NPAC SMS) for North
America. The integrity and accuracy of
this service is essential for virtually every call placed to North
America. With the proliferation of
communications service providers, competition, and convergence, it believes
that the industry will benefit from shared, trusted, infrastructure and clearinghouse
services that will facilitate the interoperability of service providers.
The Number Portability Administration Center Service
Management System (NPAC SMS) hosts this routing registry, which is used to
track network and call routing, SS7 signaling, and billing information for all
telephone numbers in North America.
Please see
ftp://ftp.ietf.org/internet-drafts/draft-foster-e164-gstn-np-01.txt for a
description of number portability in the GSTN, as well as the NPAC’s specific
role in North America. We provide,
directly or indirectly, highly secure host-to-host administrative transaction
interfaces to this registry for all 5,000 service providers in North
America. These service providers’ operational
support systems (OSSs) require the highest availability standards of our
service in order for them to manage and operate their networks.
Consequently, we operate this service to 29 monthly
service level requirements (SLRs), including availability (99.99%), transaction
response time, throughput, and help desk telephone call answer times, and pay
financial penalties for missing any of these levels. Between our data centers, we provide realtime database
replication and server failover/recovery functions, and fully redundant
enterprise networking facilities. Our
data centers are owned and operated by NeuStar, staffed 7x24 with our own
network operations center personnel, and are physically secured via both card
key and palm print readers.
NeuStar operates its services, including the NPAC SMS, off
of a unique world-class IP network and server infrastructure, housed in our own
diverse, redundant, data centers. We
operate a highly secure, quad redundant, enterprise IP network, application
servers, and support servers (e.g. DNS, NNTP, RADIUS/SecurID) providing
dedicated access directly to over 300 communication service providers, and
indirectly to all 5,000 in North America.
Sized at approximately 900 Mbps of aggregate capacity, our IP network
provides diverse BGP-4 routed links to external service provider operational
support systems (OSSs) and network elements.
In addition, we support over 1,000 dial-up or secured internet users
from our customers, to access our web-based interfaces for our services. In case of failure of a service provider’s
OSS, they may log directly into our web-based NPAC GUI to provide critical
network management functions. All
dial-up users (internal or external) must use a NeuStar-issued SecurID for
strong authentication.
Each data center has a completely redundant, hardened,
switched VLAN backbone, and redundant set of network access servers and
firewalls. All critical application and
database servers are dual-homed to each of these site-based backbones, using a
virtual-IP address assigned to each host which is reachable through either NIC
port on that host through either backbone.
Each NIC port and back-bone link is assigned a 4-IP address subnet to
ensure quick detection of NIC/link/port failures and maintain full reachability
of that server without impacting established internal or external communication
associations. Certain key services
(such as NPAC SMS application and database servers) are implemented using over
64 Lucent (Stratus) hardware fault tolerant HP-UX servers.
The NeuStar network is structured into a series of security
rings, to provide for firewall isolation of traffic from various sources and
applications. All internet reachable
systems are placed onto one of a series of bastion subnets (bracketed by
firewalls) to ensure security of the core network in the unlikely case of a
server breach on the bastion network.
All external data network links employ extensive BGP-4 route filtering
to ensure only appropriate internal routes are advertised, and that routes to
other service providers networks are not advertised or reachable.
While extensively using standard, well known, protocols
(e.g. BGP-4) we also employ certain relatively unusual protocols, such as CMIP
over IP, which are common in OSS applications.
The NPAC service employs this protocol to provide a distributed,
bi-directional, object oriented application framework for interacting with the
registry. Strong authentication is
employed for accepting CMIP associations from service provider OSSs, with an
extensive administrative key management infrastructure to support. Each service provider system is assigned a
list of keys, each at least 660 bits in length. Each and every CMIP provisioning transaction is individually
signed to provide the highest in authentication and non-repudiation given the
potential operational and financial impacts one service provider could cause another. Given the millions of transaction we process
every day, we’ve employed extensive hardware-based crypto accelerators to
ensure the highest performance levels without sacrificing security. Given the industry critical nature of the
NPAC service, standardizing access to it from service provider OSSs was
essential. In 1996 we developed the
CMIP interface standards for the NPAC and subsequently placed them in the
public domain. They are now managed
under the auspices of a specific industry standards body (the NANC LNPA WG) to
whom we provide on-going secretarial support for maintenance of the standards.
These levels of standards are highly relevant and
appropriate for a DNS registry provider, given the criticality of ICANN’s new
TLD initiatives, and the vital need to do so while maintaining stability of the
internet. They exemplify our fluency
with both the technical, operational, security, and overall business standards
with which industry-critical services of this kind must be provided for the
interest of all industry stakeholders.
Melbourne IT has managed the Australian com.au
registration service since 1996, and since June 1999 has operated as one of the
first ICANN accredited TLD Registrars.
Due to this extensive experience, Melbourne IT has been in a unique position
to observe many possible operational models, including thin and fat registries,
different registrant authentication methods, and protocol design requirements
and techniques for success in the market.
Our business model is to predominantly work through an
extensive network of over 500 channel partners. Because we have made a commitment not to compete with our partner
network, we have not deployed functionality such as ISP access and Web hosting.
Melbourne IT’s advanced TLD registration system uses a
high performance and highly scalable 3-tier architecture. The tiers include a web/protocol server
tier, application server tier and back-end server tier (database, billing,
credit card payments, registry server, etc).
The registration system has been developed in Java with a custom-built
application server and associated infrastructure. Security has been a priority throughout both the software
architecture and network design.
The infrastructure has built-in redundancy with multiple
servers in the web/protocol, application, and database tiers and thus has been
engineered for high fault tolerance. In
addition, network devices such as routers, firewalls and load-balancers have
been deployed in a fully redundant configuration. Each tier is configured as a cluster, with failed servers
automatically removed from the cluster.
Sun Sparc/Solaris SMP machines have been used throughout the
environment, with plenty of headroom for future growth. Melbourne IT also has four years experience
maintaining and generating zonefiles, and has developed a second-generation,
scalable Whois server architecture.
Melbourne IT has service level agreements with channel
partners guaranteeing over 99% availability, minimum transaction response
times, throughput, and help desk telephone call answer times. If these service levels are not met, there
are financial penalties.
Because we operate through a channel partner network, we
have experience providing a number of integration protocols including HTTP
Post, XML and email templates, using security mechanisms like SSL and PGP. Melbourne IT’s research group has developed
two XML domain name registration protocols, and an XML based domain name
generation protocol has been deployed.
