Post on 05-Jan-2016
transcript
Windows Server 2012 IP Address ManagementTyler BartonProgram ManagerMicrosoft Corporation
WSV 307
Session Objectives and Takeaways
Session Objective(s): Understand Windows Server 2012 IPAM
What it is; how it works; how to use it; and how to integrate with external systems
Key TakeawaysWindows Server 2012 IPAM…
Complements MS DHCP and DNS offeringsReduces the opex around IPv4/v6 address management and the management of related MS DHCP and DNS functionsIntegrates with external systems like ADDS and SCVMMIs a cost-effective, in-box solution to manage network complexity
Beyond Virtualization
Windows Server 8 offers a dynamic, multi-tenant infrastructure that goes beyond virtualization to provide maximum flexibility for delivering and connecting to cloud services.
Modern Work Style, Enabled
Windows Server 8 empowers IT to provide users with flexible access to data and applications from virtually anywhere on any device with a rich user experience, while simplifying management and helping maintain security, control and compliance.
The Power of Many Servers, the Simplicity of One
Windows Server 8 offers excellent economics by integrating a highly available and easy to manage multi-server platform with breakthrough efficiency and ubiquitous automation.
Every App, Any Cloud
WS8 is a broad, scalable and elastic server platform that gives you the flexibility to build and deploy applications and websites on-premises, in the cloud and in a hybrid environment, using a consistent set of tools and frameworks.
Windows Server 2012Cloud Optimize Your IT
Understanding IPAM
Examples of IP Address Management Problems
I want to track my org’s address space and know addresses in use and available across different locations…I have to find a free IP address for a new device and register it in DNS …A DHCP Scope is full and clients are not getting any addresses – I need to expand the scope or create a firefighting scope…
I need to change a DHCP option like web proxy across dozens of scopes residing on multiple servers…I am adding a new lab and want to assign subnets from my address plan…I need to track user or machine activity in my network for troubleshooting or forensics…
IPAM Options
.
.
.
• Automation• Rich feature set• Integration with own
and MS DHCP/DNS
High acquisition and support costs
Commercial appliances
Con
s P
ros
.
.
• No CapEx investment
• Simple to use for small networks….at first
Labor intensive estimated (~$10 per address per annum)
Only performs address mgmt.
Inflexible and does not scale
Spreadsheets
.
.
.
• Automation• High degree of
customization
Maintenance cost Relies on in-house
support model Expensive to add
new capabilities
In-house tools
Windows Server 2012 IPAM Overview
Network discovery
Multi-server mgmt(MSM)
Visibility & audit
.
.Automatic discovery of
DC, DHCP and DNS servers, and dynamic IP
addresses in use
Centralized configuration and update of MS DHCP/DNS
servers
Track and audit changes and provide real-time
view of status
Address space mgmt(ASM)
Organize, assign, monitor and manage static and dynamic
IPv4/v6 addresses
In-box solution that complements – and
seamlessly integrated with – MS DHCP and DNS
offerings
WS 2012IPAM
External System
WS 2012 IPAM – Components and Interactions
DHCP Server
DNS Server
DC Server
NPS Server
IPAMAdministrators
IPAM ASMAdministrators
IPAM MSMAdministrators
IPAMUsers
IPAM AuditAdministrators
Role
-base
d a
ccess
co
ntr
ol
WS08; WS08 R2 & SPs; WS 2012
Win 8 (RSAT) & WS 2012
WS 2012 in-box
IPAM ServerWID
WID – Windows Internal Database is a relational data store for Windows Server components
IPAM Client
Agentless architecture
Distributed deployment, scale, and DR
IPAM ServerWID
WS 2012 IPAM – External Data Integration
IPA
M P
ow
erS
hell
Data
Sourc
eD
ata
Sin
k
Export
Import
IPA
M U
ser
Inte
rface
Import PS integration module
Export PS integration module
CSV
CSV
IPAM Server
Using Windows Server 2012 IPAM
Contoso Space Miners
Contoso is a space mining company. Its mines the precious metal, unobtanium, from Martian asteroids
Contoso has deployed several DNS servers, Domain Controllers and DHCP servers to keep its enterprise network running
Due to immense demand for unobtanium the company has grown quickly and is operating a number of earth stations. One such earth station is located in Area 42, which is used as the case for our demo today
contoso.com
finance.contoso.com
hr.contoso.com eng.contoso.com sales.contoso.com
Building 1
Building 2
Building 3
Building 4
DHCP,DNS, DC
Area 42
10.1.0.0/16
10.2.0.0/16
10.4.0.0/16
10.8.0.0/16
4 buildings each with 10 floors
• Visualize address block hierarchy
• Plan and create address blocks
Plan Address Space structure
• Create static and dynamic address ranges
• Find and allocate IP addresses
• DNS record and DHCP reservations
Allocate/Implement
• Monitor IP address range and DHCP scope utilization
• Monitor IP address utilization trend
• Monitor IP address expiry and reclaim expired addresses
Monitor Utilization
• Track IP addresses by correlating DHCP lease events with DC/NPS authentication events.
• Track changes to static address space as well as IPAM server though IPAM configuration events
TrackChanges
Address Space Management Workflow
demo
WS 2012 IPAMAddress Space Management
ASM RecapPlan
Maintain address block hierarchyCreate address block/sub-blocks
AllocateCreate static and dynamic ranges (DHCP scopes)Find free IP address and reserve it
MonitorStatic range/ DHCP scope utilization and trendExpiry status of IP address record
TrackIP address trackingIPAM configuration logs
Plan
Allocate
Monitor
Track
• Automatically discover servers
• Add servers
Build Server Inventory
• Edit DHCP server properties & options
• Create/Edit/Delete DHCP scopes & options
Configure & Update DHCP • Monitor DHCP scope
utilization• Monitor DNS zone
health• Monitor DHCP/DNS
service health
Monitor DNS and DHCP System
• Track configuration changes across all managed DHCP servers from a single console.
