• Unauthorized DHCP Server Detection
  • Protecting Against Unauthorized DHCP Servers
  • Protecting Against Improper Use of Workgroup DHCP Servers
  • Windows Clustering for High Availability
  • Multicast Address Allocation

    Download 156.34 Kb.
    Hajmi156.34 Kb.
    1   2   3   4   5   6   7   8   9

    Multicast Address Allocation

    DHCP in Windows Server 2003 allows the assignment of multicast addresses in addition to unicast addresses. This feature benefits network administrators by enabling assignment of multicast addresses in the same fashion as unicast addresses, allowing complete utilization of the existing infrastructure.

    Conferencing and audio applications typically use multicast address allocation, which requires users to specially configure multicast addresses. Unlike IP broadcasts, to which all computers on the network have access, broadcast multicast addresses are used to send traffic to a group of computers using the concept of group membership to identify the message recipients.

    The multicast address allocation feature has two parts: The server implementation provides multicast addresses and the client has APIs that applications can use to request, renew, and release multicast addresses. To use this feature, the administrator first configures the multicast scopes and the corresponding multicast IP ranges on the server using the DHCP snap-in, allowing multicast address management that is similar to the typical management of IP addresses. The client can use APIs to request a multicast address from a scope. The underlying implementation uses DHCP-compatible packets between client and the server.

    Unauthorized DHCP Server Detection

    DHCP in Windows Server 2003 prevents unauthorized DHCP servers from creating address assignment conflicts. This feature solves problems that could otherwise occur if users accidentally created unauthorized DHCP servers that could unintentionally assign IP addresses to clients elsewhere on the network. For example, a user could create a local DHCP server by using nonunique Net 10 addresses from the private address space, unintentionally leasing the addresses to clients requesting addresses.

    DHCP in Windows Server 2003 includes management features that both prevent unauthorized deployments and detect existing unauthorized DHCP servers by requiring authentication by an authorized administrator to make a DHCP server active on the network.

    Protecting Against Unauthorized DHCP Servers

    When a member of a Microsoft Active Directory® domain DHCP server comes up, it can query against the list stored in Active Directory and determine if it is authorized. If not, it does not respond to DHCP requests. Only a domain or enterprise administrator has write access to the folder location in Active Directory that contains the authorized list.

    Administrators create the list of authorized servers in Active Directory with the DHCP console. When a DHCP server first starts on a network, it tries to establish contact with Active Directory to determine its membership in the list of authorized servers. If it fails to connect, it cannot respond to client requests.

    Figure 1 below illustrates the sequence of checks by which a DHCP server gains authorization on a network.

    Figure 1. DHCP Server Authorization Sequence

    Protecting Against Improper Use of Workgroup DHCP Servers

    When DHCP servers that do not belong to a domain (such as a member of a workgroup) start, the following occurs:

    • The DHCP server broadcasts a DHCPINFORM message on the network. Any other DHCP server that receives this message responds with a DHCPACK message and provides the name of its domain.

    • If a workgroup DHCP server detects another member DHCP server of a domain on the network, the workgroup DHCP server does not service requests.

    • If the workgroup DHCP server detects the presence of another workgroup server, it ignores it.

    Even when a workgroup server starts and is able to run—for example, because of the absence of a domain member server or workgroup server on the network—it continues to send DHCPINFORM messages every 60 minutes. If an authorized domain member DHCP server starts later, the workgroup server becomes unauthorized and stops servicing DHCP requests from clients.

    Windows Clustering for High Availability

    Windows Clustering allows management of two or more servers as a single system. It also enables servers running DHCP to provide higher availability, easier manageability, and greater scalability.

    Windows Clustering can automatically detect the failure of an application or server and quickly restart it on an alternate server. As a result, users experience only a momentary pause in service. With Windows Clustering, administrators can quickly inspect the status of all cluster resources and easily move workloads to different servers within the cluster, allowing manual load balancing and updates without taking important data and applications offline.

    Windows Clustering enables the virtualization of DHCP servers so that if one of the clustered nodes becomes unavailable, the namespace and all of the services provided can reconstitute transparently to the alternate node. This behavior means no changes for the client, which sees the same IP address for the clustered DHCP server.

    Without clustering, network administrators might split scopes between servers. If one server becomes unavailable, at least half of the available addresses remain available. Clustering makes more efficient use of IP addresses by removing the need to split scopes. A database stored on a remote disk tracks address assignment and other activity so that if the active cluster becomes unavailable, the second node becomes the DHCP server, with complete knowledge of previous assignments and access to the full scope of addresses. Only one node runs at any given time as a DHCP server; the Windows Clustering remotely stored database provides transparent transition when needed.

    Because Windows Clustering works with all clustering-enabled Windows services, the same cluster servers used for DHCP can also support high availability for all other clustering-enabled Windows services.

    Download 156.34 Kb.
    1   2   3   4   5   6   7   8   9

    Download 156.34 Kb.

    Bosh sahifa

        Bosh sahifa

    Multicast Address Allocation

    Download 156.34 Kb.