| Author | Messages | |
tkern
Posts:4
 | | 12/19/2005 3:10 AM |
| | Message body was not found. | | | |
| hcoleman
Posts:28
| | 12/19/2005 4:09 AM |
| Ask your company what problem they hope to solve, or what
added functionality they hope to get, by going with a 3rd party product. Then
ask them if that problem/functionality is worth the purchase and implementation
cost.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Tom
KernSent: Monday, December 19, 2005 8:08 AMTo:
activedirectorySubject: [ActiveDir] DHCP(ot)
My company wants to use 3rd party dhcp product like Bluecat's Adonis 500 or
1000 instead of Windows DHCP.
Is there really any compelling reason to dump or not dump Windows
DHCP?
We are running a Win2k3 Forest FFL Win2k3 with all our clients Win2k pro at
the moment and Exchange 2k3.
We do have a lot of Solaris servers running Sybase and other
backend network services as well.
I'm just wondering why the pros or cons are of moving away from Windows
DHCP in this area.
I think the pros of WIN DHCP is its free and the abilty to prevent rouge
DHCP servers(if they're running win2k and above, of course).
I think most DHCP servers can do DDNS these days on behalf of the client so
that's probably not an issue.
Most can also give clients additionally info in the scope options like dns
ip,domain name,etc.
So, i was wondering if i'm missing anything.
Also, has anyone used Bluecat's DHCP product in their network?
Thanks alot | | | |
| amulnick
Posts:127
| | 12/19/2005 4:18 AM |
| There are a few features that thirdparty DHCP vendors can implement that might be required by your company. I'd be surprised though to hear that your company suddenly has that set of requirements.
Other reasons not to change? Added complexity that translate into added return to service times in the event of outages. Often solutions like this come with added learning and added processes that you otherwise wouldn't need/want. Lots of hidden costs in that sense.
hope this helps,
al
On 12/19/05, Coleman, Hunter wrote:
Ask your company what problem they hope to solve, or what added functionality they hope to get, by going with a 3rd party product. Then ask them if that problem/functionality is worth the purchase and implementation cost.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Tom KernSent: Monday, December 19, 2005 8:08 AMTo: activedirectorySubject: [ActiveDir] DHCP(ot)
My company wants to use 3rd party dhcp product like Bluecat's Adonis 500 or 1000 instead of Windows DHCP.
Is there really any compelling reason to dump or not dump Windows DHCP?
We are running a Win2k3 Forest FFL Win2k3 with all our clients Win2k pro at the moment and Exchange 2k3.
We do have a lot of Solaris servers running Sybase and other backend network services as well.
I'm just wondering why the pros or cons are of moving away from Windows DHCP in this area.
I think the pros of WIN DHCP is its free and the abilty to prevent rouge DHCP servers(if they're running win2k and above, of course).
I think most DHCP servers can do DDNS these days on behalf of the client so that's probably not an issue.
Most can also give clients additionally info in the scope options like dns ip,domain name,etc.
So, i was wondering if i'm missing anything.
Also, has anyone used Bluecat's DHCP product in their network?
Thanks alot | | | |
| adwulf
Posts:34
| | 12/19/2005 4:32 AM |
| On 12/19/05, Tom Kern wrote:
> My company wants to use 3rd party dhcp product like Bluecat's Adonis 500 or
> 1000 instead of Windows DHCP.
>
> Is there really any compelling reason to dump or not dump Windows DHCP?
>
Personally, I would say that dumping the Win DHCP is probably a bad idea.
http://www.bluecatnetworks.com/products/adonis-appliances/adonis1000/features/
-gives a list of the features. See if there's anything in there which
compels you to buy their product.
--
AdamT
"Maidenhead is *not* in Kent"
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| tkern
Posts:4
| | 12/19/2005 4:41 AM |
| They seem to make an artifical distinction(to me) between "Windows" stuff and "Network Infra" stuff.
Also, they probably will make the argument that having this centrally managed in this manner will be more secure and managable.
In addition, they wrongly think that because Bluecat has an embedded linux kernel and thus fewer "moving parts", its somehow more secure.
At least thats my interpetation.
To counter, I think DHCP is so intergrated with DDNS and thus AD, that you shouldn't make that seperation in this case.
Also, I don't think less moving parts makes something automatically more secure.
But thats just my uninformed opinion.
