Servers Prior to Use

TECANA AMERICAN UNIVERSITY BACHELOR OF SCIENCE – Information System Engineering

Trabajo Especial de Grado

Internet Service Provider – Hosting Automation Software

Presentado por: Bhamidipati Venkata Gopala Anirudha Sharma Como requisito para optar al titulo: Bachelor of Science in Information System Engineering Por Academic Dirección: Dr. Jesús Reinaldo Rivas Zabaleta, Ph.D.

Por Academic Staff: Dr. Raúl Roldán, Ph.D.

Caracas, 15 de Agosto de 2005

TECANA AMERICAN UNIVERSITY BACHELOR OF SCIENCE – Information System Engineering

Trabajo Especial de Grado

Internet Service Provider – Hosting Automation Software

Presentado por: Bhamidipati Venkata Gopala Anirudha Sharma Como requisito para optar al titulo: Bachelor of Science in Information System Engineering

Por Academic Dirección: Dr. Jesús Reinaldo Rivas Zabaleta, Ph.D.

Por Academic Staff: Dr. Raúl Roldán, Ph.D.

Caracas, 15 de Agosto de 2005

“Por la presente juro y doy fe que soy el único autor del presente trabajo especial de grado y que su contenido es consecuencia de mi trabajo, experiencia e investigación académica”

______Autor: Bhamidipati Venkata Gopala Anirudha Sharma Fecha:14-Aug-2005 Ciudad: Caracas, Venezuela.

About the Industry Technical Reviewer:

Ing. Oswaldo José Inojosa Moya: Ex – CTO, Dayco Telecom C.A. He is one of the founder members of the original team who lead the formation of the 1st Data Center in Venezuela, and was instrumental in the formation of high availability services in the country. He came to lead a multi-disciplinary task force of operations at Daycohost, from a large transnational ATM Solution Provider called Newbridge which later was absorbed Alcatel. He has graduated from the prestigious Simon Bolivar University in Caracas, Venezuela as “Electronics Engineer “and later on specialized in “Business Finance” from the same university.

______Revisado: Ing. Oswaldo José Inojosa Moya Cedula Identidad: V- 10691872 Fecha: 15-Aug-2005 Ciudad: Caracas, Venezuela.

Acknowledgements

I thank the extra-ordinary people whom I have met and those who stood by me during the 3 difficult years teaching me not only the language, mannerisms, ideas without which the vision to architect a true Venezuelan hosting company on par or even excel the U.S based Internet Data Centers.

I would like to thank my late father, Dr. B.Sree Rama Murthy, M.D.S, FICD, my mother Dr. B. Pushpalata M.B.B.S, DGO for having carefully taught the ropes of life, my late grandmother Mrs. B. Jagadamba for having taught the power to dream and realize it. I also thank my adopted family here in Caracas, Mr. Manuel Iglesias and Mrs. Conchita Iglesias along with all their family members who encouraged and helped me to adopt to the mutli-cultural Venezuelan lifestyle and supported me during the toughest phases. Along with my heartfelt thanks to Ms. Jannina Morales and her family.

I would also like to my friends, teachers’ formal and no-formal who have taught many things and to whom I owe all this success. All these people were kind enough to contribute their experience. Thanks to the staff of Kafta Inversiones C.A., who provided good coffee, lunch, dinner, a good atmosphere, and a good conversation along with all the staff members of Copy Red C.A. and King Copy C.A. who provided us the additional material on time for all the team members right on time and even working all the extra hours to push us on without a hitch.

As Plato said: “Only if the various principles-names, definitions, intimations and perceptions-are laboriously tested and rubbed one against the other in a reconciliatory tone, without ill will during the discussion, only then will insight and reason radiate forth in each case, and achieve what is for man the highest possible force…..”

I would like to thank the following for all the kind discussions provided over the last 3 years for the completion of this project:

Mr. Franco D’ Agostino, Chairman, Dayco Telecom C.A. Dr. Rafael Hernandez Millán, Board Member, Dayco Telecom C.A. H.E. The former Ambassador of India in Venezuela, Mr. R. Viswanathan, IFS. Mr. Aeries Barreto, Ex-CEO, Pequiven. Ms. Mariadela Larrazábal Gaston – COO Dayco Telecom C.A.

Mr. Tijelino Bravo – VP- Operations Dayco Telecom C.A. Mr. Raghu Ram Reddy, J.D.Edwards USA. Mr. K.S.A.Srinivas – G.E.Financial Services India. Mr. Michael Gold – CEO Sphera Inc. Mr. Pedro Gómez, Sun Microsystems de Venezuela. Mr. Jose Luis Reyes, Presidente, Linux Sistemas, Caracas. Mr. Victor Araque, Ex-Manager Operations Dayco Telecom C.A. All ex-staff members of Dayco Telecom C.A. Mr. Cesar Gonzalez, Administrator – Unix Systems. Mr. José Pinal, Manager-Networking, Dayco Telecom C.A. Mr. Harald Rosch, Sales Manager, Infostrada,Italy. Ms. Shirley Coffee, ExManager SH -Operations Dayco Telecom C.A. Mr. Javier Rincon – Ex-Project Leader, Sphera-Daycohost. The IT-Staff of Seguros Mercantil. The IT-Staff of Mapfre. Mr. Luis Díaz Luna – Ex - Manager Telco, Microsoft de Venezuela. The Sales team headed by Mr. Pedro Espinel, Dayco Telecom C.A. The IT-Staff of Sun Microsystems de Venezuela. The Sales team of Dell in both USA and Venezuela. The IT-Staff of Sphera – USA (Especially to Mr. David Greenberg, Mr. Jaimeeson Moore) & Israel (Mr. Don Frenklen) along with all ex-staff members. And every single member of the Daycohost family.

The one individual whom I would like to thank is the greatest back-office manager I have been very fortunate to work with and learn the art of back-office management, Mrs. Mayanin Lara. The VP-Finance Mr. José Manuel Rivero, along with the soft-spoken and a very sharp legal mind, Dr. Luis Marcano, the success factors to all efforts at Dayco Telecom C.A.

Contents

1. Foreword……………………………………………………………………..Page 8

2. Part 1: Technology Issues of web hosting…………………………………...Page 10

3. Part 2: Shared Hosting Issues………………………………………………..Page 17

4. Part 3: Technology Selection for Shared Hosting…………………………...Page 18

5. Part 4: Existing hosting technology at Dayco Telecom C.A. in Shared Hosting …………………………………………………………………..……………Page 32

6. Exhibit A – Verio-Dayco web hosting service description ……………...... Page 38

7. Part 5: Implementing a new Shared Hosting Platform ..……………………..Page 67

8. Part 6: Migration of Clients from existing platform to new Shared Hosting Platform………………………………………………………………………Page 77

9. Part 7: Stabilization of Clients……………………………………………….Page 80

10. Summary…………………………………………………………………….Page 114

Appendix

1. Appendix A: Internet Protocols terms and how they are used………………...…Page 84

2. Appendix B: Monitoring System of Shared hosting services……………………Page 88

3. Appendix C: Ports – TCP & UDP………….……………………………………Page 90

4. Appendix D: Network Layout…………………………………………………..Page 92

5. Appendix E: Firewall …………………………………………………………..Page 95

6. Appendix F: LACNIC issues…………………………………………………..Page 104

7. Appendix G: Billing System…………………………………………………..Page 108

8. Appendix H: Availability Framework for Applications in Shared Hosting ….Page 110

• Bibliography……………………………………………………………………Page A • Web-sites……………………………………………………….……………….Page A • List of figures………………………..…………………………………….……Page B • List of Tables……………………...…………………………….……………...Page D

Foreword

For all ISP - Internet Service Providers the set up of new services has always been a technical and a financial nightmare come true, which affects the very way they have been making their presence felt in making the lives of their customers easier of otherwise. MSP – Managed Service Provider is still higher latitude of the services paradigm for all ISP’s since it is the most financially lucrative business available to all involved in the Telecommunications industry. After a gap of 7 years I had returned back to the Telecom segment and after living it on a second by second basis, I still find the most amazing thing I have seen is the “Internet” and the fantastic notions it produces making our lives richer. Changes are permanent and so does ones knowledge, I have learnt to live with this changing scenario and it is forever that one learns.

Shared hosting is the most profitable segments of the Worldwide hosting industry and by far will continue to grow providing the large segments of individuals, small and medium business the “Show case” to present them to the world anywhere, anytime on a 24 x 7 x 365 basis through the WWW – World Wide Web, testing the hosting providers might to deliver effectively at the OSI Layer 7 – Application Layer.

Abstract:

The shared hosting being still a very new service in the internet service provider realm, Daycohost started to provide this service with the world leader in web hosting , called Verio. This was due to the fact that Daycohost did not have the sufficient know-how and the market was just growing in Venezuela so to position itself strongly in this segment the alliance with Verio was sought. But as time went on into the 2nd year of operating the platform, there were challenges like problems with technical support, absoluteness of the platform, and pricing became a problem for Daycohost to compete against new providers who did not have any or very low investment in Venezuela and thereby a alternate business plan to replace the platform was sought which resulted in the project “Rendezvous” after a lunch meeting in Caracas year 2002. Based on industry standards, client requirement analysis after interviewing around 100 clients, and a clean financial analysis, strategic planning meet it was decided that we go ahead quietly. After careful selection of world leading providers of Hosting automation software – Sphera was selected aptly. It is now to be seen how Daycohost makes the most of this application framework after a successful implementation.

Note: “Daycohost” is the trademark of Dayco Telecom C.A., a Venezuelan ISP, also referred to as Dayco, Daycohost, Dayco Telecom C.A. in the thesis”. Verio a Colorado based ISP internet service provider is herein referred to as Verio.

Part 1: Technology Issues of web hosting

One of the major forces that drove the rapid adoption of the Internet beyond academia and research labs was the invention of the Web browser along with the development of the Hypertext Transfer Protocol (HTTP). Seemingly overnight, companies could publish and share information that traditionally had been locked in proprietary data sources such as legacy systems and databases. The browser provided a near universal display mechanism allowing users to suddenly browse vast amounts of information and run applications without having to learn arcane network protocols or worry about whether the application was installed on their local machine (anybody who has ever had to learn the command line or deal with the limitations of a client-server application can appreciate the two final points).

Shortly after businesses started publishing information (static sites), they then evolved and started conducting business on the Internet; this led to dynamic sites, which are typically linked to databases. Traditionally, commerce has been characterized as either business-to-consumer (B2C), business-to-business (B2B), or business-to-enterprise (B2E). The adoption of the Internet revolved around these different business needs.

In many ways, the Web proved adequate for many businesses when used in the context of B2C. However, it falls far short of the needs of B2B. In some cases, the Web browser can even be a hindrance—many organizations would like to automate business processes without being required to display the information. This direct integration of businesses leads to the term business-to-business integration (B2Bi).

Consider the following scenario. A user visits a site, performs some searches, and then places an order. While this sequence is acceptable for an individual consumer, it falls short in cases where the purchase cycle tends to be repeated frequently (for example, a corporation purchasing a variety of items from multiple sources). The following items are examples of the types of deficiencies faced in B2B interactions:

• Requiring a person to manually perform a process can be time consuming and prone to errors. Automating such processes would certainly streamline a company's operations significantly.

In this case, we are talking about automating a business process—purchasing—rather than remembering past purchases for personalization reasons.

• The information returned from the transaction is a mix of presentation-related data

(graphics, formatting instructions, etc.) and business data (product names, codes, prices, etc.); this information is not in a format that can be easily integrated into another system. Consequently, it often requires that a person distinguish what is actually relevant in most interactions. Consider how expensive it is for a purchasing agent to re-enter information into an accounting system that is returned from a purchasing system. This seems rather antiquated by today's standards, but many companies are still performing a lot of their processes manually because there are few, if any, standards for information that is being passed around. What is needed is either a universal format or at least a way to separate business data from presentation data.

In many cases, the functionality offered by one site cannot be merged with another site to provide a more complete solution to the consumer due to technical limitations (lack of standards, integration challenges, incompatible technologies, etc.). As an example of this last point, consider a consumer who would like to book an entire vacation (flight, rental car, lodging, and local activities) online. The consumer (or travel agent) has to visit multiple sites and cobble together a package; then he must ensure that all the relevant criteria (identification, dates, locations, etc.) are matched. Anyone who has planned a vacation has experienced the amount of work involved (no wonder cruise ships are so popular!). This clumsy user experience exists because it is currently too difficult for the site operators to break the sites into discrete sets of sub-processes that can be merged or integrated into an experience that is relevant to the consumer (in this case, a total vacation experience). The focus of each site is narrow (the ski school is offering ski instruction, the airline is offering flights, etc.) whereas, as far as the user is concerned, all of these events have to be scheduled and booked to accomplish his overall goal, i.e., to book the entire vacation. Unfortunately, the site that offers skiing instruction has no way of knowing that the consumer visiting the site is the same person who is staying at a local hotel on a particular date. Without that information, the site would have to ask for that information again. Multiply this registration process n times and the poor consumer will feel like taking a vacation after just planning the vacation!

In more technical terms, the sites cannot share the state of the user session. Current technologies allow for saving the state as long as the visitor is on the same site, but maintaining the state between sites is much trickier.

Wouldn't it be much more useful for the consumer if these sites were integrated? On the surface, this seems like a rather straightforward problem, but there is more to the problem than what appears on the surface. Each site is more than just a static site; there are various back-end systems that must process incoming (and outbound) requests, and these systems are plagued by

problems that have existed for a long time.

Consider this related example. An airline reservations company (call it XYZ) is trying to expand its market. If XYZ is to acquire a customer, that customer must be able (and willing) to integrate its system to XYZ's back-end system (typically on a mainframe system). However, since the application programming interface (API) to the mainframe system is highly proprietary, the customer must incur the high cost of integration. This high cost to customers limits the number and type of customers that XYZ can attract—typically, only large firms can absorb the high costs of integration, effectively prohibiting XYZ from doing business with many types of marketing channels (such as small businesses). It would greatly benefit XYZ if its systems and those of potential customers could have a common mechanism for exchanging data and functionality. This would significantly reduce integration costs and allow XYZ to effectively perform application syndication—just as content can be syndicated to many channels for redistribution, XYZ can potentially syndicate its application to multiple destinations (channels of distribution), which may or may not be Web sites.

Let us consider a Global 2000 company that has made many acquisitions (or has itself been acquired by another firm). Through a series of external events, it has inherited a number of enterprise systems that need to be integrated to deliver business value to its customers, both internal and external. In many cases, an enterprise is no longer confined inside four walls. Instead, an enterprise now must exist within a larger ecosystem of trading partners, including its employees, customers, suppliers, distributors, and others—the term for this is extended enterprise. Figure 1 is an example of the extended enterprise.

According to EAI Journal, a Global 2000 company has, on average, 49 mission-critical systems.

Figure 1. An example of the extended enterprise.

As a link of a larger chain, the success of an enterprise is often determined by how well it orchestrates its business processes with those of its partners. One of the prerequisites to success is a company's ability to integrate its system with others to make more timely decisions; again, this historically has been prohibitively expensive because of proprietary technologies and the lack of a common integration approach. According to a survey by a leading analyst firm of over 200 chief information officers (CIOs) at Global 2000 companies, these same CIOs have to pass on three out of five business opportunities because they cannot adequately or quickly perform the integration necessary to capitalize on them.

