/
Reviews /
Reviews /
The name game
|
|||
 | |||
|
The key to managing IP addresses is DNS and DHCP tools that work well together.
There are two constants in IP addressing. First, no one is going to remember a numeric IP address as easily as a catchy domain name. Second, most networks don't have enough IP addresses for every user. That's why we need Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) servers.
Translating people-friendly domain names into computer-friendly IP addresses is the job of a DNS server; assigning users temporary IP addresses when they log on to a network is the responsibility of a DHCP server. To be most effective, these tools must work together, keeping DNS databases in sync with DHCP servers as they dole out users' IP addresses. The integration between DNS domains and DHCP pools - banks of IP addresses that are available to assign to clients - is called Dynamic DNS (DDNS).
|
Configuration and administration
Because automating IP administration is the goal of these products, their administration interfaces and tools are a key evaluation criterion. Configuring Shadow IPserver via a Web browser or NTS' bundled IPmanager software is easily accomplished; either method can be performed remotely. Integrating DNS domains and DHCP pools was almost automatic. As soon as we finished the process, the server began assigning DHCP addresses. Before assigning an IP address, Shadow IPserver pings the address to ensure it's not already assigned. Managing Shadow IPserver isn't difficult, but NTS has taken a nonstandard approach to DDNS that could be problematic if you ever want to add other vendors' DHCP services. Shadow IPserver doesn't support the standard Berkeley Internet Name Daemon (BIND) format, which links a DHCP address to an available IP address; instead it uses a proprietary management system developed by NTS. Shadow IPserver does support conventional SNMP and NetBIOS Naming Service (NBNS), which provides name-to-address mapping for NetBIOS-based applications. From a design standpoint, Shadow IPserver doesn't move as smoothly from one task to another as NetID, which has a Web browser interface that is amazing. NetID's Web-based configuration utility made it easy for us to dynamically update DNS databases; we hardly referenced Nortel's tutorial. In addition to DDNS, NetID supports SNMP and BIND 8. We used a browser for Meta IP's configuration, which was easy with or without the product's convenient configuration wizards. Meta IP's monitoring features impressed us. The program runs DHCP pool availability statistics and includes an NT performance monitor. Like Shadow IPserver, Meta IP can check the availability of an address before assigning it to a client. Meta IP also supports DDNS, BIND 8 and SNMP. QIP's initial configuration was slow and painful. We frequently had to refer to Lucent's manuals to first define and then configure the DNS and DHCP servers. Once underway, however, QIP shines. Its powerful tools should be able to handle just about every aspect of enterprise IP management. QIP fully supports DDNS, SNMP, BIND 8 and NBNS; it also supports sophisticated Open Shortest Path First routing. Configuring Microsoft's DNS and DHCP managers can also be a bit tricky at first. The biggest drawback is Microsoft's lack of DNS and DHCP integration. Microsoft doesn't support DDNS, so its DHCP server can't dynamically update the local DNS server when an IP address is assigned to a new DHCP client. Instead, you have to manually enter the DHCP pool of addresses into the database from the server console. To its credit, Microsoft's DNS server will look into the WINS (NetBIOS) server when the DNS server runs into an unknown name. However, if Microsoft had DDNS support - which it plans to add in Windows 2000 - this step would be unnecessary. Microsoft's DHCP and DNS managers also lack support for remote administration, SNMP and BIND.Growth potential
With a growing network, you need to know how well each product can scale as the numbers of domain names and users increase. NTS' Shadow IPserver approaches scalability with a distributed database model similar to Novell's Novell Directory Services. With Shadow IPserver, you assign areas of control to pairs of servers. There is no single database containing the entire DNS. One management station can control any or all of the servers. Nortel's NetID is designed to work as the lone server for either a small network or a global enterprise. With the manager utility, you can define and assign DNS and DHCP servers to DNS zones and DHCP pools, allowing you to easily manage a large number of servers. To handle networks of different sizes, Check Point sells two versions of Meta IP: Standard Edition, which we tested, and Enterprise Edition. The two versions have very similar features. Similar to NetID, the Enterprise version adds automatic integration across multiple DHCP domains, allowing it to scale from small domains to global networks. You can start with the Standard Edition, which supports 100 to 1,000 clients, and