Local Policy Module

The Local Policy Module (LPM) is the component on the QoS ACS server that retrieves and returns policy information from Active Directory. LPM is a generic term used to denote the implementation of a courier service used to provide the QoS ACS with a means of retrieving policy information from a particular policy store. LPMs are an integral part of the QoS ACS. The default Windows 2000 LPM, Msidlpm.dll, handles authentication by comparing the user information within the Kerberos ticket contained in the RSVP message with Active Directory policy information.

QoS ACS policy decisions to logically allocate bandwidth are enabled through the LPM's access to the Windows 2000 Active Directory policy store. The QoS ACS server invokes the LPM when a policy object with a Windows 2000 Kerberos ticket is detected. The LPM takes the user name from the RSVP message policy object and looks up the applicable policy in the Active Directory. The LPM then:

• Vetoes (rejects based on policy).
• Accepts (note that the request can still be rejected by a third-party LPM).
• Snubs (ignores; this allows acceptance).

The request is granted when at least one LPM accepts and no LPMs veto. The QoS ACS server can then decide to logically allocate bandwidth.

The LPM resides on the admission control server and provides authentication services. The QoS ACS also exposes an LPM API that allows independent software vendors to write customized LPMs. Third-party development of LPMs and policy elements (PEs) are possible in the future.

© 1985-2000 Microsoft Corporation. All rights reserved.