Any other more informed ideas would be great.
Thanks again
On 12/19/05, Al Mulnick wrote:
I can honestly second that suggestion as the best advice. There are few technical reasons to make somebody want to purchase a third party DHCP server. I've seen some organizations spend big money (better than .5 million USD) on DNS solutions for no relevant technical reason, so I would not be surprised to see somebody want a third party DHCP solution for similar reasons.
There are a few features that thirdparty DHCP vendors can implement that might be required by your company. I'd be surprised though to hear that your company suddenly has that set of requirements.
Other reasons not to change? Added complexity that translate into added return to service times in the event of outages. Often solutions like this come with added learning and added processes that you otherwise wouldn't need/want. Lots of hidden costs in that sense.
hope this helps,
al
On 12/19/05, Coleman, Hunter wrote:
Ask your company what problem they hope to solve, or what added functionality they hope to get, by going with a 3rd party product. Then ask them if that problem/functionality is worth the purchase and implementation cost.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Tom KernSent: Monday, December 19, 2005 8:08 AMTo: activedirectorySubject: [ActiveDir] DHCP(ot)
My company wants to use 3rd party dhcp product like Bluecat's Adonis 500 or 1000 instead of Windows DHCP.
Is there really any compelling reason to dump or not dump Windows DHCP?
We are running a Win2k3 Forest FFL Win2k3 with all our clients Win2k pro at the moment and Exchange 2k3.
We do have a lot of Solaris servers running Sybase and other backend network services as well.
I'm just wondering why the pros or cons are of moving away from Windows DHCP in this area.
I think the pros of WIN DHCP is its free and the abilty to prevent rouge DHCP servers(if they're running win2k and above, of course).
I think most DHCP servers can do DDNS these days on behalf of the client so that's probably not an issue.
Most can also give clients additionally info in the scope options like dns ip,domain name,etc.
So, i was wondering if i'm missing anything.
Also, has anyone used Bluecat's DHCP product in their network?
Thanks alot | | | |
| amulnick
Posts:127
| | 12/19/2005 4:53 AM |
| Along those lines, while AD does support having it's DNS on another solution, consider the impact to services if you add that complexity. Consider it along with the idea that most AD related issues are name resolution based. Is this type of complexity worth the impact? Maybe. But I think if it's not broken and there are no clearly defined goals, it's best to move on to more pressing and important issues within the organization.
DHCP is too basic a service to worry too much about. DNS is a foundational service that must be right and must be operational. If you start to lose this battle, do yourself a favor and at least retain the forest DNS within AD. You'll at least get to go home at night on a regular basis.
Al
On 12/19/05, AdamT wrote:
On 12/19/05, Tom Kern wrote:> My company wants to use 3rd party dhcp product like Bluecat's Adonis 500 or
> 1000 instead of Windows DHCP.>> Is there really any compelling reason to dump or not dump Windows DHCP?>Personally, I would say that dumping the Win DHCP is probably a bad idea.
http://www.bluecatnetworks.com/products/adonis-appliances/adonis1000/features/-gives a list of the features. See if there's anything in there whichcompels you to buy their product.--AdamT"Maidenhead is *not* in Kent"
List info : http://www.activedir.org/List.aspxList FAQ : http://www.activedir.org/ListFAQ.aspxList archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| AD00000893
Posts:0
| | 12/19/2005 5:01 AM |
| Sounds like a squabble between Unix and Windows gurus. Who wants to
control what service. If you will not be responsible for it than let
them do.
-Za
Tom Kern wrote:
Thanks.
I think it has something to do with the "Network Group" wanting
to have more control and central management over "Network Services"
while the "Windows Group" manages "Windows" related stuff.
They seem to make an artifical distinction(to me) between
"Windows" stuff and "Network Infra" stuff.
Also, they probably will make the argument that having this
centrally managed in this manner will be more secure and managable.
In addition, they wrongly think that because Bluecat has an
embedded linux kernel and thus fewer "moving parts", its somehow more
secure.
At least thats my interpetation.
To counter, I think DHCP is so intergrated with DDNS and thus
AD, that you shouldn't make that seperation in this case.
Also, I don't think less moving parts makes something
automatically more secure.
But thats just my uninformed opinion.
Any other more informed ideas would be great.
Thanks again
On 12/19/05, Al Mulnick amulnick@xxxxxxxxx> wrote:
I can honestly second that suggestion as the best advice.
There are few technical reasons to make somebody want to purchase a
third party DHCP server. I've seen some organizations spend big money
(better than .5 million USD) on DNS solutions for no relevant technical
reason, so I would not be surprised to see somebody want a third party
DHCP solution for similar reasons.
There are a few features that thirdparty DHCP vendors can
implement that might be required by your company. I'd be surprised
though to hear that your company suddenly has that set of requirements.
Other reasons not to change? Added complexity that translate
into added return to service times in the event of outages. Often
solutions like this come with added learning and added processes that
you otherwise wouldn't need/want. Lots of hidden costs in that sense.
hope this helps,
al
On 12/19/05, Coleman, Hunter hcoleman@xxxxxx>
wrote:
Ask your company what problem they hope to
solve, or what added functionality they hope to get, by going with a
3rd party product. Then ask them if that problem/functionality is worth
the purchase and implementation cost.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Tom Kern
Sent: Monday, December 19, 2005 8:08 AM
To: activedirectory
Subject: [ActiveDir] DHCP(ot)
My company wants to use 3rd party dhcp product like
Bluecat's Adonis 500 or 1000 instead of Windows DHCP.
Is there really any compelling reason to dump or not dump
Windows DHCP?
We are running a Win2k3 Forest FFL Win2k3 with all our
clients Win2k pro at the moment and Exchange 2k3.
We do have a lot of Solaris servers running Sybase and other
backend network services as well.
I'm just wondering why the pros or cons are of moving away
from Windows DHCP in this area.
I think the pros of WIN DHCP is its free and the abilty to
prevent rouge DHCP servers(if they're running win2k and above, of
course).
I think most DHCP servers can do DDNS these days on behalf
of the client so that's probably not an issue.
Most can also give clients additionally info in the scope
options like dns ip,domain name,etc.
So, i was wondering if i'm missing anything.
Also, has anyone used Bluecat's DHCP product in their
network?
Thanks alot
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| tkern
Posts:4
| | 12/19/2005 5:17 AM |
| Thanks.
I think it has something to do with the "Network Group" wanting to have more control and central management over "Network Services" while the "Windows Group" manages "Windows" related stuff.
They seem to make an artifical distinction(to me) between "Windows" stuff and "Network Infra" stuff.
Also, they probably will make the argument that having this centrally managed in this manner will be more secure and managable.
In addition, they wrongly think that because Bluecat has an embedded linux kernel and thus fewer "moving parts", its somehow more secure.
At least thats my interpetation.
To counter, I think DHCP is so intergrated with DDNS and thus AD, that you shouldn't make that seperation in this case.
Also, I don't think less moving parts makes something automatically more secure.
But thats just my uninformed opinion.
Any other more informed ideas would be great.
Thanks again
On 12/19/05, Al Mulnick wrote:
I can honestly second that suggestion as the best advice. There are few technical reasons to make somebody want to purchase a third party DHCP server. I've seen some organizations spend big money (better than .5 million USD) on DNS solutions for no relevant technical reason, so I would not be surprised to see somebody want a third party DHCP solution for similar reasons.
There are a few features that thirdparty DHCP vendors can implement that might be required by your company. I'd be surprised though to hear that your company suddenly has that set of requirements.
Other reasons not to change? Added complexity that translate into added return to service times in the event of outages. Often solutions like this come with added learning and added processes that you otherwise wouldn't need/want. Lots of hidden costs in that sense.
hope this helps,
al
On 12/19/05, Coleman, Hunter wrote:
Ask your company what problem they hope to solve, or what added functionality they hope to get, by going with a 3rd party product. Then ask them if that problem/functionality is worth the purchase and implementation cost.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Tom KernSent: Monday, December 19, 2005 8:08 AMTo: activedirectorySubject: [ActiveDir] DHCP(ot)
My company wants to use 3rd party dhcp product like Bluecat's Adonis 500 or 1000 instead of Windows DHCP.
Is there really any compelling reason to dump or not dump Windows DHCP?
We are running a Win2k3 Forest FFL Win2k3 with all our clients Win2k pro at the moment and Exchange 2k3.
We do have a lot of Solaris servers running Sybase and other backend network services as well.
I'm just wondering why the pros or cons are of moving away from Windows DHCP in this area.
