IPAM – Part one – (again)

Back when Windows Server 2012 was released, I produced a series of How-to guides, one of which was on the benefits of IPAM – IP Address Management, one of the 18 roles available in the Server Operating System.

That article is repeated below as part one in my What’s new in IPAM – as provided in Windows Server 2012 r2.

Check Back for Part 2 next week.

How to use IPAM in Windows Server
2012

 Ed Baker MCSA, MCSE, MCT (Regional Lead UK) – Technical Evangelist – Microsoft UK

 

What is IPAM in Windows Server 2012, and why is it a big deal?

Speak to any Network or Server Administrator and they’ll proclaim one of their top five nightmares is managing IP addresses. Windows Server 2012 has introduced a brand new feature that will ease those nightmares and sooth the stresses of looking after such beasts as DHCP servers and DNS servers.

IPAM (IP Address Management) in Windows Server 2012 is the new framework for finding, monitoring and managing IP addresses on a network.

Why is this a big deal?

The ability to automatically manage your DNS, DHCP and all the monitoring and auditing is potentially a huge deal. No more worrying about running out of addresses in a subnet. No expensive third-party application to buy. No more scrappy bits of paper if you don’t buy the apps!

Historically, maintaining these records is either expensive or tricky – or both. Not now: IPAM is here.

What do I need to get started?

IPAM is a feature of Windows Server 2012 and must be installed as such, either by using the Add Roles and Features wizard or through PowerShell 3.0

The IPAM feature only runs on Windows Server 2012 so the first prerequisite is an installed server which must be a domain member. IPAM only works across a single forest model but can work across trusted and untrusted domains within the forest.

IPAM supports ONLY Microsoft DHCP, DNS and NPS servers, and Domain Controllers running Windows Server 2008 and above. Each of these must also be domain-joined in the same forest.

IPAM requires Windows Internal Database (no other will work) and supports up to 150 DHCP and DNS servers, with a total of up to 150 DNS zones and 6000 DHCP scopes.

IPAM will work on a small domain with very few servers but really comes into its own in a large distributed environment with a complex IP addressing and DNS scheme. The lab environment used in this document contains three servers (DC and DNS, DHCP and an IPAM) with a client. The technical setup is not complex but is time consuming. To keep this simple, I’ve used the Microsoft lab setup and the link is here. The test lab configuration begins half way down the document.

 

What will this actually do for me?

Once the setup is complete, the IPAM server becomes your best friend for all things DNS, DHCP and IP! The screenshot below shows Server Manager (what else?) in IPAM mode.

ipam1

 And this is the Server Inventory screen. From here you can run your empire, literally:

 ipam2

The initial setup and getting to this point can be quite time-consuming and involves automatic discovery of all the servers you wish to manage, and the services they provide.

Address management

Once here, the next step is to create your IP address blocks, ranges and individual addresses. This can be done manually or by importing CSV files. Each of these objects can be assigned additional user-defined attributes to allow grouping. An example would be departments or building and floors. As shown below.

ipam3 

In this screenshot, the IPAM administrator has created IP address ranges that are attached to particular buildings and an individual floor within that building. It then becomes very easy to find, monitor and manage a particular site or floor and make bulk changes to those areas. Imagine the actions necessary before this functionality!

ipam4

This is available for any custom fields as well as managing by the service, such as DNS or DHCP. It is also easy to select all your ranges and focus down into those which have similar attributes, and then to make changes. Highly configurable IP management.

Having decided what static addresses you need it is also possible to enter them into the IPAM console, and from there carry out the required DHCP and DNS functions, such as reservations and host records.

ipam5

 

 

 

 

 

 

 

 

 

 

There are far too many functions and facilities with IPAM for a short how to guide. My best advice is to build the lab and dive in.

Remote Management

Once the IPAM administrator has chosen which servers to manage using IPAM, that is exactly what he or she can do, with a simple right-click.

ipam6left

 

 

 

 

 

 

 

ipam6right

 

 

 

 

 

 

 

 

 

 

For DHCP and DNS servers, MMC can be launched to remotely manage, or for DHCP the administrator can make edits using IPAM dialogs to change Server and Scope options directly. This saves separate remote desktop sessions and even in some instances visiting sites to make changes.