Web Hosting today offers the promise of addressing many of these challenges faced by enterprises today. The good news is that Web hosting Services are built on many existing

technologies. This means that a company does not have to do a complete overhaul of its existing investments. Offering critical services which today many of us take for granted such as email, FTP (file transfer protocol), chat, image sharing, web based customer presentations, based applications, are now available to clients without really having to invest in expensive infrastructure to run them, through web hosting.

What Is Information Technology Outsourcing? Information technology (IT) outsourcing is the transfer of an organization’s internal IT infrastructure, staff, processes, or applications to an external resource provider.

Outsourcing can encompass anything from the simplest to the most sophisticated IT infrastructure, processes, or applications. Usually, outsourcing contracts are created to handle non-core information technologies or processes. The outsourcing market can be divided into three main groups: 1. Application outsourcing (AO) 2. Business process outsourcing (BPO) and information utilities 3. Platform IT outsourcing

Application Outsourcing: Application outsourcing (AO) is comprised of ASP and application maintenance outsourcing (AMO), both of which are subcategories of the AO market.The application provider is responsible for the management and maintenance of software applications.The difference between an ASP and an AMO is who actually owns the application. An ASP remotely hosts and delivers packaged applications to the client from a centralized location.The client is effectively “renting” the application on a peruser or per-use basis. An AMO provides management for proprietary, packaged applications from either the client side or the provider side.

Business Process Outsourcing: Business process outsourcing (BPO) and information utilities providers are primarily concerned with economic and efficient outsourcing for the highly sophisticated but repetitive business processes. These processes can be as complex as accounting and finance or more recurring processes such as payroll. The provider is responsible for all of the processes associated with the business process.

Platform Information Technology Outsourcing: Platform IT outsourcing offers an array of data center services, such as facilities management, onsite and offsite support services, data storage and security, and disaster recovery. The main differentiation for this type of outsourcing is the transfer of facilities and resources from the client to the provider.

The ultimate intention of an ASP is to allow the client to interact only with the ASP for the services involved. The main elements for this integration are providing the hardware, software, integration, testing, a network infrastructure that is secure, reliable data center facilities, and qualified IT professionals who can manage and maintain these services.

The most critical portions of the ASP channel are the ability to include software vendors, systems implementation, integration, and ongoing support. These components encompass the responsibilities that are necessary to effectively create and administer an ASP solution. These responsibilities help define the development of ASPs. Because of this, there are new opportunities for IT service providers to establish themselves in these markets and still differentiate their service offerings. An ASP is capable of delivering any type of software application, from e-mail and instant messaging applications to an enterprise resource planning (ERP) system that can manage, control, and report on the multiple facets of the enterprise.

The ASP should be able to provide prepackaged applications, support services, and the ability to tailor these packages based on client needs. Generally, the ASP would like to keep these alterations down to a minimum, as customization adds to complexity and the associated support issues. Several of the larger ASPs have publicly stated that there is a lack of customization and they have limited their implementations to core applications. Part of the reason that ASPs do this is because they have negotiated short-term, nonexclusive licensing terms with ISVs, this helps to minimize overhead costs.

The Elements That Make an ASP Viable What do you need to check to see if the conversion to an ASP is a viable option to you? There are several factors: 1. Is there a reasonable demand either presently or in the immediate future for your possible service offerings? 2. Can the model that you plan to use support the possible growth that may be unexpected? 3. What can you expect for a return on investment (ROI)? Several of these questions can be answered by planning the life cycle for the cost of ownership.

Elements of the life-cycle cost included in this analysis are: 1. The initial cost of hardware acquisition 2. Hardware maintenance and associated costs 3. Initial system software package acquisition 4. Initial application software package acquisition 5. Implementation 6. The cost of hardware upgrades 7. The cost of system software upgrades 8. The cost of application software upgrades 9. Network administration resources 10. Other support (training, help desk, etc.)

Part 2: Shared Hosting Issues

What is Shared Hosting?

Shared hosting is the operational way to host multiple clients on a similar hardware and software lowering the investment costs for providing services. This is a service which is offered in most ASP’s (Application Service Providers) and IDC’s (Internet Data Centers).

Shared Hosting Issues.

The value proposition of a shared hosting network is that there are a certain number of infrastructure issues that have to be resolved in order to effectively deploy and manage Web hosting Services. These common business problems include

• Provisioning. In delivering Web Services to the enterprise, a common challenge is how to turn the service on for an authorized user and turn the service off (e.g., when the user is transferred or terminated). • Audit trail. An audit trail provides a journal to resolve exception conditions or to confirm commitments of one or both parties. With an audit trail, the two parties can more easily perform non-repudiation if a problem occurs. • Service-level agreement (SLA) terms. In order to enforce an SLA, there must be metrics that record the reliability and performance of the two endpoints. These metrics need to be provided in reports that the administrator can view whenever necessary. • Versioning. As an enterprise signs up more users, a common challenge is how to handle multiple versions of a deployed service; that is, an existing service may be limited to only x users, and a firm now needs to roll out a newer version of an existing service to handle the extra users. • Guaranteed delivery. As discussed earlier, this feature ensures that a message is guaranteed to be delivered to the recipient. • Security enforcement. Users should be able to access only those services for which they are authorized. • Centralized management and reporting. Some of the biggest challenges in an enterprise are administration issues. Thus, administrators should be able to administer the network policies (provision customers, set security policies, etc.) from a central location as well as generate on-demand reports.

Part 3: Technology Selection for Shared Hosting

Technology selection in terms of shared hosting is rather a tricky issue since most of the providers guarantee that their products offer value for money, highly scalable and are user friendly.

The selection process which was used for the optimal hosting automation software was based on the following:

• OSI layer compatibility:

The OSI reference model is a conceptual model composed of seven layers, each specifying particular network functions. The International Organization for Standardization (ISO) developed the model in 1984, and it is the primary architectural model for intercomputer communications. The OSI reference model describes how information from a software application in one computer moves through a network medium to a software application in another computer. The OSI model divides these communications involved with the moving of information between networked computers into seven smaller, more manageable layers. Each of these layers is self-contained, so that the responsibilities assigned to each can be implemented independently from other layers. This enables the results offered by one layer to be implemented without adversely affecting the other layers. Information that is being transferred from a software application in one system to a software application in another must pass through each of the OSI layers. The following list details the seven layers of the OSI reference model (discussed in Appendix A): • Layer 1—Physical layer • Layer 2—Data Link layer • Layer 3—Network layer • Layer 4—Transport layer • Layer 5—Session layer • Layer 6—Presentation layer • Layer 7—Application layer In addition to the above there are critical layers which are only spoken about in low tones with the management layers of the enterprise and are the milestones for the management to achieve in today’s world given the political and economical situation for any kind of project.

• The Political Layer The Political layer is the first of the pseudo layers. This layer is where companies implement policies and procedures. This is also one of the barriers that must be taken into account for the successful deployment of your internetwork infrastructure. Depending on the structure of the company, a network design and implementation may have to go through numerous panels or committees in order to pass companies’ stringent needs. This consumes time, and therefore slows the implementation process.

• The Religion Layer The Religion layer is based on the unswerving loyalty that a client has to one specific customer. This could be a good thing or a bad thing, as it tends to lock the client into a rigorous mold. In some cases, it leads to an end-to-end solution that is easily managed and monitored. In other cases, it may not allow for the “best of breed” equipment that will benefit the client in speed and functionality.

• The Financial Layer The Financial layer could be the most disruptive and least technologically controlled area of the layer model. This layer deals directly with outside factors on the purchasing and deployment of a company’s network infrastructure. Based on a number of cost factors, companies may not be able to implement the most efficient or robust solutions. As an example, due to a large cash output in the front end of a network build-out, a company may look to piecemeal an infrastructure deployment, or use substandard products. This becomes more costly in the long run as the support bills will mount and the customer satisfaction levels will decline.

• Hardware In an effort to meet its customer demands, an ASP must have a hardware platform that will support clustering, fail over at the data link, application, network node, and system level, and the maintenance and response times of the applications themselves. The ultimate solution to meet an ASP’s needs requires the following capabilities: 1. There must be an excessively high level of performance to meet both current and future needs. 2. It must have a high degree of scalability that will support the ability to add, interchange, and evolve components and subsystems when necessary, while offering a high return on investment (ROI).

3. It needs to have high availability (HA) features and redundancy, which allow for the ability to reconfigure, repair, and replace components without requiring system downtime. 4. It should be able to adapt effectively and include load balancing to handle peak traffic loads, and prevent excessive system overload to avoid performance degradation. 5. The platform should allow the ability to put a lot of power (processing and throughout) in a small space.

Why use a Shared Hosting Service-SHS?

Using a shared hosting service has the following advantages: 1. It helps minimize the TCO. By using an SHS, a company can typically factor in a 30- percent to 50-percent annual savings, depending on the complexity of the application. 2. It can allow for cash flow that is more predictable. There can be a degree of predictability by eliminating the uncertainties of after costs and software- related expenditures, as the ASP usually mitigates these issues. 3. It allows the company to focus on their core competencies and strategic planning. The transfer of the implementation and management of an application to a third-party helps the company to focus on developing its core aptitudes. 4. It helps improve internal IT staff. By eliminating application management, the company is able to help the IT staff develop processes and systems, and leverage core competencies. 5. It also can improve coordination efforts on a global scope. The SHS model helps organizations use the latest tools and systems that can coordinate internal and external global business.

The investments in Daycohost were based on the following industry tends:

Figure 2: ISP Value-Added Services in 1999

Figure 3: Projected ISP Value-Added Services in 2001

Due to the political conditions in the initial years of operation of Daycohost, the expected growth was not reached, but in comparison to the local players in the web hosting segment Dayco was well placed to the general growth rates.

Due to which the year 2003, the investment to change to its own operation from a US based technical operator, who managed the infrastructure remotely was decided to be changed and with the introduction of Forex regulations was seen as a boon in disguise to all who were involved in this project.

Providers & Products Technical Summary:

• Zeus: United Kingdom (Excellent Product – Not available on Windows Operating System)

• Plesk: USA (Average product- Highly unpredictable support team)

• SitePak: Canada (Below Average product- Highly unpredictable support team)

• Hosting Controller: Pakistan (Average product- Not available on Linux Operating System)

• Control Panel : USA (Excellent Product – Not available on Windows Operating System)

• Sphera : Israel Hosting Director Suite (Above Average product-continuous product development-Business Framework based-good professional services and project management team)

Providers & Products Financial Summary:

• Zeus: Most expensive, lack of other operating systems like Microsoft based windows.

• Plesk: Moderately priced, highly expensive software licensing.

• SitePak: Very expensive and cumbersome, lack of framework for future growth.

• Hosting Controller: Cheap, cumbersome and lack of framework for future growth.

• Control Panel: Cheap and cumbersome, lack of framework for future growth.

• Sphera: Very interesting financial model, excellent framework, plug and play, growth oriented software modularity.

Summary:

Based on the pro & cons and after mapping the Daycohost growth for the year 2004 - 2010 , the final choice was made based on each of the individual providers financial model presented, their financial capabilities to support a project of size.

• The decision was unanimously taken on Sphera – Hosting director suite by the board and was aptly approved.

Note: Forex regulations are local Venezuelan regulations on free exchange of foreign currency, controlled by Cadivi, a government regulatory which prohibits the inter-exchange of any foreign currency freely against the Venezuelan Bolivares.

High-Level Logical Approaches used:

The 3 models we had used for the selection and implementation of the Hosting Automation Software are IEEE-SWEBOK and ISO 9000:2000 Let us see the IEEE-SWEBOK and how we were able to comply in more than 80% of its totality. The areas which I took into account as the Project Tech Manager are marked in red. Figure 4: IEEE-SWEBOK

ISO 9000:2000: As a part of the on-going ISO implementation at Dayco Telecom, I used the Quality Management System – Continual Improvement model as a firm base to adopt and implement so that all future changes on deploying the Hosting Automation Software would just fall in track.

Figure 5: ISO 9000:2000 QMS CI model

Figure 6: ISO 9000:2000 QMS CI model-Need Quality Assurance

Requirements management approach to Shared Web Hosting: Why we choose Requirements managements?

Figure 7: Why we choose requirements management?

IEEE defines a requirement as: 1. A condition or capability needed by a user to solve a problem or achieve a goal 2. Condition or capability that must be met or possessed by a system or system component to satisfy a contract, standard, specification or other formally imposed document 3. A documented representation of a capability or condition as in 1 or 2

Figure 8: How we choose the appropriate Requirements management strategy?

Figure 9: Requirement management Process – Tools used

Figure 10: Elicitation

Figure 11: Why collaborate?

Figure 12: Effects of Collaboration

Figure 13: Requirements reporting

Figure 14: Effort Scenarios

Figure 15: Shared Skills got as a result of the requirement management approach based on RUP.

Lessons learnt and skillfully implemented: • Employ a top down focus to requirements management. Keep focused on the business deliverable at all times. It’s better to simplify to meet the deliverable than to over complicate the process. • Spread the wealth: Share expertise to cross train in business and technical areas. Consider workshops and educational “JAD” sessions to cross train. • For larger projects, employ a surgical team approach – Focus on a specific role and have “specialists” for specific details. • Collaboration – critical for education, process and delivery. Consolidate information to leverage for refining the process. The above was one of the most successful methods we were able to setup to have a strong and controlled process during the phase of selection of the Web Hosting Automation software and the migration activity which evolved as a result. The time spent for the final decision was just over a week and the research to conclude the same was over 3 years.

Part 4: Existing hosting technology at Dayco Telecom C.A. in Shared Hosting Verio is a USA – United States of America, Colorado based ISP - internet service provider of web solutions and web hosting, a part of NTT Communications. This was the technological partner for Dayco Telecom C.A., during its initial phases for the launch of shared hosting services in the countries 1st Internet Data Center. NTT/Verio IP Services – Executive Summary

Corporate Headquarters NTT/Verio Inc. 8005 S. Chester Street, Suite 200 Englewood, CO 80112, U.S.A. Tel: +1 303 645 1900 Internet: www.verio.com

Competitors NTT/Verio competes primarily with Genuity, Loudcloud, Sprint and Cable & Wireless. Strengths • Parent company NTT provided NTT/Verio with a US$350 million cash infusion in April 2002 to aid in NTT/Verio’s restructuring effort. • Via the facilities of its owner NTT, NTT/Verio has access into the Asia/Pacific market. • NTT/Verio offers several managed solutions.

Limitations • Losses at NTT/Verio are dragging down profits for NTT. • NTT/Verio has been shedding jobs to cut expenses. • Verio closed many data centers during a restructuring effort that was initiated in September 2001. • Some of NTT/Verio services currently lack the breadth of features found in competing products. The vendor notes that it is developing more enhanced features for several of its value- added services. Insight Like many Web-hosting companies, Verio has been facing financial difficulties due to the economic downturn and dot-com bust. In NTT/Verio’s favor, however, is financial backing from parent company NTT Communications. Additionally, by changing its strategy to focus on higher-end services, NTT/Verio believes it can increase customer stickiness and subsequently boost revenue and reverse losses. As its product set is improved with enhanced features, Verio will be able to compete more effectively with the larger IP vendors.

