Solution 2: Adding Vitalqip To An Existing Microsoft Network With; Minimal Alcatel-Lucent Components; Design Overview - Alcatel-Lucent VitalQIP Technology White Paper

Solution 2: Adding VitalQIP to an existing Microsoft Network with

minimal Alcatel-Lucent components

Alcatel-Lucent | Integration of VitalQIP® with Microsoft Windows 2003 Networking/Active Directory
10. Verify that Windows 2003 clients are getting their hostnames into DNS, and that
they can access the necessary SRV records.
11. Create Subnet Organizations in VitalQIP.
12. Create Domain Controller Profiles in VitalQIP.
13. Verify DC Generation.

Design overview

If your organization is already running a Microsoft Windows 2003 network using Micro-
soft DHCP (MSDHCP), Microsoft DNS (MS-DNS), and all of Microsoft's recommenda-
tions, you can add VitalQIP to provide a central point of management. VitalQIP has a
high interoperability with third-party software such as MS-DNS and MS-DHCP, so it is
easy for it to provide centralized management of these systems. This includes reporting
and auditing capabilities.
This solution assumes that you already have many MS-DNS and MS-DHCP servers in
production, a working Active Directory deployment, secure updates using GSS-TSIG,
and so on. The Domain Controllers put resource records into MS-DNS, as do other
Windows 2003 systems that have static addresses. The hostnames of all DHCP clients
(Windows 2003 or otherwise) are sent to MS-DNS by MSDHCP, via secure updates.
The following sections assume that the Microsoft Windows 2003 networking, especially
secure updates, is already working correctly per Microsoft's reference design, and that
you want to add VitalQIP to make the management of these servers easier.
In this design, separate treatment of the three types of domains (parent domains, child
domains for DHCP clients, and underscore child domains for SRV records) is important,
because each of these needs different policies and different handling.
The parent domains which contain the A records of the servers could be handled
•
in the same way as before, getting updated directly from the Windows 2003 clients
via secure updates. The records could get into VitalQIP via the qip-syncexternal
CLI. Alternatively, they could be made into static zones with static IP addresses,
with Allow-update set to None, and being changed only by DNS Generation.
The DHCP clients, whose hostnames would change frequently, should be in a
•
separate domain that has updates allowed. VitalQIP would not need to get these
records from MS-DNS, because it would already have the data. VitalQIP would
have received the data from MS-DHCP via the VitalQIP MS-DHCP Monitor service.
The underscore domains for the SRV records should be secure zones that would
•
be dynamically updated by Domain Controllers, and then qip-syncexternal would
pull the records into VitalQIP.
Reverse zones would contain the hostnames of many DHCP clients, so, like the
•
DHCP child domain, it would need to have updates allowed. The qip-syncexternal
CLI might need to be run against some or all of the reverse zones if the DNS
design provides for client updates that VitalQIP does not already know about from
other sources.
12