Onsite Registry Services Proposal |
September 27th, 2000
VeriSign Global Registry Service’s proposal, which follows, contains information and data that are privileged and/or confidential to VeriSign Global Registry. This information and data are not made available for public review and are submitted voluntarily to DTEC & MFZA only for purposes of review and evaluation in connection with this proposal. No other use of the information and data contained herein is permitted without the express written permission of VeriSign Global Registry. Information and data contained herein is protected by the Virginia Trade Secrets Act, as codified, and any improper use, distribution, or reproduction is specifically prohibited. No license of any kind whatsoever is granted to any third party to use the information and data contained herein unless a written agreement exists between VeriSign Global Registry and the third party that desires access to the information and data. Under no condition should the information and data contained herein be provided in any manner. 1
Introduction
3
DTEC
& MFZA Technical Solution
4
Facilities
Requirements
5
Support
Services
6
Onsite
Registry Staffing
7
Optional
Services
8
Financial
and Business Terms
List of Figures 1 IntroductionVeriSign Global Registry Services, by virtue of their unique experience with the core workings of the Internet, is proposing to develop a working relationship with Dubai Technology, Electronic Commerce and Media Free Zone Authority (DTEC & MFZA) to deploy an onsite registry infrastructure and provide critical monitoring and management services. The purpose of this proposal is to show how VeriSign Global Registry and DTEC & MFZA can work together to furnish DTEC & MFZA a registry infrastructure capable of providing registry services for a new TLD. Once in place, DTEC & MFZA will have a scalable architecture capable of supporting the growth anticipated in the new TLD. The architecture and processes provided as a result of this proposal will position DTEC & MFZA as a premier provider of TLD and/or ccTLD registry services. An ancillary goal of this proposal is to provide DTEC & MFZA the foundation from which to develop a winning proposal to the Internet Corporation for Assigned Names and Numbers (ICANN) for hosting a new TLD. As the Internet’s leading registry, VeriSign Global Registry has unparalleled experience and knowledge in registry infrastructure and operations. By teaming with VeriSign Global Registry, DTEC & MFZA will be assured of a technical and service solution second to none. VeriSign Global Registry wants the opportunity to apply to DTEC & MFZA the knowledge and expertise gained from over seven years of building and operating the heart of the Internet. VeriSign Global Registry would design and support DTEC & MFZA in building a comprehensive registry infrastructure that would allow DTEC & MFZA to provide registry services for a new TLD. This proposal presents VeriSign Global Registry’s proposed technical and service solution to DTEC & MFZA, and explains how it would be implemented. Domain Name System (DNS). A distributed database of information that is used to translate domain names (which are easy for humans to remember and use) into Internet Protocol numbers, which are what computers need to find each other on the Internet. People working on computers around the globe maintain their specific portion of this database, and the data held in each portion of the database is made available to all computers and users on the Internet. The DNS comprises computers, data files, software, and people working together. Generic
Top Level Domain (gTLD). A top level domain name (such as com, .net and
.org) that is open to registrants around the world in contrast to country code
top level domains that are often restricted to registrants located in a
particular country or region. Registrant.
The individual or organization that registers a specific domain
name in the DTEC & MFZA registry database. This individual or organization
holds the right to use that specific number for a specified period of time
provided certain conditions are met and the registration and billing fees are
paid. Registry Registrar Protocol (RRP). A protocol for the registration and management of second level domain names and associated name servers in both top level domains and country code top level domains. This protocol was developed by the VeriSign Global Registry for use within the Shared Registration System. RRP is a TCP-based, 7-bit US-ASCII text protocol that permits multiple registrars to provide second level Internet domain name registration services in the top level domains administered by a top level domain registry. Shared Registration System (SRS). A protocol and associated hardware and software that permit multiple registrars to provide Internet domain name registration services in the top level domains that are administered by the VeriSign Global Registry through the Registry. The SRS includes the following subsystems: a database server subsystem, a registration subsystem ensuring equivalent access to the registry by all registrars; a billing subsystem; a systems development and testing subsystem; a TLD Zone file generation subsystem; and a Whois subsystem. The SRS is consistent with, and supportive of, the provisions of the Statement of Policy on Domain Name System administration, Management of Internet Names and Addresses, 63 Fed Reg. 31741 (1998) (the "White Paper"), as well as Amendment No. 11 to Cooperative Agreement NCR-92-18742 between the U.S. Government and VeriSign Global Registry. SSL. secure socket layer. 2 BackgroundVeriSign Global Registry, a division of VeriSign as of June 9, 2000, has been the provider of .com, .net, and .org domain names since 1993. VeriSign Global Registry (formerly NSI) was selected by the National Science Foundation, through a competitive cooperative agreement process, for a 5-year agreement to manage the gTLD registrations of .com, .net and .org. In 1999, VeriSign Global Registry, the Department of Commerce, and ICANN reached agreement on a process to bring competitive Registrars into the gTLD names space. As part of extending that agreement, VeriSign Global Registry began business operations as a separate business unit of Network Solutions in October 1998. Historically, VeriSign Global Registry has provided back-end domain name addressing, resolution, and distribution services for .com registrars. We are currently serving some 63 .com registrars with another 36 registrars in the pipeline preparing to become active. The VeriSign Global Registry is now extending its services and