Windows Server 2012 IP Address ManagementBala RajagopalanGroup Program ManagerMicrosoft Corporation

WSV 307

Session Objectives and Takeaways

Session Objective(s): Understand Windows Server 2012 IPAM

What it is; how it works; how to use it; and how to integrate with external systems

Key TakeawaysWindows Server 2012 IPAM…

Complements MS DHCP and DNS offeringsReduces the opex around IPv4/v6 address management and the management of related MS DHCP and DNS functionsIntegrates with external systems like ADDS and SCVMMIs a cost-effective, in-box solution to manage network complexity

Beyond Virtualization

Windows Server 8 offers a dynamic, multi-tenant infrastructure that goes beyond virtualization to provide maximum flexibility for delivering and connecting to cloud services.

Modern Work Style, Enabled

Windows Server 8 empowers IT to provide users with flexible access to data and applications from virtually anywhere on any device with a rich user experience, while simplifying management and helping maintain security, control and compliance.

The Power of Many Servers, the Simplicity of One

Windows Server 8 offers excellent economics by integrating a highly available and easy to manage multi-server platform with breakthrough efficiency and ubiquitous automation.

Every App, Any Cloud

WS8 is a broad, scalable and elastic server platform that gives you the flexibility to build and deploy applications and websites on-premises, in the cloud and in a hybrid environment, using a consistent set of tools and frameworks.

Windows Server 2012Cloud Optimize Your IT

Understanding IPAM

Examples of IP Address Management Problems

I want to track my org’s address space and know addresses in use and available across different locations…I have to find a free IP address for a new device and register it in DNS …A DHCP Scope is full and clients are not getting any addresses – I need to expand the scope or create a firefighting scope…

I need to change a DHCP option like web proxy across dozens of scopes residing on multiple servers…I am adding a new lab and want to assign subnets from my address plan…I need to track user or machine activity in my network for troubleshooting or forensics…

IPAM Options

.

.

.

• Automation• Rich feature set• Integration with own

and MS DHCP/DNS

High acquisition and support costs

Commercial appliances

Con

s P

ros

.

.

• No CapEx investment

• Simple to use for small networks….at first

Labor intensive estimated (~$10 per address per annum)

Only performs address mgmt.

Inflexible and does not scale

Spreadsheets

.

.

.

• Automation• High degree of

customization

Maintenance cost Relies on in-house

support model Expensive to add

new capabilities

In-house tools

Windows Server 2012 IPAM Overview

Network discovery

Multi-server mgmt(MSM)

Visibility & audit

.

.Automatic discovery of

DC, DHCP and DNS servers, and dynamic IP

addresses in use

Centralized configuration and update of MS DHCP/DNS

servers

Track and audit changes and provide real-time

view of status

Address space mgmt(ASM)

Organize, assign, monitor and manage static and dynamic

IPv4/v6 addresses

In-box solution that complements – and

seamlessly integrated with – MS DHCP and DNS

offerings

WS 2012IPAM

External System

WS 2012 IPAM – Components and Interactions

DHCP Server

DNS Server

DC Server

NPS Server

IPAMAdministrators

IPAM ASMAdministrators

IPAM MSMAdministrators

IPAMUsers

IPAM AuditAdministrators

Role

-base

d a

ccess

co

ntr

ol

WS08; WS08 R2 & SPs; WS 2012

Win 8 (RSAT) & WS 2012

WS 2012 in-box

IPAM ServerWID

WID – Windows Internal Database is a relational data store for Windows Server components

IPAM Client

Agentless architecture

Distributed deployment, scale, and DR

IPAM ServerWID

WS 2012 IPAM – External Data Integration

IPA

M P

ow

erS

hell

Data

Sourc

eD

ata

Sin

k

Export

Import

IPA

M U

ser

Inte

rface

Import PS integration module

Export PS integration module

CSV

CSV

IPAM Server

Using Windows Server 2012 IPAM

Contoso Space Miners

Contoso is a space mining company. Its mines the precious metal, unobtanium, from Martian asteroids

