1 / 28

Module 3: Managing and Monitoring Dynamic Host Configuration Protocol (DHCP)

Module 3: Managing and Monitoring Dynamic Host Configuration Protocol (DHCP). Overview. Managing a DHCP Database Monitoring DHCP Applying Security Guidelines for DHCP. Lesson: Managing a DHCP Database. Overview of Managing DHCP What Is a DHCP Database?

maddox
Télécharger la présentation

Module 3: Managing and Monitoring Dynamic Host Configuration Protocol (DHCP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 3: Managing and Monitoring Dynamic Host Configuration Protocol (DHCP)

  2. Overview • Managing a DHCP Database • Monitoring DHCP • Applying Security Guidelines for DHCP

  3. Lesson: Managing a DHCP Database • Overview of Managing DHCP • What Is a DHCP Database? • How a DHCP Database Is Backed Up and Restored • How To Back Up and Restore a DHCP Database • How a DHCP Database Is Reconciled • How To Reconcile a DHCP Database

  4. Overview of Managing DHCP The DHCP service needs to be managed to reflect changes in the network and the DHCP server Scenarios for managing DHCP: • Managing DHCP database growth • Protecting the DHCP database • Ensuring DHCP database consistency • Adding clients • Adding new network service servers • Adding new subnets

  5. What Is a DHCP Database? The DHCP database is a dynamic database that is updated when DHCP clients are assigned or as they release their TCP/IP address leases • The DHCP database contains DHCP configuration data, such as information about scopes, reservations, options, and leases • Windows Server 2003 stores the DHCP database in the directory %Systemroot%\System32\Dhcp • The DHCP database files include: • DHCP.mdb • Tmp.edb • J50.log and J50*.log • Res*.log • J50.chk

  6. DHCP Server Offline Storage Restore DHCP Back up Restore DHCP Back up How a DHCP Database Is Backed Up and Restored The DHCP service automatically backs up the DHCP database to the backup directory on the local drive If the original database is unable to load, the DHCP service automatically restores from the backup directory on the local drive The administrator moves a copy of the backed up DHCP database to an offline storage location In the event that the server hardware fails, the administrator can restore only from the offline storage location

  7. How to Back Up and Restore a DHCP Database Your instructor will demonstrate how to: • Apply guidelines when backing up and restoring a DHCP database • Configure a DHCP database backup path • Manually back up a DHCP database to the backup directory on a local drive • Manually restore a DHCP database from the backup directory on a local drive

  8. How a DHCP Database Is Reconciled Detailed IP address lease information DHCP Database Compares information to find inconsistencies Summary IP address lease information Registry Reconciles inconsistencies in the DHCP database DHCP Server

  9. How to Reconcile a DHCP Database Your instructor will demonstrate how to: • Prepare to reconcile a DHCP database • Reconcile all scopes in a DHCP database • Reconcile a scope in a DHCP database

  10. Practice: Managing a DHCP Database In this practice, you will manage a DHCP database

  11. Lesson: Monitoring DHCP • Overview of Monitoring DHCP • Multimedia: Creating a Performance Baseline (Optional) • What Are DHCP Statistics? • How to View DHCP Statistics • What Is a DHCP Audit Log File? • How DHCP Audit Logging Works • How to Monitor DHCP Server Performance by Using the DHCP Audit Log • Guidelines for Monitoring DHCP Server Performance • Common Performance Counters for Monitoring DHCP Server Performance • Guidelines for Creating Alerts for a DHCP Server

  12. Why monitor DHCP? • The DHCP environment is dynamic • Increased DHCP server performance • Provides the ability to plan for current and future needs DHCP data includes: • DHCP statistics • DHCP events • DHCP performance data Overview of Monitoring DHCP

  13. Multimedia: (Optional) Creating a Performance Baseline • The objective of this presentation is to provide high-level steps for creating a performance baseline • After this presentation, you will be able to: • Explain the purpose of a performance baseline • Explain that a performance baseline is the level of system performance that you find acceptable • Explain that server performance is critical to efficient network operations

