Creating an Integrated Infrastructure

Previous page
Table of content
Next page

Before any servers or the services that they host can be integrated they have to be able to locate each other and to communicate. Creating a network infrastructure that all the involved platforms can work together on needs to be one of the first items on your agenda.

When it comes right down to it, most operating systems have more similarities than differences. They all need to store data, authenticate users, and store and locate resources both locally and on the network. Two of the services in common are Domain Name Services and Directories. By determining the versions that will work together you can create an integrated infrastructure.

Finding the Common Ground

One of the key strengths of Active Directory on Windows Server 2003 is that it's based on several important industry standards. This conformity allows greater interoperability within a heterogeneous environment. The interaction between Active Directory and other vendor's products isn't always seamless, but it does provide the potential for information exchange in a multi-operating system environment. These common standards are ratified and published by the Internet Engineering Task Force (IETF) in the form of Request for Comments (RFC). Some of the standards and conventions that Active Directory is based on are listed in Table 16.1.

Table 16.1. Partial List of Standards Used by Windows Server 2003 and Active Directory

Standard

Reference

Description

DNS Service (SVR) Resource Records and Dynamic Updates (DDNS)

RFCs 2052, 2163

Dynamic host name management and Service Resource Records

Dynamic Host Configuration Protocol (DHCP)

RFC 2131

Network IP address management

Kerberos v5

RFC 1510

Certificate-based authentication

Lightweight Directory Access Protocol (LDAP)v3

RFC 1777, RFC 2251

Lightweight Directory Access Protocol and LDAP v3

LDAP 'C'

RVC 1823

Directory application programming interface (API)

LDAP Schema

RFCs 2247, 2252, 2256

Directory schema

Simple Network Time Protocol (SNTP)

RFC 1769

Distributed time service for networks

Simple Mail Transfer Protocol (SMTP)

RFC 821

Message transfer

Transfer Control Protocol/Internet Protocol

RFCs 791, 793

Network protocols

X.509 v3 Certificates

ISO X.509

Authentication of Identities

RFCs are guidelines for vendors to follow. They make your life easier by being able to reference which functionalities in various vendors ' products might work together. It's important for the IT community to have some common ground on which to build their systems.

Integrating Domain Name Services (DNS)

Windows Server 2003 and Active Directory are very dependent on the DNS service for all their operations. There are three primary roles that DNS performs with Active Directory. Those roles are outlined in the following list:

  • Name Resolution. DNS maps the host names to IP addresses. This eliminates the need for WINS (Windows Internet Name Space), when Windows 2000 or newer clients are used.

  • Namespace Definition. The DNS namespace maps to the Active Directory namespace. This simplifies the Windows Server namespace.

  • SRV (Service) Resource Records. Used to locate physical components of the Active Directory. The DNS service provides a list of all the IP addresses to all the domain controllers.

A few of the LDAP-specific SRV resource records that are created in a Windows Server 2003 domain are as follows :

  • _ldap._tcp.<DNSDomainName> This record enables the client to locate the domain controller.

  • _ldap._tcp.<SiteName._sites.<DNSDomainName> This record enables the client to find the domain controller in a specific site.

  • _ldap._tcp.pdc._ms-dcs.<DNSDomainName> This record enables the client to find the primary domain controller (PDC) flexible single master object (FSMO) role of a mixed-mode domain.

  • _ldap._tcp.gc._msdcs.<DNSTreeName> This record enables the client to find a Global Catalog (GC) server.

  • _ldap._tcp.<SiteName>._sites.gc._msdcs.<DNSTreeName> This record enables the client to find the GC server in a specific site.

  • _ldap._tcp.<DomainGUID>.domains._mscds.<DNSTreeName> This record enables the client to find a domain controller based on its globally unique Identifier (GUID).

GUID

A GUID is a 128-bit (8 byte) number that is generated automatically for referencing Active Directory objects.


This is a partial list of the entries created when Active Directory is installed. A text file containing all the DNS resource records is called netlogon.dns and can be found in the %systemroot%\system32\config folder.

netlogon.dns

The netlogon.dns file contains all of the DNS SRV records that Active Directory uses to identify service resources in the domain. The entries in this file can be added manually to DNS servers that do not support Dynamic updates.


Active Directory can resolve names via DNS in a number of models. Four such scenarios are listed here:

  • Active Directory Dynamic DNS performs all name resolution within the domain.

  • A third-party (BIND) Dynamic DNS that supports SRV resource records performs all name resolution within the domain.

  • Making the Active Directory DNS the master and allowing zone transfers between the BIND DNS Server and the Active Directory DNS.

  • Making the BIND DNS the master and allowing zone transfers between the Active Directory DNS and the BIND DNS.

BIND

BIND (Berkeley Internet Name Domain) DNS version 8.1.2 and later supports dynamic updates. Support for SRV resource records is also required, which was introduced in earlier versions of BIND DNS.


Heterogeneous Directory Services

Directory services store much of the information about the users and resources contained on a computer network. These services are analogous to phone books for users and computers to locate resources. Authentication credentials can also be stored in the directory. A few of the desired characteristics of a directory service are security, fast read access, and fault-tolerance.

Microsoft's Active Directory is based on LDAPv3. LDAP is a directory access protocol based on X.500 directory service. It's derived from the X.500 directory service Directory Access Protocol (DAP). DAP is a heavyweight protocol that operates over an Open Systems Interconnection (OSI) protocol and is used to operate very powerful computer systems. Unlike DAP, LDAP is designed to operate over TCP/IP and maintains most features of DAP without using its expensive resources.

Some Unix systems still use the Sun Network Information System (NIS). NIS automated the task of manually administrating users and hostname resolution. This was performed by creating a NIS master and having Unix clients receive a replica of the files created and modified by you. This system is easier to manage than individual user accounts in the /etc/password files and host names in the /etc/ hosts files. This method of administrating user and host name management is being replaced by services such as LDAP.


Previous page
Table of content
Next page
Microsoft Windows Server 2003 Insider Solutions
Microsoft Windows Server 2003 Insider Solutions
ISBN: 0672326094
EAN: 2147483647
Year: 2003
Pages: 325
Authors: Rand Morimoto, Andrew Abbate, Eric Kovach, Ed Roberts
BUY ON AMAZON
C++ GUI Programming with Qt 3
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
802.11 Wireless Networks: The Definitive Guide, Second Edition
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy