IPAM – Part 3

IPAM Part 3 focuses on the integration of System Center Virtual Machine Manager (SCVMM) 2012 R2 into the IPAM managed environment.

What exactly does this mean?

IPAM covers the entire Microsoft DHCP and DNS environment and monitors, manages and audits the deployment. Prior to Windows Server 2012 this was only possible with Spreadsheets, pieces of paper or expensive 3rd party applications. With the release of Windows Server 2012, this became a whole lot easier but there were missing areas. One important part of this was the virtual networks created and managed within SCVMM.

ipamvmm1

Windows Server 2012 R2 now covers this gap within the IPAM client console. All provider and client network addresses and subnets are included.

This is all included in the box and requires no extra installation steps.

Client and Provider networks addresses. What are those?

ipamscvmm2

System Center Virtual Machine Manager 2012 R2 allows for fully isolated network virtualisation using a protocol called NVGRE – Network Virtualisation Generic Routing Encapsulation. This technology is a topic own its own right and I will post about that another time. For now, if you want more detail try reading this post (be warned technical trauma ahead) NVGRE, a lighter way of looking at it is on the slide above. Each VM has a provider address and a customer address, allowing multi-tenant solutions with the same customer IP address on a network.

It’s easy to see why keeping a close eye on these IP address ranges, subnets and individual IP addresses is a good idea.

Once IPAM has been installed the integration plugin will automatically use Web Services Management (WS Man) to update the IPAM server with all the SCVMM virtual networking data.

Oh and it can also be managed using PowerShell. Here are the network Virtualisation cmdlets and Here are the IPAM Cmdlets

The IPAM client interface is then automatically populated with this data as shown below.

ipamscvmm3

The client application is found in Server Manager within either Windows Server 2012 R2 or in the Server Manager withing the Remote Server Admin Tools (RSAT) which can be downloaded and installed on a Windows 8.1 machine. Be aware that RSAT is paired (i.e. Windows 7 and Windows Server 2008 R2, Windows 8 and and Windows Server 2012 etc.)

Network Virtualisation is a very complex topic, but utilising the IPAM tools to monitor this requires no extra skills or training. A major win!

Why not try them out now. Evaluate Windows Server 2012 R2 and Microsoft System Center 2012 R2 here along with a host of other Microsoft software.

The final part in this tour of IPAM will cover the remaining new features.

Self-Training – 101: How to get started and keep going.

Self-training 101: How to find the time and the motivation and what is available for the IT Professional.

Everybody has their own learning style, most fit into the three primary styles of Visual, Auditory or Kinaesthetic (tactile or learning by doing). These simply describe the way in which learning is most effective for you. To be able to train yourself in leading edge technology matters, a blend of all three is probably required.

I have been taking part in distance learning since 1992 when I started my Open University Degree course. There hasn’t been a time since then when I have been ‘resting’ from study. That does take a lot of self- discipline, motivation and no small measure of selfishness.

The title of this post implies that you can follow my approach and all will be well, that is not necessarily the case. Everyone is different, everyone has a different work routine, home life and family or hobby commitments. What I can do is explain how I approach my own self training and the path to certification which was the secondary purpose of all those years of study.

It would be great if using a particular product for years or being experienced in a role was a guarantee of knowing it to a deep level and to be able to prove to your employer and prospective employers that you were proficient in your trade. This is not the case. I am sure we all know many IT ‘Professionals’ who are not really worth that title and do not really know their stuff. For that reason certification is a really great idea.

So why do I self-study and what do I do to achieve the aims I set myself. More importantly what motivates me to keep going?

Going back to the Learning styles, I use a blend of all three, with regular access to the Microsoft Virtual Academy (MVA) a superb resource of FREE professional training. This includes a number of Jump Start courses which are traditionally held as live events by Microsoft Evangelists and members of the product teams, recorded and hosted for online streaming or downloads. The slide decks and associated supporting material are also available. This really is a rich repository of high quality training in all areas of Microsoft technology. As part of most courses in the MVA, there are short multiple choice quizzes to answer to ensure that learning has taken place.