providing expertise to country-code and potential global top-level domain name registries. VeriSign Global Registry has an extensive infrastructure comprised of both technology and human capital. Having invested millions of dollars in the infrastructure and having operated the .com registry function since 1993, we have unparalleled experience and expertise managing the growth and operations of a commercial registry. On a daily basis, we bear the responsibility of making sure that the .com web address for every domain name is located without interruption. VeriSign Global Registry has designed the Registry to provide exceptional availability, maintainability, scalability, accuracy, utility, and security. To support these goals, VeriSign Global Registry has developed systems and partnered with industry vendors who offer the following: § Proven solutions that are widely implements in 24x7 production environments § Open, non-proprietary solutions that do not tie VeriSign Global Registry to specific vendor products § A variety of solutions that VeriSign Global Registry can tailor to its environment § A migration path to larger platforms as the need arises The VeriSign Global Registry provides ccTLD and prospective gTLD registries with registry infrastructure services. We have the capability to provide a range of services— including everything from a Virtual Registry Service that is managed by VeriSign Global Registry and that leverages our current facilities and infrastructure—to a remotely managed, turnkey registry solution that is resident on customer premises called Onsite Registry Services. The Onsite Registry Service provides the customer with the added flexibility to use some of its personnel for the day-to-day operations of the system hardware and software. Thus VeriSign Global Registry’s services offer the added benefit of mitigating the risk of developing a new registry by enabling new registries to begin with a virtual registry service and migrate to a turnkey registry solution once they have achieved a critical mass of registrations. 2.2.1 Onsite Registry ServicesThe VeriSign Global
Registry delivers a turnkey solution to the customer’s premise for the Onsite
Registry Service. VeriSign Global Registry provides the customers with the
option of purchasing their own hardware and commercial off-the-shelf software as
specified by a bill of materials (BOM) provided by the VeriSign Global Registry.
Onsite Registry Services provides the customer with a limited license to use the
VeriSign Global Registry’s registry software. The customer benefits from
the knowledge transfer of being involved in the day-to-day operation of the
registry while leveraging the VeriSign Global Registry’s expertise perform
remote monitoring and problem resolution. Should the customer elect
to use Onsite Registry Services, they will be responsible for securing a
facility that meets VeriSign Global Registry specifications and establishing the
required connectivity. Additionally, if the customers elect to procure the
equipment themselves, it must also meet the VeriSign Global Registry’s
specifications. The Onsite Registry Service is a great solution for
customers that want to keep their hand on the pulse of day-to-day operations and
that project large volumes of registrations in geographically diverse regions. 2.2.2 Virtual Registry ServicesWith Virtual Registry Services, the VeriSign Global Registry establishes a dedicated instance of the customer’s registry running at its Herndon, Virginia facility. Customers benefit from immediate access to high-bandwidth connectivity, specialized systems and our skilled technical staff. The customer’s registrars interface directly with the VeriSign Global Registry using the standard registry/registrar protocol (RRP), and the process for bringing on new registrars is analogous to the current process for implementing new .com registrars. The customer is responsible for establishing and managing policies with regard to their registrar community. At the customer’s option, VeriSign Global Registry will train the customer’s staff to provide support for its registrars (first level helpdesk). Virtual Registry Services is a fast, cost-effective, risk-mitigating method for enabling a customer to become a registry. 2.2.3 Shared Registry SystemThe Shared Registry System (SRS) provides equivalent access to all registrar domain names in the TLDs administered by VeriSign Global Registry. Registrars access the system through Registry-Registrar Protocol (RRP), an Application Programming Interface (API) specifically designed to support the SRS. The SRS ensures that all registrars will receive consistent, equivalent access to the Registry that VeriSign Global Registry will construct for DTEC & MFZA. 3 DTEC & MFZA Technical SolutionVeriSign Global Registry has developed a very successful business providing registry services that are unparalleled in the high-tech industry today. As purveyors of the domain name information that is so critical to the day-to-day Internet operations of millions of customers, VeriSign Global Registry requires a secure, high performance systems and network infrastructure that is available 100% of the time. An outage or publication of bad information would have devastating consequences for those companies and individuals that depend on the Internet. This is the environment that VeriSign Global Registry has operated in since 1991, and from which we have derived countless years of experience in registry architecture, design, and deployment. Registry support for a TLD must accomplish the following high-level functions: maintain the database of domain names; ensure the quality of Registry data and products (zone files, Whois, and the like); provide a global network for remote distribution of the Registry products; and provide ongoing support and access to users. Successful performance of these functions requires rigorous standards of availability, maintainability, scalability, utility, and security, as well as highly skilled personnel to accomplish the work. The VeriSign Global Registry proposes to design and build at DTEC & MFZA’s facilities a registry infrastructure to support the storage, generation, maintenance and distribution of a new gTLD. Operationally, the new registry will mirror the VeriSign Global Registry in Dulles, VA, albeit scaled for the anticipated volume of new gTLD domain name registrations. Optionally, VeriSign Global Registry will provide virtual registry services for the new gTLD until the onsite registry facilities are completed, tested, and operational. Upon completion of the onsite registry, VeriSign Global