Contoso has deployed several DNS servers, Domain Controllers and DHCP servers to keep its enterprise network running

Due to immense demand for unobtanium the company has grown quickly and is operating a number of earth stations. One such earth station is located in Area 42, which is used as the case for our demo today

contoso.com

finance.contoso.com

hr.contoso.com eng.contoso.com sales.contoso.com

Building 1

Building 2

Building 3

Building 4

DHCP,DNS, DC

Area 42

10.1.0.0/16

10.2.0.0/16

10.4.0.0/16

10.8.0.0/16

4 buildings each with 10 floors

• Visualize address block hierarchy

• Plan and create address blocks

Plan Address Space structure

• Create static and dynamic address ranges

• Find and allocate IP addresses

• DNS record and DHCP reservations

Allocate/Implement

• Monitor IP address range and DHCP scope utilization

• Monitor IP address utilization trend

• Monitor IP address expiry and reclaim expired addresses

Monitor Utilization

• Track IP addresses by correlating DHCP lease events with DC/NPS authentication events.

• Track changes to static address space as well as IPAM server though IPAM configuration events

TrackChanges

Address Space Management Workflow

demo

WS 2012 IPAMAddress Space Management

ASM RecapPlan

Maintain address block hierarchyCreate address block/sub-blocks

AllocateCreate static and dynamic ranges (DHCP scopes)Find free IP address and reserve it

MonitorStatic range/ DHCP scope utilization and trendExpiry status of IP address record

TrackIP address trackingIPAM configuration logs

Plan

Allocate

Monitor

Track

• Automatically discover servers

• Add servers

Build Server Inventory

• Edit DHCP server properties & options

• Create/Edit/Delete DHCP scopes & options

Configure & Update DHCP • Monitor DHCP scope

utilization• Monitor DNS zone

health• Monitor DHCP/DNS

service health

Monitor DNS and DHCP System

• Track configuration changes across all managed DHCP servers from a single console.

TrackChanges

Multi-Server Management (MSM) Workflow

demo

WS 2012 IPAMMulti-Server Management

Build Server InventoryDiscover and/or add servers

Manage DHCP systemEdit DHCP server properties and optionsManage DHCP scopes properties and options (Find & Replace, Duplicate scopes)

Monitor DNS and DHCP systemsDNS zone healthDHCP scope utilizationDHCP and DNS service health

Track DHCP configuration changes

MSM Recap

WS 2012 IPAM – External Data Integration from AD DS

IPAM PowerShell interfaces facilitates integration with other systems through import/export of data to/from IPAM

Integration with ADDS enables synchronization of Active Directory Sites and Subnets information from Active Directory to IPAM

Active Directory

ADDS PS

IPAM

10.1.1.0/24

10.1.2.0/24

10.2.1.0/24

10.4.4.0/24

10.2.4.0/24

10.4.2.0/24

10.8.4.0/2410.8.1.0/2

4

Site-Blgd1

Site-Blgd2

Site-Blgd3

Site-Blgd4

Site

Subnet

Site-Link

AD DS represents network topology as sites, subnets, and site links for efficient replication

SiteAD location. Activities, including replication, authentication and service location are based on site.

SubnetSites are associated with one or more subnets, each containing a number of hosts.

Site LinkSite links represent the WAN connections between sites.

Replication within a site is triggered automatically when a directory update occurs. Replication between sites (over slower, more expensive WAN links) is scheduled to occur periodically. 

AD DS Sites, Subnets and Site Links

• Import and export data through UI

• Import and export data through cmdlets

Import/Export

• PowerShell script for pulling data from AD and import it into IPAM

• PowerShell script for exporting subnets from IPAM and creating subnets in Active directory

PowerShell Script • Create a background Task in Task Scheduler to run PowerShell Script at regular intervals

Create Task in Task Scheduler

• Run the task scheduler task to synchronize the subnets between Active Directory and IPAM.

