IPAM – Part one – (again)

Back when Windows Server 2012 was released, I produced a series of How-to guides, one of which was on the benefits of IPAM – IP Address Management, one of the 18 roles available in the Server Operating System.

That article is repeated below as part one in my What’s new in IPAM – as provided in Windows Server 2012 r2.

Check Back for Part 2 next week.

How to use IPAM in Windows Server
2012

 Ed Baker MCSA, MCSE, MCT (Regional Lead UK) – Technical Evangelist – Microsoft UK

 

What is IPAM in Windows Server 2012, and why is it a big deal?

Speak to any Network or Server Administrator and they’ll proclaim one of their top five nightmares is managing IP addresses. Windows Server 2012 has introduced a brand new feature that will ease those nightmares and sooth the stresses of looking after such beasts as DHCP servers and DNS servers.

IPAM (IP Address Management) in Windows Server 2012 is the new framework for finding, monitoring and managing IP addresses on a network.

Why is this a big deal?

The ability to automatically manage your DNS, DHCP and all the monitoring and auditing is potentially a huge deal. No more worrying about running out of addresses in a subnet. No expensive third-party application to buy. No more scrappy bits of paper if you don’t buy the apps!

Historically, maintaining these records is either expensive or tricky – or both. Not now: IPAM is here.

What do I need to get started?

IPAM is a feature of Windows Server 2012 and must be installed as such, either by using the Add Roles and Features wizard or through PowerShell 3.0

The IPAM feature only runs on Windows Server 2012 so the first prerequisite is an installed server which must be a domain member. IPAM only works across a single forest model but can work across trusted and untrusted domains within the forest.

IPAM supports ONLY Microsoft DHCP, DNS and NPS servers, and Domain Controllers running Windows Server 2008 and above. Each of these must also be domain-joined in the same forest.

IPAM requires Windows Internal Database (no other will work) and supports up to 150 DHCP and DNS servers, with a total of up to 150 DNS zones and 6000 DHCP scopes.

IPAM will work on a small domain with very few servers but really comes into its own in a large distributed environment with a complex IP addressing and DNS scheme. The lab environment used in this document contains three servers (DC and DNS, DHCP and an IPAM) with a client. The technical setup is not complex but is time consuming. To keep this simple, I’ve used the Microsoft lab setup and the link is here. The test lab configuration begins half way down the document.

 

What will this actually do for me?

Once the setup is complete, the IPAM server becomes your best friend for all things DNS, DHCP and IP! The screenshot below shows Server Manager (what else?) in IPAM mode.

ipam1

 And this is the Server Inventory screen. From here you can run your empire, literally:

 ipam2

The initial setup and getting to this point can be quite time-consuming and involves automatic discovery of all the servers you wish to manage, and the services they provide.

Address management

Once here, the next step is to create your IP address blocks, ranges and individual addresses. This can be done manually or by importing CSV files. Each of these objects can be assigned additional user-defined attributes to allow grouping. An example would be departments or building and floors. As shown below.

ipam3 

In this screenshot, the IPAM administrator has created IP address ranges that are attached to particular buildings and an individual floor within that building. It then becomes very easy to find, monitor and manage a particular site or floor and make bulk changes to those areas. Imagine the actions necessary before this functionality!

ipam4

This is available for any custom fields as well as managing by the service, such as DNS or DHCP. It is also easy to select all your ranges and focus down into those which have similar attributes, and then to make changes. Highly configurable IP management.

Having decided what static addresses you need it is also possible to enter them into the IPAM console, and from there carry out the required DHCP and DNS functions, such as reservations and host records.

ipam5

 

 

 

 

 

 

 

 

 

 

There are far too many functions and facilities with IPAM for a short how to guide. My best advice is to build the lab and dive in.

Remote Management

Once the IPAM administrator has chosen which servers to manage using IPAM, that is exactly what he or she can do, with a simple right-click.

ipam6left

 

 

 

 

 

 

 

ipam6right

 

 

 

 

 

 

 

 

 

 

For DHCP and DNS servers, MMC can be launched to remotely manage, or for DHCP the administrator can make edits using IPAM dialogs to change Server and Scope options directly. This saves separate remote desktop sessions and even in some instances visiting sites to make changes.

 

Auditing

Having created and implemented your IP Schemes and managed them successfully, the final advantage of IPAM is that the feature provides detailed auditing of all the DHCP and DNS events and logs in one place.

ipam7

 

 

 

 

 

 

 

The auditing facilities are as flexible as the rest of IPAM. From address management events within the IPAM server itself, to granular listings of all events relating to an individual Host Name.

ipam8 

The screenshot above shows ALL events relating to a single client Host Name, each one of which can be detailed in the details view.

I need more help!

 

The functions and facilities involved in running an IPAM system will be new to many administrators. Microsoft has not always been the first to provide easy to find, easy to read and easy to understand help information. In general, Windows Server 2012 – and specifically Server Manager and IPAM – has put a sudden
stop to this trend.

ipam 9

 ipam10

As can be seen above, there are relevant, readable help texts in exactly the place you need them.

Moreover, it appears everywhere you need it.  The text is not overwhelming and is actually very useful to the new user as well as the old-timer who has temporarily forgotten something.

In summary

 

Windows Server 2012 has introduced hundreds of new features and facilities for the administrator. I would suggest that for a larger network, IPAM falls firmly into the big five most useful and usable of these.

 IPAM is a brand new feature in Windows Server 2012, in previous versions, the only solutions were paper-based or 3rd party-application-based; one being expensive, the other tricky to maintain.

IPAM is the ideal solution to manage ALL your Microsoft based DNS, DHCP and NPS administration from one place with little or no stress involved.

 Thanks Microsoft – Good Job!

 (September 2012)

 

 

 

 

 

 

 

 

 

 

 

Comments

IPAM – Part one – (again) — 1 Comment

  1. Pingback: IPAM - Part 2 - Blogg(Ed)