The AEP DNSSEC Solution offers true random number generation for the highest quality keys, a hardened platform, key management and resilience Plus elliptic curve cryptography.
To accelerate deployment, the Ultra Safe DNSSEC solution comes with a toolkit. It enables out of the box key generation and DNS zone signing. This makes for a convenient test platform or a production inline signing server. The toolkit gives organisations what they need to deploy their DNSSEC solution quickly, with optimum flexibility.
A comprehensive solution
The AEP DNSSEC Solution offers true random number generation for the highest quality keys, a hardened platform, key management and resilience Plus elliptic curve cryptography. The toolkit consists of a pre-installed open source software stack provided on DVD. The primary component is the ISC BIND DNS Server software based on a hardened Linux operating system. Like our Keyper PLUS the toolkit uses best in class technology. ISC BIND is the gold standard for DNS Servers on the Internet and supports the full DNSSEC standard and automatic key rollover. The toolkit makes a DNSSEC signing server easy to deploy into existing virtualised infrastructure.
The full toolkit consists of the following:
- ISC BIND DNS Server
- CEntOS (Community Enterprise Operating System) virtual server compatible with existing virtualised environments
- OpenSSL
- Keyper drivers
- Open DNSSEC
Applicable markets
- ccTLDs & gTLDs – The highest level of cryptographic assurance for TLD owners
- Domain Registrars and ISPs – requirement for ICANN’s 2013 Registrar Accreditation Agreement (RAA) and future customer retention
- Blue chip corporations – retain control of own DNS zones, retain ownership of cryptographic key material
The AEP DNSSEC solution is based on the maximum security AEP Keyper PLUS HSM. In 2000 AEP lead the way with the first fully tamper-proof HSM. AEP’s Keyper has maintained the FIPS 140-2 Level 4 accreditation for fourteen years and is relied upon the world’s preeminent defence in depth strategists.
Data integrity – DNSSEC is a mechanism to verify DNS data for Top Level Domains, secondary level domains and corporate domains where trusted data security is paramount
Compatibility – designed to be backwards compatible with the original standard DNS protocol
- Automation – automatic zone signing achievable using new inline-signing feature and automatic key rollover
- Ease of deployment – Hyper-V or VMware virtual appliance eases deployment of OS and DNSSEC into service.
- Assurance – the only FIPS 140-2 Level 4 HSM
- Capability – broad range of algorithms including elliptic curve
- Architecture – Built using ACCE, giving tamper protection to FIPS 140-2 Level 4
- Fault Tolerance and Scalability – Load balancing of multiple HSMs across multiple hosts and locations
- Authenticated Use of Keys – Optionally PIN activated
- Proven – AEP’s Keyper is deployed in the original DNSSEC implementation for the root DNS domain, hailed by Vint Cerf as heralding a new era in Internet security. AEP’s Keyper is also the foundation of the world’s most renowned top level domains.