So my No 1 tip is get on the MVA and start learning. There is currently a neat promotional game attached to the MVA, if you register here you can become an MVA superhero, by taking courses in six defined service or product tracks, you can enter for major or minor prizes and learn at the same time, enter here. For those with a competitive bent, each course earns points and there are league tables on a national and global scale. mvahero1

My area of specialism is Microsoft Infrastructure technologies so the TechNet Library is vital to my study. Recently Microsoft released the whole Server 2012 and Server 2012 R2 library as a single PDF file. Be warned it is a 126 MB big and contains nearly 9000 pages of technical information, but it is not as bad as it sounds since the first 370 pages are the contents table! I also rely on proper paper books when travelling, I never have got used to using a gadget for reading books, but I suppose I will eventually. I use a lot of Microsoft Press titles, they are available in print or as eBooks. Microsoft also offer a large range of FREE eBooks in current and emerging technologies. These are listed here and here. Finally on the TechNet front, there is an endless list of useful Blogs.

One of the reasons I have been studying quite so much over recent years is that I am a Microsoft Certified Trainer (MCT) and to be able to teach the Official Curriculum (MOC) and Official Academic Curriculum (MOAC) course for a product, Microsoft insist that you are certified in that product, which makes sense. One of the major benefits of being an MCT is that you gain access to all the courseware and Virtual Machine lab environments as well. This means that I am able to get hands on experience with all the products I am learning. Of course this requires some fairly powerful hardware, especially if you are studying Private Cloud and other Virtualisation courses. If you don’t have access to these courses and have not got a home lab environment but you would like hands on experience, then TechNet also provide online labs and demos for FREE. Check them out here.

I thoroughly recommend two additional Microsoft Learning Experience (LeX) resources.

The first is the Learning web site here which lists all official courses and certification exams as well as what is required for each one.

lex

 

The other is the Born To Learn website here, this is another rich resource of learning and certification material with online forums and direct access to Microsoft’s learning Experience staff. b2l

The vast quantity of all this invaluable material should tell you one thing. No way can you read or consume it all. The best way of focussing your energy and attention is to create a useful study plan that takes into account your work life, family life as well as your general aims in terms of study or certification.

So how do you find time and more importantly how do you remain motivated to keep learning, keep on taking exams and courses? Your answer will be different to mine. It could be a new certification will lead to a new job or promotion in your current role, all good motivational stuff. The answer lies in WHY you want to study. When I was at school I had to study and hated it, I therefore did not do as well as I should or could have. When I decided I needed to and wanted to study later in life I found it all too easy to remain motivated, it was my choice, my idea and my time I was giving up to do it.

So what does my typical working / study week look like.

I am a Technical Evangelist working for Microsoft UK so I don’t have a typical week, which is a great aspect of the job. This does however mean that if I want to start a course of study I have to squeeze it in wherever I am. I also have to squeeze it in at strange times of the day. Until recently I was a regular early morning runner and was training for marathons, this meant a good couple of hours out and about. Now I am not doing that, I spend that time on study. I also spend time when my wife is out at Choir practice or other social events. In short I squeeze it in where I can. Invariably this is early morning or late night sessions in hotel rooms, on trains or at home.

Luckily my current role involves a great deal of hands on prep so I can develop the detailed knowledge every day. What I do need to improve at is management of that time. I tend to get side-tracked into the next bit of awesome technology. I was writing an IPAM blog post the other week and ended up playing with System Center VMM virtual networks and looking at Software defined networking. Off topic!

I probably haven’t helped much with motivation, which is entirely down to you the learner, little or no motivation will result in little or no effective study. But hopefully the tips below will help with making time and finding the right resources for self-study as an IT professional.

There are of course many Learning providers that offer both online and in class instructor led courses, if that is your preferred method of learning. There are also many approved online prep tests. But be sure they are approved and not just copies of answers. You can find the approved sites listed on the Microsoft Learning site, such as here for the MCSE Server Infrastructure.

If you take a look at the output from the Microsoft Skills dashboard tool which is based on research conducted with www.theitjobboard.co.uk, you can see that there has been a considerable spike in demand for Jobs and roles where Windows Server 2012 certification would assist.

techtrend2

The above graph shows a 12 month period where the Y axis = No. of jobs and the  X axis = Technology-Role.

The data above shows that we have seen most of this spike for IT Professional roles, however demand for IT consultants with Windows Server 2012 skills have been steady.