migrate to the Enterprise Edition if you need to support more than 1,000 users. Lucent's QIP is designed for large networks and doesn't scale back very well. For example, QIP must be set up with a primary and a secondary server, ensuring that there's always a redundant server online. This is great for very large networks, but may be overkill for mid-size networks. Given the resources you'll need to set up and maintain QIP, it doesn't make sense to deploy it on anything other than a full-scale global domain. At the other extreme, Microsoft's services are not designed for scalability, as indicated by their lack of DDNS support. You can't manage multiple Microsoft servers as a group; instead you must update each server from its console. That makes the prospect of managing more than a few Microsoft DNS servers impossible.Safe and secure
Security and fault tolerance are two features that go hand in hand to make sure your clients can always get IP addresses. Of the five DNS/DHCP servers we tested, QIP offers the highest levels of security, with multiple access levels within each DHCP domain and globally. Fault tolerance is solid because QIP keeps its primary and secondary servers in sync. If the primary server fails, QIP automatically switches to the secondary server. Shadow IPserver and NetID offer decent security features. Both allow you to set up multiple accounts with varying degrees of administrative authority, including authority across multiple DHCP domains. For fault tolerance, NTS recommends that you install servers as redundant pairs rather than backups. NetID lets you configure backup servers to take over in case of a server crash. Although Meta IP's administrative features shine, its security features are surprisingly weak. By default, anyone with an administrative password can get access to the server console and globally change the administrator password. This is an uncomfortably big hole. On the plus side, Meta IP's fail-safe features are strong. You can program Meta IP to e-mail alerts if it detects a problem, and you can designate backup servers and overlapping zones. Meta IP will automatically switch over to a backup server if the primary server fails. Microsoft relies on the NT Server logon for secur-ity, so there is no separate DNS or DHCP logon. Microsoft does not provide a separate backup capability for DNS and DHCP.Getting started
The DNS/DHCP products varied widely when it comes to ease of installation. Setting up NTS' Shadow IPserver took just 10 minutes. Once we supplied the addresses of backup servers and co-servers, Shadow IPserver automatically found the Windows NT server's preconfigured IP address, subnet mask and gateway. The program then asked us to set up DHCP pools, which we did by creating a range of addresses and a default gateway and subnet mask. Shadow IPserver does not require an outside database, nor does Check Point's Meta IP, which we had no trouble downloading via the Internet. Nortel makes NetID's installation slightly trickier by packaging the product with Oracle 8. While you don't have to be a database whiz to operate NetID, you do have figure out how to get into Oracle to change the default database size. After that, you need to reboot to restart installation of NetID. Once we rebooted, the installation went smoothly. The prize for most laborious installation goes to QIP, a database-dependent server that took us two hours and four reboots to install. After loading a runtime version of Sybase 11.1, which is included, we had to install drivers and make a manual change to the NT registry using Regedit. We also needed to install a Web server (which was not included) to activate QIP's Web-based management. The steps were carefully outlined in the lengthy installation guide, which we had read cover to cover by the time we finished. By comparison, installing Microsoft's DNS and DHCP managers is easy. You simply access the network control panel, add the services and you're ready to go.Final analysis
When all is said and done, Microsoft's no-frills DNS and DHCP managers aren't enough for most businesses. Spend the extra money for more-comprehensive IP address management tools. We were most impressed with NTS' Shadow IPserver, an all-around product that's strong in the areas of management, scalability, protocol support and fault tolerance. However, Shadow IPserver could stand to beef up its security, an area best covered by Lucent's comprehensive QIP. If you're willing to labor through a tedious installation process, QIP has a very impressive set of features, especially for large enterprises. Check Point's Meta IP and Nortel's NetID are also solid packages, but security is a weak point with both. RELATED LINKS James is the vice president of Lab Services and Anderson is test lab manager at LANQuest Labs, an independent test lab specializing in network quality assurance, certification and performance testing services. They can be reached at gjames@lanquest.com and panderson @lanquest.com.
DHCP and Dynamic DNS technical papers
From NTS.