I think the pros of WIN DHCP is its free and the abilty to prevent rouge DHCP servers(if they're running win2k and above, of course).
I think most DHCP servers can do DDNS these days on behalf of the client so that's probably not an issue.
Most can also give clients additionally info in the scope options like dns ip,domain name,etc.
So, i was wondering if i'm missing anything.
Also, has anyone used Bluecat's DHCP product in their network?
Thanks alot
List info : http://www.activedir.org/List.aspx List FAQ :
http://www.activedir.org/ListFAQ.aspx List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| DWyatt@xxxx.yyy
| | 12/19/2005 5:43 AM |
| By
default a Windows 2000/XP client will register its A record and the DHCP server
will register the clients PTR record. This can be changed so by using the
3rd party DHCP server you won't lose DDNS, you would configure your clients to
register both A and PTR records. Configuring this depends on your
environment, Windows client versions and overall requirements.
Not that I am saying the 3rd party DHCP server is the one to go for, especially
if you're in the Windows team ;-)
-----Original Message-----From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx]
On Behalf Of Tom KernSent: 19 Dec 2005 17:16To:
ActiveDir@xxxxxxxxxxxxxxxxxxSubject: Re: [ActiveDir]
DHCP(ot)
They just want control over DHCP NOT DNS.
Our public external DNS is BIND but our AD DNS is Windows.
Thats not going to change.
The thinking is, right now we have a "Network Infra" group and a "Unix"
and "Windows" group and each group(Unix,windows) manages their own dhcp servers.
I think they want to consolidate all this to the "Network Infra" group to
be more manageable.
But since linux dhcp can't do secure DDNS updates to AD, that would be a
good argument against this.
Though it can use TSISG. Not sure if Windows DNS can use this or what it
would take.
Bluecat claims their DDNS/DHCP can play with AD but i'm not sure what
they mean by that.
On 12/19/05, Za Vue
wrote:
Sounds
like a squabble between Unix and Windows gurus. Who wants to control what
service. If you will not be responsible for it than let them do. -Za
Tom Kern wrote:
Thanks.
I think it has something to do with the "Network Group" wanting to
have more control and central management over "Network Services" while the
"Windows Group" manages "Windows" related stuff.
They seem to make an artifical distinction(to me) between "Windows"
stuff and "Network Infra" stuff.
Also, they probably will make the argument that having this centrally
managed in this manner will be more secure and managable.
In addition, they wrongly think that because Bluecat has an embedded
linux kernel and thus fewer "moving parts", its somehow more secure.
At least thats my interpetation.
To counter, I think DHCP is so intergrated with DDNS and thus AD,
that you shouldn't make that seperation in this case.
Also, I don't think less moving parts makes something automatically
more secure.
But thats just my uninformed opinion.
Any other more informed ideas would be great.
Thanks again
On 12/19/05, Al
Mulnick amulnick@xxxxxxxxx >
wrote:
I can honestly second that suggestion as the best advice.
There are few technical reasons to make somebody want to purchase a third party DHCP server. I've seen some organizations spend big money
(better than .5 million USD) on DNS solutions for no relevant technical
reason, so I would not be surprised to see somebody want a third party
DHCP solution for similar reasons.
There are a few features that thirdparty DHCP vendors can implement
that might be required by your company. I'd be surprised though to
hear that your company suddenly has that set of requirements.
Other reasons not to change? Added complexity that translate
into added return to service times in the event of outages. Often
solutions like this come with added learning and added processes that
you otherwise wouldn't need/want. Lots of hidden costs in that sense.
hope this helps,
al
On 12/19/05, Coleman, Hunter hcoleman@xxxxxx>
wrote:
Ask your company what problem they hope to solve, or what added
functionality they hope to get, by going with a 3rd party product.
Then ask them if that problem/functionality is worth the purchase and
implementation cost.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Tom KernSent: Monday, December 19, 2005 8:08 AMTo:
activedirectorySubject: [ActiveDir]
DHCP(ot)
My company wants to use 3rd party dhcp product like Bluecat's
Adonis 500 or 1000 instead of Windows DHCP.
Is there really any compelling reason to dump or not dump Windows
DHCP?
We are running a Win2k3 Forest FFL Win2k3 with all our clients
Win2k pro at the moment and Exchange 2k3.
We do have a lot of Solaris servers running Sybase and other backend network services as well.