The data certainly backs up my argument that getting trained is an essential part of normal IT pro life. (The data is skewed in my area of expertise (Windows Server), but as you can see the jobs and skills are out there to be learned and earned.

My final piece of advice is, if you want to stay in the IT industry, NEVER STOP LEARNING, if you do, it will leave you behind quicker than you can say OS/2 or IPv6.

Happy studying. And remember PowerShell is the Future!

IPAM – Part 2 RBAC and new features

So, apart from RBAC, what IS new in IPAM in Windows Server 2012 R2?

There is quite a long list here.

One of the big additions is that IPAM now supports RBAC – Role Based Access Control, this now enables you to customise access and operations permissions for users and groups of users with granular control of IPAM objects.

The second really big new feature, especially for a Virtualisation IT Pro is the ability to manage the Virtualisation Address Space. So in addition to your physical device IP address space IPAM now manages the IP space created and managed by System Center Virtual Machine Manager (SCVMM.)

Other cool new facilities include additional DHCP server management capabilities, IPAM also now supports a full SQL Server database rather than just the WID (Windows Internal Database).

The final two bonus items are that

  1.  When you upgrade a Windows Server 2012 IPAM deployment to Windows Server 2012 R2, all current data is migrated for you.
  2. PowerShell support is now greatly enhanced. Improving automation, extensibility and integration. (Regular Blogg(Ed) readers will know this excites me greatly as PowerShell is the future.)

First things first then, let’s assume I have an IPAM deployment as described in Part 1, and I have upgraded my infrastructure to Windows Server 2012 R2 and have deployed System Center 2012 R2 VMM. How do I take advantage of the new goodness?

I would recommend reading my fellow Microsoft Evangelist Simon May’s blog article on installation of IPAM HERE , there are some tricky GPO and other IPAM provisioning gotchas.

I am going to split the series into three with this post covering the RBAC, post 2 being the SCVMM integration and post 3 being the rest!

RBAC has been around for many years and most vendors are slowly integrating full granular control directly into their products.  The initial release of IPAM did have a cut down version limiting administrators and users access based on five different security groups (similar to roles).

  • IPAM Users: Members of this group can view all information in server discovery, IP address space, and server management. They can view IPAM and DHCP server operational events, but cannot view IP address tracking information.
  • IPAM MSM Administrators: IPAM multi-server management (MSM) administrators have IPAM Users privileges and can perform IPAM common management tasks and server management tasks.
  • IPAM ASM Administrators: IPAM address space management (ASM) administrators have IPAM Users privileges and can perform IPAM common management tasks and IP address space tasks.
  • IPAM IP Audit Administrators: Members of this group have IPAM Users privileges and can perform IPAM common management tasks and can view IP address tracking information.
  • IPAM Administrators: IPAM Administrators have the privileges to view all IPAM data and perform all IPAM tasks.

Now whilst this was a good idea to ensure some separation of responsibilities and duties, it was not granular enough to be described as proper RBAC.

RBAC requires three components to be fully functional.

Roles, Access scopes and Access Policies. These are described below

A Role is simply a collection of IPAM operations. A role can be associated with a user or a group (best practice is by group rather than individuals). This association is carried out suing an access policy. IPAM now provides 8 built in administrator roles but more can be created to cater for all your own requirements.

An Access Scope defines the objects that a user has access to. The default scope is Global, meaning that all objects in IPAM are covered. Any new scopes are subsets of this. An organisation may choose to assign scopes by geography or function. In the case of the Global scope, a user or group would have access to all objects that the assigned role allows.

Access Policies match up an Access Scope and a Role to assign a user or group the necessary permissions. As an example a user who has the Role of IP Block administrator and the scope of UK/Eire would have permissions to edit and delete IP Address blocks but only in the area under the scope of UK/Eire. That user would not be granted permission to edit IP Address blocks in the USA.

The table below shows the default roles and scope.

Type Name Description
Role DNS record administrator Manages DNS resource records
Role IP address record administrator Manages IP addresses but not IP address spaces, ranges, blocks, or subnets.
Role IPAM administrator Manages all settings and objects in IPAM
Role IPAM ASM administrator Completely manages IP addresses
Role IPAM DHCP administrator Completely manages DHCP servers
Role IPAM DHCP reservations administrator Manages DHCP reservations
Role IPAM DHCP scope administrator Manages DHCP scopes
Role IPAM MSM administrator Completely manages DHCP and DNS servers
Access scope Global By default, all objects in IPAM are included in the global access scope. All additional scopes that are configured are subsets of the global access scope.

