Home


About Network Testing Labs

Contact Network Testing Labs
Independent Reviews of Network Hardware and Software

NETWORK TESTING LABS WHITE PAPER

Alcatel-Lucent VitalQIP - Advanced Technologies

 


By Barry Nance
Executive Summary
A major reason for Alcatel-Lucent’s IPAM/DNS/DHCP market leadership is its use of cutting edge software and hardware technologies in VitalQIP. VitalQIP leverages these technologies in its responsive, intuitive state-of-the-art browser-based user interface, its DNS, DHCP and IPAM processing, its security, its automatic updates and its reliability.

Alcatel-Lucent saves VitalQIP customers money and makes their lives simpler, easier and more secure. This paper reveals how Alcatel-Lucent developers have taken VitalQIP into the future to give customers these advantages. It identifies VitalQIP’s major benefits and discusses the advanced technologies that make VitalQIP the market leader.

Organizations – both large and small – manage their IP address spaces efficiently and easily with VitalQIP. As we explored VitalQIP’s design and its technologies in this study, we learned why these organizations have found VitalQIP to be such a safe, effective and productive choice.

Our study also revealed that VitalQIP’s judicious and thoughtful use of best-of-breed technologies gives VitalQIP an unsurpassable advantage over its competition.


VitalQIP is a true success story. VitalQIP is the easiest to use, most responsive, most versatile, fastest performing, most scalable, most secure, most platform-neutral and most interoperable Domain Name System (DNS), Dynamic Host Control Program (DHCP) and Internet Protocol Address Management (IPAM) product. Alcatel-Lucent’s use of advanced technologies is a primary reason for VitalQIP’s success.

Alcatel-Lucent has demonstrated an unrelenting devotion to leveraging advanced technology on behalf of its customers. This attitude has made Alcatel-Lucent’s VitalQIP the quiet market leader in DNS, DHCP and IPAM software.
Implementing technology for its own sake can temporarily give a vendor a bit of splashy public relations. But thoughtful, careful design that couples advanced technology with a high regard for customer workflow requirements is the characteristic of a consistent market leader. Alcatel-Lucent’s VitalQIP is such a market leader.

Alcatel-Lucent has achieved VitalQIP’s market leadership by virtue of smart and creative use of a wide variety of superior technologies. These technologies span the gamut of software capabilities. They permeate VitalQIP from its user interface all the way to its basic architecture.

The best software products use best-of-breed software technologies, and VitalQIP is no exception. These best-of-breed technologies are embodied by VitalQIP’s Rich Internet Application browser-based user interface, its DNS interoperability, its security in the face of sophisticated hacking attempts, its reliability when hardware failures occur, its easy and painless self-maintenance and its transparent management via network monitors/managers such as Tivoli, NetCool, eHealth and Spectrum.

The New User Interface
VitalQIP’s Web browser-based user interface is a result of collaboration between customers on the VitalQIP Customer Advisory Board and Alcatel-Lucent user interface designers.
These designers used VitalQIP’s feature-rich, responsive “thick client” as a starting point for the new user interface. They’ve made the new user interface more intuitive, friendlier, more productive and even more responsive.

You can see some of the new interface’s improvements in the Figure 1 screen below. VitalQIP has meaningful icons, a grasp-at-first-glance view of address objects and a helpful list of address spaces.

VitalQIP’s new, incredibly easy to use interface strategically uses multi-level drop-down menus and tabs to organize tasks in a way that aligns perfectly with administrator workflows. These features put every VitalQIP operation within easy reach of just a few mouse clicks.


Figure 1. VitalQIP uses Ajax technology to make IP address management intuitive and quick.

VitalQIP's error protection features have also been enhanced to provide warnings and tips in real time when erroneous data has been entered or required data is missing. For instance, if a required User Defined Attribute (UDA) is omitted, the field will turn red and a warning indicates that the field is required.

VitalQIP neatly groups IPAM, DNS and DHCP administrative tasks into eight categories, which VitalQIP displays in the form of selectable tabs. These eight tabs are “My View,” for delegating the administration of subsets (each with its own “view”) of VitalQIP workflow, “Address Management,” for managing IPV4 and IPV6 address pools and their allocations, “DNS,” for administering zones and DNS servers (both VitalQIP and non-VitalQIP), “DHCP,” for managing DHCP servers, templates and client classes, “Infrastructure,” for organizing and configuring VitalQIP global settings, templates (both IPV4 and IPV6), User Defined Attributes (UDAs), and Active Directory domain controllers, “Reports,” for visualizing your IPAM, DNS and DHCP universe, “Tasks,” for the scheduling of tasks and the changing of users’ current passwords and “Links,” for running VitalQIP’s AutoDiscovery (a godsend on volatile, dynamic networks) and for managing VitalQIP appliances.