 

Auditing

Having created and implemented your IP Schemes and managed them successfully, the final advantage of IPAM is that the feature provides detailed auditing of all the DHCP and DNS events and logs in one place.

ipam7

 

 

 

 

 

 

 

The auditing facilities are as flexible as the rest of IPAM. From address management events within the IPAM server itself, to granular listings of all events relating to an individual Host Name.

ipam8 

The screenshot above shows ALL events relating to a single client Host Name, each one of which can be detailed in the details view.

I need more help!

 

The functions and facilities involved in running an IPAM system will be new to many administrators. Microsoft has not always been the first to provide easy to find, easy to read and easy to understand help information. In general, Windows Server 2012 – and specifically Server Manager and IPAM – has put a sudden
stop to this trend.

ipam 9

 ipam10

As can be seen above, there are relevant, readable help texts in exactly the place you need them.

Moreover, it appears everywhere you need it.  The text is not overwhelming and is actually very useful to the new user as well as the old-timer who has temporarily forgotten something.

In summary

 

Windows Server 2012 has introduced hundreds of new features and facilities for the administrator. I would suggest that for a larger network, IPAM falls firmly into the big five most useful and usable of these.

 IPAM is a brand new feature in Windows Server 2012, in previous versions, the only solutions were paper-based or 3rd party-application-based; one being expensive, the other tricky to maintain.

IPAM is the ideal solution to manage ALL your Microsoft based DNS, DHCP and NPS administration from one place with little or no stress involved.

 Thanks Microsoft – Good Job!

 (September 2012)

 

 

 

 

 

 

 

 

 

 

 

Hybrid Cloud – take the ExpressRoute to extending your VPN into the Microsoft Azure Cloud

One of the traditional impediments to businesses adopting public cloud computing is the concern over putting all your eggs in one basket. The Hybrid cloud is the solution to this.

reluct

 

The Hybrid cloud is a description of utilising a pre-existing on-premises datacentre and a cloud solution such as Microsoft Azure to balance the overall solution.

 

mikeyt

 

The last two days at Enstone with the Lotus F1 team have been an excellent introduction for a packed audience into the way to use System Center to manage your on-premises datacentre (or private cloud) and to start using Microsoft Azure to develop your Hybrid Cloud.

 

 

Michael Taylor the CIO of Lotus F1 (above) gave an excellent introduction to both days. He explained that Lotus keep all business critical and confidential data in their own data centres. Lotus then use Office 365 and Microsoft Azure to host their email and other less critical services in the Cloud – Forming a true Hybrid Cloud solution.

Often networking and connectivity is seen as another impediment to connecting these two discrete elements and yet maintaining security. The recent Heartbleed OpenSSL issue although not directly affecting the Azure platform does highlight the need for vigilance and the security of the connectivity in a modern, robust Cloud solution. Essentially businesses want Azure in their network.

custYesterday Microsoft announced the ExpressRoute partnership programme and introduced BT and Equinix as the first partners to provide the solution in the UK and EMEA. The BT announcement is here and the Equinix one is here and the Microsoft Azure blog covers it well here

 

So ExpressRoute – what is that?

hybrid1

First and foremost ExpressRoute provides a private dedicated connection between Azure and the customer datacentre, no reliance on a shared internet infrastructure to reach your apps, services and data. 

Within this you can now choose the network performance you want or need (or can afford), this will allow you to design your Apps better and meet QoS and SLA requirements.

How fast do you say?  – Well up to 10Gbps – is that fast enough! If you have large amounts of data to move between your datacentre and Azure or vice versa then this is a great, fast and economically sound option.

So it is fast but what can I use it for?

ExpressRoute is designed to cater for mission critical workloads such as

  •  Storage (Migration, DR, retention archives)
  • Dev/Test (large VM movements from Dev / Test / Production environments)
  • BI and Big Data (Efficient transfer of large data sets to increase ‘Big Data’ performance)
  • Media (solid and predictable performance for streaming data to or from Azure)
  • Hybrid Apps (the mix of High Bandwidth and Low Latency links create a great environment for Azure to be used as a datacentre extension for multi tier apps  – improved I/O and API response times.)
  • Productivity Apps (Sharepoint as an example requires high bandwidth and low latency to work at scale)

There are three routes into Azure as shown below.

route

Express route provides a dedicated private route in one of two flavours an Exchange provider or Network Service provider route. The former provides a simple point to point solution while the latter exposes Azure as an additional site in the corporate network.