Registry will turn over day-to-day operations to DTEC & MFZA staff, but will provide ongoing remote monitoring and management of the systems and software. Registry related issues that cannot be handled locally would be escalated to VeriSign Global Registry through established processes and procedures. Deployment and subsequent onsite services by VeriSign Global Registry Engineering and Operations staff will be available as required. DTEC & MFZA would manage accredited registrar access to VeriSign Global Registry supplied SRS software and documentation through a certification process that includes an OT&E environment provided by VeriSign Global Registry. This process is the same used for managing registrar access to the com, net, and org domains. DTEC & MFZA will provide customer support services for the new gTLD. VeriSign Global Registry will provide the registrar support services tools for registry maintenance, reporting, billing, and other services functions. This proposal assumes that DTEC & MFZA will use its own distributed name servers to host the new gTLD[1]. The registry model as designed by VeriSign Global Registry for DTEC & MFZA will manage the new gTLD zone up to the staging point on distribution servers. Managing and tracking the distribution of the zones to the name servers is a DTEC & MFZA responsibility. Optionally, VeriSign Global Registry will provide DTEC & MFZA name server hosting services for the new gTLD. The following top-level requirements guide the architecture, operation, and management of the Registry. These requirements, many of them interdependent, drive the specific technical approach to be provided as a result of this proposal. 3.3.1 AvailabilityThe Registry must operate continuously, and produce its products on schedule, 24 hours a day, 7 days a week (24x7). Registration service should never be interrupted for a significant period of time, in spite of the need for maintenance, repair, and technology refresh. Delivery of the Registry products must be redundant and independent of the Registry. This level of availability requires highly reliable computers, software, and network connections, organized into an inherently redundant technical architecture. The Registry operations center must be monitored round the clock with staff able to take corrective action, when necessary, without compromising Registry functions. A global network for remote distribution of the Registry products must support the Registry. 3.3.2 MaintainabilityThe Registry must accommodate routine maintenance, repairs, and updates seamlessly and without creating inconsistencies between primary and backup databases or between Registry and registrar databases. No computer system will operate indefinitely without hardware and software maintenance, particularly a large, complex, high-demand, high-availability system like the Registry. Unplanned failures inevitably require hardware repair or replacement, while over time, unexpected conditions will result in occasional software malfunctions. Unanticipated innovations may require changes in Registry database content, registrar service capabilities, or DNS support functions. The Registry must be able to adapt to unpredictable events without compromising its services. 3.3.3 ScalabilityRegistry must accommodate the continuing growth of the Internet transparently, maintaining the responsiveness, security, and accuracy of its services. In addition, future Registry services will require additional support for new processes. The baseline configuration of the Registry and successive incremental expansions must each be large enough to allow for volume growth without continual rearrangement of equipment. Scalability of Registry technical architecture provides for graceful addition of more equipment when required. The construction of a global network for remote distribution of Registry products via TLD servers ensures that data will be accessible even as the Internet expands. 3.3.4 AccuracyRegistry must provide the required technical services to the registrars and to the Internet DNS system with virtually 100 percent accuracy. This must be accomplished within an architecture that allows equivalent access to registration services by all accredited registrars and provides open access to Registry Whois services for all Internet users. 3.3.5 UtilityRegistry operations must provide optimum support to new registrars in attaining operational status and in hands-on analysis of problems. Access to and interface with the Registry must be made as simple as possible to permit training and supporting of independent, competing registrars. 3.3.6 SecurityThe Registry must be operated according to well-documented principles for information and physical security, implemented by adequately trained personnel. It will be a paramount target of sophisticated hackers worldwide, motivated by curiosity, malice, or greed. It therefore must incorporate the most robust information assurance technology to protect the database from corruption, preclude theft of private information by unauthorized third parties, and resist external denial-of-service attacks. Similarly, the physical Registry system must be secured against intrusion and protected against normal vicissitudes of operation that might compromise operational security. Personnel responsible for software implementation and hardware operation must be screened carefully to eliminate potential internal security risks. In addition, to ensure the sanctity of remote distribution of the Registry products, VeriSign Global Registry must have 100 percent control of the remote distribution services, that is, the TLD servers. 