The Technologies Behind the New Interface
The VitalQIP browser-based interface is a Rich Internet Application (RIA), i.e., a Web application that has many of the characteristics of desktop application software. Rich Internet Applications use a Rich Client deployment model (i.e., deployment of a compiled client application through a browser) rather than a thin-client-server model (in which the user's view is largely controlled from the server).

VitalQIP’s enhanced Visual IP Address Space (see Figure 2) is an excellent example of a Rich Internet Application.

The operating and maintenance costs associated with a Rich Internet Application such as VitalQIP are far lower than those of an HTML-based alternative. Using VitalQIP translates directly into lower administrative costs in your organization.

To create VitalQIP’s Rich Internet Application environment, Alcatel-Lucent chose to use the Qooxdoo (pronounced "kuksdu") UI toolkit. The use of this programming toolkit allows VitalQIP to implement many features found in traditional desktop applications, such as context menus, modal dialogs, client-side validation, virtual controls and “lazy loading” of data sets, just to name a few.

Qooxdoo is an open source Web application framework based on Ajax. Ajax is Asynchronous JavaScript and XML, a group of interrelated Web development technologies that programmers use on the client side to create highly interactive Web applications.

VitalQIP makes extensive use of Qooxdoo’s multipurpose browser-based framework of tools, widgets, controls and methods. These components incorporate a graphical user interface (GUI) toolkit as well as the basis for high-level client-server communication.

Qooxdoo’s breadth and scope match or exceed the capabilities of other GUI toolkits, such as Qt and Standard Widget Toolkit (SWT), yet for simplicity’s sake Qooxdoo is a pure JavaScript framework. Through its use of Qooxdoo, VitalQIP offers a rich set of widgets that resemble elements of native desktop applications. It has built-in support for keyboard navigation, focus and tab handling and drag & drop.

VitalQIP uses the entirely class-based Qooxdoo to leverage the features of object-oriented JavaScript. It relies on namespaces, and it doesn’t modify or extend native JavaScript types. Qooxdoo works with virtually all modern browsers, including Gecko (Firefox, Mozilla, SeaMonkey), Presto (Opera), Trident (Internet Explorer, RealPlayer, Winamp) and WebKit (Chrome, Safari). Of these, Alcatel-Lucent has certified VitalQIP to work with Internet Explorer and Firefox.

The Ajax-based VitalQIP Web browser client and its server exchange information bi-directionally, with either side initiating the conversation. This communication occurs asynchronously (i.e., in the background), and it’s unrelated to the display and behavior of the current Web page the user sees. Both the VitalQIP client and server update each other in real time, and the client can use this asynchronous data exchange feature to avoid full page reloads.

VitalQIP, like most Ajax-based applications, is typically orders-of-magnitude more responsive than a server-based application. Because the VitalQIP client computer handles the bulk of the user interface work, server involvement is minimal. For instance, the user doesn’t have to wait for a server to construct a new HTML Web page and transmit it to the browser or for the server to validate a particular keypress.

In contrast, server-based and server-driven user interface interactions such as dynamically enabling an input field based on a decision made at the server can have a dramatically negative effect on user workflow.

Figure 2. VitalQIP gives at-a-glance insight into your IP address space.

VitalQIP’s New Search Engine
Looking for a name contained in an object, resource record, node or other record type is now even easier. Using VitalQIP’s intelligent, multi-faceted search engine, an administrator can – in one search operation – find exactly the results the administrator needs.
The administrator defines a search profile specifying which fields are searched, and this profile can be saved for future use. VitalQIP performs a single search and reports all matches in one simple step (see Figure 3).

VitalQIP can even export search results to a Comma Separated Values (CSV) file.



Figure 3. VitalQIP’s new search feature is especially swift and responsive.

More Ease of Use Features
VitalQIP’s highly intelligent Address Allocation uses policies, rules and templates to automatically and effortlessly create best-fit address spaces for new sites. Rules determine how a child pool obtains IP address space from its parent and tell VitalQIP what to do with that address space. Address Allocation analyzes current address space utilization to find an unused range of the correct size, and it minimizes or eliminates the fragmentation of that address space.

VitalQIP’s data repository can be either an Oracle or Sybase relational database. Alcatel-Lucent also provides the VitalQIP database schema to its customers. Because VitalQIP uses one of these industry-standard databases, customers can leverage their existing expertise, training and tools (such as Crystal Reports and data backups).

