Solution 4: Modification Of Solution 2 Using Vitalqip 6.2 Instead Of Vitalqip 6.1 Sp1 - Alcatel-Lucent VitalQIP Technology White Paper

Solution 4: Modification of Solution 2 using VitalQIP 6.2 instead of
VitalQIP 6.1 SP1
Alcatel-Lucent | Integration of VitalQIP® with Microsoft Windows 2003 Networking/Active Directory
mplementation Steps
I
First, perform all the steps for implementation of Solution 2. Then perform the additional
steps to migrate DNS from MS-DNS to Alcatel-Lucent DNS:
1. Install Alcatel-Lucent DNS on the Remote servers.
2. Create or modify the DNS Server Profiles in VitalQIP.
3. Change the domain properties if necessary: set the appropriate allow-update
options, External Updates, and GSS-TSIG.
4. Edit the qip.pcy file on the remote servers and Enterprise server. Reconfigure
the message routes if necessary, especially the DNSUpdateObject and
DNSUpdateRR message routes that are needed to make External Updates work
correctly.
5. Check the Global Policies in the VitalQIP GUI, and change Static DDNS Updates
from False to True.
6. Perform DNS Generation to all DNS servers.
7. For the MS-DHCP servers, go to the Additional Policies of the Server Profile, and
set DNSConfig so that MS-DHCP does not send DDNS updates. (In Solution 3,
the DDNS updates should come from the VitalQIP DNS Update Service instead.)
8. Perform DHCP Generation, so that MS-DHCP will use the new DNSConfig policy
and so that dhcpd.conf will have the correct DNS servers in DHCP Option 6.
The details of this implementation would need to be planned and customized for the ex-
act circumstances, and should consider the number of remote servers, the maintenance
windows, whether the Alcatel-Lucent DNS servers are on the same or different systems
from the old MS-DNS servers, and so on. During the transition, take care not to have
some zones where one or more DNS primary is Alcatel-Lucent DNS and another DNS
primary of the same zone is MS-DNS.
Solutions 2 and 3 are quite similar except in how they deal with the inability of VitalQIP
6.1 SP1 to send secure DDNS updates to a Windows 2003 DNS server. To resolve this
issue, Solution 2 uses static IP addresses in the parent zone and manages them with
DNS Generation only, whereas Solution 3 avoids the problem by using Alcatel-Lucent
DNS (where DDNS updates are much simpler to manage because Alcatel-Lucent DNS
secure zones have no concept of record ownership). Solving the problem by remov-
ing security altogether and having all zones with an allow-update setting of "any", is not
recommended since the danger of major DNS problems becomes very real.
VitalQIP 6.2 resolves the issue completely since it supports secure DDNS updates to ei-
ther Windows 2003 DNS servers or Alcatel-Lucent DNS servers. By using VitalQIP 6.2,
Solution 2 can be changed as follows:
The Global Policy Static DDNS Updates should be set to True.
•
29