Melbourne IT brings considerable technical and domain
expertise to JVTeam.
JVTeam has been founded on the strengths of the expansive
technical experience of two of the world’s leaders in the provision of registry
services for critical public resources. The scope of this experience includes
design and development of secure, real-time resource management systems, the
implementation of high transaction, high availability database solutions, the
design and management of transcontinental IP networks and the effective and
timely delivery of technical solutions within highly regulated environments.
All of this combined makes JVTeam the best choice in developing and delivering
a responsible and stable solution for the next generation TLD registry.
The table below provides an overview of the defined
technical capabilities for a TLD registry operator together with a demonstration
of how JVTeam’s technical capabilities, backed up by real world experience and
success, meets or exceeds those requirements. T
|
Registry
Operator’s Technical Capability Requirement
|
JVTeam’s
Technical capability
|
|
Release Management
|
·
NeuStar: 7 major NPAC / SMS software releases over 4
years, incorporating over 300 change orders requested by the industry,
costing over $70M
·
Melbourne IT: 5 major releases of leading domain name
registration system. Formalized and
documented process for release management as required by channel partner
network.
·
NeuStar: Numerous other industry service systems (FCC LNP
Cost Recovery/Billing, NANPA, CARE, Identibase)
|
|
Configuration Management
|
·
NeuStar manages an infrastructure of 100+ large servers,
2000 data circuits, including Lucent hardware-based fault tolerant servers,
numerous 3rd party middleware providers, 7 major NPAC/SMS
application s/w releases, across 4 sites
·
Melbourne IT manages an infrastructure of 30+ servers
across three data centers and has a dedicated production support team with
documented configuration management processes. Infrastructure supports separate development, internal test, external
(partner) test, and production environments.
|
|
Change Management
|
·
NeuStar:
processing 300 industry change orders in 4 years, across 7 major s/w releases. Established an industry standards group as
focal point for coordinate NPAC enhancements (change orders).
|
|
Network Engineering
|
·
NeuStar: deployed completely redundantly, IP-based,
highly diverse and secure private WAN and LAN interconnecting 300 competing
service providers with the NPAC SMS, covering 2000 data circuits, total of
900 Mbps capacity, each with BGP-4 routing for fast recovery and routing
security, integrated with enterprise wide frame relay and high-capacity
inter-site ATM links.
·
Melbourne IT designed, developed and manages a
geographically disparate and highly secure IP network spanning 2 continents
and 3 data centers.
|
|
Applications Development
|
·
NeuStar developed the NPAC SMS system and applications
software, and associated industry number portability administration and
interface standards, and testing services.
·
MIT developed the com.au domain name registration system.
·
MIT developed leading edge system and API for TLD
registrar interface incorporating HTTP POST, XML, email and web
interfaces. System supports TLD and
ccTLD registrations, domain name monitoring services and digital certificates
provision.
|
|
Software Engineering
|
·
NeuStar engineers and manages the NPAC SMS to process
tens of millions of transactions per day from 4,000 service provider’s
operational support systems against a multi-terabyte database, to strict
availability, performance, and response time requirements, managing the
routing for all telephone numbers in North America, upon which virtually
every called dialed relies.
·
Melbourne IT engineers and maintains domain name
registration systems with over one million domain names under
management. The system is capable of
over one million transactions per day and supports a network of over 500 channel
partners.
|
|
User Interface Design
|
·
NeuStar developed web interfaces for NPAC SMS (used by
3,000 service provider craft personnel), NANPA (used by 1,000 service
provider network administrators), FCC LNP Cost Recovery (used by 4,000
service provider billing personnel), and 4 other informational web sites.
·
Melbourne IT currently manages multiple real time web
sites for domain name registration and administration and channel partner
access.
·
Melbourne IT: Developed internal administration
interfaces.
|
|
Standards Development
|
·
NeuStar: Proposed, established, and provide technical and
secretarial support to the LNPA WG at NANC (oversees number portability
administration standards); active in IETF (NeuStar chair of ENUM WG), ITU,
ETSI, INC, TMF, and OBF.
·
Melbourne IT currently has a representative on MINC board
of directors.
|
|
Large Database Design and
Administration
|
·
NeuStar: NPAC/SMS routing registry database for all
telephone numbers in North America: multi-terabyte, realtime, inter-site
synchronous replication, automated failover, online incremental backup,
recently converted from RDBMS to ODBMS for scalability, performance, and
online administration (on-line schema evolution). Have large dedicated staff of DBAs to administer.
·
Melbourne IT maintains large databases supporting over 1
million domain names under management.
Database transactions are replicated in real time to a secondary data
center in Australia.
·
.com, net, org registration and Whois databases capable
of accepting as many as 8 million new registrations per month.
|
|
Network Security
|
·
NeuStar and Melbourne IT: Employ dual-firewall bastion
network structure to insulate external access facilities and servers from
internal secure enterprise network, all external and internal dial-up access
via physical security token authentication; NeuStar uses extensive BGP-4
route and packet filtering to isolate 300 directly interconnect service
providers from each other and secure internal routes
|
|
Requirements Management
|
·
NeuStar: System requirements development is a mandatory
phase in each software project lifecycle.
Use Doors tool for requirement management change control and
automation. Develop industry
requirements documents for services under contract (NPAC, NANPA, etc.),
including function requirements, method and practices documents, reports, and
test plan documents.
·
Melbourne IT follows a formal software development
process promoting best practices, including business requirement management,
and functional specification documentation.
|
|
Web Development and Administration
|
·
NeuStar developed web interfaces for NPAC SMS (used by
3,000 service provider craft personnel), NANPA (used by 1,000 service provider
network administrators), FCC LNP Cost Recovery (used by 4,000 service
provider billing personnel), and 4 other informational web sites, inhouse.
·
Melbourne IT developed web interfaces for domain name
registration channel partners; supporting registration maintenance, reporting
and account management functions.
|
|
System Analysis
|
·
Stemming from its NPAC SMS work, as well as NANPA, Number
Pooling Administration, CARE, Identibase, NeuStar has extensive systems
analysis expertise used to develop industry requirements and operational
methods and practices documents used extensively throughout all of its
services
·
Melbourne IT’s software engineering group has 4 years
systems analysis and design experience from working on numerous projects.
|
|
System Testing
|
·
NeuStar: On the NPAC SMS, extensive internal system
testing is conducted in its captive development testbed environment, which
includes automated regression testing platforms and load/stress/availability
testing (6 systems); in addition, NeuStar offers interoperability testing to
enable OSS system developers to test
their system’s compliance to NeuStar developed (now managed by open industry
stds group) CMIP interface specification for interface to NPAC SMS; captive
semi-production turn-up testbed environment for pre-production release
testing with the live industry OSSs; and inter-service provider testbed for
testing operational interactions between and amongst service provider OSSs.