Source: Gartner & NTT-Verio Year 2002

Daycohost – Verio Relationship:

Daycohost and Verio in very general terms signed the cooperation contract based on the facts that Verio would provide the following: • Knowledge transfer to startup massive web hosting facility in Caracas Venezuela. • Systems Administration support – remote and on requirement on-site with all expenses paid by Dayco Telecom C.A. for the effort involved including the travel expenses. • Verio would initially train and provide expertise to the local Dayco staff for the operation and provide Tier 3 & 4 support on the platform on a continuous basis 24x7x365 until the termination of the 3 year contract or extend the same after the lapse on a mutual consent. • In case of launch of Verio’s new products on-site administration when required will be made available by Verio for a period of not exceeding 30 days. • All hardware and software involved in this operation is owned by Daycohost and will be operated by Verio Remotely.

An Insight of the Verio Service offering based on the above terms and contracts which were provided by Verio to Daycohost. (Actual Document of Verio-No copy of the same can be reproduced-Restricted Copy-Reproduced in its Original Form.) This being an actual and core services copy based on which all Daycohost shared hosting services are based upon. The index corresponds to the actual document and is independent of the index but reflected in the thesis.

Exhibit A Web Hosting Service Dayco

SUMMARY

1. PURPOSE ...... 40

2. SERVICE DESCRIPTION...... 40

2.1 HOSTING SERVICE PLANS ...... 40 2.1.1 Entry level plans...... 40 2.1.2 Domain Parking, Personal, Professional and Commercial UNIX plans...... 41 2.1.3 E-Commerce plans ...... 43 2.1.4 Windows 2000 Web Hosting plan...... 45

2.2 SERVICE OPTIONS ...... 47

2.3 IMPLEMENTATION PHASES ...... 48

3. FUNCTIONAL SPECIFICATION...... 48

3.1 DOMAIN NAME REGISTRATION AND MANAGEMENT...... 48

3.2 WWW SERVER...... 49 3.2.1 SSL Support ...... 49 3.2.2 CGI support ...... 49 3.2.3 CGI Library ...... 50 3.2.4 Active Server Pages...... 50 3.2.5 SQL Engine ...... 50 According to the plan selected, customers have the option of using mSQL2 and mySQL as a standard plan feature...... 50 3.2.6 Usage Statistics...... 50 3.2.7 Publishing tools ...... 50 3.2.8 Deployment tools ...... 51 3.2.9 Local Search Engine...... 51

3.3 E-MAIL SERVER...... 51

3.4 FTP SERVER ...... 51

WINDOWS 2000 ACCOUNTS CAN ONLY ENABLE ANONYMOUS FTP ACCESS IN THE

"/ANONYMOUS/" DIRECTORY, HOWEVER THIS WILL ALLOW VISITORS TO HAVE ACCESS TO

ANY SCRIPT AVAILABLE ON THIS DIRECTORY...... 51 38

3.5 STREAMING SERVER ...... 52

3.6 CONTROL PANEL...... 52 3.6.1 Account configuration...... 53 3.6.2 E-mail server configuration...... 53 3.6.3 Database administration ...... 53 3.6.4 Access Statistics ...... 54 3.6.5 Certificate management...... 54

3.7 PROVISIONING...... 54

3.8 BILLING...... 55

3.9 STORAGE SYSTEM...... 55

3.10 BACKUP SYSTEM ...... 55

4. SERVER FARM ARCHITECTURE...... 56

4.1 NETWORK ARCHITECTURE ...... 56

4.2 HW ARCHITECTURE ...... 56 4.2.1 Web Server ...... 56 4.2.2 Mail Server ...... 56 4.2.3 Database Server ...... 57 4.2.4 DNS Server...... 57 4.2.5 Transaction Server...... 57 4.2.6 Cache Server...... 57 4.2.7 Tech Support Server ...... 57

4.3 SW ARCHITECTURE...... 58 4.3.1 Software versions ...... 58

4.4 RELIABILITY...... 61

5. SERVER FARM MANAGEMENT...... 61

6. ERROR CORRECTIONS AND UPDATES...... 61

6.1 CODE MAINTENANCE...... 61 6.1.1 Routine Maintenance...... 61 6.1.2 Enhancements...... 61 6.1.3 Documentation ...... 62

Purpose This document contains functional and technical specifications of the Powered By Verio web hosting solution provided by Verio to Dayco pursuant to the terms and conditions of the definitive agreement between both parties.

Service Description The Server group is comprised of all hardware, software and network components necessary to host different shared hosting environments as defined in the Hosting Service Plans below.

Hosting Service Plans Different plans of the hosting service exist. An overview of each plan is described below with the corresponding plan features.

Entry level plans

Domain Pointer The Domain Pointer Plan is targeted to those customers who want to point additional domain names to point to an existing web site. This plan can also be used to create a 1-page welcome web site using the RapidBuilder authoring tool.

Rapid Builder II The RapidBuilder II Plan is a server-based Web authoring tool that allow a customer to generate a small business or vanity Web site of 1-7 pages in a matter of minutes through a series of point and click selections and by filling in text fields on a form. Customers will be able to select from styles (look-and-feel) and page templates (such as About Us, Contact Us, Products, etc.) to create a unique Web site of their own. Customers will have the ability to edit and maintain their sites through a Control Panel. Unless specifically identified below, features of the RapidBuilder II Plan is limited when compared to the standard Web hosting solutions.

Plan Name and Features Domain RapidBuilder Pointer Data transfer (MB/month) 25 1,000 Disk Storage (MB) 1 10 POP3 Accounts (Including master pop) 1 11 E-mail Forwarding 1 20 E-mail Autoresponders 1 1 40

Web Authoring Tool Y Y Number of Web Site Pages 1 1 - 7 Domain Name Registration (requires Y Y additional fee) Unique IP Address N N FrontPage extensions N N Detailed Web Statistics N Y Access to raw log files N Y 24/7 access to your account Y Y Anonymous FTP N N Search Engines N N Account Control Panel Y Y CGI Capabilities N Y (*) Your own cgi-local directory N N

(*) Limited to optional home page counter and functional Guestbook scripts

Domain Parking, Personal, Professional and Commercial UNIX plans Domain Parking Plan The Domain Parking Plan is targeted to the customer who wishes to register a domain name without having an active web site. Personal Plan The Personal Plan is ideal for the customer wanting a basic web hosting presence without the advanced features of higher priced plans. Professional Plan The Professional Plan builds upon the Personal Plan by incorporating more advanced features and functionality. Targeted to low-traffic web sites, this plan is ideal for the small business owner wanting to create scripts in a local directory and to utilize the SSL server for basic encryption.

Corporate, Commercial, Enterprise and High Volume Plans The Corporate, Commercial, Enterprise and High Volume Plans incorporate full hosting features and functionality. These plans are ideal for larger business web sites that utilizes advanced scripts, applications and database utilities. The resulting complexity and higher volumes of traffic generated will dictate the appropriate levels of data transfer, disk space and 41

email options required to meet the demand at each level.

Plan Name and Domain Person Profession Corporat Commerci Enterpris High Features Parking al al e al e Volume Data Transfer 25 2,000 4,000 5,000 7,000 8,000 20,000 (MB/month) Disk Space (MB) 1 20 50 75 125 140 200 POP3 Accounts 0 11 11 21 31 41 51 (including Master POP) E-mail Forwarding 1 20 20 30 40 50 100 Options E-mail Autoresponders 0 20 20 30 40 50 100 Domain name Y Y Y Y Y Y Y registration Unique IP Address N Y Y Y Y Y Y Unlimited updates via N Y Y Y Y Y Y your own FTP account Configurable, unlimited N Y Y Y Y Y Y email forwarding to a default address Account Control Panel N Y Y Y Y Y Y Detailed Web Statistics N Y Y Y Y Y Y Access to Raw Log N Y Y Y Y Y Y Files Controllable N N Y Y Y Y Y anonymous FTP Pre-installed CGI Y Y Y Y Y Y Y scripts CGI-local Directory N N Y Y Y Y Y Microsoft FrontPage® N Y Y Y Y Y Y support TrueSpeech® server N N Y Y Y Y Y support (real-time audio)

Excite!® search engine N N Y Y Y Y Y support RealAudio® and N N N Y Y Y Y RealVideo® server Access to our SSL N N Y Y Y Y Y secure server (with or Without your own certificate) Access to our mSQL N N N Y Y Y Y database server and utilities CyberCash® N N N Y Y Y Y support(Merchant Account Required) Shopping Cart program N N N Y Y Y Y

E-Commerce plans

EC1 – Mercantec SoftCart Start-Up In addition to all features of the Professional Plan, SoftCart Startup is targeted at first time commerce customers wanting to sell 10 items or less. Real time credit card processing is not provided with this plan, however all transactions can be processed off-line.

EC2 – Mercantec SoftCart Lite In addition to all features of the Corporate Plan and the SoftCart Start-Up Plan, SoftCart Lite is ideal for merchants with less than 100 items to sell. This plan is ideal for merchants with a large inventory who has not yet generated enough volume of transactions to offset the costs of implementing online processing.

EC3 – Mercantec SoftCart 4.0 In addition to all features of the Commercial Plan, SoftCart 5.0 supports an unlimited number of items and has built-in CyberCash credit card processing. This plan is ideal for merchants with a

catalog of items in excess of 100 products desiring real time transaction processing. For serious e-commerce merchants, this plan is necessary.

Plan Name and Features EC1 EC2 EC3 Data transfer (MB/month) 4000 5000 7000 Disk Storage (MB) 50 75 125 POP3 Accounts (including Master POP) 11 21 31 E-mail Forwarding 20 30 40 E-mail Autoresponders 20 30 40 Number of Products (SKU’s) 1-10 1-100 Unlimited StoreBuilder Wizzard Y Y Y Browser Based Site Creation Y Y Y Site Templates Included N Y Y Compatibility with third-party HTML tools N Y Y (FrontPage, NetObjects, HoTMetal, etc) Browser Based Maintenance Y Y Y Graphics Upload through Browser Y Y Y Add/Delete/Edit Products Y Y Y Product Categories N Unlimited Unlimited Unlimited Product Attributes N/A Y Y Built-in Tax & Shipping Y Y Y Number of Tax & Shipping Zones 3 Unlimited Unlimited Price Threshold Y Y Y Weight Threshold, Quantity Threshold, Line N Y Y Item, Base Plus Line Item, No Shipping Charge Sales, Upselling, Discontinued, Promotions, N Y Y Temporarily Out of Stock Supports Purchase Order Acceptance N Y Y CyberCash, ICVERIFY N Optional Optional Microsoft Wallet N Y Y All Payment & Order Information Encrypted Y Y Y Public/Private Key Encryption Y Y Y Automated Encryption Key Management Y N N

Sophisticated Key Management System N Y Y Private Keys Available on Web Server Never Never Never Email Order Customer Receipt Y Y Y Email Order Notification to Merchant Y Y Y Drop Ship Vendor Notification N Optional Optional Secure Transaction Log Y Y Y Creates Invoices, Packing Slips N Y Y Intuit QuickBooks Module N Optional Optional Drop Ship Fulfillment Module N Optional Optional EDI X.12 850 Support (Purchase Order) N Optional Optional Full Text search engine included N Y Y Data Collect (survey System) included N Y Y Supports All Web Browsers (1.0 and up) Y Y Y Built-in State Tracking Y Y Y Requires Cookies N N N Product API N N Y Payment Interface N Y Y Link Application (order delivery) N Y Y User Program Interface N Y Y

Windows 2000 Web Hosting plan The Windows 2000 Plans are targeted to the more sophisticated customer who utilizes extensive database functionality and capabilities on a web site. (Note Windows 2000 Plans do not support dealers)

2K Bronze Whether new to Windows hosting, or an experienced user with modest web needs, the Windows 2000 Bronze plan is the perfect starting place. With the power of Windows 2000 and Internet Information Server 5.0, generous disk space, bandwidth and POP box quotas, CGI bin, 45

ODBC database sources, and a host of easy to use administrative and web management tools, the Bronze plan gives you everything you need to get your website online quickly and run it efficiently.

W2K Silver All the power and flexibility of the Windows 2000 Bronze plan, with larger quotas and the addition of Microsoft Office Server Extensions. The OSE allow the customer to create a collaborative intranet environment, giving them the ability to securely publish Word, Excel, PowerPoint, and Project documents to that intranet. Once published, users with administrative permissions can modify these documents on the server in real-time, participate in discussions about a document, and use the calendar and other collaborative and messaging tools. Windows 2000 Silver delivers the usability of an intranet without incurring the IT costs.

W2K Gold All the power, flexibility, and tools of the Windows 2000 Silver plan, with larger quotas and the addition of a Microsoft SQL 7.0 database. SQL 7.0 is the most robust database for the Windows Family, the Relational Database Management System (RDBMS) of choice for a broad spectrum of corporate customers building business applications. SQL 7.0 provides the means for building and deploying large-scale distributed applications, making it the best platform for the largest and most mission-critical database applications.

W2K MarketPlace All the power, flexibility, and tools of the Windows 2000 Gold plan, with the addition of Mercantec's SoftCart, the #1 E-commerce solution. For web merchants processing more than 100 transactions a month, real-time credit card authorization becomes economical, and the Merchant Payment module consolidates and automates the tasks of establishing a merchant bank account and accessing an Internet payment gateway for transaction processing. The QBlink module allows users to directly interface their web store with their Intuit QuickBooks accounting system, and the Drop Ship module automatically distributes an order by SKU number to the merchant's suppliers or warehouse when a purchase is made online.

WIN2K/NT WiN2K/NT WIN2K/NT Cor WiN2K/NT Com Plan Names Pro EC Transfer in MB 3000 4000 5000 5000 Disk Space in MB 40 60 100 100 Windows 2000 w/ IIS 5.0 Y Y Y Y Own domain name Y Y Y Y Control Panel Y Y Y Y Raw log files Y Y Y Y WebTrends 4.0 Y Y Y Y MS FrontPage2000 Y Y Y Y 24/7 access via FTP etc Y Y Y Y ODBC data sources Y Y Y Y Master POP account 1 1 1 1 Configurable POP accounts 11 21 21 21 (Including master pop) Forwarding to default address unlimited unlimited unlimited unlimited Forwarding options 10 30 30 30 Autoresponders 10 30 30 30 ASPmail Y Y Y Y ASPupload Y Y Y Y ASP, JavaScript, VB Script Y Y Y Y CGI bin for Perl Y Y Y Y MS NetShow (supports Raudio) Y Y Y Y SSL Secure Server Y Y Y Y Office Server Extensions N Y Y Y Mercantec N N N Y SQL 7.0 N N Y Y Drop-ship N N N Y SoftCart QBlink N N N Y Merchant Payment Center N N N Y

Service Options The following options can be offered to the customers as additional products:

• Additional Data Transfer;

• Additional Disk Space in 5MB increments;

• Additional POP accounts;

• Additional E-mail Forwarding;

• Additional Autoresponders;

• Machine Names directed to an account;

• MX Record updates if using own mail server.

• Plan upgrades & downgrades are charged at standard hosting setup fees. (Note: upgrades and downgrades are currently not allowed between UNIX and Windows 2000 Plans.)