3.3.7 PersonnelSuccessful administration of the Registry depends critically on the skills and capabilities of development, operations, and management personnel. Technical development staff must be conversant with state-of-the-art communications, database management, and security technologies. They must be able to decompose complex design problems and apply Commercial Off the Shelf (COTS) solutions without reinventing well-developed techniques. Because of the unusual complexity and critical nature of the Registry, operations personnel must be highly trained and possess a strong sense of personal responsibility for the excellence of their work. Registry management must understand the special character of these staff members in order to successfully recruit, train, motivate, and retain their services to maintain quality of support and control turnover costs. This requires strong leadership, clear delegation of responsibility and authority, and creation and maintenance of an attractive work environment This section lists the requirements that need to be fulfilled by this proposal to deploy a fully functional registry at DTEC & MFZA. § Description of the VeriSign Global Registry components and functions that will be duplicated at DTEC & MFZA § Bill of Materials (BOM) for the hardware, software, and network components that comprise the registry § Clear delineation of VeriSign Global Registry and DTEC & MFZA roles and responsibilities § Staffing and support Requirements § Remote management and monitoring of the hardware, software, and network § Escalation processes and procedures § Facility Requirements § Training § Option for hosting new gTLD at VeriSign Global Registry facilities as interim solution § Option for the new gTLD zones to be placed at the current VeriSign Global Registry gTLD sites § The growth is assumed to emulate the growth of the .com zone. § DTEC & MFZA provides all the registrar services, including the addition of other registrars. § VeriSign Global Registry will effect any change management regarding the software and equipment required to operate the new TLD registry. § DTEC & MFZA will establish direct connectivity to an ISP of VeriSign Global Registry’s choice to facilitate remote monitoring and management of DTEC & MFZA Registry systems. The Registry accepts registrations and registration service requests from all accredited, licensed registrars, while protecting the integrity of registrations from unauthorized access and interference by third parties. Every new domain name application is checked to ensure that the domain name is not already registered. This function demands exceptional speed and accuracy to confirm registrations definitively and to arbitrate near-simultaneous requests for the same domain name. Domain name registrations and name servers, including domain name, name servers, IP address, registrar name, transfer date, registration period, expiration date, status, registration creation date, created by, updated date, and updated by information is maintained by the Registry. The Registry is the authoritative source for its TLD zone file content (i.e., domain name, name server, and associated IP address). The registrar of the particular domain name or name server maintains all other customer data. This protects customer privacy, gives greater flexibility to registrars, and allows them to determine their business model. DTEC & MFZA will have a formal contractual relationship with each individual registrar accredited for registering domain names in their new TLD. This is commonly referred to as a “thin” registry model. The Registry database used to support inquiries to identify the registrar associated with a specific domain name is currently called “Whois.” Whois enables registrars and potential registrants to establish the availability for registration of selected domain names. Internet users also use it to identify the registrar controlling a domain name. Registration of a domain name or name server in the Registry database does not automatically create entries in the Internet DNS. For this to occur, a zone file associating all registered domain names with their corresponding IP addresses is generated and exported to the DNS root servers for the TLD. DTEC & MFZA will operate and maintain distributed root servers to which the zone file is exported and from which the domain name information is disseminated to the Internet community. The deployment and operation of the new TLD name servers is available to DTEC & MFZA as an option. To enable close to 100% Registry availability, multiple database servers are used, with off-site backup to protect against catastrophic data loss. Redundancy is found at almost every level within the Registry to ensure high-availability of the systems and applications for the Registrars. SRS is the Registry architecture and processes used to enable registrations by multiple registrars. It includes the Registry Registrar Protocol (RRP), which is used to support communications between the Registry and Registrars, and provides the security and authentication functions to protect the Registry database while supporting all necessary registrar operations. RRP is also used during the certification process for accredited registrars for operational testing and evaluation of registrar implementations of the RRP prior to commencement of actual registrar operations. DTEC & MFZA will be responsible for providing the RRP software interfaces, documentation, and training to accredited registrars for the new TLD. Hands-on technical support to new registrars should be available from DTEC & MFZA to assist them in resolving difficulties in successful interfacing with the Registry. DTEC & MFZA will operate the Registry for the new TLD. The Registry system will support and maintain domain name registrations, DNS server names, IP numbers, and an identifier for the responsible registrar for each domain name. The Registry will be the authoritative source for the new TLD zone file, while other customer data will be maintained by the registrar of the each domain name or name server. This model is often referred to as a “thin” registry model. In addition, DTEC & MFZA will maintain the hardware, software, network, and database architectures to support Registry functions. DTEC & MFZA must provide a facility and supporting staff to conduct basic Registry operations, provide support to registrars, and maintain connectivity to the Internet. The Registry responsibilities can be divided into the categories: §
Network Infrastructure
Connecting
the critical components of the Registry together. § Internet Services Providing and maintaining the public Internet infrastructure components that allow the public to access the Registry. § Application and Database Supporting day-to-day processing, including registration services and corporate support services such as billing and business affairs. § Operational Test and Evaluation Supporting a fully functional Registry interface to support testing and evaluation of registrar client software. This system can also be used to verify Registry system upgrades before going into production. § Customer Service Training of 1st level Support Staff and tools to be used by Customer Service Representatives (CSRs) to perform Registry data maintenance functions for registrars. The Registry will provide staffing for 2nd level Support. 3.7.1 HardwareThe following figure represents a Registry architecture similar to the one VeriSign Global Registry would install at DTEC & MFZA. The exact architecture and bill of materials will be provided as part of the deliverables to DTEC & MFZA.
