Table of Contents
Advertisement
Alcatel-Lucent | Integration of VitalQIP® with Microsoft Windows 2003 Networking/Active Directory
Manage DNS servers and DHCP servers from a central location, regard less
•
of the vendor or platform
Provide reporting and auditing capability
•
Manage administrators and their capabilities at a very granular level
•
Define policies to ensure consistency throughout your network
•
Operate in a mixed platform environment
•
Perform error checking to ensure networks and servers are properly defined
•
and overlapping scopes are not present
VitalQIP management of Sites and Domain Controllers
Active Directory information on the Domain Controllers is an important part of the net-
work infrastructure, and the ability to perform DC Generation is an important benefit of
VitalQIP. Management of Domain Controllers from VitalQIP reduces the workload of ad-
ministrators, since data now has to be entered in only one place instead of two, thereby
leveraging the power of VitalQIP and minimizing data entry errors.
To enable DC Generation, the Sites must first be defined as Subnet Organizations in
the VitalQIP GUI. A Site is an association of subnets that have an affinity to one another
and low "ping times" between them; a VitalQIP Subnet Organization is any user-defined
set of subnets. Next, the Domain Controllers need to be defined as servers in VitalQIP,
although it is not necessary to install VitalQIP Remote server software on them as it is
for DNS and DHCP Remote servers. Finally, the Domain Controllers are associated with
the appropriate Sites (that is, subnet organizations) in the Subnet Organization Profile's
Windows 2000 Site tab.
When Domain Controller Generation is performed, VitalQIP creates data to go into
the LDAP datastore. This cannot be done unless VitalQIP has been configured with a
username and password that has suitable permissions in Active Directory. The VitalQIP
policy Delete Sites/Subnets from Active Directory controls whether VitalQIP can delete
sites and subnets in Active Directory, or just apply additions and modifications.
Data about subnets and sites can easily be transferred from Active Directory to VitalQIP
using Microsoft's LDIFDE utility together with Alcatel-Lucent's qip-siteimport utility. This is
discussed in more detail in Solution 2, "Design overview" on page 12.
Data flow differences from a traditional VitalQIP design
In a classic VitalQIP environment, the VitalQIP database is the "master" source of infor-
mation, and DNS Generation pushes copies of its data to the DNS servers.
But in a Windows 2003 environment, the DNS servers receive dynamic updates of SRV
records and other resource records, which the VitalQIP database does not know about
– the data flow needs to be from the DNS server to VitalQIP as well. If the DNS servers
are receiving updates from Domain Controllers and/or Windows 2003 clients, but Vi-
talQIP does not have this data, the DNS Generation will replace the zones that have the
current SRV records with new zones that lack the current information. If that happens,
the network clients will not be able to locate network resources until the Domain control-
lers publish their SRV records again.
The data flow from DNS to the VitalQIP database can be handled either by the External
Updates feature of Alcatel-Lucent DNS (that is, the Continuous method), or by the
2
Advertisement
Table of Contents
