Job Scheduler; Dhcp Option 82 Support; Windows Support; Microsoft Secure Zones - Alcatel-Lucent VitalQIP 7.2 Product Description

VitalQIP Product Description Features

3.23 Job Scheduler

The Job Scheduler feature is designed to avoid the user having to wait an indeterminately long time for a
request to complete, and to allow for jobs to be scheduled to run at a later time. All jobs are run as the
VitalQIP Administrator who scheduled the job.

3.24 DHCP Option 82 support

VitalQIP supports and records in the database and displays Relay Agent Information option or "Option
82" information provided from Message Service from the DHCP server. "Option 82" information can
also be routed to the Audit Manager process and stored within the Audit Manager database.
VitalQIP also supports the configuration and push DHCP of new RFC configuration data, including the
new domain search (RFC 3397), classless static route (RFC 3442), and CableLabs client configuration
(RFC 3495) options, to the Lucent DHCP 5.4 server. VitalQIP 6.1 administrators can also configure and
push DHCP Long Options (RFC 3396).
In addition, VitalQIP supports the ability to change the DHCP server debug level, stop debug, or clear the
debug log from the VitalQIP GUI. This enhanced debug control is induced via the Network Services ->
DHCP Generation screen.

3.25 Windows Support

VitalQIP software continues its market-leading support of Microsoft Windows DNS/DHCP servers with
support of sites and subnets in Active Directory. VitalQIP software currently manages information about
subnets and subnet organizations, which are used to model Windows sites.
To avoid the tedious and error prone task of having to re-enter the information into the Windows
management console, VitalQIP software provides an export mechanism for the subnet and subnet
organization information to be retrieved and imported into the Windows 2000 Active Directory as subnets
and sites.

3.26 Microsoft Secure Zones

A zone may be marked as secure only if it is Active Directory integrated. Non-directory integrated zones
cannot be secured. When a secure dynamic update is made to a secure zone, the security verification
generally occurs in two stages. First the GSS-TSIG protocol is used to verify the identity of the updater.
Second, the DNS server takes the update and uses the updater's security context to update Active
Directory with the new information. At this stage Active Directory's access security mechanism is
invoked for this "secure zone".
Active Directory keeps access control information with each entry in Active Directory. This access
control information specifies who owns the entry and who is allowed to access it. If the access control
information does not forbid the updater from making changes to the Active Directory entry it is trying to
modify, then the update succeeds. At this stage, if the entry had no security or did not previously exist,
the access control information for the entry is updated such that only the updater (and administrators) is
allowed to make changes to the entry. There is one exception to this rule. That is when the updater is a
member of a special security group called DNSUpdateProxy. Objects created by members of the
DNSUpdateProxy group have no security; therefore, any authenticated user can take ownership of the
objects.
©
Copyright 2009 Alcatel-Lucent Page 35
Use pursuant to company instructions