3.7.1.1 NetworkInternet connectivity should consist of a minimum of two (2) fractional or full T3 lines from diverse ISPs or Tier 1 providers. High-capacity border routers will connect the wide-area network (WAN) circuits to the Registry local-area networks (LANs). Fast Ethernet switching and virtual LAN (VLAN) capabilities enable physical and logical segmentation of the internal networks. Load-balancing devices are used for load sharing and for balancing high-volume network services to the RRP gateways, Whois servers, and the Web servers. Firewall systems are hosted on multi-processor UNIX servers. Physical LAN connectivity is through 100BaseT over Category 5 (CAT 5) cabling. 3.7.1.2 Application and DatabaseThe
Application and Database segment has a combination of UNIX servers, to support
Registry applications, and high-speed PC workstations, to act as billing
servers. The Registry database
resides on high-end multi-processor UNIX servers; each scalable through
additional processors, board slots, and main memory.
Hot-swappable power and cooling help ensure high-availability. The
storage system is a redundant, scalable, high-performance storage platform with
additional software functionality. The
architecture of the enterprise storage system, with two storage arrays and a
tape storage device, provides sufficient storage for external public services
and headroom for future growth. A
tape backup capability supports disaster recovery. 3.7.1.3 Operational Test and Evaluation (OT&E)The OT&E system provides an environment for a registrar to perform its technical evaluation. This environment is also available to verify system upgrades and modifications before applying them to the production systems. The OT&E environment will have an RRP gateway outside a firewall. All other activities will be directed through Registry Application and Database servers with other equipment added as needed. Initial capability will be hosted on multi-processor UNIX servers. The OT&E environment is completely independent of the live production Registry application and database system. 3.7.1.4 Customer ServiceCustomer Service will use high-speed PC workstations to support customer service operations. These commercial workstations can be configured as required to support the evolving customer service operations. 3.7.2 NetworkThe network architecture comprises both a WAN and LAN. The WAN provides Internet access to and from the Registry, and should consist of at least two diverse backbone connections via fractional T3s at 45 mbps each (two DS3s from different vendors). This provides redundancy for availability and maintainability. It is recommended that DTEC & MFZA enable a minimum of 6Mbps per circuit with burstable capabilities up to the full 45Mbps per line. This configuration should provide sufficient network capacity to meet expected demand for at least three years based on DTEC & MFZA’s registration estimates. The WAN architecture includes Cisco border routers using BGP routing protocol. An access control list on the routers filters out undesirable traffic. Firewalls provide the security between the WAN and the LAN. The LAN is designed to support a heterogeneous technical environment. It uses switched fast Ethernet (100BaseT) and supports all functional areas of the Registry. For security, scalability, and maintainability, it is segmented into four virtual LANs: Application and Database, DOT&E, Customer Service, and Internet Services. Internet Services resides outside the firewall and uses load sharing and balancing for high-volume network services to ensure high availability. To meet performance requirements, the LAN uses switched fast Ethernet for high throughput with minimum latency. Hot Standby Routing Protocol (HSRP) provides full redundancy, while routers and switches have excess capacity to accommodate growth. The Registry product consisting of the new TLD zone file will be remotely distributed to a global network of gTLD servers at least twice a day. These gTLD servers are an integral part of the network architecture WAN component and are what the Internet users will interact with. DTEC & MFZA will have to deploy a constellation of new TLD name servers to support the new top-level domain. 3.7.3 Shared Registration SystemThe Shared Registration System (SRS) includes protocols, services, and the database system. The SRS provides data for all products (e.g., zone files, transaction logs, Whois snapshots). It enables multiple registrars or agents to provide Internet domain name registration services and ensures equivalent access to all registrars. The SRS is scalable to support the expected growth in registrars’ domain name registrations and operates on fully redundant system components. 3.7.3.1
External Public Services
External Public Services comprise the Registration, Resolution and Whois service. The Registration service enables registrars or agents to register domain names, and provides the following functions: § Add—register a domain name or domain name server § Check—check availability of a domain name or name server § Delete—delete a domain name or name server § Describe—give general information to the registrar about RRP § Modify—update a domain name or name server § Quit—close RRP session § Renew—extend the registration period of a domain name § Session—create an RRP session § Status—query a domain name or name server § Transfer—transfer a domain name from one registrar to another. The Resolution service enables Internet users to access and use domain names already registered. The Whois service allows Internet users to query the Whois database for domain name availability and ownership. 3.7.3.2
Internal
Services
Internal Services enable external services and support audit and tracking information for functions such as billing and performance measurement. 3.7.3.3 Interfaces to Shared Registration SystemThe interfaces to the SRS, protected using the Secure Socket Layer protocol, are a secure registrar Web interface, a Customer Service Web interface, a Whois Web interface as well as Whois command line access. 4 Facilities RequirementsDTEC & MFZA is responsible for providing an appropriate environmental infrastructure for supporting the Registry infrastructure and operations. This will include providing appropriate facilities that have sufficient space, power, cooling, and security to house the equipment. It is anticipated that approximately 2500 square feet will be necessary to house the Registry related systems. The facility should have the following characteristics: § Sufficient floor space to house all the system and network equipment. § If applicable, sufficient building reinforcement to minimize earthquake damage. § Physical security to include, but not be limited to, 24x7 security staff, site access lists, electronic card or biometric controlled access, and camera coverage. § Adequate primary and back power in an N+1 configuration. There should be sufficient UPS battery power until backup generators come online § Adequate air conditioning to maintain an ambient room temperature of between 68 and 72 degrees Fahrenheit in an N+1 configuration. § Primary and backup fire suppression systems. Proactive smoke detection devices are desirable. § 24x7x365 on site support personnel with the appropriate skills