·
Melbourne IT uses CASE tools to facilitate automated
mapping between functional requirements and test cases. In addition, the CASE tools automate unit,
system, stress, regression and acceptance testing.
|
|
IT Project Management
|
·
NeuStar has a dedicated Program Management group, with an
official enterprise-wide NeuStar Program Management (NPM) process; a leading
published expert on software development lifecycles; and 4 years of success
developing huge software releases on time to strict quality standards for
industry critical online functions.
|
|
Contractual Service Level
Agreements (SLA) Delivery
|
·
NeuStar: NPAC SMS has 29 contractual SLR (service level
requirements) reported monthly, with associated financial penalties.
·
Melbourne IT has SLAs with several major Channel Partners
covering limited system down time and system performance measures. Financial penalties apply if the requirements
documented in the service level agreement are not adhered to.
|
|
Call Center Operation
with SLAs
|
·
NeuStar: 4 year track record in help desk operation in
compliance with contractual SLAs (e.g. 10 second answer time, <1% abandon
rate).
·
Melbourne IT: Currently have stringent SLAs with several
large channel partners guaranteeing phone response time.
|
|
System Integration
|
·
NeuStar integrated and operates over 16 discrete
subsystems as part of its service infrastructure, e.g. call center systems,
trouble ticketing, workflow management, billing, customer care, network
management, security administration and monitoring, database management and
administration.
·
Melbourne IT has experience integrating call center, CRM,
accounts, trouble ticketing, document tracking, system monitoring and
database management systems into its registration infrastructure.
·
Melbourne IT has experience providing many different
system level interfaces to our network of more than 500 channel partners,
providing options to channel partners performing systems integration to our
registration systems.
|
|
Support 7x24x365 Call Center
|
·
NeuStar operates several 7x24 help desks for external
users (e.g. NPAC SMS), and one for internal staff.
·
Melbourne IT provides support in 10 languages in its
multi-lingual call center. Provides 24 x 7 x 365 support to customers across
4 continents.
|
|
Fully Redundant
Infrastructure Configuration
|
·
NeuStar’s existing service infrastructure, supporting
NPAC SMS, NPAC, CARE, and Identibase.
·
Melbourne IT has multiple redundant data centers. Each data center is configured using a
redundant architecture with fully redundant firewall, router, load-balancer,
and server tiers.
|
|
Disaster Recovery Plan /
Failover Procedures
|
·
NeuStar and Melbourne IT have extensive disaster recovery
plans, failover procedures, methods and practices documents. NeuStar conducts mandatory compliance
reporting.
|
|
Customer Neutrality and Evenhandedness
|
·
NeuStar: Corporate equity ownership and indebtedness
restrictions (5%), corporate charter to provide all services on
non-discriminatory basis to all potential customers, can not offer competing
services as service providers or enter into conflict of interest; Code of
Conduct sworn by all staff, quarterly compliance audits conducted by E&Y
reported publicly.
|
|
Geographically Dispersed
Data Center Management
|
·
NeuStar: Production operations distributed over 2 major
hardened production centers
·
Melbourne IT: Production system distributed over 2
geographic locations (California USA and Melbourne, Australia).
|
|
Robust, Secure, 3-Tier
Registry System Creation
|
·
NeuStar: NPAC SMS
·
Melbourne IT: SRS registry interface system
|
|
Technical Training
|
·
NeuStar: provide extensive training to 3,000 service
provider personnel on regular basis
|
|
Network and Facility
Security Provisioning
|
·
NeuStar: physical biometric facility security, fulltime
monitoring, strong physical security token authentication for dial-up access;
crypto key list administration for service provider OSSs; individual signed
transactions, using 660+ bit keys.
·
Melbourne IT: network and facility security configured at
granular level, strong physical security token authentication for dial-up
access; SSL session for channel network, x.509 certificates used connecting
to registry.
|
|
Zone File Generation
|
·
NeuStar: Generate master routing database “zone” files
for service provider systems in addition to providing transactional updates.
·
Melbourne IT: Generated and maintained the com.au zone
file since 1996.
|
|
Whois Service Provision
|
·
Melbourne IT: Second generation TLD Registrar Whois
database with currently more than 800,000 entries.
|
|
Data Escrow / Backup
|
·
NeuStar and Melbourne IT: currently provide regular
escrow of key NPAC and Registration system databases for industry
survivability.
|
|
Systems Monitoring
|
·
NeuStar and Melbourne IT: extensive 7x24 system, network,
and application monitoring
|
|
Systems Protocol
Development
|
·
NeuStar: developed the NPAC SMS IIS interface, based on
CMIP over IP, a bi-directional object-oriented management protocol for OSS
access to the NPAC SMS. Processes
database change service orders through strict business process, and provides
distributed, realtime, transactional database update processes. Placed in public domain, managed by the
LNPA WG of the NANC.
·
Melbourne IT: developed system level registration
protocol for com.au, TLD and ccTLD registration system. Research group produced two XML based domain
name registration protocols.
Currently XML based domain name generation protocol is in production
and supporting millions of requests per day.
|
|
Trouble Tracking System
|
·
NeuStar: employ custom integrated system using AutoAnswer
·
Melbourne IT: using high volume case tracking system,
Talisma supporting more than 100,000 end users.
|
|
CRM System
|
·
Melbourne IT: currently using 2 CRM systems, Sales Logix
and Talisma.
|
|
Document Tracking System
|
·
Melbourne IT uses corporate document tracking and
searching system. Allows company
history to be stored in a non-modifiable database. Allows for document searching.
|
Key Technical Personnel
JVTeam’s past success in delivering effective, innovative
technical solutions has only been made possible by a team of dedicated and
capable people. The knowledge and ability of those people will be leveraged to
ensure the successful design, development and ongoing management of the JVTeam
Registry.
Key personnel occupy important roles on the JVTeam
management team. A brief synopsis of each of our key technical personnel is
provided as follows:
Mark Foster, Chief Technology Officer, NeuStar. Mark is responsible for
strategic technology initiatives, standards, program management, and the
design, development and operation of NeuStar's complex network and systems
infrastructure. A widely recognized subject matter expert, Tom pioneered number
portability in the industry in 1994-1995 and subsequently led the development
of NeuStar's Number Portability Administration Center in 1996. He has over 20
years of entrepreneurial experience in developing innovative solutions to
industry problems, with inventions such as a voice-controlled intelligent network
service node platform, a new computer language for developing telephone
switching systems software, and the first SS7-to-IP signaling gateway (1990).