Implementation phases The service will be implemented in the following Phases:

• Phase 1: All customers will be hosted in the Verio data center utilizing the Verio Server Farm and the existing Verio backbone for IP capacity. All plans except the ecommerce will be implemented at this time due to the customer impacting issues when a ecommerce account is migrated from one server farm to another.

• This implementation phase 2: All customers will be hosted in the Dayco data center utilizing Dayco Server Farm as outlined in the System Components specifications and the Dayco backbone for IP capacity. The procedure for migration of customers between Phase 1 and Phase 2 will be specified in a separate document. .

3. Functional Specification

3.1 Domain Name registration and management In addition to the requirement of a primary domain name for each Plan ordered the customer could elect to have the domain registration template generated by Dayco or initiate the registration himself. This election is made on the order form. If the customer elects to have the domain registration template generated by Dayco, the registration template is triggered by the appropriate selection during the provisioning process. Verio’s language tag system controls the content and distribution of the domain registration template, allowing customization for variations in the registration rules of each country. For example, the registration template for all .com, .net, .org and .edu domains can be generated automatically with all appropriate autoresponders and be sent directly to the InterNic or other domestic registration agency.

Registration template for other domain name extensions (.it, .ch etc.) can be forwarded internally to the department or individuals responsible for sending the manual template to the designated registering entity for that country. All domain name registration fees are the responsibility of the end user.

3.2 WWW server A Web server can accommodate up to 1,000 separate shared hosting accounts, each with a corresponding unique domain name and IP address. A separate Web server is used to accommodate Domain accounts that are not assigned a unique IP address, which include Parked domain accounts, Domain Pointers and RapidBuilder Plans. A Windows 2000 web server will accommodate up to 500 separate Windows 2000 hosting accounts.

3.2.1 SSL Support SSL secure server connection is a feature of higher level shared hosting plans. Customers can use Dayco’s SSL certification on each Web server for secure transfer of information on the Internet, or purchase a separate SSL certificate for his individual domain account. If the customer opt to use Dayco’s certificate, any browser reference to the SSL will identify Dayco as the owner. An example of this reference would be http://www27.oemCompany.com/userid/cgi-local/shop.pl/page=email.html/SID=78282182538 To facilitate the ordering of a separate SSL certificate, the customer will complete the SSL order form located on Dayco’s web site which generates a request to Tier II technical support. This request is forwarded to Tier III support who will issue a CSR (Certificate Signing Request) back to Tier II technical support. The CSR will be sent to the customer who will submit this document to a certification agency. The certification agency will issue an SSL “key” to the customer, and the process is again initiated through the support channels. Tier III support is responsible the installation of the certificate on the customer’s web site. Final notification is made to Tier II support once the certificate is installed, and the customer is notified.

3.2.2 CGI support Most UNIX shared hosting accounts can execute certain CGI scripts in their very own "cgi- local" directory. (Refer to Plan Features which identifies the hosting account that supports this feature.) Scripts may be written in PERL, UNIX SH, KSH, CSH, and C (NOT C++) languages. PERL is our language of choice as it is a world standard and is well suited to CGI. In addition, PERL code does not require manual compilations whereas C code must be compiled on our web servers prior to use. 49

NT hosting accounts also support a "cgi-bin" directory. Customers may write scripts in PERL, C, C++. Verio also offer a variety of free scripts in the CGI Library that can be utilized by the customer.

3.2.3 CGI Library

The CGI Library is comprised of the following scripts: Name Developed By URL Guestbook Matt Wright http://www.worldwidemart.com/scripts WWWBoard Matt Wright http://www.worldwidemart.com/scripts CGI E-mail MIT http://web.mit.edu/wwwdev/cgiemail/ Excite Search Excite Systems http://www.excite.com Volano Chat Volano http://www.volano.com Counter Anonymous Random Link Generator Matt Wright http://www.worldwidemart.com/scripts

3.2.4 Active Server Pages The ASP mechanism is supported only on the Windows 2000 platform.

3.2.5 SQL Engine

According to the plan selected, customers have the option of using mSQL2 and mySQL as a standard plan feature.

3.2.6 Usage Statistics Detailed usage statistics are generated for all UNIX and Windows 2000 hosting plans as well as the RapidBuilder II product (Parked Domain and Domain Pointers are excluded). These detailed statistics can show the domains that are accessing your site, how many "hits" you are getting, how much data is being transferred, the browser being used to look at your site, and more. Customers may use one of several built-in analysis programs to view their usage statistics, or they may use a third party statistical analysis program to analyze the raw log files generated in their account.

3.2.7 Publishing tools FrontPage extensions can be installed on plans that support this feature allowing the customer to create and publish web content to their web site. Visual InterDev is supported on Windows 2000 accounts only. 50

3.2.8 Deployment tools Each customer can upload content by FTP to their account or they can use the MS Front Page tool for plans that allow FTP as a standard feature. Verio offers a link to WSFTP for customers who desire to FTP their files. Note: Microsoft FrontPage Users with Microsoft FrontPage extensions installed on their sites should only use the FrontPage publishing feature to transfer files. Using regular FTP in conjunction with Microsoft FrontPage can corrupt the extensions, creating instability in the web publishing function. Verio does not offer a staging server therefore customers will be required to publish content directly on the web server.

3.2.9 Local Search Engine Excite Search Engine is a feature of UNIX plans only which can be activated through the customer’s control panel. Excite for Web Servers makes it easy for the customer to add advanced concept-based searching to their Web site. It provides a simple Web-browser interface for administering, indexing, and searching collections of documents as well as online help documentation. NT customers can use a search engine supported through Microsoft Front Page.

3.3 E-mail server Each customer can add, remove and rename e-mail aliases through his control panel up to the amount allowed as the standard plan feature. To purchase additional mailboxes the customer will have to contact the Tier I Customer Support to initiate the order. IMAP4 is not supported on the UNIX or Windows 2000 platform at this time. Disk space attributed to E-mails stored on a POP3 account is considered as part of the total allocated disk space of the individual plan. One master POP account is included in the total POP account limits as identified in the Plan features. The end user can also configure autoresponders and e-mail forwarding options through the control panel.

3.4 FTP server In addition to Deployment Tools detailed in 3.2.8 above, shared hosting accounts can allow anonymous FTP access to visitors wishing to download or upload files to their web site, however the disk space used is counted as part of total allocated disk space per Plan. The customer can enable and disable ANON FTP access through the Control Panel.

Windows 2000 accounts can only enable anonymous FTP access in the "/anonymous/"

directory, however this will allow visitors to have access to any script available on this directory.

3.5 Streaming Server Real Server 5.0 is installed as a daemon on the web server allowing the customers to use Real Audio and/or Real Video feature as defined in the Plan features. There are 10 streams available per web server. For NT plans, Microsoft NetShow 2.0 is supported.

3.6 Control Panel The Control Panel is a web-based interface that allows the customer to administer site/account information on-line. The Control Panel is referred to throughout this document and can be considered the command center for the each Plan. The control panel can be accessed using a URL similar to http://www.yourdomain.com/stats/. Every Control Panel looks similar however the level of access allowed dictates functionality. The typical customer access is limited, while the Dealer and Premier Partner access is more robust and includes our “Autobahn” back end administration system. The following types of Control Panel operations are standard: Account Administration

• Usage Statistics See who's visiting your site.

• Edit Account Information

Administer your basic account information.

• Password Protection Control Web access to certain directories on your site by defining userIDs and passwords.

• E-mail settings Set your mail forwarding, POP accounts, and autoresponders Special Tools

• Database tools

Access tools you will need to develop and administer Web-based databases.

• File Manager Set file permissions and edit your directory structure.

• Archive Gateway

A Web-based interface to untar and/or unzip files in your account.

• Perl Script Checker Check to make sure your Perl scripts are written correctly.

• Web based HTML-editor Edit your HTML files online with your Web browser.

CGI Script Installers CGI script installers are accessible through the customer control panel. These available scripts are detailed under Section 3.2.3 of this document. Tier III Technical Support is responsible for server configurations and will typically resolve all technical issues related to WWW, Secure WWW and FTP.

3.6.1 Account configuration Customer hosting accounts are configured based on the hosting Plan selected at the provisioning process. This configuration includes the disk space allocation, POP3 accounts, E-mail forwarding and autoresponders options as well as other E-Commerce options as allowed by the specific plan features.

3.6.2 E-mail server configuration A mail server is included in the server farm allowing E-mails to be configured and customized. Once a customer’s domain name is active worldwide, the customer can receive E-mail addressed to the domain name such as webmaster@domain.com or [email protected], etc. By default, all E-mail addressed to a domain name will be forwarded to the E-mail address provided at the time of account provisioning. For convenience, additional forwarding options are available for the purpose of forwarded e-mails to an address different than the default. Customers also have the option of retrieving e-mail directly from POP3 mailboxes on the mail server using a program such as Eudora or Outlook. In addition to the e-mail POP boxes, one master POP account is included in the Plan features. Additional POP accounts can be assigned unique ids and passwords to insure privacy. A PPP Internet connection is required.

3.6.3 Database administration According to the plan selected, customers have the option of using mSQL2 and mySQL for database administration and management. Using interface languages such as PHP/FI and other

database tools such as Schema Viewer, Database Dumper and File Importer, the customer can create, modify and update an SQL table for use on his web site. With these tools, powerful and highly interactive Web sites can be created.

3.6.4 Access Statistics Standard statistical packages are available through the Control Panel including MkStats v1.0, MkStats v2.3, Analog v2.11 and WebTrends. Additionally, customers may have the option of analyzing raw data with other third party statistical packages depending on the Plan selected. Windows 2000 plan customers are provided the option of analyzing raw data with other third party statistical programs.

3.6.5 Certificate management Tier III Technical Support is responsible to install, uninstall and manage any server or web site certificate for secure transactions processing by the customers. Refer to Section 3.2.1 under SSL Support for standard procedures.

3.7 Provisioning The following diagram illustrates the provisioning process:

Order gets Customer submitted receives via auto e-mail responder Contract/Confirmation

Order Master receives Order

InterNic receives Order Master Front Page extensions get installed Template for registering or modifying initiates order for activation (if applicable) at the same time Domain Name Order gets activated every 10 min. after a full hour

Customer receives Web Hosting Company If modify, administrative Nic Tracking Number receives contact receives copy of Template and Nic acknowledgment Tracking Number Template

Customer receives Customer/Domreg receives confirmation after confirmation after Domain Name Domain Name has been registered has been transfered

When a shared hosting plan is ordered and queued for activation by the Ordermaster the following operations are performed automatically: 54

The account is created and the customer receives an assigned IP Address for his/her account, if included as a standard feature. The account is provisioned with disk space, depending on the plan type, e-mail forwarding, POP3 mailboxes and autoresponders. As soon as the customer receives the IP address, userID and password, the customer is able to FTP or publish files on the account. The customer also has access to the control panel at the same time, where his/her mailboxes can be configured.

3.8 Billing Verio provides a standard Billing Export File with full specifications in Exhibit J “Billing Export File Specifications”

3.9 Storage System We will provide dedicated disk space for each customer on our server. The disk space will be limited to a fixed value of MB depending on the service plan. Verio will provide the mechanism for quota management in order to limit the overall disk space used by the customer.

3.10 Backup system Verio's servers are equipped with a backup server attached to a Spectralogic S10000 tape backup unit using the Legato Networker software. The back-up plan is described in the following table.

Server data to backup Backup data size Backup Incremental Note (G byte) WEB entire system 22 gig (4 + 18) or Every week daily 45 (9 + 36) MAIL entire system 27 gig Every week daily DNS(Primary) none 0 rebuilds from database DNS(Secondary) none 0 rebuilds from database or primary

Cache none 0 rebuilds from Internet traffic

DB entire system 45 gig (9 + 36) every week daily to tape DB database only 50 gig every day to disk (on primary db server)

DB database only 50 gig 15 min to secondary (fail over) server

TXN entire system 27 gig every week daily Technical Support entire system 18 gig every week daily Required for support. NOTE - the backup software will only copy data not blanks therefore the actual amount of data stored will be significantly reduced. Tier III Support is responsible for performing the restore operation. The customers will send a restore request to Tier II Support at Dayco and a case will be deployed with Tier III Support.

4. SERVER FARM ARCHITECTURE Refer to Exhibit 4 “System Components” for full documentation

Verio will provide all system components in Phase 1. In Phase 2, Dayco will provide all system components including Internet Connectivity at the Dayco data center.

4.1 Network architecture Network architecture is fully detailed in Exhibit D “System Components”

4.2 HW architecture Hardware architecture is fully detailed in Exhibit D “System Components”. The following platforms will be purchased by Dayco to support the operation of Customer's shared web hosting service, and shall be maintained and housed at Dayco facility during Phase 2.

4.2.1 Web Server The web server serves HTML pages, executes CGI scripts, performs FTP; initiates outgoing email and spools stored email. The customer site content, data space and log files are located on the web server. Customer access to files is controlled by login / password. The web server parses the log file, writes the individual customer access logs and updates the database usage statistics once per hour.

4.2.2 Mail Server The mail server receives and directs all incoming mail from the web server and sends all outgoing mail. The outgoing mail messages may be balanced over multiple mail servers if volume dictates. The mail server communicates with the web servers to accept outgoing mail and deliver incoming mail to the web server when applicable. The mail server communicates with the 56

Database server to determine customer account characteristics and with the cache server(s) to resolve delivery addresses.

4.2.3 Database Server The database server stores all customer account characteristics and usage statistics. The account characteristics include name and address information, email settings, plan or product specifics and billing data. Usage statistics are updated hourly and provide month to date totals. The web server retrieves updated usage statistics from the database server. The database server is used by the transaction server for new account provisioning, account change and delete transactions and to receive customer account characteristics. The database server is also used by the mail server to allow proper mail delivery to POP boxes. The database server is used by the name server(s) to provide data to build the DNS records.

4.2.4 DNS Server The name server(s) contain records that allow forward and reverse IP to domain name resolution. DNS data is obtained from the database server.

4.2.5 Transaction Server The transaction server accepts transactions from the Order Form and Control Panel that will enable the provisioning of new accounts, changes to and deletion of existing accounts. The transaction server runs the process that updates the database server and web server with the appropriate actions requested by the user. The transaction server runs the process that updates the month to date access logs and executes the customer selected log analysis software. Transactions are queued in the transaction server and actual execution of specific transactions may be controlled by a "cron" job. Completed transactions are stored in the transaction server. The transaction server communicates with the web server to provision new, change and delete accounts. The transaction server communicates with the database server to store customer account characteristics. The transaction server communicates with name server(s) to push data to build the DNS records.

4.2.6 Cache Server The cache server stores IP to domain name information for email delivery. The cache server communicates with DNS (name) servers to build the routing information table.

4.2.7 Tech Support Server The tech support server is a diagnostic tool utilized by technical support personnel to perform

NFS mounts of customer sites and data for problem resolution. The tech support server communicates with the web server to obtain customer data.

4.3 SW architecture

4.3.1 Software versions A. The following table contains the Third Party Software (See definition in Section 6.1 of the Agreement) which forms a portion of the Licensed Software (See definition in Section 6.1 of the Agreement) and which will be licensed to Dayco under the terms and conditions set forth in the Agreement.