5 Support ServicesSupport services will be split between DTEC & MFZA and the VeriSign Global Registry. VeriSign Global Registry will provide the following support services in support of the proposed registry at DTEC & MFZA, which are described in succeeding subsections. § Deployment Services § Systems Monitoring § Registry Technical Operations (Tier 2/3 support) § Onsite Services § Customer Services DTEC & MFZA is expected to provide day-to-day operations of the registry systems, software, and network, and provide the registrar with customer support. Severe problems that affect operations will be escalated to VeriSign Global Registry for assistance. 5.1.1 Deployment ServicesVeriSign Global Registry will provide turnkey deployment services for the DTEC & MFZA. Deployment services will work closely with DTEC & MFZA on constructing a detailed project plan for all stages of the Registry installation. Trained staff will be placed onsite at the remote facility to conduct the installation and train DTEC & MFZA staff in the operation of the Registry. 5.1.2 Systems MonitoringThe VeriSign Global Registry Global Command Center (GCC) provides 24x7x365 global systems monitoring and support. State-of-the-practice automated systems monitoring tools and technology continually assess the health and well being of servers, networks, and applications under its control. This control will extend to DTEC & MFZA’s Registry, where the GCC will seek to detect and address anomalies before they result in service outages. Rapid response, strong problem management capabilities, and established escalation procedures will ensure that issues are identified and quickly resolved. The customer will purchase hardware and associated software licenses as outlined in the contract for the purpose of monitoring the onsite registry system. VeriSign Global Registry staff will perform hardware and software installation, documentation, and training sufficient for the customer to establish an Onsite Command Center (OCC). Second (2nd) level system alerts and 1st level alerts that cannot be resolved by DTEC & MFZA will be escalated directly to the VeriSign Global Registry Global Command Center (GCC). The GCC will also monitor the customer’s onsite registry system and contact the OCC when 2nd level alerts are received. The OCC will be informed of actions, timeframes, and current status of GCC efforts to resolve 2nd level alerts or any other alert or issue escalated to the GCC. When problems are noted, the GCC staff will open a trouble call and performs preliminary analysis to diagnose the root cause of the problem. They will contact the DTEC & MFZA OCC to inform them of the issue and measures being taken to address the problem. At that time DTEC & MFZA assistance will be requested if required. If the first-level support team cannot resolve the problem, GCC will immediately escalate it to the on-call System Administrator (SA) in Registry Technical Operations. The SA will immediately address the problem and contact the on-call Database Administrator if necessary. In the unlikely event that the problem cannot be resolved at this level, the problem is escalated to VeriSign Global Registry Engineering. A workaround may be provided until the issue is resolved. 5.1.3 ArchivesVeriSign Global Registry shall not perform, nor shall procedures, documentation, or training be provided for the performance of periodic archives. Archiving shall be performed only on an ad hoc basis as required to alleviate system capacity constraints. 5.1.4 Business Continuity / Disaster RecoveryThe proposed architecture for the onsite registry is designed to address the failure of any single component in the architecture. The customer will purchase hardware and associated software licenses as outlined in the contract for the purpose of facilitating the correction of component failures. VeriSign Global Registry will provide procedures, documentation, and training for the customer staff to perform component failover. The GCC will be notified prior to executing any component failover procedure. The customer is responsible for any site disaster recovery capabilities. The customer should consider the following options: · No full disaster recovery capability. · “Cold” site – some equipment pre-staged with the capability to quickly acquire other equipment. Data is restored from offsite backup tapes. · “Hot” site – fully capable stand-by site with data either restored from backup tapes or synchronized real-time. · Load balanced second site. VeriSign Global Registry can assist with the implementation of any of these options. 5.1.5 Problem ManagementVeriSign Global Registry will track and report all problems that are escalated to VeriSign Global Registry (e.g., those resulting from 2nd level alerts or other alerts escalated by the remote Registry operators). Problems escalated to VeriSign Global Registry will be prioritized according to the following guidelines: · Severity 1 – Service is down. Business is halted. · Severity 2 – Service is impacted. Business is degraded. · Severity 3 – Service is not impacted. Business is proceeding in a normal fashion For Severity 1 problems, VeriSign Global Registry will investigate and respond with an action plan within 4 hours of notification or escalation to VeriSign Global Registry. Every reasonable effort will be made to restore some level of service as quickly as possible. For Severity 2 problems, VeriSign Global Registry will investigate and respond with an action plan within 8 hours of notification or escalation to VeriSign Global Registry. Every reasonable effort will be made to restore full service as quickly as possible. For Severity 3 problems, VeriSign Global Registry will investigate and respond with an action plan within 24 hours of notification or escalation to VeriSign Global Registry. Every effort will be made to solve the problem without impacting service (e.g., requiring a system outage). The timeframe for resolving the problem will be determined in conjunction with the customer, considering all benefits and risks. 5.1.6 Change ManagementVeriSign Global Registry will track and report on all system changes. The remote Registry without the knowledge and approval of VeriSign Global Registry should implement no system changes. VeriSign Global Registry will notify the customer of system changes in accordance with the following guidelines: · Severity 1 problems – notification will occur when change is made · Other problems – notification will occur a minimum of 8 hours in advance. · Changes not requiring a service outage – notification will occur a minimum of 24 hours in advance. Change
management will also apply to planned modifications and upgrades.