I'm just wondering why the pros or cons are of moving away from
Windows DHCP in this area.
I think the pros of WIN DHCP is its free and the abilty to prevent rouge DHCP servers(if they're running win2k and above, of
course).
I think most DHCP servers can do DDNS these days on behalf of the
client so that's probably not an issue.
Most can also give clients additionally info in the scope options
like dns ip,domain name,etc.
So, i was wondering if i'm missing anything.
Also, has anyone used Bluecat's DHCP product in their
network?
Thanks
alot
List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
****************************************************************************
This message contains confidential information and is intended only
for the individual or entity named. If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of this
message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is
regulated or licensed in those jurisdictions as required.
****************************************************************************
� | | | |
| amulnick
Posts:127
| | 12/19/2005 5:46 AM |
| Some things to consider about DHCP:
If you control it on the Windows platform, you'll want to ensure you can properly delegate the responsibilities to those that need to do the administrivia. You don't need to be caught up in that.
If they control it on the *nix platform, they'll need to provide the same or better service. i.e. you'll have to define what they need to provide and they'll just have to meet that.
If you're not using DHCP to register DNS records, then it's a moot point and the DHCP provider would be a toss-up in my mind. One's freely included in the current architecture of course :)
Sorry for the confusion earlier. It can be hard to get the full scope of the issue via a listserv sometimes.
-al
On 12/19/05, Tom Kern wrote:
They just want control over DHCP NOT DNS.
Our public external DNS is BIND but our AD DNS is Windows.
Thats not going to change.
The thinking is, right now we have a "Network Infra" group and a "Unix" and "Windows" group and each group(Unix,windows) manages their own dhcp servers.
I think they want to consolidate all this to the "Network Infra" group to be more manageable.
But since linux dhcp can't do secure DDNS updates to AD, that would be a good argument against this.
Though it can use TSISG. Not sure if Windows DNS can use this or what it would take.
Bluecat claims their DDNS/DHCP can play with AD but i'm not sure what they mean by that.
On 12/19/05, Za Vue wrote:
Sounds like a squabble between Unix and Windows gurus. Who wants to control what service. If you will not be responsible for it than let them do.
-Za
Tom Kern wrote:
Thanks.
I think it has something to do with the "Network Group" wanting to have more control and central management over "Network Services" while the "Windows Group" manages "Windows" related stuff.
They seem to make an artifical distinction(to me) between "Windows" stuff and "Network Infra" stuff.
Also, they probably will make the argument that having this centrally managed in this manner will be more secure and managable.
In addition, they wrongly think that because Bluecat has an embedded linux kernel and thus fewer "moving parts", its somehow more secure.
At least thats my interpetation.
To counter, I think DHCP is so intergrated with DDNS and thus AD, that you shouldn't make that seperation in this case.
Also, I don't think less moving parts makes something automatically more secure.
But thats just my uninformed opinion.
Any other more informed ideas would be great.
Thanks again
On 12/19/05, Al Mulnick wrote:
I can honestly second that suggestion as the best advice. There are few technical reasons to make somebody want to purchase a third party DHCP server. I've seen some organizations spend big money (better than .5 million USD) on DNS solutions for no relevant technical reason, so I would not be surprised to see somebody want a third party DHCP solution for similar reasons.
There are a few features that thirdparty DHCP vendors can implement that might be required by your company. I'd be surprised though to hear that your company suddenly has that set of requirements.
Other reasons not to change? Added complexity that translate into added return to service times in the event of outages. Often solutions like this come with added learning and added processes that you otherwise wouldn't need/want. Lots of hidden costs in that sense.
hope this helps,
al
On 12/19/05, Coleman, Hunter wrote:
Ask your company what problem they hope to solve, or what added functionality they hope to get, by going with a 3rd party product. Then ask them if that problem/functionality is worth the purchase and implementation cost.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Tom KernSent: Monday, December 19, 2005 8:08 AMTo: activedirectorySubject: [ActiveDir] DHCP(ot)
My company wants to use 3rd party dhcp product like Bluecat's Adonis 500 or 1000 instead of Windows DHCP.
Is there really any compelling reason to dump or not dump Windows DHCP?
We are running a Win2k3 Forest FFL Win2k3 with all our clients Win2k pro at the moment and Exchange 2k3.