Lets walk through a quick creation of a role, scope and policy.

Below is the IPAM client console with the new Access Control pane selected. You can see the Role, Access Scopes and Access Policies settings available for selection on the left hand side. Each section shows the roles / details so that all can be seen at a glance.

ip1

 

Below are shown smaller images (click for full size) of the Scope and Policies sections.

 

ip2ip3

 

 

 

 

 

 

 

 

 

 

 

 

By Right Clicking the role title, you can create a new role as shown below

ip4

 

 

 

 

 

 

 

 

 

 

 

 

 

 

It is a simple matter of selecting the IPAM operations you want the role to be able to perform. The next step is to right click the Access scope title and add a new scope. (This will automatically become a sub scope of the Global access scope)

ip5

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Having created the Role and the scope, the next step is to connect them within an Access policy, simply right click on the Access policies title and create a new policy

ip6 RBAC

This dialog allows the user to select a policy name and then to match any of the roles to any of the scopes in the IPAM database. So one policy can control more than one role and one scope.

Don,t forget you still have access to the five local security groups on the IPAM server to control a user or administrators access to the console and its tasks.

In the next post I shall cover the newly added Virtualisation IP Address space features.

Meanwhile if you haven’t tried Windows Server 2012 R2 and IPAM, evaluate it now – HERE!

PowerShell Version 5.0 Preview

I know, PowerShell Version 4.0 has only just landed with us as part of Windows Management Framework 4 and Windows Server 2012 R2 BUT the preview of WMF 5 and PowerShell 5.0 is here already.

So a very quick run through of what is new is in order, I think.

Well – since the Future IS PowerShell, it’s no surprise that a number of new features and functionality are included. Check it out by downloading here

The key new functionality includes updates to PowerShell and the Integrate Scripting Environment as well as Desired State Configuration.

The two I want to concentrate on here though are Network Switch CmdLets and OneGet.

Don’t forget though that if you do install the preview it is not Generally released or supported so the usual caveats apply about not using it in production etc.

Network Switch Cmdlets

      The Network Switch Cmdlets enable you to do switch, VLAN and basic Layer 2 network switch port configuration to Windows Server 2012 R2 Logo certified Network switches.
      Using these cmdlets you can do:
      • Global switch configuration, such as:
        • Setting host name
        • Setting switch banner
        • Persist configuration
        • Enable or disable feature
      • VLAN configuration:
        • Create or remove VLAN
        • Enable or disable VLAN
        • Enumerate VLAN
        • Set friendly name to a VLAN
      • Layer 2 port configuration:
        • Enumerate ports
        • Enable or disable ports
        • Set port modes and properties
        • Add or associate VLAN to Trunk or Access on the port

Available CmdLets are shown below

powershell52

Being a preview, the help available is limited for now and attempting to update it results in errors.

OneGet

      OneGet is a new way to discover and install software packages from around the web. With OneGet, you can:

      • Manage a list of software repositories in which packages can be searched, acquired, and installed
      • Search and filter your repositories to find the packages you need
      • Seamlessly install and uninstall packages from one or more repositories with a single PowerShell command

OneGet CmdLets available are shown below.

pshell51

again, help is limited but as an example.

Simply entering Find-package results in a huge list of available software products that can be fetch and installed.

Be aware that changing the default script execution policy will be required.

Set-ExecutionPolicy RemoteSigned

will be sufficient.

so to fetch and install zoomit (the SysInternals indeispensible tool) is a simple matter of

Fetch-Package zoomit | Install-Package

This results in the following screens

powershell55

This shows the warning prior to installation

powershell54

Installation of the application package

powwershell53

Success of the installation

Only a preview but I can’t wait for this to become Generally Available. The potential for being able to control your Network Switches in conjunction with your System Center Virtual Machine Manager is huge!

Deployment of software through this method may not be the future for an enterprise deployment BUT its a seriously fast way of installing applications without as many of the usual multiple steps.