Although the Registry infrastructure as provided will provide for
significant growth, changes to the systems may be required to improve
availability, reliability, and performance.
VeriSign Global Registry will provide 30-60 days advance notice to DTEC
& MFZA of changes to the Registry hardware and software architecture. VeriSign Global Registry CS is designed to provide second-level support to DTEC & MFZA CS. This is accomplished through dedicated 24-hour Customer Service Representative support, seven days a week, 365 days a year. VeriSign Global Registry CS supports escalations regarding domain maintenance, technical troubleshooting of systems and networks, and report generation issues. When DTEC & MFZA CS receives a call from its Registrar, it will collect all necessary information and resolve the issue. If it is unable to resolve the issue, DTEC & MFZA CS will forward the call to VeriSign Global Registry CS. VeriSign Global Registry CS will log the call in the CS tracking system and assign a tracking number. The NIS Registry CSR will work closely with DTEC & MFZA CS to resolve and close the ticket. If necessary, VeriSign Global Registry CSR will forward the ticket to the appropriate Registry department for investigation and resolution. Once resolution is obtained, the VeriSign Global Registry CSR will forward this information to the DTEC & MFZA CSR who then contacts Registrar for closure. The VeriSign Global Registry CS will always be the single point of contact for the DTEC & MFZA CS for updates and additional information until closure of the ticket. DTEC & MFZA operations staff will do much of the day-to-day operations of the registry. This includes, maintaining the domain name database, generating and distributing the zone files, managing operational issues, and other operations related activities. 5.3.1 Systems MonitoringDTEC & MFZA will purchase hardware and associated software licenses as described in the bill of materials for monitoring the onsite registry system. VeriSign Global Registry staff will perform hardware and software installation, documentation, and training sufficient for the customer to establish an Onsite Command Center (OCC). DTEC & MFZA will provide or supplement onsite 7x24x365 staff to perform Registry systems monitoring functions. VeriSign Global Registry will provide documentation and training sufficient for DTEC & MFZA OCC staff to respond to 1st level system alerts. Second (2nd) level system alerts and 1st level alerts that cannot be resolved will be escalated directly to the VeriSign Global Registry Global Command Center (GCC). The GCC will also monitor the customer’s onsite registry system and contact the OCC when 2nd level alerts are received. The OCC will be informed of actions, timeframes, and current status of GCC efforts to resolve 2nd level alerts or any other alert or issue escalated to the GCC. 5.3.2 Backup & RestoreDTEC & MFZA will purchase hardware and associated software licenses as outlined in the contract for the purpose of performing periodic backups and restores. VeriSign Global Registry will provide documentation, procedures, and training sufficient for the customer staff to perform daily backups and any restores that might be directed by VeriSign Global Registry. No data restores to the production system will be performed without the knowledge and approval of VeriSign Global Registry. Restores to ancillary systems (not under VeriSign Global Registry management) shall be at the discretion of DTEC & MFZA and do not require VeriSign Global Registry knowledge or approval. Customer is responsible for the proper storage, condition, and management of tapes. 5.3.3 Systems MonitoringDTEC & MFZA will purchase hardware and associated software licenses as outlined in the contract for the purpose of monitoring the onsite registry system. VeriSign Global Registry staff will perform hardware and software installation, documentation, and training sufficient for the customer to establish an Onsite Command Center (OCC). DTEC & MFZA will provide onsite 7x24 staff to perform systems monitoring functions. The OCC will be informed of actions, timeframes, and current status of GCC efforts to resolve 2nd level alerts or any other alert or issue escalated to the GCC. OCC shall be prepared to assist in the resolution of any problems reported to the GCC. DTEC & MFZA will be required to establish or supplement its existing Help Desk with Custer Service Representatives (CSRs) trained in Registry-Registrar support services. Customer Service (CS) is a critical function that is provided to accredited Registrars starting at the certification process and carrying through to production. It is first-level support provided on a 24x7x365 basis to Registrars regarding every aspect of the domain name registration business. Customer Services offers support on domain maintenance, procedural questions and issues, technical troubleshooting, and billing questions. The DTEC & MFZA Customer Service Representatives (CSRs) work closely with the Registrars from the initial call receipt to its final resolution. The DTEC & MFZA CSR will always be the single point of contact for the Registrar for updates and additional information until closure of the ticket. If DTEC & MFZA CS is unable to resolve the issue, it will escalate the issue to VeriSign Global Registry CS for resolution. The DTEC & MFZA CSR will work closely with the VeriSign Global Registry CSR to obtain all necessary information from the Registrar. Once completed, the resolution for the ticket is returned to the DTEC & MFZA CSR who then contacts Registrar for closure. 