All VitalQIP appliances provide Integrated Lights Out Management (ILOM). A separate small computer (with its own IP address) inside the appliance acts as a “watchdog” to offer maintenance, troubleshooting and recovery functions. These include the ability to remotely access an appliance even if the appliance operating system has become unresponsive or the appliance has been inadvertently powered off.

VitalQIP DHCP and DNS
Alcatel-Lucent’s developers have DHCP IP address assignment down to a science. They’ve optimized DHCP server processing to the Nth degree. These developers have streamlined and tuned the VitalQIP computer instructions to make them execute as rapidly as possible. For example, a collection of DHCP operations that previously took a total of five minutes now takes only 16 seconds with VitalQIP 7.3.

In fact, the VitalQIP DHCP server is by far the quickest among all competitors. VitalQIP’s ability to swiftly assign IP addresses is a productivity boost for customers. You can easily imagine all the people in an office building arriving for work at about the same time, turning on their computers and having to wait during the boot process for each computer to obtain an IP address. (Essentially, the same flurry of activity occurs after a power failure.) VitalQIP’s DHCP server puts those people’s computers to work more quickly.

For the sake of reliability and maximum uptime, VitalQIP’s high-performance DHCP servers use a many-to-one failover approach that ensures DHCP availability even in case of a hardware failure. Each VitalQIP DHCP server emits a heartbeat signal over the network that backup servers listen for. And backup DHCP servers maintain a full active lease file through synchronization with the primary server.

VitalQIP interoperates perfectly with other DHCP/DNS implementations, and integration with world-wide name registrars is built into VitalQIP.

VitalQIP administrators use just a single screen to set up a new DHCP or DNS server. This stylized, cookie-cutter design makes rolling out a branch office server a breeze. An administrator merely enters the IP address of the new server, specifies its type and version and saves the result.


VitalQIP’s DNS is based on the latest version (V9) of Berkeley Internet Name Domain (BIND) software. First released as a component of Berkeley Software Distribution (BSD) 4.3, BIND is open source (free) software. Digital Equipment Corporation (DEC) maintained BIND for some years. Now the Internet Systems Consortium (ISC) maintains BIND.

The ISC completely rewrote BIND from scratch to produce version 9. The rewrite gives the BIND software an architecture that’s easier to understand, work with and port to different platforms. The rewrite also adds a wealth of new features to BIND: Support for DNS Security Extensions (DNSSEC), TSIG, DNS notify, nsupdate, IPv6, rndc flush (remote name daemon control), views and multiprocessor support.

VitalQIP adds significant features to BIND 9:
  • SNMP
  • External Dynamic UPdate (EDUP)
  • slave updates
  • special named.conf policies
  • QDDNS policies/options (for Dynamic DNS updates)
  • enhanced statistics support
  • modified GSS-TSIG

VitalQIP Security
The Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications for securing information provided by the Domain Name System. This suite extends DNS to provide DNS clients (resolvers) with origin authentication of DNS data, authenticated denial of existence and data integrity validation. Because it’s based on the ISC’s BIND 9, VitalQIP incorporates – and includes enhancements to – DNSSEC security.

The original design of DNS had no security features, but was rather designed to be a scalable distributed system. DNSSEC adds security while maintaining backwards compatibility. RFC 3833 documents some of the known threats to DNS and explains how DNSSEC responds to those threats.

ISC designed DNSSEC to protect Internet resolvers (clients) from forged DNS data, such as that created by DNS cache poisoning. All DNSSEC responses are digitally signed. By checking a response’s digital signature, a DNS resolver can ensure that the information is the same as the information on the authoritative DNS server.

In addition to authenticating IP addresses, DNSSEC can protect other information, such as general-purpose cryptographic certificates stored in CERT records in the DNS. RFC 4398 describes how to distribute these certificates, including those for email. This security makes using DNSSEC as a worldwide public key infrastructure for email possible.

VitalQIP prevents zone enumeration (a potential security risk) by using Next SECure 3 (NSEC3) records, which are supported in ISC BIND 9. NSEC3 is used for authenticated denial of existence of records.


To make use of NSEC3 in VitalQIP DNSSEC, an administrator first generates a zone-signing key. DNS Generations then create the NSEC3 records and sign resource records in the zone using the created key.

For additional security, VitalQIP provides access control to support three-level UserID, password and MAC address authentication for end users. Furthermore, VitalQIP’s rndc flush (remote name daemon control) uses a shared secret to provide encryption for local and remote terminals during each session.


Conclusion
Alcatel-Lucent’s VitalQIP embodies advanced, smart technologies that make it the market leader in IP address management.

Our study revealed how VitalQIP achieved its market leadership – it saves customers money and makes their lives easier and simpler.



Copyright 2012 Network Testing Labs


  
Home

About Network Testing Labs

Contact Network Testing Labs