Tom McGarry, Chief Technical Industry Liaison, NeuStar.
Tom is responsible for standards development and support and strategic
technology initiatives within NeuStar. Tom has over 17 years experience in
engineering leading edge communications technologies, including wireless
networking, C7 and systems integration.
George Guo, Director Technical Operations, NeuStar. George
is responsible for all technical operations within NeuStar. This includes
deploying, testing and operating complex registry systems used for the North
American Numbering Plan. In addition Mr Guo is responsible for internal and
external customer support.
Bruce Tonkin, Chief Technology Officer, Melbourne IT. Bruce
is responsible for ensuring that Melbourne IT is kept at the forefront of
technology through liaison with leading research organisations in Australia and
overseas, and for evaluating the technology in potential investments. Bruce has
wide experience in advanced computing and communications, both in Australia and
overseas at AT&T Bell Laboratories in USA.
He has advised organisations in industries such as building and
construction, natural resource management, telemedicine, automotive, film and
television, and education in the application of new telecommunications
technologies.
Guye Engel, General Manager, Production and
Development, Melbourne IT. Guye has
responsibility for the production operation and technical support of the com.au
as well as the .com, .net and .org domain name registration systems. In
addition, Guye is responsible for overseeing the development of all new systems
and functionality for all lines of business with Melbourne IT. Prior to joining
Melbourne IT, Guye had 17 years with the IT division of a leading Australian
bank. Throughout his career, Guye has also led a variety of development support
and critical application support teams in which he has gained an in depth
knowledge of IT disciplines and methodologies.
Size of Technical Workforce
Proposal Sections II.1.6-II.1.7 provides a description of
the entire JVTeam staff. Due to the
technical complexity of the TLD registry service the technical staff is a
significant part of the JVTeam. The
JVTeam has a highly focused eCommerce workforce with the right skill sets to
develop and deploy a TLD registry operation.
NeuStar—Since its founding in
1996, originally as an independent business unit within Lockheed Martin,
NeuStar has grown to nearly 200 employees located in offices in Washington, DC (Corporate headquarters),
Sterling, VA. Chicago, IL, Concord, CA, Seattle, WA, and London,
UK.
Melbourne IT—Established in 1996
as a new subsidiary of the University of Melbourne, Melbourne IT has grown to become
a publicly listed global company, staffing in excess of 170 personnel around
the world. Melbourne IT is headquartered in Melbourne, Australia, with offices
in Spain and the United States of America. Melbourne IT is committed to
undertaking leading research and development in Information Technology, the
Internet, and Telecommunications. Working closely with the University of
Melbourne and international research groups, government, industry and major
corporations, Melbourne IT seeks to maintain its position as a world class
research facility for emerging internet technologies.
Access to System Development Tools
JVTeam has software and Web development groups with
specialties in software architecture design, requirements specification,
object-oriented analysis and object oriented design, system engineering, software
development, information system security, documentation, integration, and testing
using the following systems development tools.
|
Development Tool
|
Purpose
|
|
Rational Rose
|
Full feature object oriented analysis design CASE tool
with support for a wide variety of target databases.
|
|
Continuous
|
Fully integrated configuration and change management
system facilitating full lifecycle system management processes
|
|
Doors
|
Requirements and documentation management tool
|
|
Ilog
|
Inference engine for developing complex business
transaction rules
|
|
Purify
|
Used to detect memory leakage in applications software,
leading to system stability problems
|
|
Quantify
|
Captures software performance metrics to facilitate
performance engineering and tuning
|
|
CORBA, RMI
|
Used for remote object activation and access
|
|
C++, JAVA, Delphi, SQL
|
Development languages selected for the target hardware
and software platforms
|
|
Java Servlets, Java Server
Pages, Cold Fusion, CGI-script, XML
& XSL
|
Web development tools for building web sites and thin
client applications for distribution to a wide range of users.
|
Significant Past Achievements
North American Numbering Plan Administration (NANPA): NeuStar operates the telephone numbering registry for
the North American Numbering Plan as a public numbering resource, serving communications
providers throughout the United States and Canada. NeuStar became
the NANPA on October 9, 1997. The Federal Communications Commission, the United
States National Regulatory Authority (NRA) with regard to telephone numbering
issues, and the North American Numbering Council, an industry group advising
the NRA on numbering issues, selected NeuStar in an open procurement process.
Number Portability Administration Center (NPAC): In April 1996, NeuStar was
chosen to serve as the Local Number Portability Administrator (LNPA). In that
role, NeuStar operates the call and signaling/routing registry for North
America – the Number Portability Administration center (NPAC). The NPAC coordinates the
porting of telephone numbers between carriers and downloads routing information
to carriers' local Service Management Systems (SMS), which in turn updates
local routing databases.
In an
open standards process NeuStar developed the specifications which
defined and documented the functions of the NPAC and the interface to the NPAC,
the Functional Requirements Spec and the Interoperable Interface Spec
respectively. NeuStar then developed,
deployed, tested and turned-up the NPAC service. The NPAC processes tens of millions of transactions per day, serving
more than 4,000 service providers in North America. Visit the NPAC web site to
find out about the regions it covers, recent changes, planned enhancements and
more.
Pooling Administration (PA): As proven by NeuStar, pooling,
distributing numbers in increments less than that of a full office code (i.e.,
1,000 rather than 10,000, in the NANP), has the potential to extend the North
American Numbering Plan's life well into the next century. NeuStar has been the
Pooling Administrator for over two years for all U.S. trials. With a
knowledgeable, experienced staff, NeuStar has implemented pooling in 10 states
within 24 different numbering plan areas to date. NeuStar worked with the telecommunications industry
to develop the initial Pooling Administration guidelines in New York and
Illinois in 1997-1998. The current guidelines are based upon those findings and
have spurred the demand for pooling implementation in several other states.