We do have a lot of Solaris servers running Sybase and other backend network services as well.
I'm just wondering why the pros or cons are of moving away from Windows DHCP in this area.
I think the pros of WIN DHCP is its free and the abilty to prevent rouge DHCP servers(if they're running win2k and above, of course).
I think most DHCP servers can do DDNS these days on behalf of the client so that's probably not an issue.
Most can also give clients additionally info in the scope options like dns ip,domain name,etc.
So, i was wondering if i'm missing anything.
Also, has anyone used Bluecat's DHCP product in their network?
Thanks alot
List info : http://www.activedir.org/List.aspx List FAQ :
http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| tkern
Posts:4
| | 12/19/2005 7:49 AM |
| Ah. Must have misunderstood.
So the situation is that they don't have a single solution now that they want to get rid of in favor of a new shiny solution then? Rather, this is possibly seen as a "Windows isn't stable enough so we need a *nix solution for centralized control of DHCP" ?
Some things to consider about DHCP:
If you control it on the Windows platform, you'll want to ensure you can properly delegate the responsibilities to those that need to do the administrivia. You don't need to be caught up in that.
If they control it on the *nix platform, they'll need to provide the same or better service. i.e. you'll have to define what they need to provide and they'll just have to meet that.
If you're not using DHCP to register DNS records, then it's a moot point and the DHCP provider would be a toss-up in my mind. One's freely included in the current architecture of course :)
Sorry for the confusion earlier. It can be hard to get the full scope of the issue via a listserv sometimes.
-al
On 12/19/05, Tom Kern wrote:
They just want control over DHCP NOT DNS.
Our public external DNS is BIND but our AD DNS is Windows.
Thats not going to change.
The thinking is, right now we have a "Network Infra" group and a "Unix" and "Windows" group and each group(Unix,windows) manages their own dhcp servers.
I think they want to consolidate all this to the "Network Infra" group to be more manageable.
But since linux dhcp can't do secure DDNS updates to AD, that would be a good argument against this.
Though it can use TSISG. Not sure if Windows DNS can use this or what it would take.
Bluecat claims their DDNS/DHCP can play with AD but i'm not sure what they mean by that.
On 12/19/05, Za Vue wrote:
Sounds like a squabble between Unix and Windows gurus. Who wants to control what service. If you will not be responsible for it than let them do.
-Za
Tom Kern wrote:
Thanks.
I think it has something to do with the "Network Group" wanting to have more control and central management over "Network Services" while the "Windows Group" manages "Windows" related stuff.
They seem to make an artifical distinction(to me) between "Windows" stuff and "Network Infra" stuff.
Also, they probably will make the argument that having this centrally managed in this manner will be more secure and managable.
In addition, they wrongly think that because Bluecat has an embedded linux kernel and thus fewer "moving parts", its somehow more secure.
At least thats my interpetation.
To counter, I think DHCP is so intergrated with DDNS and thus AD, that you shouldn't make that seperation in this case.
Also, I don't think less moving parts makes something automatically more secure.
But thats just my uninformed opinion.
Any other more informed ideas would be great.
Thanks again
On 12/19/05, Al Mulnick wrote:
I can honestly second that suggestion as the best advice. There are few technical reasons to make somebody want to purchase a third party DHCP server. I've seen some organizations spend big money (better than .5 million USD) on DNS solutions for no relevant technical reason, so I would not be surprised to see somebody want a third party DHCP solution for similar reasons.
There are a few features that thirdparty DHCP vendors can implement that might be required by your company. I'd be surprised though to hear that your company suddenly has that set of requirements.
Other reasons not to change? Added complexity that translate into added return to service times in the event of outages. Often solutions like this come with added learning and added processes that you otherwise wouldn't need/want. Lots of hidden costs in that sense.
hope this helps,
al
On 12/19/05, Coleman, Hunter wrote:
Ask your company what problem they hope to solve, or what added functionality they hope to get, by going with a 3rd party product. Then ask them if that problem/functionality is worth the purchase and implementation cost.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Tom KernSent: Monday, December 19, 2005 8:08 AMTo: activedirectorySubject: [ActiveDir] DHCP(ot)
My company wants to use 3rd party dhcp product like Bluecat's Adonis 500 or 1000 instead of Windows DHCP.
Is there really any compelling reason to dump or not dump Windows DHCP?