Synchronization

External Data Integration from AD DS

demo

WS 2012 IPAMADDS Integration

WS 2012 IPAM – SCVMM Integration

WS 2012 IPAM

SC 2012 SP1 VMM

• Configured IP address pools• Utilization of static ranges• VM address properties• SCVMM instance details• Logical and Virtual network

properties

PS basedintegration module

Track utilization statistics & trend of IP address space

Centralized address view across multiple SCVMMs

Custom views (tenants) and utilization roll-up

VM addresses inventory & lifetime management

Detect & alert conflicts/overlaps of address space

DNS / DHCP synchronization – Bulk operations

IPA

M v

iew

s &

opera

tions

Windows Server 2012 IPAM – Summary IP Address

Space Management

Server Discovery

Multi-Server Management

Network Audit and Visibility

.

.

• Migrate address space from legacy tools• Unified management of IP address space• Address life-cycle management• Address space management

• Service monitoring• Simplified multi-entity configurations

• Audit configuration changes - who, what and when • Audit IP address/user/machine activity• Real-time allocation and usage trends

• Agentless architecture• Custom meta-data • Remote management• PowerShell for integration• Powerful filter/search

• Disaster recovery• Multiple instance

deployment• Enterprise scale

Deployment, Customizatio

n, and Management

Scale and Robustness

WS 2012 IPAM

• Auto discovery (scheduled/on-demand)

• Disjoint domain namespace

Customer

Rand MorimotoPresidentConvergent Computing

Convergent Computing

Deployment Overview

Deployment Topology Multi-site WAN environment

Headquarters: Silicon Valley, CaliforniaOn-Premise DatacenterCo-location Disaster Recovery SiteCloud-based (Azure) Applications

AsiaPac Headquarters: Tokyo, JapanCombination of Static addressed and DHCP/Reserved HostsDHCP for all client Guests

Implemented IPAM in full production Fall 2011

Scenarios, Impact and FeedbackScenario

Customized IPAM through use of tagging to map addresses with placement of devices in datacenters, racks, and rack placement (replaced an Excel spreadsheet and Visio diagram used for 20+ years in tracking systems and IP addresses with a dynamic tracking mechanism in IPAM)

Business impact Static Excel spreadsheet / Visio diagram useless when guest sessions are Live Migrated frequently. Also DHCP leases for VPN client changes are now easily tracked.  Using IPAM solved a problem in asset tracking, management, diagraming, and reporting!Using IPAM for audit tracking and IP address tracking to trigger notifications and alerts on abnormal changes.  Still using System Center Operations Manager, but for quick audit reports. IPAM provides Compliance Officer (CO) what she needs in terms of audit reporting quickly and simply without having to teach the CO how to generate reports out of SCOM/SQL Reporting Services or burden IT with generating reports and information requested

FeedbackLightweight, gets the job done!

Session Objectives and Takeaways

Session Objective(s): Understand Windows Server 2012 IPAM

What it is; how it works; how to use it; and how to integrate with external systems

Key TakeawaysWindows Server 2012 IPAM…

Complements MS DHCP and DNS offeringsReduces the opex around IPv4/v6 address management and the management of related MS DHCP and DNS functionsIntegrates with external systems like ADDS and SCVMMIs a cost-effective, in-box solution to manage network complexity

Related Content

WSV304: Windows Server 2012 Networking Performance and Management WSV306: Inside Windows Server 2012 Multi-Server Management Capabilities MGT315: Network Management in Microsoft System Center 2012 SP1 - Virtual Machine ManagerWSV325: DNSSEC Deployment with Windows Server 2012WSV14-HOL: Managing Your Network Infrastructure with IP Address Management (IPAM) in S. Hall B

SIA, WSV, and VIR Track Resources

Talk to our Experts at the TLC

#TE(sessioncode)

DOWNLOAD Windows Server 2012 Release Candidate

microsoft.com/windowsserverHands-On Labs

DOWNLOAD Windows Azure

Windowsazure.com/teched

Resources

Connect. Share. Discuss.

http://northamerica.msteched.com

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Resources for Developers

http://microsoft.com/msdn

Complete an evaluation on CommNet and enter to win!

MS Tag

Scan the Tagto evaluate thissession now onmyTechEd Mobile

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS

PRESENTATION.