 

 

 

Convert all your VMWare VMs to Hyper-V – FREE

You could be forgiven for thinking that the 8th April 2014 is only really going to be remembered for the End of Support for Windows XP after almost 15 years of service. Time will tell, but I would venture that a large number of Virtualisation IT Pros are still rubbing their hands with glee at the release of the Microsoft Virtual Machine Converter 2.0 (MVMC) and since the future is PowerShell, they will also be salivating with anticipation at using the Migration Automation Toolkit (MAT) released to support the MVMC 2.0. What is it? Why is it such good news? And who will use it?

MVMC 2.0 and MAT

MAT1

First and fairly importantly MVMC 2.0 is a completely free toolkit to assist an IT Pro in converting VMWare virtual machines into Hyper-V Virtual Machines and yes also into Microsoft Azure Virtual Machines. The MAT is a PowerShell-based set of scripts and utilities to automate this process over a number of hosts and platforms.

If you are not a VMWare customer or do not use VMWare Virtual Machines and don’t need to know how to convert them and don’t think you will ever need to, then you can stop reading,

‘this is not the blog post you are looking for.’

Otherwise – read on….

Over recent years Hyper-V has, for many good reasons been eating into the installed base of VMWare virtualisation customers. With the advent of this tool, the process of conversion to Hyper-V is dramatically simplified. If you are unsure of the value of such toolkits, it is possible to download the Windows Server 2012 R2 operating system (evaluation) install the Hyper-V role (free) and the MVMC 2.0 and MAT (free) and prepare a test migration to prove it will be fast, efficient and trouble-free to migrate all of your Virtual Machines from VMWare to the Azure or Hyper-V platforms.

 Should you be using Linux as the basis for your VM guest estate, then your final solution will require absolutely no licence fees for Microsoft products. Especially if you choose to use the Microsoft Hyper-V server as your final host (free)

All sound too good to be true, well it’s not, below I explain what MVMC 2.0 and MAT can do for you.  

The installation pre-requisites are

For MVMC

Windows Server 2008 R2 SP1 or above (I just installed it on Windows 8.1 (update 1) the full list is below

Supported Operating Systems

Windows Server 2008 R2 SP1, Windows Server 2012, Windows Server 2012 R2

Before you install Microsoft Virtual Machine Converter (MVMC), you must install the following software on the computer on which you want to run MVMC:

  • Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 SP1 operating systems
  • Microsoft .NET Framework 3.5 and .NET Framework 4 if you install MVMC on Windows Server 2008 R2 SP1
  • Microsoft .NET Framework 4.5 if you install MVMC on Windows Server 2012 [A1] or Windows 8.
    Note Although MVMC installs on all of these versions, using the Windows PowerShell cmdlets that are released as part of MVMC requires Windows PowerShell Runtime 3.0, as the cmdlets function only on Windows Server 2012 [A2] and above or Windows 8.
  • Visual C++® Redistributable for Visual Studio® 2012 Update 1

For MAT

1. The Microsoft Virtual Machine Converter (MVMC)
3. SQL Express or any other SQL Server Editions
4. A Windows account with rights to execute MVMC locally
5. A Windows account with rights to schedule tasks on remote systems and run MVMC (if using remotes)

MVMC is a wizard driven conversion tool but also works with the System Center automation engine provided in Orchestrator 2012 R2. And can be invoked from the PowerShell command line.

The major new features in MVMC 2.0 are listed below:

  • Converts virtual disks that are attached to a VMware virtual machine to virtual hard disks (VHDs) that can be uploaded to Windows Azure.
  • Provides native Windows PowerShell capability that enables scripting and integration into IT automation workflows. (Completely new, previously MVMC had its own command line interface).
  • Supports conversion of Linux-based guest operating systems.
  • Supports conversion of offline virtual machines.
  • Supports the new virtual hard disk format (VHDX).
  • Supports conversion of virtual machines from VMware vSphere 5.5, VMware vSphere 5.1, and VMware vSphere 4.1 hosts Hyper-V virtual machines.
  • Supports Windows Server® 2012 R2, Windows Server® 2012, and Windows® 8 as guest operating systems that you can select for conversion.