NeuStar continues to work with the Industry Numbering Council (INC) to suggest
and modify changes to current pooling guidelines, based upon NeuStar's actual
experiences with pooling trials.
com.au registration and maintenance system—In 1996, Melbourne IT was delegated
administration of the com.au ccTLD. Melbourne
IT designed and implemented a new domain name registration and application
processing system. The system known as DATE, (Domain Administration Tool) was
developed within a very aggressive time frame producing one the first automated
ccTLD registration systems in the world. DATE interfaces with a broad range of
internal and external data sources including real–time interaction with the
central database of registered Australian businesses. Currently, the system
supports more than 180,000 com.au domains and processes up to 12,000 new com.au
applications each month. The com.au domain space continues to grow as one of
the most highly prized ccTLDs globally and the MIT technical solution has
continued to grow with it. The back end system includes support for complex policy
checking routines that ensure the integrity of the technical and policy
components of com.au. Melbourne IT has continued to develop and enhance this system
to meet the needs of its customers incorporating facilities for automated
redelegation, mass modifications and a specialized renewals system designed for
use by our channel partner community.
TLD registration system—In June 1999, Melbourne IT deployed the first truly automated
domain name registration and administration system for top level domains.
Called SPIN (System for Processing Internet Names), it was the first system of
its type in the world with an API supporting multiple interfaces including HTTP
Post, an email template, a web interface as well as a component supporting
multiple operations in a single transaction. The system has continued to grow
with support for a real-time online payment option and enhanced security
mechanisms including SSL and PGP encryption. The system utilizes a 3-tier
architecture that supports secure, real time transactions from channel
partners. All of the major components of SPIN were developed in-house at
Melbourne IT including the distribute network infrastructure, registration and
maintenance database, Whois database, API, automated system monitoring components,
billing and collections interface, security components, communications modules,
transaction logging and an extensive system reporting component. Since January 2000, this system has been
enhanced to support multi-lingual domain name registration, domain name
generation technology and ccTLD registration support.
JVTeam’s technical capabilities cover all the requirements
for the operation of a reliable and secure top level domain registry service.
We will utilize our experience in registry and database design and implementation
to provide the next generation domain name registry, one that ensures the
stability of the DNS and paves the way for the introduction of competition into
the TLD marketplace.
III.2 Technical Plan For The Proposed
Registry Operations (RFP Section 15.2)
JVTeam’s proposed technical solution for registry
operations meets ICANN’s (and Internet users’) requirements for a new TLD as
follows:
Introducing Competition—JVTeam will develop and
deploy a new, streamlined registry-registrar protocol: the extensible registry
protocol (XRP). The XRP provides more features and functionality than the
existing registry/registrar interface, and far greater security. The benefits
to the Internet community are greatly improved Internet stability and increased
public confidence. JVTeam will work
with the Internet Engineering Task Force (IETF) to bring the protocol to
standard status.
Improving Registry Reliability—JVTeam will
implement co-active data centers and a number of nameserver data centers to create
a resilient infrastructure protected against outages through redundancy, fault
tolerance, and geographic dispersion. The benefits to the Internet community
are improved registry availability and better access to DNS services.
Providing Real-Time Responsiveness—JVTeam will implement
near-real-time updates to the zone files and the Whois database. The benefit to
the Internet community is the elimination of delay-caused confusion over domain
name registrations.
Eliminating Bottlenecks—JVTeam’s high-availability
cluster architecture provides scalable processing throughput, dynamic load
balancing between the two data centers, and multiple high-speed Internet connections.
The benefit to the Internet registrar community is the elimination of registry
bottlenecks.
JVTeam’s proposed TLD technical solution is based on our
experience with the Number Portability Registration Center (NPRC) and with
.com.au registry operations. Our
technical solution consists of co-active registry data centers and nameserver
data centers, geographically dispersed to provide protection against natural
and man-made disasters. Section III.2.1
provides an overview of our proposed facilities and systems; subsequent
sections expand this overview into a comprehensive technical plan for registry
operations.
III.2.1 General Description Of
Proposed Facilities And Systems (RFP Section D15.2.1)
JVTeam proposes world-class redundant Shared
Registration System (SRS) Data Centers in Sterling, Virginia and Chicago,
Illinois and four nameserver sites in Phase I that will provide the facilities
and infrastructure to host the new TLD Registry. Our facility locations were
selected to give wide geographic separation and provide resilience against
natural and man-made disaster scenarios. The benefit to ICANN and the Internet
community is reliable non-stop TLD registry operations.
ICANN’s priorities for the new TLD registries are to provide
a world-class level of services that preserve both the stability of the
Internet and the security and reliability of the existing domain name system.
JVTeam has developed a fault tolerant architectures including redundant
facility implementation, high availability cluster server architectures, fault
tolerant database technology, and redundant alternate routed network
connectivity supports mission critical service availability now. The Internet
community needs to be able to depend on the Internet as a stable, highly
available infrastructure for worldwide collaboration and commerce.
In the subsection that follows we describe where the JVTeam
facilities are located and provide a functional description and physical
description of the Shared Registration System (SRS) data center and the
nameserver sites. In subsequent subsections we provide a detailed system
description of each of the systems residing within these facilities.
II.2.1.1 Registry Facilities Site
Description
This section describes JVTeam’s proposed TLD Registry
architecture consisting of redundant SRS data centers and multiple nameserver
sites to provide a seamless, responsive, and reliable registry service to
registrars and Internet users. As shown in Exhibit III.2-1 our TLD registry
redundant SRS and nameserver data center sites are geographically dispersed
worldwide and interconnected with a Virtual Private Network (VPN) to provide
worldwide coverage and protect against natural and man-made disasters and other
contingencies. The facility locations are provided in the following table.
|
|
|
|
Four Data Centers in Phase I
|
|
|
JVTeam SRS Data Center and nameserver Site
|
200 South Wacker, Suite 3400
Chicago, IL 60606
USA
|
|
JVTeam SRS Data Center and nameserver Site
|
45980 Center Oak Plaza
Sterling, VA 20163
USA
|
|
JVTeam nameserver Site
|
Melbourne
Victoria
Australia
|
|
JV Team nameserver Site
|
London
England
|
|
Planned Data Centers for
Phase II
|
|
JVTeam
Nameserver Site
|
Japan
|
|
JVTeam
Nameserver Site
|
California
USA
|
|
JVTeam
Nameserver Site
|
Germany
|
Our proposed TLD Registry Service Level Agreement (SLA)
provides service levels commensurate with mission critical services for
availability, outages, response time, and disaster recovery. Highlights of the SLA include:
·
SRS Service Availability is guaranteed at 99.95%, with
a design goal of 99.99% per year.
·
Nameserver Service Availability is guaranteed at
99.999%
III.2.1.1.1 Shared Registration
System (SRS) Data Center Functional Description
High availability registry services can only be provided
from facilities that have been designed and built specifically for such a
critical operation. The JVTeam SRS data
centers incorporate redundant uninterruptible power supplies; high-capacity
heating, ventilation, and air conditioning; fire suppression; physical
security; C2 level information system security; firewalls with intrusion
detection; redundant, high availability cluster technology; and redundant
network and telecommunications architectures.