We are running a Win2k3 Forest FFL Win2k3 with all our clients Win2k pro at the moment and Exchange 2k3.
We do have a lot of Solaris servers running Sybase and other backend network services as well.
I'm just wondering why the pros or cons are of moving away from Windows DHCP in this area.
I think the pros of WIN DHCP is its free and the abilty to prevent rouge DHCP servers(if they're running win2k and above, of course).
I think most DHCP servers can do DDNS these days on behalf of the client so that's probably not an issue.
Most can also give clients additionally info in the scope options like dns ip,domain name,etc.
So, i was wondering if i'm missing anything.
Also, has anyone used Bluecat's DHCP product in their network?
Thanks alot
List info : http://www.activedir.org/List.aspx List FAQ :
http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
| AD00000124
Posts:0
| | 12/19/2005 10:55 AM |
| Tom,
The Networks guys do that in my company,
too. If all they want is control, make them DNS or DHCP operators
in AD. Dynamically registering DHCP clients is such an advantage I wouldn™t
give it up if I could avoid it.
AL
Al Maurer
Service
Manager, Naming and Authentication Services
IT
| Information Technology
Agilent
Technologies
(719)
590-2639; Telnet 590-2639
http://activedirectory.it.agilent.com
----------------------------------------------
"Cry
'Havoc!' and let slip the dogs of war" - Anthony, in Julius Caesar
III i.
From:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Tom Kern
Sent: Monday, December 19, 2005
9:39 AM
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: Re: [ActiveDir] DHCP(ot)
Thanks.
I think it has something to do with the "Network Group"
wanting to have more control and central management over "Network
Services" while the "Windows Group" manages "Windows"
related stuff.
They seem to make an artifical distinction(to me) between
"Windows" stuff and "Network Infra" stuff.
Also, they probably will make the argument that having this centrally
managed in this manner will be more secure and managable.
In addition, they wrongly think that because Bluecat has an embedded
linux kernel and thus fewer "moving parts", its somehow more secure.
At least thats my interpetation.
To counter, I think DHCP is so intergrated with DDNS and thus AD, that
you shouldn't make that seperation in this case.
Also, I don't think less moving parts makes something automatically
more secure.
But thats just my uninformed opinion.
Any other more informed ideas would be great.
Thanks again
On 12/19/05, Al
Mulnick
wrote:
I can honestly second that suggestion as the best advice. There
are few technical reasons to make somebody want to purchase a third party DHCP
server. I've seen some organizations spend big money (better than .5 million
USD) on DNS solutions for no relevant technical reason, so I would not be
surprised to see somebody want a third party DHCP solution for similar
reasons.
There are a few features that thirdparty DHCP vendors can implement
that might be required by your company. I'd be surprised though to hear
that your company suddenly has that set of requirements.
Other reasons not to change? Added complexity that translate into
added return to service times in the event of outages. Often solutions
like this come with added learning and added processes that you otherwise
wouldn't need/want. Lots of hidden costs in that sense.
hope this helps,
al
On 12/19/05, Coleman,
Hunter
wrote:
Ask your company what problem they hope to
solve, or what added functionality they hope to get, by going with a 3rd party
product. Then ask them if that problem/functionality is worth the purchase and
implementation cost.
From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx
[mailto:
ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On
Behalf Of Tom Kern
Sent: Monday, December 19, 2005
8:08 AM
To: activedirectory
Subject: [ActiveDir] DHCP(ot)
My company wants to use 3rd party dhcp product like Bluecat's Adonis
500 or 1000 instead of Windows DHCP.
Is there really any compelling reason to dump or not dump Windows DHCP?
We are running a Win2k3 Forest FFL Win2k3 with all our clients Win2k
pro at the moment and Exchange 2k3.
We do have a lot of Solaris servers running Sybase and other
backend network services as well.
I'm just wondering why the pros or cons are of moving away from Windows
DHCP in this area.
I think the pros of WIN DHCP is its free and the abilty to prevent
rouge DHCP servers(if they're running win2k and above, of course).
I think most DHCP servers can do DDNS these days on behalf of the
client so that's probably not an issue.
Most can also give clients additionally info in the scope options like
dns ip,domain name,etc.
So, i was wondering if i'm missing anything.
Also, has anyone used Bluecat's DHCP product in their network?
Thanks alot | | | |
|
|