24 Shared Registration System (SRS) Performance

Prototypical answer:

MTR Corporation Limited will engage HKIRC as the registry operator who is the registry for .hk ccTLD and .香港 IDN ccTLD.

Leveraging on the success in running the .hk registry and registrar since 2002 and .香港 since 2011, HKIRC will provide a comprehensive, robust and reliable SRS service.

HKIRC provides registration services through its registrars for domain names ending with .com.hk, .org.hk, .gov.hk, .edu.hk, .net.hk, .idv.hk, 公司.香港, .組織.香港, .政府.香港, .教育.香港, .網絡.香港, .個人.香港, .hk and .香港.

A high-level SRS system description; representative network diagram

HKIRC is currently managing approx. 230,000 domain registrations and is providing a full Shared Registration System (SRS) with the following services:

1. DNS IPv4⁄v6 service for .hk and .香港, ns1.hkirc.net.hk and ns2.hkirc.net.hk in Hong Kong + two anycast DNS Provider located around the world.
2. Whois IPv4⁄v6 service for .hk and .香港, whois.hkirc.hk
3. Web IPv4⁄v6 based Whois service, https:⁄⁄www.hkdnr.hk⁄whois⁄whois.jsp
4. IPv4⁄v6 Registration System for the registration of the above mention 1st and 2nd level domain, https:⁄⁄www.hkdnr.hk⁄
5. IPv4⁄6 EPP, epp.hkirc.hk and epp2.hkirc.hk

A high level system diagram for the SRS system, Appendix A, SRS system high level system diagram and a network diagram, Appendix B, High Level Network Diagram, are included.

The frequency of synchronisation between servers is described in Appendix C.

Performance

HKIRC is currently handling:

New domain registration: 4.000 per month
Domain renew: 8.403 per month
DNS Query: 2,588,520,824 per month
Whois transaction: 1,346,000 per month
Web page served: 1,121,000 per month

Operational Statistics:

DNS Availability (in 2011): 100%
Average Query Time (ns1.hkirc.net.hk and ns2.hkirc.net.hk): 128ms
Average Whois Response Time: 380ms
Web Site Availability (in 2011): 99.92%

HKIRC is already providing services in compliance with Specification 6 and Specification 10 of the New gTLD Agreement Specification.

Appendix D shows the detailed performance figures of the HKIRC’s SRS.
- NS query
- WHOIS command line
- WHOIS web
- EPP
- Web panel

As for .MTR, since the purpose of the gTLD is for branding purposes, the following describes its performance expectation

1) There will be very limited number of delegation within this domain, in the order of single to double digit.
2) Registration of domain names will be limited to internal use, i.e. high volume domain transaction volume is not expected.
3) Limited registrations hence low number of queries to the TLD
4) Since there will not be a large number of domain transactions and there will only be a small number (possibly 1) of registrars, there will not be a need for a dedicated EPP system. But in order to satisfy the Specification 6 of the New gTLD Agreement Specification, EPP system can be provided by HKIRC existing Infrastructure and EPP system.

HKIRC will provide the following to fulfill the requirements of Specification 6 and 10 of the New gTLD Agreement Specification:

1. Bind 9.8 for DNS Server (Specification 6, 1.1)
2. Two DNS Servers located in two different geolocations (Specification 6, 3.1, 3.2, 3.3).
3. Full DNSSEC Infrastructure for zone signing, key management etc. which are compliance with Specification 6, 1.3.
4. Full IPv6 and IPv4 network access to the Internet. (Specification 6, 1.5)
5. Two WHOIS and WHOIS with web Interfaces located in two different geolocations (Specification 6, 3.1, 3.2, 3.3)
6. Two Registration System Servers for the registration located in two different geolocations (Specification 6, 2.1, 3.1, 3.2, 3.3)
7. High availability Database system (Oracle RAC cluster pair in Primary Site) with addition near real time data synchronization to hot standby Database server (in Secondary Site). (Specification 6, 2.1, 3.1, 3.2, 3.3)
8. EPP system will be provided, if needed, through HKIRC’s EPP Infrastructure, which is fully compliance Specification 6, 1.2.
9. Nearw real time synchronization of data within the SRS, ie. DNS zone transfer is active-active for both servers, Database sync between hot standby Database is near real time, all EPP and Web services are active-active using load balancing technology.
10. All services will be implemented on HKIRC’s existing Infrastructure in order to fully comply with Specification 10’s SLA.