When selecting the sites, we considered their inherent resistance to
natural and man-made disasters. The functional block diagram of our SRS data
center is depicted in Exhibit III.2-2. As can be seen from the referenced
exhibit the registry SRS data center is highly redundant and designed for no
single point of failure.
Each SRS data center facility provides the functions listed in the system
function directory table below. Descriptions of the SRS systems providing these
functions are provided in the next subsection.
SHARED
REGISTRATION SYSTEM (SRS) FUNCTION DIRECTORY
|
|
System Function
|
Functional Description
|
|
Web Server
|
High capacity Web
Servers provide secure web services and information dissemination that is
outside the scope of the XRP protocol. It contains a registry home page to
enable registrars to sign in and inquire about account status, get downloads
and whitepapers, access frequently asked questions, obtain self help support,
or submit a trouble ticket to the TLD Registry Help Desk.
|
|
Protocol (XRP) Servers
|
XRP transactions
received from registrars undergo front-end processing by the XRP server that
manages the XRP session level dialog, performs session level security
processing, and strips out transaction records. These XRP transaction records
are sent to the SRS data center application server cluster for security authentication
and business logic processing.
|
|
Application Servers
|
Processing of the
XRP applications business logic, user authentication, posting of inserts, deletes,
updates to the master database, and interfaces to authentication, billing and
collections, backup, and system/network administration.
|
|
SRS Database Servers
|
The SRS database
maintains registry data in a multi-threaded, multi-session database for building
data-driven publish and subscribe event notifications and replication to
downstream data marts such as the Whois, Zone, and Billing and Collection services.
|
|
Whois Distribution Database
|
The Whois
Distribution Database is dynamically updated from the SRS database and
propagates the information to the Whois Database clusters.
|
|
Whois Database Clusters
|
The Whois Database
is dynamically updated from the Whois Distribution Database and sits behind
the Whois Server clusters. The Whois
Database clusters are used to lookup records that are not cached by the Whois
Servers.
|
|
Whois Servers
|
The Load Balanced
Whois Server Clusters receive a high volume of queries from Registrants and
Internet users. The Whois service returns information about Registrars,
domain names, nameservers, IP addresses, and the associated contacts.
|
|
Zone Distribution Database
|
The Zone
Distribution Database is dynamically updated from the registry SRS database
and propagated to the nameserver sites located worldwide. It contains domain
names, their associated nameserver names, and the IP addresses for those
nameservers.
|
|
Billing and Collection
|
A commercial off
the shelf system is customized for registry specific eCommerce billing and
collection functions that are integrated with XRP transaction processing, the
master database and a secure web server. The system maintains each registrar’s
account information by domain name and provides status reports on demand.
|
|
Authentication Services
|
Authentication
Service uses commercial x.509 certificates and is used to authenticate the
identity of entities interacting with the SRS.
|
|
Backup Server
|
Provides backup
and restore of each of the various cluster servers and database servers files
and provides a shared robotic tape library facility for central backup and
recovery.
|
|
Systems/Network Management
Console
|
Provides system
administration and simple network management protocol (SNMP) monitoring of
the network, LAN-based servers, cluster servers, network components, and key
enterprise applications including the XRP, Web, Whois, Zone, Billing and Collections,
Backup/Restore, and database application. Provide threshold and fault event
notification and collects performance statistics.
|
|
Applications Administration
Workstations
|
Provides
client/server GUI for configuration of SRS applications including XRP, Web,
Billing and Collection, Database, Authentication, Whois, Zone, etc.
|
|
Building LAN
|
Provides dual
redundant switched 1000BaseTX/FX Ethernet LAN-based connectivity for all network
devices in the data center
|
|
Firewall
|
Protects the
building LAN from the insecure Internet via a Firewall that provides policy-based
IP filtering and network-based intrusion detection services to protect the
system from the Internet hacking and denial of service attacks.
|
|
Load Balancers
|
Dynamic Feedback
Protocol (DFP) – based load balancing of TCP/IP traffic in a server cluster
including common protocols such as least connections, weighted least connections,
round robin, and weighted round robin.
|
|
Telecommunications Access
|
Dual-homed access
links to Internet Service Providers (ISPs) and Virtual Private Network (VPN)
services are used for connectivity to the Internet and the JVTeam Registry
Management Network.
|
|
Central Help Desk
|
A single point of
contact telephone and Internet-Web help desk provides multi-tier technical
support to registrars on technical issues surrounding the SRS.
|
III.2.1.1.2 Nameserver Sites
Functional Description
As discussed above, two nameserver sites are co-located at
our SRS Data Centers and the remaining two nameservers System sites in Phase I
are geographically dispersed with dual homed Internet and VPN local access
telecommunications links to provide resilience and disaster recovery. The two
additional nameservers sites will be installed in Data Centers in Melbourne,
Australia and London, England. In phase II we plan to install additional
nameserver data centers in Japan, California and Germany; if required to handle
DNS query load. The functional block diagram
of our nameserver sites is depicted in Exhibit III.2-3. As can be seen from the
exhibit the nameserver sites are configured to be remotely managed and operated
“lights out”. The hardware configuration is highly redundant and designed for
no single point of failure.
The following function directory table lists the nameserver
functions. Descriptions of the systems
providing these functions are provided in the next subsection.
NAMESERVER
FUNCTION DIRECTORY
|
|
System Function
|
Functional
Description
|
|
Zone Update
Database
|
The SRS Zone Distribution Database is propagated to the
Zone Update Database Servers at the nameserver sites located worldwide. Information propagated includes domain
names, their associated nameserver names, and the IP addresses for those nameservers.
|
|
Nameserver
|
The nameserver
handles resolution of TLD domain names to their associated nameserver names
and to the IP addresses of those nameservers. The nameservers are dynamically
updated from the Zone Update Database.