2roots 

 

 

Any regular reader of this blog will know that the I openly declare that the future is PowerShell and ExpressRoute is no different there are specific ExpressRoute Commandlets.

pshell

Microsoft provide ExpressRoute pricing for the access and bandwidth as well as throughput and your network provider will add their charges on top of this.

To keep up to date with ExpressRoute and all the changes and developments within Microsoft Azure bookmark the Azure Page  and the Azure Blog

The only question left for me is why wouldn’t you adopt this economically viable, flexible and fast solution to the Hybrid Cloud solution – Bring Azure into your network.

 

Try it free. Connect to the cloud for free with Microsoft Azure.
Sign up now or download your free training kit.

 

 

 

 

 

 

 

1 month in – its all about Touch and Dogfood

So – What have I learned in the first month working for Microsoft.

Certainly too much to write about on a blog and a lot of it I couldn’t anyway. But  I want to focus on two things that have particularly struck me as hugely important to my daily working life here.

First, I have an iPad and I even had a number of other touch devices going back to a Palm Pilot and an iPaq (the Compaq ones) in the 1990′s. BUT until now I have not really found anything that works for me as a touch interface. Either the screen has been too small, dark, sensitive or just plain clunky to use with Touch.

Enter Windows 8.1 and the world of Touch has become something that I just use and it is intuitive (for me) and things just happen more quickly and seamlessly. I have been allocated an Asus Ultrabook which is seriously cool (in a blokey gadget sort of way), it is light, fast and has capacity but most of all it has a great touch screen that makes Windows 8.1 work so well for me. So much so that when I use my Lab rig machine a Dell Precision M6700 behemoth I really really miss the touch screen, even running a full Private Cloud Lab. My belief is that Touch is definitely the future and it is no surprise to me that the ONLY machine I have ever supplied to any of my customers (before my life at Microsoft started) that I wish I could keep is the Asus ET2300 Touch all in one PC – Check it out its superb.

Secondly It shouldn’t really come as a surprise to me that a phrase that is omnipresent at Microsoft is Dogfood (indeed there is an internal dogfood site).

As an IT consultant over a good few years, I rarely visited a customer where everything just worked. Where everyone was happy with the internal IT team and where the systems ‘just worked’. Well as far as I have found so far (and I have looked quite hard). Everything here is dogfood and it just works. I sit at home using DirectAccess (part of the Windows Server 2012 R2 remote access story), this uses Virtual Smart Card technology too so providing you have a modern system with a TPM on board you can dispense with the physical card for remote access. The TPM also enables BitLocker Drive Encryption which protects all your valuable data.

All this is Dogfood here and all of this is available out of the box in Windows Server 2012 R2. Why not go and try it out here now.

I haven’t even started on the use of System Center, Windows Azure, Office 365 – all in use to run the company not just for demonstration or evaluation.

Why not come along to one of our IT Camps in April to see how Windows Server 2012 R2 and the System Center 2012 R2 components help to build the modern data center based Private Clouds and also the see the Hybrid cloud model using Windows Azure.

Book Here, they are being held in some very special places!

See you there

 

 

The start of something new and exciting

I always look forward to new challenges with a mixture of excitement and nerves.

Well this one is a real biggy. On Monday 3rd March I start work for Microsoft UK as a Technical Evangelist focusing on Infrastructure products.

It’s taken a long time getting to this point, many years, hundreds of exams and hours of reading, teaching, presenting and blogging. Excited – You bet!

I will be posting a great deal more than I have in the past and this page will be a mixture of tech and business / career related posts. I will also be revamping the theme and making it a more ‘professional’ experience!

My first week already looks a busy busy time, Reading, Manchester, London, Surrey – I look forward to the experience ahead.

Ed

Pick a Server – any Server

Ever wondered which edition of Windows Server 2012 R2 is right for you , your company or which one to evaluate?

Well Microsoft has released a single page, PDF download which shows everything you wanted to know about all the possible editions of the product and were too afraid to ask.

products

It covers.

Windows Server 2012 R2 Datacenter

Windows Server 2012 R2 Standard

Windows Server 2012 R2 Essentials

Windows Server 2012 R2 Foundation

Microsoft Hyper-V Server 2012 R2

Windows Storage Server 2012 R2 Standard

Windows Storage Server 2012 R2 Workgroup

This family of products caters for business of all sizes from 2 users to millions of users. From no virtualization  to unlimited VM’s. Not forgetting the completely free edition Microsoft Hyper-V Server 2012 R2.

