110 likes | 463 Vues
Windows Server 2012 IP Address Management. Clyde Johnson President Boston Area Windows Server User Group. IPAM (Internet Protocol Management). Planning, tracking and managing Increasingly important as new IPv6 networks are deployed Wikipedia has over 26 vendors in this space.
E N D
Windows Server 2012 IP Address Management Clyde Johnson President Boston Area Windows Server User Group
IPAM (Internet Protocol Management) • Planning, tracking and managing • Increasingly important as new IPv6 networks are deployed • Wikipedia has over 26 vendors in this space. • New feature of Windows Server 2012
Examples of IP Address Management Problems • I need to change a DHCP option like web proxy across dozens of scopes residing on multiple servers… • I am adding a new lab and want to assign subnets from my address plan… • I need to track user or machine activity in my network for troubleshooting or forensics… • I want to track my org’s address space and know addresses in use and available across different locations… • I have to find a free IP address for a new device and register it in DNS … • A DHCP Scope is full and clients are not getting any addresses – I need to expand the scope or create a firefighting scope…
IPAM Options . Spreadsheets . In-house tools Commercial appliances . . . • No CapEx investment • Simple to use for small networks….at first • Automation • High degree of customization • Automation • Rich feature set • Integration with own and MS DHCP/DNS . . • Labor intensive estimated (~$10 per address per annum) • Only performs address mgmt. • Inflexible and does not scale . Cons Pros • Maintenance cost • Relies on in-house support model • Expensive to add new capabilities • High acquisition and support costs
Windows Server 2012 IPAM Overview Organize, assign, monitor and manage static and dynamic IPv4/v6 addresses Address space mgmt (ASM) Network discovery . Automatic discovery of DC, DHCP and DNS servers, and dynamic IP addresses in use In-box solution that complements – and seamlessly integrated with – MS DHCP and DNS offerings WS 2012 IPAM Multi-server mgmt (MSM) . Centralized configuration and update of MS DHCP/DNS servers Visibility & audit Track and audit changes and provide real-time view of status
WS 2012 IPAM – Components and Interactions IPAM Client External System Win 8 (RSAT) & WS 2012 DHCP Server IPAM Administrators DNS Server IPAM Server Agentless architecture WID IPAM ASM Administrators DC Server WS 2012 in-box IPAM MSM Administrators Role-based access control NPS Server IPAM Users WS08; WS08 R2 & SPs; WS 2012 IPAM Server IPAM Audit Administrators WID WID – Windows Internal Database is a relational data store for Windows Server components Distributed deployment, scale, and DR
WS 2012 IPAM – External Data Integration IPAM Server Data Source IPAM PowerShell IPAM User Interface Import Import PS integration module CSV Export Data Sink CSV Export PS integration module
IPAM Installation • Installed as a feature of Windows 2012 • Cannot provision on a domain controller
IPAM Collections • IP addresses, client identifiers, and host names are collected from lease logs on managed DHCP serversUser names and IP addresses are collected from logon events on managed domain controllers. • User names and client identifiers are collected from logon events on managed network policy servers.
IPAM Queries • Query1: Find all DHCP lease events that match a specified IP address, client ID, or host name.Query2: Correlate network authentication events with the start and end times for events in query 1. • Query3: Display all logon events that match a specified user name with correlated DHCP lease events.