  14. What Are DHCP Statistics? DHCP Server DHCP statistics represent statistics collected at either the server level or scope level since the DHCP service was last started

  15. How to View DHCP Statistics Your instructor will demonstrate how to: • Enable DHCP statistics to automatically refresh • View DHCP server statistics • View DHCP scope statistics

  16. What Is a DHCP Audit Log File? A DHCP audit log is a log of service-related events, such as when: the service starts and stops; authorizations have been verified; or IP addresses are leased, renewed, released, or denied

  17. How DHCP Audit Logging Works Audit logging is the daily collection of DHCP server events into log files. DHCP server closes the existing log and moves to the log file for the next day of the week DHCP server writes a header message in the audit log, indicating that logging has started 12:00 am 3. DHCP closes daily audit log 1. DHCP opens daily audit log 2. DHCP performs disk checks DHCPSrvLog-Tue.Log DHCPSrvLog-Mon.Log Disk checks ensure that both the ongoing availability of server disk space and the current audit log file do not become too large or grow too rapidly

  18. How to Monitor DHCP Server Performance by Using the DHCP Audit Log Your instructor will demonstrate how to: • Enable and configure DHCP audit logging • View the DHCP audit log

  19. Guidelines for Monitoring DHCP Server Performance • Create a baseline of performance data on the DHCP server • Check the standard counters for server performance, such as processor utilization, paging, disk performance, and network utilization • Review DHCP server counters to look for significant drops or increases that indicate a change in DHCP traffic

  20. Common Performance Counters for Monitoring DHCP Server Performance

  21. Guidelines for Creating Alerts for a DHCP Server Define the acceptable level that a DHCP counter can rise above or fall below, before creating an alert Use scripts with your alerts

  22. Practice: Monitoring DHCP In this practice, you will monitor DHCP

  23. Lesson: Applying Security Guidelines for DHCP • Guidelines for Restricting an Unauthorized User from Obtaining a Lease • Guidelines for Restricting an Unauthorized, non-Microsoft DHCP Server from Leasing IP Addresses • Guidelines for Restricting Who Can Administer the DHCP Service • Guidelines for Securing the DHCP Database

  24. Guidelines for Restricting an Unauthorized User from Obtaining a Lease To restrict an unauthorized user from obtaining a lease: • Ensure that unauthorized persons do not have physical or wireless access to your network • Enable audit logging for every DHCP server on your network • Regularly check and monitor audit log files • Use 802.1X-enabled LAN switches or wireless access points to access the network

  25. Guidelines for Restricting Unauthorized, Non-Microsoft DHCP Servers from Leasing IP Addresses To restrict an unauthorized, non-Microsoft DHCP server from leasing IP addresses: • Ensure that unauthorized persons do not have physical or wireless access to your network • Microsoft DHCP Server • Only DHCP servers running Windows 2000 or Windows Server 2003 can be authorized in Active Directory • Unauthorized, non-Microsoft DHCP Server • Non-Microsoft DHCP server software does not include the authorization feature that is included in Windows 2000 and Windows Server 2003

  26. Guidelines for Restricting Who Can Administer the DHCP Service To restrict who can administer the DHCP service: • Restrict the membership of the DHCP Administrators group to the minimum number of users necessary to administer the service • If there are users who need read-only access to the DHCP console, then add them to the DHCP Users group instead of the DHCP Administrators group

  27. Guidelines for Securing the DHCP Database To further secure the DHCP database: • Consider changing the default permissions of the DHCP folder • Provide only the minimum permissions required to users to enable them to perform their task • Provide Read permissions to users responsible for analyzing DHCP server log files • Remove Authenticated Users and Power Users to minimize access to the files in the DHCP folder

  28. Lab A: Managing and Monitoring DHCP In this lab, you will manage and monitor DHCP

More Related