Updates are sent over the VPN Registry Management Network.
|
|
Building LAN
|
Provides dual redundant switched 1000BaseTX Ethernet
LAN-based connectivity for all network devices in the data center
|
|
Firewall
|
Protects the building LAN from the insecure Internet via a
Firewall that provides policy-based IP filtering and network-based intrusion
detection services to protect the system from the Internet hacking and denial
of service attacks.
|
|
Load Balancers
|
Dynamic Feedback
Protocol (DFP) – based load balancing of TCP/IP traffic in a server cluster
including common protocols such as least connections, weighted least connections,
round robin, and weighted round robin.
|
|
Telecommunications
Access
|
Dual-homed access links to Internet Service Providers
(ISPs) and Virtual Private Network (VPN) services are used for connectivity
to the Internet and the JVTeam Registry Management Network.
|
III.2.1.1.3 SRS Data Center and
Nameserver Buildings
Each JVTeam data center facility is located in a modern,
fire-resistant building that offers inherent structural protection from such
natural and man-made disasters as hurricanes, earthquakes, and civil
disorder. Sites are not located within
a 100-year flood plain. Facilities are
protected by a public fire department, and have their internal fire-detection
systems connected directly to the fire department.
Data centers are protected from fire by the sprinkler
systems of the buildings that house them. Furthermore, each equipment room is
protected by a pre-action fire-suppression system that uses Inergen gas as an
extinguishing agent.
The environmental factors at the SRS Data Center and
nameserver sites are listed in the following table.
|
Heating, ventilation, and air conditioning
|
Dual redundant HVAC units control temperature and
humidity. Either unit will maintain
the required environment.
|
|
Lighting
|
2x2-foot ceiling-mounted fluorescent fixtures
|
|
Control of static
electricity
|
All equipment-mounting racks are grounded to the
building’s system, and are equipped with grounding straps that employees wear
whenever they work on the equipment.
|
|
Primary electrical power
|
208-volt, 700-amp service distributed through four power
panels
|
|
Backup power supply
|
·
30 minutes of 130-KVA UPS power
·
1000-KVA generator (SRS data center)
·
250-KVA
generator (nameserver data center)
|
|
Grounding
|
·
All machines are powered by grounded electrical
service
·
A 12-gage cable under the equipment-room floor
connects all equipment racks to the building’s electrical-grounding network
|
Building Security
In addition to providing physical security by protecting
buildings with security guards, closed circuit TV surveillance video cameras,
and intrusion detection systems, JVTeam vigilantly controls physical access to
our facilities. Employees must present badges to gain entrance, and must wear
their badges at all times while in the facility. Visitors must sign in to gain
entrance. If the purpose of their visit is found to be valid, they are issued a
temporary badge; otherwise, they are denied entrance. At all times while they
are in the facility, visitors must display their badges and must be escorted by
a JVTeam employee. Sign-in books are maintained for a period of one year.
Security Personnel
On-site security personnel are on duty 24 hours a day, 7
days a week to monitor the images from closed-circuit television cameras placed
strategically throughout the facilities. Security personnel are stationed at
each building-access point throughout normal working hours; at all other times
(6:30pm to 6:30am and all day on weekends and major holidays), individuals must
use the proper key cards to gain access to the buildings. Further, any room
housing sensitive data or equipment is equipped with a self-closing door that
can be opened only by individuals who activate a palm-print reader. Senior
facility managers establish the rights of employees to access individual rooms,
and ensure that each reader is programmed to pass only those authorized
individuals. The palm readers compile and maintain a record of those
individuals who enter controlled rooms.
III.2.1.2 Shared Registration
System Descriptions
This section provides system descriptions of the JVTeam SRS
Data Center site and the Nameserver Data Centers. We provide brief system
descriptions and block diagrams of each functional system within the two sites
and their network connectivity. The
JVTeam registry system architecture central features are as follows:
·
Co-active redundant data centers geographically
dispersed to provide mission critical serviceavailability due to two-way
database replication between the centers.
·
Nameserver sites are designed with full redundancy,
automatic load distribution, and remote management for “lights out” operation.
·
A Virtual Private Network to provide a reliable, secure
management network and dual homed connectivity between the data centers and the
nameserver sites.
·
Each SRS data center and nameserver site uses high
availability cluster technology for flexibility, scalability, and high
reliability.
·
Registry systems are sized initially to handle the
projected workload but can grow incrementally to accommodate workload beyond
the current registry operations.
·
The registry database uses fault tolerant server
architecture and is designed for fully redundant operations with synchronous
replication between the primary and secondary.
JVTeam is
proposing moderate-level, mid-level, and high-end cluster server platforms for
installation at each site. The servers are selected for applications depending
on the requirements, storage capacity, throughput, interoperability,
availability, and level of security. These server platform characteristics are
summarized in the following table.
|
|
|
|
|
Moderate-level Intel Server Clusters
|
Rack-mounted
Intel 700 Mhz, 32-bit, 2 to 6-way SMP CPUs with 8 GB of ECC memory, CD ROM,
four hot-swap disk drives (9-36 MB each), redundant hot swappable power
supplies, dual attach 100 BaseT Ethernet Adapter, clustering and event management
software for remote management. Microsoft® Windows NT® 4.0, Windows® 2000; Red
Hat Linux 6.1, C-2 Controlled Access protection security
|
·
Nameserver Cluster
·
Whois Server Cluster
·
Backup Server
·
Network Management Server
·
Update
Servers (Zone/Whois)
|
|
Mid-level RISC
Server Clusters
|
Rack-mounted RISC
550 Mhz 2 to 8-way SMP, 64-bit CPUs, 32 GB ECC RAM, 72 GB internal disk
capacity, 71 TB external RAID, redundant hot swappable power supplies, dual
attach 1000 BaseTX/FX Ethernet Adapter, clustering and event management
software for remote management. Unix 64-bit operating system with C-2 Controlled
Access protection security
|
·
XRP Server
·
Web Server
·
Application Server Cluster
·
Billing & Collection Server
·
Authentication Server
·
Whois Database Server
|
|
High-End RISC
Server Cluster
|
RISC 550 MHz CPU,
64-bit 2 to 32-way cross-bar SMP with 8x8 non-blocking multi-ported crossbar,
32 GB ECC RAM, 240 MB/sec channel bandwidth, 288 GB Internal mass storage, 50
TB external RAID storage, redundant hot swappable power supplies, dual attach
1000 BaseTX/FX Ethernet Adapter, clustering and event management software for
remote management. Unix 64-bit operating system with C-2 Controlled Access protection
security
|
Fault Tolerant
Server for database system
|
III.2.1.2.1 SRS Data Center System
Descriptions
As previously shown in Exhibit III.2-2 the SRS data
centers provide co-active fully redundant system configurations with two-way
replication over the high speed VPN Registry Management Network, a co-located
complete nameserver, and dual-homed connectivity to the Internet Service
Providers. Descriptions of each of the systems in the SRS Data Center site are
as follows.