Resources Planning

HKIRC will provide resources for the initial implementation of the systems, as well as the long term operation of the systems. These resource are already available as part of the Technical Team who is operating the .hk and .香港 domain.

In order to support .MTR from the point of view of initial implementation and continuous technical operation, we propose the following teams:

Initial implementation:

IT Project Manager x 1, responsible for project planning and co-ordination.
System Engineer x 2, responsible for initial project setup, system implementation and carrying out System Acceptance Test
Database Administrator x 1, initial project setup and system implementation and carrying out System Acceptance Test
Analyst Programmer x 1, will be responsible for initial system development and implementation.

Technical Operation Team:

IT Manager x 1
IT Project Manager x 1
System Engineer x 1
Database Administrator x 1

The Technical Operation Team will carry out day to day operation of the .MTR domain with typical duty including:

One IT Manager
• Who will be responsible for the overall operation of the Technical Department
• Direct the team to implement the policy, security review, audit and management processes and cycles.
• Report the status of the IT operation to the senior management

IT Project Manager:

- Lead a team of IT Specialists to manage systems and networks services
- Provide lead in technical as well as management for System & Network Team
- Ensure the team is properly skilled for the work on hand and future, through training and other mean
- Ensure the System & Network Team are properly staff for the work on hand and future
- Establish policies, guidelines and procedures for system management, system administration and operations, as well as system security.
- Regular review and update of policies, guidelines and procedures for system management, system administration and operations, as well as system security
- Ensure all users and team member are award of the above policies, guidelines and procedures for system management, system administration and operations, as well as system security.
- Ensure all member of team perform all operation according to the above policies, guidelines and procedures
- Undertake IT process review and re-engineering, service and system quality assurance, information security evaluation and risk assessment within the organization in-house and with vendors.
- Manage system⁄security projects including vendor⁄product evaluation and implementation
- Perform system and security configuration checking and documentation on various systems.
- Perform system and application vulnerability scanning and compliance testing
- Foster information security awareness within the organization
- Perform day-to-day security operations

System Engineer⁄Database Administrator:

- Perform daily system monitoring and operation tasks, assist system administration, planning and technology evolution
- Service⁄Server Performance Monitoring
- Carry out regular maintenance on system to ensure proper and efficient operation. These may include;
- SSL Certificate Renewal
- Regular data backup
- Patch review and up-keep for all database
- Database Security implementation based on the companyʹs Security Guidelines & Policy
- Carry out daily system health checks including;
- Network traffic monitoring
- DNS health checks
- System loading check
- Email health check, Public Blacklist check
- Anti-virus update checks
- Database System loading check
- Backup system health check
- Service Alert check
- Roster duty for non-office hour technical support
- Undertake system and network infrastructure enhancements in-house and with outsourced vendors
- Conduct system implementation, system testing and user acceptance testing
- Set up and conduct proof-of-concept testing and evaluation on test-beds for assessing new technology, technical standards and products
- Maintain documentation and develop reports for system implementation and infrastructure changes

All our staff has also qualified with varies certifications. These included:

• ITIL v3 Foundation
• Certified Information Systems Security Professional (CISSP)
• Certify Ethical Hacker (CEH)
• VMware Certify Professional (VCP)
• Sun Certified System Administrator (SCSA)
• Sun Certified Network Administrator (SCNA)
• Oracle Certify Professional (OCP)
• Cisco Certify Network Associate (CCNA)
• Cisco Certify Network Professional (CCNP)
• Checkpoint Certified Security Expert (CCSE)

HKIRC will utilise existing staffing so to leverage the in house expertise in the field of Internet and Domain Name registration. The current IT Operation team consists of experience project manager (more 20 years in the IT field and more than 15 years in the UNIX and Networking) and engineers (with at least 5 to 7 years in IT field, of which at least 5 or more years in UNIX, networking and database field).

HKIRC is currently providing a 24x7, all year round support and monitoring service for the .hk and . 香港 domain SRS system, either through the own staff or through external party (NOC). The systems and services are monitoring through an industry standard Infrastructure Monitoring system (Nagios and Cacti for performance monitoring), as well as custom monitoring system for specify function, e.g. VIP DIG check, GENZONE and Zone transfer alert etc. All the staff are on roster duty to provide 24x7 technical support hotline service.



Appendix
Appendix A, SRS system high level system diagram
Appendix B, High Level Network Diagram
Appendix C, Frequency of synchronization between servers
Appendix D, Performance figures

Similar gTLD applications: (0)