Why not visit the Cloud OS Evaluation page and try out the one you think would be best for you?

For those chasing certification in any area that includes Windows Server 2012 R2 – this is an invaluable desktop study resource.

Server Virtualization – Hyper-V and System Center Specialist (74-409)

Yesterday I ticked off the first of my study and certification targets for the year…

hvcertpass

 

 

 

This is a one-off exam as it does not currently sit in any of the MCSA or MCSE tracks and qualifies for a standalone certification, a Microsoft Certified Specialist. I am not sure where this sits in the Certification stack as shown on the Microsoft Learning Server Certification Pages 

Currently the MOC20409 courseware is available but not shown as available online, I don’t know of any scheduled classes. There is no specific training that I know of for this published electronically or in paper form.

So how does one study for an exam on some very complex topics without access to formal training.

EASY! – Microsoft Virtual Academy virtualization courses are excellent. The latest is specifically aimed at this certification. Be aware though that this is not an online cheat sheet it is a series of PowerPoints and videos from the November 2013 JumpStart run by Symon Perriyman (twitter @SymonPerriman) and Corey Hynes. This is two full days of training by industry experts on the details of the products and demonstrations of key tasks.

Also anyone taking a Microsoft Exam should be aware that no training is good enough to pass an exam on its own, you need hands-on. Either build a lab for this or got to the free Technet Virtual labs. Here.

I was a little disappointed to find that there were a couple of errors in the questions and commented on them at the end of the exam, but nothing too dramatic and certainly not enough to cause great concern.

This is a great certification for anyone who wants to prove their skills in creating managing and monitoring virtualized servers or clouds.

Also be aware it covers aspects of Windows Server 2012 R2, Hyper-V, System Center VMM, System Center Operations Manager, System Center Service Manager, System Center DPM

Not just overviews but deep technical aspects so make sure you prepare well.

Dive in and have a look – remember MVA and Labs is the key to this one.

Happy New Year – what will you study this year?

Each year I sit down and think about what I would like to study. (and certify in).

Some years its simple, there is a new Microsoft Server or Client OS on the horizon and I need to take those to be able to teach the classes.

Some years it is less obvious, nothing major on the horizon and having a slow old  brain, I am not able to teach the whole product stack, so stick to those areas I know best.

This year is an in the middle year. The targets are easy to identify and less easy to achieve. The MCSA in Office 365 goes live in February and having recently sat the Beta tests, I am certain I will be retaking those in early Feb. ( the MSOnline PowerShell module is an area I will need to brush up on). I am also taking the stand alone certification as a Virtualisation Specialist (74-409) all about Hyper-V, System Center VMM and System Center DPM.

Other than that I would like to update my MOS Master to the 2013 version but this is proving somewhat problematic. I simply cannot get past the first of the Word 2013 expert exams. Much work to do there then!

Whatever you want to study you can’t do better than taking a look at Microsoft Virtual Academy here , hundreds of hours of free training with jumpstarts, tests and pdfs galore. It is absolutely my first port of call.

Happy New Year and Happy Studying.

What I regret not having known this year

As with most years, there are many things I know now that I wish I had known on January 1st 2013. In tech terms I have known for a long time that certain undeniable truths exist. Windows isn’t perfect (any version), nor is Mac. No matter how fast or wide the broadband pipe you pay for, no matter from whom you buy it, you don’t get what you think you should.

The single most important tech I have embraced this year is Solar PV energy generation, but unless you have it, it’s not exciting or interesting and I would soon enter the boring corner on my feed- in tariff and how much carbon I saved, directing you to my energynote.co.uk site to see my annual analysis. This would not win my prize!

In terms of technology related to my day to day working life, and in relation to this submission, I have known of and used this technology in every version of Windows Server, Client and Exchange Server, amongst others since 2008. I am referring to the beast that is PowerShell. Those of us who take Microsoft Certification tests have met this beast on many occasions and I would guess that most have come off second best. At once the best and worst of all command line interpreters, scripting languages and formal programming languages.

In August of this year I decided I needed to ‘learn PowerShell’, now I am a fairly qualified guy, lots of letters – MCT, MCSE, MCSA, etc. but I had put this task off for so long simply because I anticipated the effort and time involved would be unreasonable.