Software Versi Product Server Prices are in US dollars. on Code Subject to change. IRIX 6.5 SC4- Web, Parking, Txn, Mail, DB, N/C Verio Corp Lic. ASE0200- DB Standby 6.6 Plexing License SR4-PLEX- Web, Parking, Txn, DB N/C Verio Corp Lic. SGI 2.0 Stronghold 2.2 Web, Parking, Txn $567.00 per server SSL per server Web, Parking $349.00 per server Sybase Open 11.5.1 Sybase/128 Web, Parking, Txn, Mail $516.75 per server client 20 Sybase Open Sybase/128 Web, Parking, Txn, Mail $51.68 per server client Dev. Kit 20 (1Yr support) Open Enterprise 11.5.1 Sybase/981 DB, DB Standby $5525.00 per server SQLsvr Internet 48 access Open Enterprise Sybase/128 DB, DB Standby $5525.00 per server SQLsvr Internet 00 Access (1 Year support)

Sybase Sybase/128 DB SQLServer – 00 $1686.75 X 1 Primary SQL 3 seats, 1 $334.75 X 3 developer Sybase Sybase/128 DB SQLServer – 00 $168.68 X 1 Primary SQL 1 $34.48 X 3 Year Support Sybase Sybase/128 DB Standby $325.00 SQLServer – 00 Primary SQL Cold Standby Sybase Sybase/128 DB Standby $32.50 SQLServer – 00 Primary SQL Cold Standby Sybase licenses maintenance (support) fee 10%. This is the renewal fee for the will be billed to Dayco on a yearly basis for the renewal of the Sybase licenses. Apache 1.3.4 Web, Parking/RapidBuilder, N/C Tech, Txn, Mail Front Page 2000 Web, Txn N/C Extensions mSQL2 2.0.7 Web, Txn Share ware MySQL 3.22.2 Web, Txn Share ware 3 Real Audio /100 5 Web $225 / server streams Real Video / 5 Web $225 / server 100 streams Linux / DNS, DNS Secondary, Caching, $89.00 FreeBSD Tech, LDAP Perl 5.005. ALL N/C 02 Gzip 1.2.4 ALL N/C

PHP3 3.0.9 Web N/C FTP Gateway 1.1 All N/C Interface Analog 2.11 Web N/C 25Client 2022-1Y Back up server $6900.00 connections Slot 2009-1Y Back up server $6900.00 Autochanger Legato Client 3304-1Y Back up server $2070.00 Pak for NT Legato Client 3300-1Y Back up server $2070.00 Pak for UNIX Legato 5 2102-1Y Back up server $2300.00 Networker DNS server N/C software SMTP N/C CGI N/C SNMP N/C Shop Site SC 4.1 N/C Lite Shop Site TX 4.1 N/C included in monthly Manager recurring charges Shop Site TX 4.1 N/C included in monthly Pro recurring charges

B. The following table contains the Hiway Software (See definition in Section 6.1 of the Agreement) which forms a portion of the Licensed Software (See definition in Section 6.1 of the Agreement) and which will be licensed to Dayco under the terms and conditions set forth in the Agreement.

Hiway Software Web, Parking/RapidBuilder, Txn, N/C Mail, DNS, DB, DB Standby, Caching

C. The following table contains certain Third Party Applications (See definition in Section 6.4 of the Agreement) which Dayco may purchase directly from third parties.

Web Trends 4.04 Web $2 per download Volano Chat 2.1.7. Web NA 3

4.4 Reliability

• Web server - customer data is mirrored and backed up to tape

• Database server - fail-over server is standard

• DNS Server - fail-over is standard

• Hot swap spares are available for all other components

5. Server FARM MANAGEMENT Verio will maintain network management remotely and provide on-site technicians as necessary under terms outlined in this agreement. The public Internet will be used as a secondary connection between the Dayco server farm and Verio network management center for remote monitoring. A frame relay link is the preferred connection for administration and monitoring.

6. Error Corrections and Updates

6.1 Code Maintenance Code Maintenance will be categorized into varying levels of severity. Lower levels of code maintenance will be performed every Tuesday & Thursday without notification. Higher levels of code maintenance will be targeted for distribution under the procedures established for new features (See Item 3 below Enhancements).

6.1.1 Routine Maintenance Routine Maintenance is continuous updates that do not affect the behavior of the code. Usually, this consists of changes to code that will prevent pending problems or solve existing problems.

6.1.2 Enhancements New features or enhancements will be distributed every other Tuesday. These enhancements will be beta tested for a minimum of five days on Verio’s system before being released to Dayco. New features and enhancements are described as code changes that visually effect the 61

End User or Code changes that fundamentally change the way a program works or performs.

6.1.3 Documentation Documentation will be included with New Features and Enhancement distribution. Notification will be made to the OEM department on the Thursday prior to distribution day and will Contain a bullet point description of the changes. Changes Visible to End User Program affected Summary of change

Changes Not Visible to End User Program affected Summary of change

The OEM department will review the documentation and forward to Dayco according to the escalation procedures and contacts.

Technical Diagrams of Verio administered services:

Remote Connectivity (including OOB- out of band) diagram for Remote Administration of the platform in Caracas, Venezuela by Verio.

Figure 16: Frame Relay links – For OOB based remote connectivity and Administration

SD Power Supply 0 Power Supply 1 CI SC OS YSTEMS

Catalyst 8500SERIES

Switch Processor Frame Relay - 64 Kbps Cisco 2600

FOUNDRY BigIron 4000 NETWORKS Existing Structure

Proposed Infrastructure

SD Power Supply 0 Power Supply 1 CISCO S YSTEMS

Catalyst 8500 SERIES Big Iron

Switch Processor

Cisco 7513 Fast Iron

FOUNDRY FastIron-II NETWORKS WWW - SSL / SSH Secure Connection

POST / PSTN

Server Server

Telephone Server Server RAS Dial-in PBX Group 23

Figure 17: Daycohost Network for Verio.

Daycohost Network

Remote client-Verio 1 Conector V35 Router 7513

Fiber Optic Gigaethernet

Shared Hosting Big Iron 1 Big Iron 2 VRRP Big Iron

Net Iron 1 Fast Iron Net Iron 2

Verio Servers

Figure 18: Servers Layout in the Verio administered racks.

ADC Kentrox CSU/DSU ADC Kentrox CSU/DSU Foundry Networks Fastiron Cisco Systems 2610 Series Router Workgroup Switch Cisco Systems 2610 Series Router

Foundry Networks Netlron Switching Foundry Networks Netlron Router Lucent PortMaster (R) Switching Router

Power Strip Power Strip Power Strip

Silicon Graphics Origin 200 Tower Silicon Graphics Origin 200 Tower NT Web Web Server Spare Web Server #1 Server

Silicon Graphics Origin 200 Tower NT Primary Mail Server Domain Controller Silicon Graphics Origin 200 Tower Domain Server Silicon Graphics Origin 200 Tower DB Server NT Power Strip Backup Transaction Server Silicon Graphics Origin 200 Tower Power Strip 28 DB Server Power Strip

Silicon Graphics Origin 200 Tower Silicon Graphics Origin 200 Tower O200 Disk Tech Vault Support Server Spectralogic S10000 Silicon Graphics Origin 200 Tower Tape Backup Unit DNS Primary Server Transaction Server

Cacheing DNS Server Secondary Server NT Tape Backup Server

7 FOOT RACK 7 FOOT RACK 7 FOOT RACK

Data Center - Servers

Figure 19: IP Distribution of Initial Verio System

ISP’s

Cisco Router

200.44.59.64 /27 BigIron Router BigIron Router

NetIron Router NetIron Router 200.44.59.0 /27 200.44.59.32 /27

DB23A W2K23D1 DB23B CACHE23A

DB23VAULT W2K2301 MAIL23A TS23

TXN23 NS23A SPARE NS23B

WWW2301 LDAP23B FIREHUNTER LDAPSPARE 200.44.59.96 /27

WWW2301 LDAP23B NETRA T1 NS SPARE

WWW2302 W2K23T1 PORTMASTER SPARE 200.44.59.128 /25

WWW2302 W2K2300 SPECTRA 10000

PORTMASTER SPARE NETRA T1

Part 5: Implementing Shared Hosting

What is shared web hosting?

The shared web hosting is a operational method where in the customer gets – an Individual IP address, Domain name-for his idea or business name, applications bundled together, disk space to save his web site content, email account(s) and bandwidth so that the prospective customers or just simply web browsers in the internet can know what he / she is proposing to the whole world as a idea or business – technically speaking in a single server sharing the resources with other customers like CPU computing power, hard disk space, applications, operating system, network bandwidth, high level SLA – Service Level Agreement , technical support all at a fraction of a small price for the complete infrastructure that is involved for 24hours*7days a week*365 days a year Availability.

Figure 20: Shared Web Hosting

IP Address Domain Name Bandwidth

3rd Party Applications Control panel

Shared Web Hosting

Servers Disk Space

Tech Support 24/7/365 Availability

Implementing Shared web hosting involves the following: • Creating a web portal for the information of the hosting services and order acceptance. • Creating a call center for receiving orders and supporting users. • Creation of an Order process both through the web portal and the call center. • Creation of payment collection office and financial procedures. • Creation of a technical team to support and maintain infrastructure and users. • Creation of a marketing and sales team to support sales of products being offered and provide Business intelligence through market research to continuously improve the shared hosting offering. • Customer oriented Relationship Management application to speed up and effectively provide customer support and fulfill client requirements and maintain high level of customer satisfaction. • Fast and efficient Billing system along with web based billing and rapid payment collection system with at least 2 local banks to provide redundancy in payment clearances and credit card based collections.

To achieve the above the Hosting Software and the business process must be automated to almost 80% percent at the minimum so as to have a fast, swift and agile enterprise and very rarely out of the USA a 100% automated enterprise without operational problems is seen to be successful.

Figure 21: From an ISP- Internet Service Provider view how does Shared hosting look like?

Collocation Provider supplies infrastructure, while Hosting customer manages Services server and Dedicated Server applications One customer site hosted on one or several servers Managed Services Collocation, plus some level of application management and Shared Server maintenance Many customer sites hosted on a single server

Figure 22: Types of Web Hosting

Complex Dedicated Basic Dedicated Complex •E-commerce sites shared Application suites Basic • •QoS & SLA (similar to Basic Dedicated) plus: Shared •Content distribution •Clustering

Simple E-commerce •Unified messaging • Load balancing • •Simple web site Low-level content •B2B applications • Databases distribution & • •No or minimal e- commerce streaming media •Project & document management •Middleware

•ASP •ASP •ASP •ASP

Sphera as a Web Hosting Automation Software:

1. Self provisioning puts control in the customers’ hands

2. Flexible, scalable path with common control panel

3. Differentiated offerings to site owners and resellers

4. Over 40 applications ready to use

5. Localization for 7 languages

6. Multi-level GUI branding to easily enable differentiation

7. Extensible XML based API infrastructure

Components used at Daycohost: • HBS – Hosting Business Suite • DCM – Data Center Manager RD – ResellerDirector • CD – ClusterDirector • DD – DomainDirector • SD – ServerDirector VA – ValueApp® VDS® – Virtual Dedicated Server

Description of the components:

DCM: Sphera® Data Center Manager: Data Center Manager (DCM) is a complete, automated solution that simplifies and streamlines operations for both hosting providers and their resellers. It is the only out-of-the-box system built specifically to ensure the highest customer satisfaction, while providing services that help grow revenue at reduced operating costs. • Manages all of Sphera’s hosting solutions – Linux, Windows, shared and dedicated servers. • Manages service plans in which quotas and privileges are defined. • Collects usage data and enforces quotas on all managed resources • Provides single integration point for external/legacy systems such as Billing, DNS, etc. • Powerful reseller functionality - Provides resellers full BSS automation and branding capabilities, Virtual data center for resellers • Robust API which extends to back end systems

RD: ResellerDirector: ResellerDirector is a centralized business platform providing complete end-to-end management of a Web hosting provider's operations for both wholesale and retail operations. Designed as an integrated, self-service solution, it enables efficient management of resellers, accounts, service plans and inventory.

• Robust central management solution for Hosting Providers • Complete “Out-of-the-box” reseller business platform • Global reseller management across Linux and Windows servers • Value proposition extended to the resellers • Service Package Utilities, ValueApps, API

CD: ClusterDirector: • ClusterDirector works in unison with Data Center Manager (DCM). DCM is the interface to the Hosting Business Suite and is responsible for all the business logic within it, while ClusterDirector works behind the scenes to process “jobs” handed down from the DCM.

DD: DomainDirector: • Automatically provisions DNS at the organization level enabling end users to control their own DNS records, reducing support costs and increasing customer satisfaction.

SD: ServerDirector: High-end shared hosting solution

• A superior robust, secure, shared hosting platform for Linux and Windows • Innovative VDS technology provides better security, isolation and performance than traditional virtual hosting products • Extensive branding and customization capabilities • Powerful ValueApp & Email SDK

VA: ValueApps : Pluggable value-add applications • Creates competitive value proposition through rich ValueApps offering • Allows hosting providers to differentiate their offerings • Provides ability to up-sell to customers by providing new applications a-la-cart • Independently develop and deploy 3rd party products as ValueApps in standard RPM packages • Creating ValueApps external to the HostingDirector product

VDS: Virtual Dedicated Server • A VDS is a software based Dedicated Server created by splitting a physical server into many Virtual Dedicated Servers. Each VDS is isolated in terms of server resources, administrative privileges, available applications and file system.

• VDS's share common tasks (monitoring, backup, hardware and OS configurations, “fail over” services, local or remote multi-user applications, etc.).

• Solves major issues related to Improved hardware utilization Web server and application administration by the server owner/administrator Enhanced Security on shared hardware

• Secured virtual run-time environment for Linux OS and Web applications.

• Manual and automatic VDS management capabilities for diverse users (site owner, reseller, server and data center administrators).

• Authentic role based access to VDS environment, configuration, statistics, etc.

• Monitoring, enforcement and quota sub-systems on physical server, OS, and VDS. • Ability to provision VDS configuration to local and external applications, and to integrate into data center infrastructure (NFS, SAN, traffic shaper, firewall, statistics and monitoring systems, etc.).

• Sophisticated, automatic and full integrated DNS management solution.

• Backup and restore functionality (Centralized and VDS built-in solutions).

• Ability to customize the VDS environment including OS and Web applications, file system structure, etc. Comprehensive usage of original non-modified Red Hat® RPMs.

Figure 23: VDS Structure

Figure 24: Infrastructure built for the Deployment

Legend – Short forms used in the diagrams for Sphera :

• CD – Cluster Director • CRM – Customer Relationship Manager – Pivotal • DB – Database • DCM – Data Center Manager • DD – Domain Director • LX – Linux based on Redhat ES 2.1 • NMS – Network Management Server • RD – Reseller Director • SD – Server Director • Win – Microsoft windows 2000 server with service pack 4.

Figure 25: How does it all work together?

Part 6: Migration of Clients from existing platform to new Shared Hosting Platform.

Migration of clients from Verio based Shared hosting to the new Sphera based hosting involved 3 major phases. Phase 1: Setup of Infrastructure Phase 2: Actual Migration & user training Phase 3: Stabilization of the platform (Discussed in Part 7)

Phase 1: Setup of Infrastructure The setup of infrastructure was split into 3 teams, Team 1 – Linux based and Team 2 – Windows based and Team 3 – Infrastructure (part of the team members were from Team1). Team 1/3 - was responsible of installation, setup and deployment of Linux based on Redhat ES 2.1 server and all the various value-apps which are also referred to as 3rd party applications. Products installed – Server Director, Reseller Director, Cluster Director, Domain Director.