MVMC 2.0 standard features include:

  • Convert and deploy virtual machines from VMware hosts to Hyper-V hosts on Windows Server® 2012 and 2012 R2 or Windows Server 2008 R2 SP1
  • Convert VMware virtual machines, virtual disks, and configurations for memory, virtual processor, and other virtual computing resources from the source to Hyper-V.
  • Add virtual network interface cards (NICs) to the converted virtual machine on Hyper-V.
  • Support conversion of virtual machines from VMware vSphere 5.5, VMware vSphere 5.0, and VMware vSphere 4.1 hosts to Hyper-V.
  • Wizard-driven GUI, which simplifies performing virtual machine conversions.
  • Uninstalls VMware Tools before online conversion only, provides a clean way to migrate VMware-based virtual machines to Hyper-V.
  • Support Windows Server and Linux guest operating system conversion.
  • PowerShell capability for offline conversions of VMDK Disks to Hyper-V .vhd disks

Finally to install MVMC 2.0 – the account in use must be a local administrator on the machine.

The MVMC installation files can be obtained here and consist of an msi setup file that installs the wizard, an admin guide document and a cmdlets document.

MAT is simply collection of PowerShell scripts that will automate conversions using MVMC 2.0 and it is back ended by a SQL instance (SQL Express will work). You can use it to convert several machines at once, on a single server – or scale it out and execute conversions on many servers at the same time.

 

Although MVMC 2.0 can convert VMWare VM’s to Microsoft Azure, this has not currently been implemented in MAT, so this product is scoped to on-premises conversion only, for the time being.

Most of the MAT changes are minor revisions but it does ship with an example script which demonstrates how a migration can be controlled using a single PowerShell script and PowerShell workflows. In short this demonstration or example script can move all running VM’s from a VMWare host to a Hyper-V host.

Since I aim to keep all my posts close to 1000 words – I will cover more detail in another post – especially the use of PowerShell Workflows and the architecture of MAT.

 

IPAM – Part one – (again)

Back when Windows Server 2012 was released, I produced a series of How-to guides, one of which was on the benefits of IPAM – IP Address Management, one of the 18 roles available in the Server Operating System.

That article is repeated below as part one in my What’s new in IPAM – as provided in Windows Server 2012 r2.

Check Back for Part 2 next week.

How to use IPAM in Windows Server
2012

 Ed Baker MCSA, MCSE, MCT (Regional Lead UK) – Technical Evangelist – Microsoft UK

 

What is IPAM in Windows Server 2012, and why is it a big deal?

Speak to any Network or Server Administrator and they’ll proclaim one of their top five nightmares is managing IP addresses. Windows Server 2012 has introduced a brand new feature that will ease those nightmares and sooth the stresses of looking after such beasts as DHCP servers and DNS servers.

IPAM (IP Address Management) in Windows Server 2012 is the new framework for finding, monitoring and managing IP addresses on a network.

Why is this a big deal?

The ability to automatically manage your DNS, DHCP and all the monitoring and auditing is potentially a huge deal. No more worrying about running out of addresses in a subnet. No expensive third-party application to buy. No more scrappy bits of paper if you don’t buy the apps!

Historically, maintaining these records is either expensive or tricky – or both. Not now: IPAM is here.

What do I need to get started?

IPAM is a feature of Windows Server 2012 and must be installed as such, either by using the Add Roles and Features wizard or through PowerShell 3.0

The IPAM feature only runs on Windows Server 2012 so the first prerequisite is an installed server which must be a domain member. IPAM only works across a single forest model but can work across trusted and untrusted domains within the forest.

IPAM supports ONLY Microsoft DHCP, DNS and NPS servers, and Domain Controllers running Windows Server 2008 and above. Each of these must also be domain-joined in the same forest.

IPAM requires Windows Internal Database (no other will work) and supports up to 150 DHCP and DNS servers, with a total of up to 150 DNS zones and 6000 DHCP scopes.

IPAM will work on a small domain with very few servers but really comes into its own in a large distributed environment with a complex IP addressing and DNS scheme. The lab environment used in this document contains three servers (DC and DNS, DHCP and an IPAM) with a client. The technical setup is not complex but is time consuming. To keep this simple, I’ve used the Microsoft lab setup and the link is here. The test lab configuration begins half way down the document.

 

What will this actually do for me?

