1. Manuals
  2. Brands
  3. Alcatel-Lucent Manuals
  4. Software
  5. VitalQIP
  6. Technology white paper

Alcatel-Lucent VitalQIP Technology White Paper page 14

Integration with microsoft windows 2003 networking/active directory
Hide thumbs
Table of Contents

Advertisement

rather than directly to DNS. (To do this, set the Global Policy Use DNS Update Service
to True, ensure the environment variable QIPMESSAGESERVICE is correct on all client
GUI systems, and have Message Route of types DNSUpdateObject and DNSUpdateRR
set to "qip-dns" at the IP address of the Enterprise server.) The underscore domains
should allow updates from the Domain Controllers as well. We recommend, however,
against allowing all systems to update DNS. This would be a security risk, because any
user could rename a system to "www" or another critical network resource, and Windows
2003 could send it to DNS and replace that hostname.
In most corporate environments, GSS-TSIG would not be required. However, if the
deployment network is in a hostile environment, GSS-TSIG may be a valuable security
solution.
Implementation Steps
1.
2.
3.
4.
5.
6.
7.
8.
9.
Alcatel-Lucent | Integration of VitalQIP® with Microsoft Windows 2003 Networking/Active Directory
Review the design decisions discussed above.
In the VitalQIP GUI, create any additional networks, subnets, domains, or reverse
zones that might be necessary to support Windows 2003, beyond what already
exists in your VitalQIP infrastructure.
In the VitalQIP GUI, enter the Windows 2003 DCs as static IP addresses.
Set the options on the domains and reverse zones as mentioned above: suitable
refresh times or some alternative way for secondary servers to be updated
quickly, suitable allow-update ACLs, the correct primary and secondary DNS
servers, and Import External Updates enabled for SRV and CNAME for the
underscore zones.
Set the options and message routes in the qip.pcy file on the Enterprise server
and all Remote servers as mentioned above:
DHCP servers should have a DHCP message route to QIP Update Service
Alcatel-Lucent DNS servers should have DNSUpdateRR message routes if
they have external updates enabled for one or more zones
The Enterprise server (that is, QIP Update Service) should have a
DNSUpdateObject message route to the DNS Update Service, and have the
UpdateDNS policy set to True
If the Use DNS Update Service policy is set to True, the Message Service(s)
used by the GUI should have DNSUpdateObject and DNSUpdateRR message
routes to the DNS Update Service
Arrange a time for the cut-over.
Set the Global Policies as mentioned above: ensure that Static DDNS Update is
set to True, and that Static DNS Mask and Dynamic DNS Mask are all enabled.
Make sure that the setting for Use DNS Update Service is appropriate and
consistent with the ACLs on your zones and the message routes for your GUIs.
At the appropriate time, assign the domains and reverse zones to the correct
DNS primary and secondary servers. (Do not do this far in advance of the actual
change on the servers, since the VitalQIP assignments will affect dynamic
updates immediately.)
Perform DNS and DHCP Generation to all servers.
11

Advertisement

Table of Contents
loading

Related Manuals for Alcatel-Lucent VitalQIP

Related Products for Alcatel-Lucent VitalQIP

Table of Contents