Team 2: was responsible of installation, setup and deployment of Linux based on Redhat ES 2.1 server and all the various value-apps which are also referred to as 3rd party applications. Products installed – Server Director, Active Directory (Active – Passive failover), Secondary DNS server, IP address block assignment.

Team 3- was responsible for the interconnection issues between the Reseller Director, Cluster Director, IP address acquisition, Creation of VLANS-Virtual LAN, Foundry, Cisco Switches, Packeteer – Bandwidth Control, Router based ACL-Access Control Lists and assuring SLA’s. Installation, Cabling along with electrical connectivity, proper installation of physical issues and racking of the servers in the new racks, backup facilities, purchase of 3rd party licenses.

Product team – Was responsible for the creation of new shared hosting products and its effects on migration and control, monitoring progress of the migration team.

Notes: The initial setup was delayed by many factors such as Cadivi forex control procedures, lack of timely information on the 3rd party software and lack of technical manuals delivery, server’s availability.

Phase 2: Actual Migration & user training This phase was the most difficult and uphill task faced by the teams involved since there was lack of coordination from the Verio OEM support team. Finally it was agreed that the Verio OEM support team would provide the contents of all the web sites in a .tar format and extend validity of the platform to the maximum agreed limit of 180 days during which Daycohost must complete the migration.

From hereon there was no stopping till we finished the migration. The tasks which were setup were the following: 1. Capture details of all existing customers. 2. Migrate all applications, web page, images, databases, forms and code corrections to the new architecture and file paths along with CGI –perl based to Python based forms in the various value apps provided by Sphera. 3. Migrate the smaller websites and then onto the larger web sites. Gaining experience on this complex application migration. 4. Migrate a difficult product such as VPS – Virtual Private Server. 5. Customize the Control Panel to Daycohost Control Panel. This control panel is far more esthetic, user-friendly and customizable to that of the very poor quality Verio Control panel. 6. Migration of web site generator. 7. Billing format change was one of the big issues. 8. User training was core to the migration. 9. Check the validity of the domains and start the migration from the Verio registrar – Melbourne IT to SRS plus. Then on a mass migration of domain change and point the domains which are registered at Daycohost to the new DNS servers of Sphera as the authoritative DNS servers. Additionally those clients whose Authoritative DNS servers are not those of Daycohost – send repeated communications, to request the clients to make the changes to the new Daycohost DNS servers.

Notes: This migration was the toughest I have ever faced and the most enjoyable of them all. Excellent team work was displayed by every single one on the team and very ably supported by the external team from Sphera who spared no stone unturned in this effort due to which we were able to complete the migration of 1200 clients in just over 6 very intense weeks. User training was very well handled by the Daycohost Call Center and the marketing team of Shared hosting.

Part 7: Stabilization of the platform

Phase 3: Stabilization of the platform: In this phase the Daycohost team members visited the R&D labs of Sphera for a 15 days intensive training and that’s when they realized the issues which were still pending for the optimization of the platform and how it is needed to be fixed, on an operational basis.

The Stabilization of the new Sphera platform included the following:

1. Creation and assignment of smaller VLAN’s so as remove the ARP attacks in the switches. 2. Change of IP addresses for a extended time period of the Verio DNS servers with new IP addresses in the Daycohost IP range so as to allow the existing clients to change their Domains to the Sphera DNS servers. 3. Optimization of Windows Servers –IIS, Shared point services, Upgrade value apps and mailsite email services. 4. Optimization of Redhat Linux Servers –Apache, Jakarta Tomcat, Sendmail and Neomail-webclient based email services, Faster DNS services, Network optimization, User Quota optimization, Media streaming services-Real & Windows media audio/video streaming. 5. Integration of Reseller Director with J.D.Edwards Billing module and Pivotal CRM. 6. New web portal to automate the web based orders and new domain extensions which were not offered by Verio and the new plans of Daycohost. 7. Improve the security & related policies, SLA and AUP (acceptable user policies). 8. Implementation of Central password and patch management for multiple OS. 9. Implementation of new firewall Watchguard V100 in Active-Active Failover. 10. Implementation of IDS-Intrusion Detection System.

Notes: The above all are complete except for the 6 & 7 as of today.

List of Value apps supported by Sphera:

Collaboration • Auto Responder • Bulletin Board • PHPBB • GuestBook • IMP • Mail Form • Majordomo • MajordomoList • NeoMail • SecondSaver • SpamAssassin • Photo Gallery

Database • MySQL Database • Perl - MySQL Libs • PHPMyAdmin • PostgreSQL

E-Commerce • CreditCardPHP • EveryAuction • Free Merchant • Miva Empressa 4 • Miva Merchant 4 • Open SSL • Shared SSL Client • VeriSign SSL

Streaming • Darwin Quicktime Server • Real Server Helix

Web Applications • Web Directories • Index Server • Urchin 5 • Webalizer

Database • SQL Server • SQL Server DSN • Access DSN • FoxPro DSN • Oracle DSN eCommerce • Miva Empresa • Miva Merchant • SSL Certificate • Shared SSL Enterprise Client • Extropia Web Store

Web Development • ASP.Net • ColdFusion 5/MX • FrontPage 2002 Extensions • SharePoint Services • Perl • PHP • Python • Server Side Includes (SSI)

Script Components • Dundas Mailer control object • Dundas Upload control object • Serverobjects ASPQMail object

• SoftArtisians SMTP Mail object • SoftArtisians FileUp object

Central Email Servers • MailSite by Rockliffe, • IMail by Ipswitch • XMail (Open Source)

Appendix A: Internet Protocols terms and how they are used.

The OSI (Open Systems Interconnect) Reference Model (ISO 7498) defines a seven-layer model of data communication with physical transport at the lower layer and application protocols at the upper layers. This model, shown in Figure 26, is widely accepted as a basis for the understanding of how a network protocol stack should operate and as a reference tool for comparing network stack implementation

Figure 26: OSI Reference model

Each layer provides a set of functions to the layer above and, in turn, relies on the functions provided by the layer below. Although messages can only pass vertically through the stack from layer to layer, from a logical point of view, each layer communicates directly with its peer layer on other nodes. The seven layers are: 1. Application Network applications such as terminal emulation and file transfer 2. Presentation Formatting of data and encryption 3. Session Establishment and maintenance of sessions 4. Transport Provision of reliable and unreliable end-to-end delivery 5. Network Packet delivery, including routing 6. Data Link Framing of units of information and error checking 7. Physical Transmission of bits on the physical hardware

Based on the OSI reference Model the TCP / IP was developed and this lead to the Internet and World Wide Web (WWW) , to which we are familiar similar to the millions of people all over the world. Many people depend on applications enabled by the Internet, such as electronic mail 84

and Web access. In addition, the increase in popularity of business applications places additional emphasis on the Internet. The Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite is the engine for the Internet and networks worldwide. Its simplicity and power has lead to its becoming the single network protocol of choice in the world today.

The main design goal of TCP/IP was to build an interconnection of networks, referred to as an internetwork, or internet, that provided universal communication services over heterogeneous physical networks. The clear benefit of such an internetwork is the enabling of communication between hosts on different networks, perhaps separated by a large geographical area. The words internetwork and internet is simply a contraction of the phrase interconnected network. However, when written with a capital "I", the Internet refers to the worldwide set of interconnected networks. Hence, the Internet is an internet, but the reverse does not apply. The Internet is sometimes called the connected Internet.

The Internet consists of the following groups of networks: • Backbones: Large networks that exist primarily to interconnect other networks. Currently the backbones are NSFNET in the US, EBONE in Europe, and large commercial backbones. • Regional networks connecting, for example, universities and colleges.

In most cases, networks are limited in size by the number of users that can belong to the network, by the maximum geographical distance that the network can span, or by the applicability of the network to certain environments. For example, an Ethernet network is inherently limited in terms of geographical size. Hence, the ability to interconnect a large number of networks in some hierarchical and organized fashion enables the communication of any two hosts belonging to this internetwork. Figure 27 shows two examples of internets. Each is comprised of two or more physical networks.

Figure 27: Internet Examples

Another important aspect of TCP/IP internetworking is the creation of a standardized abstraction of the communication mechanisms provided by each type of network. Each physical network has its own technology-dependent communication interface, in the form of a programming interface that provides basic communication functions (primitives). TCP/IP provides communication services that run between the programming interface of a physical network and user applications. It enables a common interface for these applications, independent of the underlying physical network. The architecture of the physical network is therefore hidden from the user and from the developer of the application. The application need only code to the standardized communication abstraction to be able to function under any type of physical network and operating platform. As is evident in Figure 27, to be able to interconnect two networks, we need a computer that is attached to both networks and can forward data packets from one network to the other; such a machine is called a router.

To be able to identify a host within the internetwork, each host is assigned an address, called the IP address. When a host has multiple network adapters (interfaces), such as with a router, each

interface has a unique IP address. The IP address consists of two parts: IP address = The network number part of the IP address identifies the network within the internet and is assigned by a central authority and is unique throughout the internet. The authority for assigning the host number part of the IP address resides with the organization that controls the network identified by the network number.

Appendix B: Monitoring System of Shared hosting services

Based on the need for monitoring of services, which form the real core of the SLA offered to the clients for a 24/7/365 availability of web, FTP, and email services as a baseline of effectivity of shared hosting services, the monitoring at adaycohost has been designed on the use of Open source software called Nagios to provide the availabity and proactive warning to the technical support team. • What is Nagios? 1. Host and service based network monitor 2. Designed to run under Linux, works under most UNIX variants and with NSPE client (SNMP) variant for Windows servers. 3. Open Source Software

Figure 28: Nagios General layout

Figure 29: Escalation Flow Escalations Flow-used in service management

Contacts Services Commands

Contact Plugins Groups

Key Applied To Hosts Contains Executes

Host Notification Notifications Groups Commands

Capabilities of Nagios: • Network services • SNMP, POP, IMAP, Exchange, SQL, Oracle, HTTP, HTTPS, DNS, PING. • Host Resources/Metrics • Temperature, CPU, memory, disk usage, MS Performance counters, SNMP Reporting of Nagios: • Has some built-in reporting • Generates graphs on host/service trends, availability, alert histogram, history and summary • Email, Beeper, SMS capabilities.

Appendix C: Ports – TCP & UDP

Function Static ports ------

Browsing UDP:137,138 DHCP Lease UDP:67,68 DHCP Manager TCP:135 Directory Replication UDP:138 TCP:139 DNS Administration TCP:135 DNS Resolution UDP:53 Event Viewer TCP:139 File Sharing TCP:139 Logon Sequence UDP:137,138 TCP:139 NetLogon UDP:138 Pass Through Validation UDP:137,138 TCP:139 Performance Monitor TCP:139 PPTP TCP:1723 IP Protocol:47 (GRE) Printing UDP:137,138 TCP:139 Registry Editor TCP:139 Server Manager TCP:139 User Manager TCP:139 WinNT Diagnostics TCP:139 WinNT Secure Channel UDP:137,138 TCP:139 WINS Replication TCP:42 WINS Manager TCP:135 WINS Registration TCP:137 Convoy UDP:1717 WLBS UDP:2504 Exchange Administrator TCP:135 IMAP TCP:143 IMAP (SSL) TCP:993 LDAP TCP:389 LDAP (SSL) TCP:636 MTA - X.400 over TCP/IP TCP:102 POP3 TCP:110

POP3 (SSL) TCP:995 RPC TCP:135 SMTP TCP:25 NNTP TCP:119 HTTP TCP:80 HTTPS TCP:443 HTTP-Management TCP:280 NNTP (SSL) TCP:563 FTP TCP:21 SSH TCP:22 RDP Client (Microsoft) TCP:3389 (Pre Beta2:1503)

Appendix D: Network Layout: Verio Final Network Layout & Sphera Layout

Figure 30: Verio Final Network layout

INTERNET

ISP`s CANTV.NET BANTEL COMSAT EQUANT TELCEL

Core Router1 Core Router2

RED DE SERVICIOS COMPARTIDOS BigIron Router(SWcapa3) BigIron Router(SWcapa3)

NetIron Router (SWcapa3) NetIron Router (SWcapa3)

DB23A W2K2302 DB23B CACHE23A

200.74.192.0 /24 DB23VAULT W2K2301 MAIL23A TS23 200.74.193.0/24 200.74.194.0/24 200.74.195.0/24 TXN23 NS23A SPARE NS23B 200.74.198.0/24

200.74.213.0 /24 WWW2300 LDAP23B FIREHUNTER LDAPSPARE 200.74.200.0 /24 200.74.201.0 /24 WWW2301 LDAP23B NETRA T1 NS SPARE 200.74.196.0 /24 200.74.202.0 /24 200.74.203.0 /24 WWW2302 W2K2303 PORTMASTER SPARE

200.74.204.0 /24 WWW2303 W2K2300 SPECTRA 10000 200.74.205.0/24 200.74.209.0/24 200.74.206.0 /24 PORTMASTER SPARE 200.74.210.0 /24 NETRA T1

200.74.199.0/24 200.74.208.0 /24

200.74.197.0/24 200.74.207.0 /24 200.74.211.0/24 200.74.212.0 /24

Figure 31: Sphera Network Layout

Internet

BigIron 4000

Cisco 3550 NetIron

WWL LL W W

ns-1 /ns-2 dc-01 Apl2305 Apl2303 Mail 2 Mail 1 (dns) (act. direct) (cluster dir) (reseller) Sdw3k2 SD

L L W W W W W

SQL Mail www2304 www2309 Sdw3k1 Sdw2k3 Sdw2k2 SD SD SD SD SD

Figure 32: Complete Datacenter Layout with Sphera

Appendix E: Firewall The firewall used initially was a firewall-Bridge based on Redhat Linux version 9 with iptables and bridge.

One productive means of establishing such a balance is to understand the priorities that exist for ISPs within the security area.

1. Integrity of the service. The ISP has to protect the integrity of the network service and must be able to make the operation of the network relatively secure. This extends not only to the routers and switching elements of the network but also to the protection of the integrity of the service delivery host platforms, including DNS servers, mail servers, Web servers, and caches, and any other service platforms operated by the ISP. 2. Client security. As well as protecting its own service assets from intrusion and disruption, the ISP is expected to assist clients to secure their operation from security incidents. This can take various forms, but normally does not extend all the way to have the ISP assume all responsibility for client network security. However, in certain areas, the client must trust the ISP’s integrity of operation in order to implement its own security policy. For example, in the environment of Virtual Private Networks (VPNs), the client must trust the ISP to present only valid remote VPN traffic to each client’s VPN location. 3. Incident response. When security incidents occur there is the expectation that the ISP will assist clients and peer ISPs in the tracing of such incidents to their source. Equally, where various forms of denial-of-service attacks are experienced, the ISP should assist in the removal of the attack, either through blocking the traffic or through identification of the source of the attack. 4. Legal obligations. Underpinning this is the ISP’s legal and regulatory obligations, which may include the requirement to report criminal activity and cooperate with law-enforcement agencies in the investigation of such incidents.