Once the setup is complete, the IPAM server becomes your best friend for all things DNS, DHCP and IP! The screenshot below shows Server Manager (what else?) in IPAM mode.

ipam1

 And this is the Server Inventory screen. From here you can run your empire, literally:

 ipam2

The initial setup and getting to this point can be quite time-consuming and involves automatic discovery of all the servers you wish to manage, and the services they provide.

Address management

Once here, the next step is to create your IP address blocks, ranges and individual addresses. This can be done manually or by importing CSV files. Each of these objects can be assigned additional user-defined attributes to allow grouping. An example would be departments or building and floors. As shown below.

ipam3 

In this screenshot, the IPAM administrator has created IP address ranges that are attached to particular buildings and an individual floor within that building. It then becomes very easy to find, monitor and manage a particular site or floor and make bulk changes to those areas. Imagine the actions necessary before this functionality!

ipam4

This is available for any custom fields as well as managing by the service, such as DNS or DHCP. It is also easy to select all your ranges and focus down into those which have similar attributes, and then to make changes. Highly configurable IP management.

Having decided what static addresses you need it is also possible to enter them into the IPAM console, and from there carry out the required DHCP and DNS functions, such as reservations and host records.

ipam5

 

 

 

 

 

 

 

 

 

 

There are far too many functions and facilities with IPAM for a short how to guide. My best advice is to build the lab and dive in.

Remote Management

Once the IPAM administrator has chosen which servers to manage using IPAM, that is exactly what he or she can do, with a simple right-click.

ipam6left

 

 

 

 

 

 

 

ipam6right

 

 

 

 

 

 

 

 

 

 

For DHCP and DNS servers, MMC can be launched to remotely manage, or for DHCP the administrator can make edits using IPAM dialogs to change Server and Scope options directly. This saves separate remote desktop sessions and even in some instances visiting sites to make changes.

 

Auditing

Having created and implemented your IP Schemes and managed them successfully, the final advantage of IPAM is that the feature provides detailed auditing of all the DHCP and DNS events and logs in one place.

ipam7

 

 

 

 

 

 

 

The auditing facilities are as flexible as the rest of IPAM. From address management events within the IPAM server itself, to granular listings of all events relating to an individual Host Name.

ipam8 

The screenshot above shows ALL events relating to a single client Host Name, each one of which can be detailed in the details view.

I need more help!

 

The functions and facilities involved in running an IPAM system will be new to many administrators. Microsoft has not always been the first to provide easy to find, easy to read and easy to understand help information. In general, Windows Server 2012 – and specifically Server Manager and IPAM – has put a sudden
stop to this trend.

ipam 9

 ipam10

As can be seen above, there are relevant, readable help texts in exactly the place you need them.

Moreover, it appears everywhere you need it.  The text is not overwhelming and is actually very useful to the new user as well as the old-timer who has temporarily forgotten something.

In summary

 

Windows Server 2012 has introduced hundreds of new features and facilities for the administrator. I would suggest that for a larger network, IPAM falls firmly into the big five most useful and usable of these.

 IPAM is a brand new feature in Windows Server 2012, in previous versions, the only solutions were paper-based or 3rd party-application-based; one being expensive, the other tricky to maintain.

IPAM is the ideal solution to manage ALL your Microsoft based DNS, DHCP and NPS administration from one place with little or no stress involved.

 Thanks Microsoft – Good Job!

 (September 2012)

 

 

 

 

 

 

 

 

 

 

 

Hybrid Cloud – take the ExpressRoute to extending your VPN into the Microsoft Azure Cloud

One of the traditional impediments to businesses adopting public cloud computing is the concern over putting all your eggs in one basket. The Hybrid cloud is the solution to this.

reluct

 

The Hybrid cloud is a description of utilising a pre-existing on-premises datacentre and a cloud solution such as Microsoft Azure to balance the overall solution.

 

mikeyt

 

The last two days at Enstone with the Lotus F1 team have been an excellent introduction for a packed audience into the way to use System Center to manage your on-premises datacentre (or private cloud) and to start using Microsoft Azure to develop your Hybrid Cloud.

 

 

Michael Taylor the CIO of Lotus F1 (above) gave an excellent introduction to both days. He explained that Lotus keep all business critical and confidential data in their own data centres. Lotus then use Office 365 and Microsoft Azure to host their email and other less critical services in the Cloud – Forming a true Hybrid Cloud solution.