5.4.1 Registry CSR ToolVeriSign Global Registry provides a web-based maintenance tool, Registry CSR Tool, for domain updates and administrative functions. This site is password protected to maintain security for individual Registrar information. Through this site, the Registrar will have access to daily and weekly reports, billing information, and the ability to update administrative and domain information. To assist in providing quality support, DTEC & MFZA CS will have access to view and update individual Registrar administrative and billing information through this web-based tool. DTEC & MFZA CS will also have the ability to update domain information for the Registrar and view Registrar reports. 5.4.2 Registry ReportsRegistry reports fall primarily into three categories: Registry, Registrar, and Billing and Revenue. A standard reporting format is used, although the Registry CSR Tool can be used to generate custom queries. Many of the Registry and Registrar reports are Registrar specific. Following is a sampling of the reports and the group they are intended for. REGISTRY §
Registrar
Details §
Registrar
Domain Registration Summary §
Registrar
Transaction Summary §
Domain
History §
Nameserver
History §
Domains
Transferred by Registrar §
Domain
Registration/Transfer/Renewal Summary §
Domain
Credit Deletions REGISTRAR
§
Registered
Domain Names §
Domain
Child Nameserver BILLING
AND REVENUE §
New
Registrations (Monthly/Daily) §
Transfers
(Monthly/Daily) §
Renewals
(Monthly/Daily) §
Available
Credit Modification §
Domain
Credit Deletion List 1 Sample Registry Reports The Finance team handles the accounting and finance issues involved in integrating new registrars into the Shared Registration System. They also manage the billing process and ensure that billing is generated accurately, and on a timely basis. 6 Onsite Registry StaffingDTEC & MFZA should be prepared to increase their Operations staff in support of Registry operations. As indicated earlier this will be a 24x7x365 operation, and will require staff to conduct the following types of activities. § Zone generation § Zone distribution § Backup and recovery § Remote hands support § System operations § Network operations and management § TLD name server monitoring and management Operations staff should be skilled in operation and troubleshooting of Cisco, IBM, and Sun hardware and software technologies. Customer Services should also be staffed for 24x7x365 operation. The CSRs will be trained by VeriSign Global Registry to answer registrars’ questions and provide assistance with many areas of the Registry. They are the registrars’ initial point of contact with the Registry, and they work closely with the internal groups to resolve customer issues. Their tasks include, but are not limited to, the following: § OT&E ramp-up and certification § TLD data corruption § Account administration § Domain maintenance § Whois § Billing § Domain policy § Reports Customer Affairs (CA) manages the relationships the Registry has with external bodies, most notably the registrars and ICANN. They initiate and maintain business and contractual relationships with ICANN accredited registrars, and work with newly accredited registrars to ensure a smooth and quick ramp-up process. In addition, CA interfaces with ICANN and is responsible for interpreting ICANN guidelines and making sure the Registry is compliant. 7 Optional ServicesAs described in the Introduction, registry services will be provided on VeriSign Global Registry systems in Dulles, VA. This offering is directed at ccTLDs and new gTLDs that require a stable, well-operated registry to host and distribute their domains. As an interim option while DTEC & MFZA’s registry is build, VeriSign Global Registry will host the new gTLD and distribute it either to DTEC & MFZA’s distributed name servers or VeriSign Global Registry’s name servers as described below. As an option, VeriSign Global Registry is proposing to support the new gTLD on the existing gTLD infrastructure. In 2000, VeriSign Global Registry has assumed full responsibility for hosting the com, net, and org zones on high-performance systems strategically placed at topological cores of the Internet worldwide. As an interim or permanent measure, VeriSign Global Registry will host the new gTLD on these name servers. This would ensure that the greatest number of hosts and users have immediate, reliable resolution of their new domain name. 8 Financial and Business Terms8.1.1 PricingThe pricing schedule for VeriSign Global Registry’s Onsite Registry service is identified in the following chart. Table
1
-
Onsite Registry Service Price List
1VeriSign
will host DTEC & MFZA’s registry service in phase I to allow enough time
for DTEC & MFZA to set up their registry in Dubai. 8.1.2
|
|||||||||||||||||||||||
Copyright September
2000 -DTEC & MFZA -DiDRA-LOK |