It is a business decision as to what level of resources is made available to support the ISP’s security activity and a tactical decision as to how to deploy such resources to ensure that an effective security response is forthcoming from the ISP.

Today, the types of security incidents on the Internet include the following attributes:

1. Exploitation of protocol flaws 2. Use of source listings to identify system flaws 3. Use of ICMP to launch denial-of-service attacks 4. Abuse of the anonymous ftp servers 95

5. Exploitation of weaknesses in Web servers and e-mail servers 6. Use of IP source address spoofing

A security policy is intended to assist the ISP in responding to security incidents, allowing the ISP to develop proactive processes to minimize security risks and to guide the ISP to handle incidents promptly, efficiently and effectively, reducing the potential impact of an incident through an effective response.

Such a policy should encompass a number of areas of ISP activity:

1. The policy should provide guidelines relating to the evaluation of service technology, to ensure that the equipment does not compromise the current security environment. 2. The policy should also state the ISP’s position with respect to the privacy of data. 3. In a similar vein, the policy should state the process of admitting access to data and in what formats. 4. In general, most ISPs adopt a policy position akin to that of a common carrier, in which the ISP undertakes not to inspect or alter in any way client content passed over the network, nor does it accept any liability in the carriage of such content. In terms of accountabilities, the client is responsible for the content of data passed across the network. 5. The ISP should specify in such a policy guideline the process of reporting security incidents, outlining the responsibility of the ISP and that of the client in such situations.

The overall intent of the policy is to allow the ISP and its staff to respond efficiently to security incidents, while not compromising client confidentiality considerations, nor exposing the ISP or the client to unwarranted liabilities within the structure of the response. An ISP should obtain legal advice on such a policy, after it is drafted, to ensure that these objectives are adequately addressed from a legal perspective. Further detail in this area is available in [RFC1281], “Guide-lines for the Secure Operation of the Internet.”

Securing the Network Infrastructure

The ideal secure environment for network infrastructure services is to physically delineate the client service environment from the service control environment. In this ideal environment are two distinct networks, one to route client data and allow client service applications access to the network’s service applications and another to manage the service elements. Such an ideal environment is indicated in Figure 9.1. Within such an environment, the individual service platforms are configured to respond on the service plane to requests on the configured service port. For example, a mail relay server would respond only to the mail port (TCP port 25) for 96

incoming requests and initiate connections only to remote mail server ports, a DNS server to port 53, and so on. Routers would explicitly not respond to incoming session requests from the service plane, limiting their actions to switching packets within the service plane and responding to and generating ICMP messages as appropriate. Such a management architecture is termed out-of-band management, because all control and management functions are performed on a separate management network, physically distinct from the service network.

Figure 33: OOB (out of band) Management

Such a configuration is generally not constructed precisely along these lines, in that the duplication of the network infrastructure for a separate management and control network does imply additional cost to the ISP. The more conventional construction technique is to use a single network infrastructure for both service and control and management functions, using in-band network management

Figure 34: In-Band Network management

Securing the Routers

One of the major attacks undertaken on the network itself is the denial-of-service attacks. The intent of this form of attack is to bring the network to a state where it can no longer carry client data. The most common way of undertaking this is to attack the routers themselves, with the intent to cause them to cease forwarding packets or to forward packets to an incorrect destination. The former may be triggered by intrusion and then deliberate misconfiguration or a flooding attack in which the router is overwhelmed with unroutable data, causing router performance to degrade. The latter may be triggered by the injection of spurious routing updates.

The basic prerequisite for good router security is a robust routing design. It is a high-risk activity to engage in routing peering unless some basic precautions are configured into the design.

1. Where possible, routing peering should be avoided completely, and static routes used instead. A significantly reduced risk of promulgation of bad routing information leaking across from clients into the ISP’s routing environment exists when static routes are used at the boundary between the client and the ISP. 2. Where peering is necessary, use an exterior routing protocol. Currently, BGP4 is an obvious

choice. 3. To avoid promulgation of bad routing information, pass all learned routes and their attributes through an ingress filter, permitting only those routes where the route prefix and its associated AS path match an administratively maintained filter set. 4. In this environment, the ISP should use a routing registry to register its routing policies and strongly encourage its BGP peers to do the same.

In this way, the routing information passed across a peering session should conform to a set of published routing policies, minimizing the risk of deliberate or unintended routing corruption. The identity of the routing peers also should be protected, because one mechanism of attack is to spoof the identity of a trusted routing peer. The solution to this type of threat is to protect the routing updates by use of authentication fields within the chosen routing protocol. These can be either of the form of authentication fields within every update or the use of encryption of the entire routing protocol updates, using checksums and sequence numbers to protect against replay attacks. Widespread adoption of secure routing protocol updates is still not a feature of today’s Internet, and the consequent vulnerability of the network routing environment remains a source of significant concern. Flooding is harder to protect against, and the mechanisms to address such incidents remain in the realms of packet flow tracing to identify the source of the flood.

Routing configurations also can assist in providing some level of resiliency against host-based attacks, and a number of router options are typically supported on router platforms, which can be used in this area:

• No source routing. Many attacks use a mechanism of enabling loose source routing in an attempt to circumvent site security mechanisms. Here, the identity of a trusted host is placed in the source field, and the attacking host is referenced within the loose source–routing option. Although it is normally a client network responsibility to disable loose source routing at the Internet boundary, some ISPs also disable this IP packet option within the network infrastructure as an added precaution. Some debate over the utility of this measure has existed, because source routing is a useful tool for the Network Operations Center (NOC) to debug some forms of routing and performance problems. Source routing allows the NOC to direct diagnostic packets through a particular location and then deduce the network routing conditions at that point. If an ISP chooses to leave source routing enabled within the infrastructure, clients should be explicitly informed of this decision and advised of actions they should take if they want to disable it from their network. • No directed broadcast. By default, in an Internet environment, it is possible to generate a

directed broadcast packet addressed to all hosts connected to a remote network. This form of packet is commonly used to launch denial-of-service attacks, in which a single packet is directed to the directed broadcast address. If it is an ICMP Echo Request packet, it will generate a cascaded response to the source address from every host connected to the network. The attack uses a packet in which the source address is the address of the target host. A sequence of such packets directed to the remote broadcast address causes the remote network to act as an unwitting amplifier of the packets, which are then sent to the target system. Where the ISP manages client edge routers, and where there is an internal network used to house a set of service platforms, directed broadcast should be disabled in the network’s boundary router. • Ingress source address filtering. Many forms of attack use invented, or spoofed, source addresses in the packets, as a means of hiding the identity and location of the attacker, or, as with directed broadcast attacks, as part of the mechanism of the attack. In many cases, defining a set of ingress packet filters on the ISP network is possible so that the source address of a received packet must match the set of routes advertised from the associated network port. Widespread deployment of such filters will make source address spoofing more challenging in the wider Internet. Some side-effects to this are possible, notably with mobile IP, where the application relies on using source addresses that do not match the corresponding state of the routing system, in order to operate correctly. The technique of ingress source address filtering is described in more detail in [RFC 2267].

Securing Service Platforms

In an out-of-band network management environment, each service platform presents to the network only an entry point, which is associated with a service port. This does minimize the points of vulnerability but still allows the platform to be the subject of intrusion and denial of service through exploiting weaknesses in the service application and the platform. In a more conventional in-band network management, the avenue of potential exploitation of the service platform widens, and the desire for a robust service environment does include very careful consideration of security issues.

Two parts exist to securing service platforms in a conventional in-band network management architecture: the access to the server environment should be carefully controlled, and the platforms themselves should be carefully managed.

Where possible, server environments should be located on a dedicated service network, distinct from the client access networks and distinct from the NOC network. A typical architecture of deployment is indicated in Figure 35, in which a dedicated network is used to host network 100

service platforms, with access mediated by an entry router, which effectively functions as a basic filtering firewall. The firewall permits general access to the service ports of each platform and permits control and management access only to the NOC address.

Figure 35: Service Platform Architecture

Depending on the desired robustness of the service architecture, the NOC access could be replaced by an encrypted tunnel from the NOC to the service entry router.

A reasonable checklist of server host security mechanisms should include the following:

• Keep access accounts up-to-date and regularly change passwords. • Use host connection filters, or wrappers, which are configured to explicitly permit certain connection types while denying access to all other connection attempts. • Use up-to-date platform software and application software images. Many updates are the outcome of increasing the resiliency of the platform or the application, and operating out-of- date images is a widely exploited mechanism of effecting intrusion into server systems. • Log all server access events as a means of detecting intrusion attempts and potential back- tracing of any incidents. • Use strong checksums of the system and application images to allow detection of attempts to install Trojan horse versions of system components. (A Trojan horse is a deliberately 101

manipulated version of a utility that preserves its original functionality but also contains a mechanism to admit access to an intruder upon entering some form of command sequence.) • Maintain a remotely held and secure copy of the system software and critical data sets to ensure that a rapid recovery of the server is possible. • Consider using nonwritable media, such as CD, for read-only system images and information data sets. • Where sensitive information is held on the server, use encryption of the data to minimize the damage in the event of intrusion. • Strip all nonessential service and system components off the server platform. Such stripping may include sendmail, remote access servers (the Unix r-* servers), the finger daemon, compilers, system configuration files, and similar nonessential system components. • Consider using end-to-end encryption for control access, either using an encrypted tunnel to the firewall router or using an encrypted access session, such as the secure shell, ssh. One- time passwords also should be considered for secure server access. • Use available systems’ security tools to monitor the integrity of the server environment.

In addition, a number of other measures are relevant to particular server platforms.

For Web server platforms:

• Do not configure interactive user accounts on the server. Allow clients the ability to upload data sets into the server into a dedicated server area. • Carefully manage the use of user-provided CGI programs and test these programs most scrupulously prior to staging the program onto the server.

For DNS server platforms:

• Use server software that loads only authoritative data into the DNS cache. • Use server software that throttles response rates to repeated requests from the same query point, to prevent denial-of-service attacks.

For ftp servers:

• Avoid using writeable directories, or, if a writeable guest account is necessary, set the directory to nonreadable and constantly monitor downloading activity into the area. • Use a stripped ftp-specific file root to avoid grabbing of the system access and configuration files.

102

• Use a dedicated platform for ftp access where possible, avoiding colocation of the ftp service with any other service delivery operation.

For e-mail servers:

• Use e-mail configuration files that explicitly prevent use of the server as a relay by unauthorized clients. • Where POP/IMAP access is implemented, restrict such access to the associated accounts to a basic shell that permits only POP and IMAP access activity.

And, perhaps most importantly, for all platforms:

• Check for intruder activity in system logs, accounting files, and the file system. Given the copious quantities of such information generated on a busy server, consideration should be given to scripting such checks to generate management alarms in which anomalous information is detected in such records.

This may appear to be a daunting checklist, and many ISPs implement only a partial set of these measures on their server platforms. As noted at the outset of this chapter, security activity is one of risk assessment, rather than absolute outcomes, and risk assessment should be applied to this activity as a business and strategic judgement. However, the environment of deployment of ISP service platforms is a hostile environment, in which no effective external control mechanisms exist to moderate behavior, as law enforcement processes within a global network are not as timely or as effectual as many would hope. In response to this threat, good security mechanisms, diligently applied, are intended to produce a robust and reliable service environment, which translates to a valuable business asset in a highly competitive marketplace.

The above were the guidelines on which the firewall was configured to provide high level of security during the migration and later this has been transferred as Policy based settings on the Watchguard V100 Enterprise firewall.

103

Appendix F: LACNIC issues

Lacnic, is the Latin American Network Information Center, which is the only authorized registry for IP address (Internet numbers) authorization. IP ADDRESS SPACE AND THE INTERNET REGISTRY SYSTEM 2.1. Types of IP Addresses For the purpose of this document, IP addresses are 32 bit binary numbers that are used as addresses in IPv4 protocols used in Internet. There are three types of IP addresses. 2.1.1. Public IP Addresses Public IP addresses constitute the Internet address space. These addresses are allocated so that they are globally unique, according to the objectives that will later be described herein. The main objective of this address space is to allow communication using IPv4 on Internet. A secondary objective is to allow communication between interconnected private networks. 2.1.2. Private IP Addresses Certain ranks of IP addresses have been reserved for the operation of private networks that use IP protocol. Any organization may use these IP addresses in their private networks without the need of requesting them from an Internet Registry. The main requirement established for the use of private IP addresses is that the hosts which use these IP addresses do not need to be reached through Internet. For a more detailed description of private IP address space, see RFC 1918. 2.1.3. Special and Reserved IP Addresses These are ranks of IP addresses reserved for applications such as multicasting. These IP addresses are described in RFC 1112, and are beyond the scope of this document. 2.2. Objectives of Public IP Address Space Distribution According to the provisions of RFC 2050, each allocation and assignment of public IP addresses shall guarantee that the following four conditions are met. 2.2.1. Exclusivity Each public IP address must be unique worldwide. This is an absolute requirement that guarantees that each Internet host can be uniquely identified. 2.2.2. Preservation Fair distribution of IP address space according to operational needs of end users operating networks and using this IP address space. In order to maximize the life span of public IP address space resources, IP addresses must be distributed according to end users’ current needs; this avoids accumulation of unused IP addresses. 2.2.3. Routeability Global hierarchical distribution of IP addresses, which allows scaling IP address routing. This scaling is 104

necessary to ensure proper operation of Internet routing. 2.2.4. Registration Submission of documentation on IP address space allocations and assignments. This documentation is necessary to ensure exclusivity and provide information for locating errors on all Internet levels. The consecution of the above mentioned objectives is in the best interest of the Internet community. However, it must be noted that preservation and routeability are frequently conflictive objectives. These objectives may at times conflict with the interests of ISPs, NIRs, or end users. When this is the case, it is necessary to analyze each particular situation carefully in order to reach an adequate compromise between the parties involved in the conflict. 2.3. The Internet Registry System The Internet registry system has been established with the aim of enforcing the objectives of exclusivity, preservation, routeability and information. This system consists of hierarchically organized Internet registries (IRs). Typically, IP address spaces are assigned to end users by ISPs or NIRs. These IP address spaces are previously assigned to NIRs and ISPs by Regional Internet Registries. Under this system, end users are organizations that operate networks that use IP address spaces. NIRs, as LACNIC, maintain IP address spaces to be allocated or assigned to end users or Internet Service Providers. Assigned IP address space is used to operate networks, whereas allocated IP address space is kept in Internet Registries for future assignment to end users. 2.3.1. IANA (Internet Assigned Number Authority) This organization has jurisdiction on the entire universe of IP address space used on Internet. IANA is the organization responsible for allocating part of the global IP address space to Regional Registries according to their needs. 2.3.2. Regional Registries (RIR) Regional Registries operate in large geopolitical areas, such as continents. Currently there are four established Regional Registries: ARIN (American Registry for Internet Numbers), serving the USA, Canada and South−Sahara Africa; RIPE NCC, serving Europe and part of Africa; APNIC, serving Asia and the Pacific; and LACNIC, serving Latin America and the Caribbean. The number of Regional Registries is expected to remain small, as service areas shall remain of continental dimensions. 2.3.3. National Internet Registries (NIR) National Internet Registries are established under the authority of RIRs. These Internet Registries have the same role and responsibilities as Regional Registries, but within their assigned geographic areas. These areas are of national scope.