XRP Server Cluster
XRP transactions received from registrars over the Internet
undergo front-end processing by the XRP Server which manages the XRP session
level dialog, performs session level security processing, and strips out the
transaction records. These XRP transaction records are sent to the SRS data
center application server cluster for security authentication and business
logic processing. The XRP server is a
mid-level RISC SMP machine with local disk storage. It off-loads the front end processing of the XRP protocol and
off-loads the extensive communication protocol processing, session management
and SSL security encryption/decryption from the applications servers. The XRP
server strips the fields out of the XML document transaction and builds XRP
binary transaction packets that are sent to the application server for initial
security authentication and log on with user id and password. Once the user is authenticated, the session
is active and the XRP application server performs all business logic
processing, billing, collection, and database operations.
Nameserver
A complete nameserver for DNS queries is co-located in each
SRS data center site. As previously
shown in Exhibit III.2-3 the nameserver consists of redundant Internet Service
Provider (ISP) and Virtual Private Network (VPN) local access links to provide
alternate routed connectivity to Internet users and JVTeam’s Registry
Management Network. Redundant Internet Firewalls provide policy-based IP
filtering to protect our internal building LAN from intruders and hackers.
Application Server Cluster
The application server cluster is a high availability
multiple computer cluster. Each computer within the cluster is a mid-level
processor with its own CPU, RAID disk drives, and dual LAN connections. Processor
nodes used in the clusters are RISC symmetric multiprocessor (SMP)
architectures scalable in configurations from 2 to 8-way with the processing
and storage capacity for very large applications. As depicted in Exhibit
III.2-4, the application server cluster is designed to handle the registrar
transaction workload and provides the business logic processing applications
and interfaces to the authentication server, SRS database, and billing and
collection system. The application server cluster is front-ended with a TCP/IP
load balancer to equitably distribute the processing load across the cluster
processors. The cluster manager software monitors hardware and software
components, detects failures, and responds by re-allocating resources to
support applications processing. The process of detecting a failure and restoring
the application service is completely automatic—no operator intervention is
needed.
Fault Tolerant Database Server
The database server consists of two identical Fault-tolerant
RISC systems that are designed for high volume on-line transaction-processing
(OLTP) database applications. Each server contains high-end RISC processors
scalable in configurations from 2 to 32-way. A crossbar-based symmetric
multiprocessor (SMP) memory subsystem is capable of supporting the up to 32 GB
of memory needed to maintain high OLTP transaction workloads. The storage
subsystem supports up to 288 GB of internal RAID storage and up to 50 TB of
external RAID storage. The database management software is based on a parallel
database architecture with a fault tolerant server option capable of
maintaining 24 x 7 availability. The Fault-Tolerant Server supports high
availability operations by implementing synchronous replication. The database
enables transparent database fail-over without any changes to application code
or the operating system. Clients connecting to a replicated database are
automatically and transparently connected to the replicated pair of databases.
The database replication feature enables maintaining geographically separated
data services for multiple sites over a WAN to provide disaster recovery.
A multi-session, multi-threaded server and dual cache
architecture (client/server) provides exceptionally high throughput and fast
access to stored objects. A powerful database-driven publish and subscribe
event notification system enables applications such as Whois or Zone
Distribution to subscribe to a specific SRS database activity, for example, a
domain name insert. When the domain name insert occurs, an event is generated
by the database to be handled as a dynamic update to the Whois and Zone
distribution servers.
Whois Distribution Database
Certain SRS database events such as a domain name insert,
domain name delete, or domain name change, generate a notification to
subscriber databases such as the Whois Distribution Database. Modifications to the Whois Distribution Database
are replicated to the Whois Database Clusters.
Whois Database
The Whois architecture gives the flexibility to deploy Whois
database to any number of JVTeam Data Centers.
In the initial phase the Whois infrastructure will be deployed to the
two SRS Data Centers. However in the
future, and based on load placed on the initial two Data Centers, additional
infrastructure can be deployed to any of the nameserver Data Centers managed by
JVTeam.
Each Whois Database receives replicated updates from the
Whois Distribution Database. The
initial Whois Database will consist of two mid-level RISC database servers
configured in a high availability cluster with RAID storage and from 2 to 8-way
SMP processors. Since data is cached in the Whois Servers, the Whois Database
is hit only when a Whois Server has not cached a request in memory.
Whois Server Cluster
The Whois service is available to anyone and can receive
transaction volumes in the order of one billion requests per day. The cluster
is a rack mount Intel Pentium-based high availability multiple computer cluster
that maintains a separate database for domain name registrations and caches
commonly requested records. Processor
nodes used in the Whois cluster are moderate-level Intel Pentium SMP machines
scalable in configurations from 2 to 6-way SMP with local disk storage.
The Whois database contains information about Registrars,
Domain names, nameservers, IP Addresses and the contacts associated with them. This is an improvement over the current
registry that provides no end-user contact information. The Whois server cluster is front-ended with
a load balancer designed to distribute the load equitably to the servers in the
cluster and handle extremely high volumes of queries. The load balancer tracks
processor availability and maintains high query processing throughput.
Zone Distribution Database
The Zone Distribution Database is dynamically updated from
the SRS database using the same technique used for the Whois Distribution
Database. The Zone Distribution
Database is propagated to Zone Update Database at the nameserver sites using
replication. This approach is far better than the current approach of TLD Zone
File updates for .com, .net, and .org that occur two times per day.
Billing and Collection Server
The Billing and Collection server is a LAN-based mid-level
RISC machine in configurations scalable from 2 to 8-way SMP with the processing
and storage capacity for very large enterprise applications. This server runs a
commercial off the shelf customer relationship management and billing and
collection system that interfaces with the SRS database.
Secure Web Server Cluster
A high capacity secure Web Server cluster is provided to
enable secure web services and information dissemination that is outside the
scope of the XRP protocol. It contains
a registry home page to enable registrars to sign in and inquire about account
status, get downloads and whitepapers, access frequently asked questions,
obtain self help support, or submit a trouble ticket to the TLD Registry Help
Desk. The Web Server is a mid-level RISC SMP machine with local disk storage.
Authentication Server
The authentication server is a LAN-based mid-level RISC
machine scalable in configurations from 2 to 8-way SMP with local RAID storage.
This server runs commercial x.509 certificate based authentication services and
is used to authenticate the identity of Registrars and optionally
Registrants. In addition, the authentication
server supports our secure Web Server portal for Registrar Customer Service
functions.
Backup Server
The backup server is an Intel Pentium-based SMP server that
runs the backup and restore software to backup or restore each