TrackChanges
Multi-Server Management (MSM) Workflow
demo
WS 2012 IPAMMulti-Server Management
Build Server InventoryDiscover and/or add servers
Manage DHCP systemEdit DHCP server properties and optionsManage DHCP scopes properties and options (Find & Replace, Duplicate scopes)
Monitor DNS and DHCP systemsDNS zone healthDHCP scope utilizationDHCP and DNS service health
Track DHCP configuration changes
MSM Recap
WS 2012 IPAM – External Data Integration from AD DS
IPAM PowerShell interfaces facilitates integration with other systems through import/export of data to/from IPAM
Integration with ADDS enables synchronization of Active Directory Sites and Subnets information from Active Directory to IPAM
Active Directory
ADDS PS
IPAM
10.1.1.0/24
10.1.2.0/24
10.2.1.0/24
10.4.4.0/24
10.2.4.0/24
10.4.2.0/24
10.8.4.0/2410.8.1.0/2
4
Site-Blgd1
Site-Blgd2
Site-Blgd3
Site-Blgd4
Site
Subnet
Site-Link
AD DS represents network topology as sites, subnets, and site links for efficient replication
SiteAD location. Activities, including replication, authentication and service location are based on site.
SubnetSites are associated with one or more subnets, each containing a number of hosts.
Site LinkSite links represent the WAN connections between sites.
Replication within a site is triggered automatically when a directory update occurs. Replication between sites (over slower, more expensive WAN links) is scheduled to occur periodically.
AD DS Sites, Subnets and Site Links
• Import and export data through UI
• Import and export data through cmdlets
Import/Export
• PowerShell script for pulling data from AD and import it into IPAM
• PowerShell script for exporting subnets from IPAM and creating subnets in Active directory
PowerShell Script • Create a background Task in Task Scheduler to run PowerShell Script at regular intervals
Create Task in Task Scheduler
• Run the task scheduler task to synchronize the subnets between Active Directory and IPAM.
Synchronization
External Data Integration from AD DS
demo
WS 2012 IPAMADDS Integration
WS 2012 IPAM – SCVMM Integration
WS 2012 IPAM
SC 2012 SP1 VMM
• Configured IP address pools• Utilization of static ranges• VM address properties• SCVMM instance details• Logical and Virtual network
properties
PS basedintegration module
Track utilization statistics & trend of IP address space
Centralized address view across multiple SCVMMs
Custom views (tenants) and utilization roll-up
VM addresses inventory & lifetime management
Detect & alert conflicts/overlaps of address space
DNS / DHCP synchronization – Bulk operations
IPA
M v
iew
s &
opera
tions
Windows Server 2012 IPAM – Summary IP Address
Space Management
Server Discovery
Multi-Server Management
Network Audit and Visibility
.
.
• Migrate address space from legacy tools• Unified management of IP address space• Address life-cycle management• Address space management
• Service monitoring• Simplified multi-entity configurations
• Audit configuration changes - who, what and when • Audit IP address/user/machine activity• Real-time allocation and usage trends
• Agentless architecture• Custom meta-data • Remote management• PowerShell for integration• Powerful filter/search
• Disaster recovery• Multiple instance
deployment• Enterprise scale
Deployment, Customizatio
n, and Management
Scale and Robustness
WS 2012 IPAM
• Auto discovery (scheduled/on-demand)
• Disjoint domain namespace
customer
Damian FlynnSystems Architect, Corporate IT Infrastructure TeamLionbridge
Lionbridge
Introduction
Damian FlynnSystems Architect, Corporate IT Infrastructure, LionbridgeMVP Cloud and Datacenter Management
Contributing Author (June 2012)Microsoft Private Cloud Computing
Lionbridge: ServicesTEST
TRANSLATE
SUPPORT
DEVELOP
MANAGE
We create locally relevant sales and marketing content to accelerate our clients’ global revenue.
We test software and online search results to help clients market and sell high-quality, relevant applications in global markets
We translate our clients’ applications and content, enabling them to deliver a superior customer experience worldwide
We manage our clients’ business-critical product and content releases in hundreds of global markets and languages
We author and illustrate technical documentation for clients who serve and support customers in global markets
Enabling every touch point of the global customer lifecycle
Deployment Overview
Deployment Topology Single AD Forest45 Field Offices47 DHCP and DNS Servers2 NPS Servers
Scenarios, Impact and Feedback
ScenariosEnvironmental AuditIP Usage TrackingPool Optimization
Business impact Zero Impact DeploymentCentralized View of IP MovementPowerful IP History Tool to assist with Forensic Analysis
Scenarios, Impact and Feedback
FeedbackIPAM Database is Windows Internal DatabaseIntegration with other tools little tricky
Future SC VMM 2012 IP Pool integrationConsiderations
Public Address SpaceMultiple Static IP’s per Server…CMDB Integration
SIA, WSV, and VIR Track Resources
DOWNLOAD Windows Server 2012 Release Candidate
microsoft.com/windowsserver
#TEWSV307 DOWNLOAD Microsoft System Center 2012 Evaluation
microsoft.com/systemcenterHands-On Labs
Talk to our Experts at the TLC
Resources
Connect. Share. Discuss.
http://europe.msteched.com
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Resources for Developers
http://microsoft.com/msdn
Evaluations
http://europe.msteched.com/sessions
Submit your evals online
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.