105

2.3.4. Internet Service Providers (ISP) Internet Service Providers mainly allocate IP address space to end users of the network services they provide. Their clients may be other ISPs. ISPs do not have geographical restrictions as do NIRs. 2.3.5. End Users End users are organizations that deploy and use IP addresses.

3.2.5 Documentation Internet Registries shall use the group of IP addresses they have been allocated in an efficient manner. To this end, IRs shall document the justification for each IP address suballocation. At the request of LACNIC, the corresponding IR shall make this information available. LACNIC shall not make complementary allocations to those Internet Registries that do not have the use of the blocks already allocated properly documented. In these cases, current allocations may also be reviewed. According to what is established in RFC 2050, the documentation LACNIC may require includes: • Engineering plans. • Subnetting and aggregation plan. • Description of network topology. • Description of network routing plans. • Receipts documenting investments (equipment). • Other relevant documents. 3.2.6 Use of Classless Technology (CIDR) Due to the requirement to increase the efficiency of the use of IP address space, all assignments are made under the assumption that organizations use variable length subnet masks (VLSMs) and classless technology (CIDR) within their networks. Any request for address space based on the use of classless technology shall require a detailed justification. The use of classfull technologies is generally unacceptable due to the limited availability of free IP address space. 3.2.7 Static Addressing Due to restrictions on the availability of IP addresses, LACNIC shall in no way endorse the use of static IP address assignments for dial−up users (e.g., one address per customer). It is understood that the use of static addressing may simplify some administrative aspects. However, the current rate of consumption of IP addresses does not allow the assignment of static addresses for administrative reasons. Because of this, organizations that are considering the use of static IP address assignment are encouraged to investigate and implement dynamic assignment technologies.

106

3.2.8 Web Hosting The development of the http 1.1 protocols has eliminated the need of assigning an IP address for each web domain in case of multiple websites on the same server. LACNIC promotes the development of web page hosting based on name usage, as opposed to IP addresses. Therefore, this last case shall not be accepted as justification for using IP addresses. LACNIC shall consider exceptions where applications require the use of web hosting based on IP addresses, which must be duly described and justified. 3.2.9 Non−Guaranteed Routeability Portable (provider−independent) IP addresses issued by LACNIC or NIRs are not guaranteed to be globally routable. These problems shall be solved by those possessing the IP addresses involved, together with their connectivity provider or providers. In those cases deemed necessary, LACNIC shall provide the necessary guidance.

Notes: Based on the above document: p-adm-rec-english.pdf which is dated November 2002, and titled aptly “INTERNET RESOURCE MANAGEMENT POLICIES IN LATIN AMERICA AND THE CARIBBEAN” is the key document which must be carefully understood by any ISP in the Latin American Region prior to starting any Internet operations, in case of Daycohost, the subtopic of 3.2.8 was used and properly justified for the 2 allocation of 8000 IPs each for its services.

107

Appendix G: Billing System

The Billing system which was a integral part of the Verio system has been used in the past which is now no longer used. The current billing system gets its data from the reseller director RD database which is based on Postgres SQL server, with Embedded java front-end with PHP based web page. Figure 36: DCM -RD

Data Center Manager -RD External systems

Data Center Manager functions Integrated billing (BillingDirector) Billing Customer management (Nested reseller, Data Center Manager a-la-carte)

Resource/Usage Management DNS solutions License inventory

DNS Management (DomainDirector ) Inventory management Monitoring Hosting Schemes Shared Shared Dedicated

External resources

SD Linux SD W2K SD Linux

The main information got from the DCM-RD is the following: • Inventory management • IP management • IP allocation • Server Information • Server Status • Quota management & usage monitoring • Server Groups management • Server Groups behavior • Management of resellers –features, resources management and Nested resellers. 108

Figure 37: Reseller management

VD Web Hosting VD VD VD VD VD VD VD VD VD VD VD VD VD Reseller 1 VD VD VD VD VD VD VD VD VD VD VD VD VD VD VD VD Reseller 2 VD VD VD

Linux Server Windows Server Linux Server

109

Appendix H: Availability Framework for Applications in Shared Hosting Applications.

A Virtual Private Server (VPS) is a server that runs inside another server. VPS is often used interchangeably with terms such as Virtual Dedicated Server (VDS), virtual servers, semi- dedicated, virtual environments amongst others.

VPS is based on the concept of partitions on mainframes that allow dozens of divisions to run multiple applications on the same server with advanced resource scheduling.

VPS advances the concepts of the mainframe with 'fair-sharing' of system resources on commodity operating systems and hardware. VPSs behave exactly like an isolated stand-alone server - referred to in the Web hosting industry as 'dedicated servers'.

Web hosting companies and server owners use software to partition the server into 'virtual servers' which can easily be administered from a central administration panel. A server administrator can fit dozens or hundreds of virtual servers onto just the one physical machine.

The VPS Condo Analogy

A frequently used analogy of VPS hosting is the Condominium Analogy. It is as follows:

The Condominium (a complex in which units of property, such as apartments, are owned by individuals and common parts of the property, such as the grounds and building structure, are owned jointly by the unit owners) represents the hardware of the physical server.

Each condo (one of the units in a condominium) represents a 'Virtual Private Server'. Each tenant (ie VPS owner) maintains control over their own condo (VPS). They can configure their VPS as they wish (much like the owner of a condo can).

The Condominium complex manager (the server administrator), takes care of the grounds, services etc (ie takes care of the hardware and security, maintenance, services and patches). The hardware is controlled by the server administrator, the software and each VPS can be configured to each VPS owner's liking - very much like your very own dedicated server.

110

Figure 38: VPS hosting

Figure 39: Compare to the shared or 'virtual hosting' set-up.

As you can see from Figures 38 and 39, Virtual Private Servers, VPS, VDS, Semi-dedicated, virtual servers (or whatever the Web host likes to call them) provide you with your PRIVATE and PROTECTED area that operates as an independent server.

111

• VPS fills the void between shared hosting (virtual hosting) and dedicated server hosting.

• VPS » Gives you your own environment. Allows each Web site to operate independently from all other Web sites on the same physical server. Within a server, VPS servers have their own server software that runs inside an isolated file directory and provides autonomy for each Web site. • VPS owners have 'virtual' root access. A VPS owner can reboot their virtual server using a shutdown command. A VPS owner is able to restart their VPS/VDS without affecting other VDSs on the same server. • A VPS acts just like a dedicated server » Configure your server how you wish > You have root access. • Most VPS accounts let you set up as many virtual hosting accounts as you desire. Some VPS providers put restrictions on the number of virtual domains allowed to be hosted on one VDS. Their reasons for this could be a) Their VPS/VDS software solution sets limits or b) The hosting provider would like you to buy more VDS packages. • You get your own Web server, mail server, host multiple domains (name-based or IP- based hosting » Your choice), resell Web hosting to your customer base (Create name- based virtual hosting plans or resell VDS hosting plans from your upstream provider). Or simply host your own Web sites on the Virtual Private Server. • Each VPS server is a PRIVATE and PROTECTED area that operates as an independent server. Each VPS looks, feels and acts like a dedicated server. • Every VPS has its own directory structure and set of dedicated applications. • Each VPS has its own port numbers, IP addresses (how many for FREE varies between hosting providers), tables, filtering and routing rules. • A VPS can be accessed as though it is a stand-alone server (via a dedicated IP address) - hence the name Virtual Private Server. • Easily administer your account with a good-quality Control: Cpanel (with WHM), Ensim, Plesk, HSphere, DirectAdmin and other. • Most paid-for VPS software solutions offer performance isolation, functional isolation, fault isolation and address isolation. • Allocate resources to the domains you need. eg bandwidth, diskspace. • Can put multiple OS platforms on the one server: Linux, Unix, Windows, Solaris and others. • Clarity with Web hosting providers and consumers.

112

• VPS allows multiple customers to share the expense of the hardware and network connections (and eliminate the hassle of maintaining it all). • Have the freedom to install software and services of your choice (within the terms of a hosting company's AUP). • VPS » Usually VPSs are put on top-of-the-line machines with good processing speed, RAM and hard drives. • More secure than a 'shared hosting environment'. • Customers get the freedom of root access and a very affordable price. • Some hosting providers mistakenly (or deliberately try to) mislead customers by calling their shared hosting plans (semi-dedicated, VPS etc). • The very nature of shared hardware means VPS hosting is semi-managed. The server administrator will apply security patches, updates, and monitor the server performance. Other than that, the VPS owner has the freedom (and responsibility) to run and administer their own 'virtual' server. • The level of 'management' varies between VPS hosting providers. Some are very friendly when you ask for advice on how to perform certain tasks - others require you pay a 'per-incident' fee. • VPS owners still require server administration and Control Panel knowledge. However, the security patches and updates should be maintained by the server administrator - which comes in very handy. Read their TOS and plan details for what they offer and see level of 'managed' hosting they provide.

VPS Benefits:

• Flexible, scalable solution offering 'virtual' root access. Upgrade pathways, managed solutions. • Benefit from a semi-managed solution » but at a fraction of the cost of a dedicated server solution. • Many individuals/companies are seeking the freedom of root access and server configuration, but do not require an entire server's resources. A Virtual Private Server fills this need. • Virtual hosting » A single Web site is capable of bringing down a server or degrading server performance. VDS overcomes this problem through isolation: fault, address, functional and performance isolation. • Freedom of virtual root access. Install and configure your virtual server how you like.

113

Summary:

Hosting Automation Software (HAS) is the heart of any ISP – Internet Service Provider, today and is here to stay. Based on the usage of the HSA the ISP’s profitability is decided since the customers look for simplification of the use of their services and technical teams find the use of the HSA as a primary tool for the simplification of their daily administration tasks.

Based on the achievement of automation of the web hosting, datacenters and ISP’s alike must look forward to consolidation of clients and start new innovative services which add new value and aggregate the existing services like Wireless access, Multipoint services like WAP, Voice over IP, Content delivery and Cache services to save bandwidth and provide high speed web hosting. New management disciples and improvement of the existing must be implemented so that there is a close to 95% of automation from the general levels of 80%.

Figure 40: New Improvisations resulting from HSA.

Billing is one major area of focus where the goal is to achieve the following: Combine billing elements • Flat rate: all-you-can-eat access is necessary. • Time: duration, time-of-day, day-of-week. • Usage-sensitive: traffic/hit counts, excessive use surcharge. • Destination-, Distance-, and Carrier-info: settlements. • Class of Service: access speed, user priority, by traffic type.

114

Figure 41: Internet Billing Architecture

Accounting Mediation

Billing Systems

Network Elements Accounting Mediation

As a result of the above combination, the future lies in cooperation to start with in the level of Internet access peering between the ISP’s in Venezuela to create a Internet Exchange and on demand bandwidth allocation which will finally reduce the prices of all internet based services in the country. CONATEL has started a slow, cumbersome process but a innovative all the same to create a NAP- Network Access Point in Venezuela. The final outcome is long awaited by one and all to reduce the costs involved in the telecom sector.

The future of all ISP’s and Data centers lies in the creation of “Usage based “Internet services and the first building block is the adoption of Hosting Software and service creation automation.

115

Bibliography

• Kathleen Adams - Gartner Research Product Report - 18 October 2002 - NTT/Verio IP Services DPRO-90832

• NTT/ Verio Documents – Dated 2001

• Sphera Documents– Dated 2003

• Redhat Linux Documents – Dated 2003

• Windows Documents – Dated 2002

Websites

• www.verio.com - Verio

• www.sphera.com –Sphera Inc.

• www.ibm.com – IBM RUP (Rational Unified Process)

• www.dell.com – Dell PowerEdge Servers

• www.cisco.com – Cisco Switch / Routers

• www.nai.com – Network Associates –Sniffer Pro 2.1 & IDS

• www.redhat.com – Redhat Linux ES 2.1

• www.microsoft.com – Windows 2000 Server & Advanced Server

• www.nessus.com – Network Scanner

• www.iso.org – ISO standard for ISO 9000:2000

• www.ieee.org – IEEE-SWEBOK

116

List of Figures

1. Figure 1. An example of the extended enterprise……………………………..Page 13 2. Figure 2: ISP Value-Added Services in 1999…………………………………Page 21 3. Figure 3: Projected ISP Value-Added Services in 2001………………………Page 21 4. Figure 4: IEEE-SWEBOK……………………………………………..……...Page 24 5. Figure 5: ISO 9000:2000 QMS CI model……………………………………..Page 25 6. Figure 6: ISO 9000:2000 QMS CI model-Need Quality Assurance…………..Page 25 7. Figure 7: Why we choose requirements management?...... Page 26 8. Figure 8: How we choose the appropriate Requirements management strategy?...... Page 26 9. Figure 9: Requirement management Process – Tools used…………………....Page 27 10. Figure 10: Elicitation………………………………………………………..…Page 27 11. Figure 11: Why collaborate?...... Page 28 12. Figure 12: Effects of Collaboration…………………………………………....Page 29 13. Figure 13: Requirements reporting……………………………………...... Page 30 14. Figure 14: Effort Scenarios………………………………………………..….. Page 30 15. Figure 15: Shared Skills got as a result of the requirement management approach based on RUP…………………………………………………………………………Page 31 16. Figure 16: Frame Relay links – For OOB based remote connectivity and Administration……………………………………………………………..…..Page 63 17. Figure 17: Daycohost Network for Verio………………………………….….Page 64 18. Figure 18: Servers Layout in the Verio administered racks…………….…….Page 65 19. Figure 19: IP Distribution of Initial Verio System…………………...... Page 66 20. Figure 20: Shared Web Hosting…………………………………...... Page 67 21. Figure 21: From an ISP- Internet Service Provider view how does Shared hosting look like?...... Page 69 22. Figure 22: Types of Web Hosting…………………………………………….Page 69 23. Figure 23: VDS Structure……………………………………………………..Page 74 24. Figure 24: Infrastructure built for the Deployment………………………...... Page 75 25. Figure 25: How does it all work together?...... Page 76 26. Figure 26: OSI Reference model………………………………...…………...Page 84 27. Figure 27: Internet Examples…………………………………………..…….Page 86 28. Figure 28: Nagios General layout…………………………………..………..Page 88 29. Figure 29: Escalation Flow……………………………………………..……Page 89 30. Figure 30: Verio Final Network layout………………………………..…….Page 92 31. Figure 31: Sphera Network Layout……………………………..…………...Page 93 117

32. Figure 32: Complete Datacenter Layout with Sphera………………..……...Page 94 33. Figure 33: OOB (out of band) Management……………………………..….Page 97 34. Figure 34: In-Band Network management…………………………….……Page 98 35. Figure 35: Service Platform Architecture………………………...……….…….Page 101 36. Figure 36: DCM –RD………………………………………………………....Page 108 37. Figure 37: Reseller management………………………………………...…..Page 109 38. Figure 38: VPS hosting………………………………………………….……Page 111 39. Figure 39: Compare to the shared or 'virtual hosting' set-up……………..…Page 111 40. Figure 40: New Improvisations resulting from HSA………………….……Page 114 41. Figure 41: Internet Billing Architecture……………………………….……Page 115

118

List of Tables

1. Verio ……………………….……………….………………………….Page 32, 33, 34, 35

119