So what exactly, do I regret not having known at the beginning of this year – Just exactly how wrong I was and how PowerShell can change any administrators life for the better in a very short space of time. First stop should be a two pronged attack Buy Don Jones’ book, PowerShell in a Month of Lunches and enrol on the MOC10961B Automating Administration with Windows PowerShell course.

Whilst waiting for the book to be delivered and for the course to commence. Visit Powershell.org and Powershell.com, finally take a look at Thomas Lee’s PowerShell scripts blog. The point of all this research? Well two-fold really.

To see just how powerful this shell actually is.

To see how much has already been done for you.

Once you understand the syntax, constructs and methods of the shell, you are able to beg steal and borrow anything that does the job and amend it to your own needs. Yes you do have to learn and no it’s not all that easy. But the resources are all there and trust me – it’s fun. I now teach PowerShell courses to beginners and I regret not having knuckled down and done it a long time ago.

The future is bright, the future is PowerShell. Go find out for yourself.

As the year draws to a close

Time to reflect on the last 12 months and look forward to the next.

This has been  an incredible year personally and professionally, a home move, expanded into new vendors to teach and qualified as a NetApp Certified Instructor (NCI) and qualified to teach EMC Isilon, I gained a few more Microsoft certifications and started teaching other topics within their portfolio.

The biggest tech change for me has been teaching the course MOC10961B (I taught A too). This is the Automating Administration with Windows PowerShell … 5 day Microsoft Official Curriculum Course (colloquially known as MOC to MCT’s and others in the IT Training industry)

This was brought home to me whilst sitting in a couple of Beta exams the other day. I sat for the Office 365 MCSA exams 71-346 and 71-347. Office 365 is definitely the direction to take in the world of Devices and Services (more of that later).

This exam whilst still a Beta and under an NDA, I can say that without a detailed knowledge of the Shell (PowerShell v3.0), its constructs, CmdLets and syntax it will not be possible to pass this or, I believe, any of the new breed of Microsoft Certification examination.

It is definitely now, the Shell, the whole Shell and nothing but the Shell. My advice to anyone wanting to develop their Microsoft Infrastructure skills – get yourself on the 10961B somewhere, somehow. By the end of January 2014 i will have taught this on well over half of the last 10 full week training engagements. Word is getting out.

So – Office 365 is essentially the vast majority of Microsoft productivity software available whenever you want it wherever you want it for a monthly fee rather than an upfront charge.

Depending on which subscription you opt for (and you can upgrade at any time) you have access to the full Office 2013 suite of products. Exchange online for email, SharePoint online for team and external collaboration and Lync online for global communication by Lync, skype and other IM solutions.

You can even stream office to your desktop (if you cant install it directly) with Office on Demand. All pretty good stuff. You can take a free trial of up to 25 users here by emailing me ed@ed-baker.com

In addition to all this, you can have access to all the Office web apps, calendar, contacts and SkyDrive Pro , which is your own personal cloud storage area.

The individual products have been around for a long time but the ability to provide all of this for any level of consumer, from a student on a low budget to an enterprise that wants full integration with their Active Directory and a Single Sign On  (SSO ) solution is new and unique.

My New Year’s resolution is to make much fuller use of my Office 365 subscription.

On my iPad, on my Surface Pro on my desktop and on my android phone a true Devices and Services solution for all.

 

 

 

 

 

So much teaching – so little blogging

I have made a decision that I ought to post more to my blog. Not worth having if it’s not current and dynamic.

So a quick update – I have recently branched out into non-Microsoft topics such as NetApp and EMC Isilon storage solutions both great products, I am looking forward to teaching those in the very near future. So much to learn and teach and so little time.

I taught MOC10961B for the first time last week (Automating Administration with Windows PowerShell) a great course with great labs and so rewarding to teach. The course develops the student throughout and each lab builds on their skills. Written by Don Jones the mastermind behind powershell.org and many PowerShell books such as Learn Windows PowerShell in a month of Lunches – which is simply brilliant too.

It will soon be the case that if you can’t use PowerShell you will seriously limit your ability to use Windows Server and other Microsoft Server products effectively.

Finally I got some really good news this weekend i have been accepted as one of  Microsoft Learning’s MCT Regional Leads for the UK. This will involve acting as a mouthpiece for the MCT community and in communicating the benefits and developments in the programme to MCT’s and prospective MCTS’s all over the UK.

I am looking forward to the challenge ahead.