1 / 28

Windows Server IP Address Management (IPAM)

WSV324. Windows Server IP Address Management (IPAM). Rick Claus Sr. Technical Evangelist @ RicksterCDN http://RegularITGuy.com. Session Objectives and Takeaways. Session Objective(s): Understand Windows Server 2012 IPAM

abeni
Download Presentation

Windows Server IP Address Management (IPAM)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. WSV324 Windows Server IP Address Management (IPAM) Rick Claus Sr. Technical Evangelist @RicksterCDN http://RegularITGuy.com

  2. Session Objectives and Takeaways • Session Objective(s): • Understand Windows Server 2012 IPAM • What it is; how it works; how to use it; and how to integrate with external systems • Key Takeaways • Windows Server 2012 IPAM… • Complements MS DHCP and DNS offerings • Reduces the opex around IPv4/v6 address management and the management of related MS DHCP and DNS functions • Integrates with external systems like ADDS and SCVMM • Is a cost-effective, in-box solution to manage network complexity

  3. Understanding IPAM

  4. Examples of IP Address Management Problems • I want to track my org’s address space and know addresses in use and available across different locations… • I have to find a free IP address for a new device and register it in DNS … • A DHCP Scope is full and clients are not getting any addresses – I need to expand the scope or create a firefighting scope… • I need to change a DHCP option like web proxy across dozens of scopes residing on multiple servers… • I am adding a new lab and want to assign subnets from my address plan… • I need to track user or machine activity in my network for troubleshooting or forensics…

  5. IPAM Options Commercial appliances In-house tools . Spreadsheets . . . . • No CapEx investment • Simple to use for small networks….at first • Automation • High degree of customization • Automation • Rich feature set • Integration with own and MS DHCP/DNS . . . • Maintenance cost • Relies on in-house support model • Expensive to add new capabilities • High acquisition and support costs Cons Pros • Labor intensive estimated (~$10 per address per annum) • Only performs address mgmt. • Inflexible and does not scale

  6. Windows Server 2012 IPAM Overview Organize, assign, monitor and manage static and dynamic IPv4/v6 addresses Address space mgmt (ASM) Network discovery . Automatic discovery of DC, DHCP and DNS servers, and dynamic IP addresses in use In-box solution that complements – and seamlessly integrated with – MS DHCP and DNS offerings WS 2012 IPAM Multi-server mgmt (MSM) . Centralized configuration and update of MS DHCP/DNS servers Visibility & audit Track and audit changes and provide real-time view of status

  7. WS 2012 IPAM – Components and Interactions IPAM Client External System Win 8 (RSAT) & WS 2012 DHCP Server IPAM Administrators DNS Server IPAM Server Agentlessarchitecture IPAM ASM Administrators WID DC Server WS 2012 in-box Role-based access control IPAM MSM Administrators NPS Server IPAM Users WS08; WS08 R2 & SPs; WS 2012 IPAM Server IPAM Audit Administrators WID WID – Windows Internal Database is a relational data store for Windows Server components Distributed deployment, scale, and DR

  8. WS 2012 IPAM – External Data Integration IPAM Server Data Source IPAM PowerShell IPAM User Interface Import Import PS integration module CSV Export Data Sink CSV Export PS integration module

  9. Using Windows Server 2012 IPAM

  10. Contoso Space Miners • Contoso is a space mining company. Its mines the precious metal, unobtanium, from Martian asteroids • Contoso has deployed several DNS servers, Domain Controllers and DHCP servers to keep its enterprise network running • Due to immense demand for unobtanium the company has grown quickly and is operating a number of earth stations. One such earth station is located in Area 42, which is used as the case for our demo today

  11. Area 42 contoso.com hr.contoso.com finance.contoso.com eng.contoso.com sales.contoso.com 4 buildings each with 10 floors 10.1.0.0/16 Building 1 DHCP,DNS, DC 10.2.0.0/16 Building 4 10.4.0.0/16 10.3.0.0/16 Building 2 Building 3

  12. Address Space Management Workflow Track Changes Allocate/Implement • Track IP addresses by correlating DHCP lease events with DC/NPS authentication events. • Track changes to static address space as well as IPAM server though IPAM configuration events • Monitor IP address range and DHCP scope utilization • Monitor IP address utilization trend • Monitor IP address expiry and reclaim expired addresses • Create static and dynamic address ranges • Find and allocate IP addresses • DNS record and DHCP reservations • Visualize address block hierarchy • Plan and create address blocks Plan Address Space structure Monitor Utilization

  13. WS 2012 IPAMAddress Space Management

  14. Plan ASM Recap • Plan • Maintain address block hierarchy • Create address block/sub-blocks • Allocate • Create static and dynamic ranges (DHCP scopes) • Find free IP address and reserve it • Monitor • Static range/ DHCP scope utilization and trend • Expiry status of IP address record • Track • IP address tracking • IPAM configuration logs Track Allocate Monitor

  15. Multi-Server Management (MSM) Workflow Configure & Update DHCP • Edit DHCP server properties & options • Create/Edit/Delete DHCP scopes & options • Track configuration changes across all managed DHCP servers from a single console. • Automatically discover servers • Add servers • Monitor DHCP scope utilization • Monitor DNS zone health • Monitor DHCP/DNS service health Track Changes Build Server Inventory Monitor DNS and DHCP System

  16. WS 2012 IPAMMulti-Server Management

  17. MSM Recap • Build Server Inventory • Discover and/or add servers • Manage DHCP system • Edit DHCP server properties and options • Manage DHCP scopes properties and options (Find & Replace, Duplicate scopes) • Monitor DNS and DHCP systems • DNS zone health • DHCP scope utilization • DHCP and DNS service health • Track DHCP configuration changes

  18. WS 2012 IPAM – External Data Integration from AD DS Active Directory • IPAM PowerShell interfaces facilitates integration with other systems through import/export of data to/from IPAM • Integration with ADDS enables synchronization of Active Directory Sites and Subnets information from Active Directory to IPAM ADDS PS IPAM

  19. AD DS Sites, Subnets and Site Links Site-Blgd2 Site AD DS represents network topology as sites, subnets, and site links for efficient replication Site AD location. Activities, including replication, authentication and service location are based on site. Subnet Sites are associated with one or more subnets, each containing a number of hosts. Site Link Site links represent the WAN connections between sites. Replication within a site is triggered automatically when a directory update occurs. Replication between sites (over slower, more expensive WAN links) is scheduled to occur periodically. Site-Link 10.8.4.0/24 10.1.2.0/24 10.2.1.0/24 10.3.4.0/24 10.2.4.0/24 10.4.2.0/24 10.1.1.0/24 10.8.1.0/24 Site-Blgd3 Site-Blgd1 Subnet Site-Blgd4

  20. External Data Integration from AD DS PowerShell Script • PowerShell script for pulling data from AD and import it into IPAM • PowerShell script for exporting subnets from IPAM and creating subnets in Active directory • Run the task scheduler task to synchronize the subnets between Active Directory and IPAM. • Import and export data through UI • Import and export data through cmdlets • Create a background Task in Task Scheduler to run PowerShell Script at regular intervals Synchronization Create Task in Task Scheduler Import/Export

  21. WS 2012 IPAMADDS Integration

  22. WS 2012 IPAM – SCVMM Integration • Configured IP address pools • Utilization of static ranges • VM address properties • SCVMM instance details • Logical and Virtual network properties IPAM views & operations PS based integration module WS 2012 IPAM SC 2012 SP1 VMM

  23. Windows Server 2012 IPAM – Summary • Migrate address space from legacy tools • Unified management of IP address space • Address life-cycle management • Address space management • Disaster recovery • Multiple instance deployment • Enterprise scale IP Address Space Management . Server Discovery • Auto discovery (scheduled/on-demand) • Disjoint domain namespace Scale and Robustness WS 2012 IPAM Multi-Server Management . • Service monitoring • Simplified multi-entity configurations Deployment, Customization, and Management Network Audit and Visibility • Agentless architecture • Custom meta-data • Remote management • PowerShell for integration • Powerful filter/search • Audit configuration changes • who, what and when • Audit IP address/user/machine activity • Real-time allocation and usage trends

  24. Deployment Overview • Deployment Topology • Multi-site WAN environment • Headquarters: Silicon Valley, California • On-Premise Datacenter • Co-location Disaster Recovery Site • Cloud-based (Azure) Applications • AsiaPac Headquarters: Tokyo, Japan • Combination of Static addressed and DHCP/Reserved Hosts • DHCP for all client Guests • Implemented IPAM in full production Fall 2011

  25. Scenarios, Impact and Feedback • Scenario • Customized IPAM through use of tagging to map addresses with placement of devices in datacenters, racks, and rack placement (replaced an Excel spreadsheet and Visio diagram used for 20+ years in tracking systems and IP addresses with a dynamic tracking mechanism in IPAM) • Business impact • Static Excel spreadsheet / Visio diagram useless when guest sessions are Live Migrated frequently. Also DHCP leases for VPN client changes are now easily tracked.  Using IPAM solved a problem in asset tracking, management, diagraming, and reporting! • Using IPAM for audit tracking and IP address tracking to trigger notifications and alerts on abnormal changes.  Still using System Center Operations Manager, but for quick audit reports. IPAM provides Compliance Officer (CO) what she needs in terms of audit reporting quickly and simply without having to teach the CO how to generate reports out of SCOM/SQL Reporting Services or burden IT with generating reports and information requested • Feedback • Lightweight, gets the job done!

  26. Session Objectives and Takeaways • Session Objective(s): • Understand Windows Server 2012 IPAM • What it is; how it works; how to use it; and how to integrate with external systems • Key Takeaways • Windows Server 2012 IPAM… • Complements MS DHCP and DNS offerings • Reduces the opex around IPv4/v6 address management and the management of related MS DHCP and DNS functions • Integrates with external systems like ADDS and SCVMM • Is a cost-effective, in-box solution to manage network complexity

  27. Great Resource for IPAM • http://technet.microsoft.com/en-us/library/hh831622.aspx

  28. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related