Often networking and connectivity is seen as another impediment to connecting these two discrete elements and yet maintaining security. The recent Heartbleed OpenSSL issue although not directly affecting the Azure platform does highlight the need for vigilance and the security of the connectivity in a modern, robust Cloud solution. Essentially businesses want Azure in their network.

custYesterday Microsoft announced the ExpressRoute partnership programme and introduced BT and Equinix as the first partners to provide the solution in the UK and EMEA. The BT announcement is here and the Equinix one is here and the Microsoft Azure blog covers it well here

 

So ExpressRoute – what is that?

hybrid1

First and foremost ExpressRoute provides a private dedicated connection between Azure and the customer datacentre, no reliance on a shared internet infrastructure to reach your apps, services and data. 

Within this you can now choose the network performance you want or need (or can afford), this will allow you to design your Apps better and meet QoS and SLA requirements.

How fast do you say?  – Well up to 10Gbps – is that fast enough! If you have large amounts of data to move between your datacentre and Azure or vice versa then this is a great, fast and economically sound option.

So it is fast but what can I use it for?

ExpressRoute is designed to cater for mission critical workloads such as

  •  Storage (Migration, DR, retention archives)
  • Dev/Test (large VM movements from Dev / Test / Production environments)
  • BI and Big Data (Efficient transfer of large data sets to increase ‘Big Data’ performance)
  • Media (solid and predictable performance for streaming data to or from Azure)
  • Hybrid Apps (the mix of High Bandwidth and Low Latency links create a great environment for Azure to be used as a datacentre extension for multi tier apps  – improved I/O and API response times.)
  • Productivity Apps (Sharepoint as an example requires high bandwidth and low latency to work at scale)

There are three routes into Azure as shown below.

route

Express route provides a dedicated private route in one of two flavours an Exchange provider or Network Service provider route. The former provides a simple point to point solution while the latter exposes Azure as an additional site in the corporate network.

2roots 

 

 

Any regular reader of this blog will know that the I openly declare that the future is PowerShell and ExpressRoute is no different there are specific ExpressRoute Commandlets.

pshell

Microsoft provide ExpressRoute pricing for the access and bandwidth as well as throughput and your network provider will add their charges on top of this.

To keep up to date with ExpressRoute and all the changes and developments within Microsoft Azure bookmark the Azure Page  and the Azure Blog

The only question left for me is why wouldn’t you adopt this economically viable, flexible and fast solution to the Hybrid Cloud solution – Bring Azure into your network.

 

Try it free. Connect to the cloud for free with Microsoft Azure.
Sign up now or download your free training kit.

 

 

 

 

 

 

 

1 month in – its all about Touch and Dogfood

So – What have I learned in the first month working for Microsoft.

Certainly too much to write about on a blog and a lot of it I couldn’t anyway. But  I want to focus on two things that have particularly struck me as hugely important to my daily working life here.

First, I have an iPad and I even had a number of other touch devices going back to a Palm Pilot and an iPaq (the Compaq ones) in the 1990’s. BUT until now I have not really found anything that works for me as a touch interface. Either the screen has been too small, dark, sensitive or just plain clunky to use with Touch.

Enter Windows 8.1 and the world of Touch has become something that I just use and it is intuitive (for me) and things just happen more quickly and seamlessly. I have been allocated an Asus Ultrabook which is seriously cool (in a blokey gadget sort of way), it is light, fast and has capacity but most of all it has a great touch screen that makes Windows 8.1 work so well for me. So much so that when I use my Lab rig machine a Dell Precision M6700 behemoth I really really miss the touch screen, even running a full Private Cloud Lab. My belief is that Touch is definitely the future and it is no surprise to me that the ONLY machine I have ever supplied to any of my customers (before my life at Microsoft started) that I wish I could keep is the Asus ET2300 Touch all in one PC – Check it out its superb.

Secondly It shouldn’t really come as a surprise to me that a phrase that is omnipresent at Microsoft is Dogfood (indeed there is an internal dogfood site).

As an IT consultant over a good few years, I rarely visited a customer where everything just worked. Where everyone was happy with the internal IT team and where the systems ‘just worked’. Well as far as I have found so far (and I have looked quite hard). Everything here is dogfood and it just works. I sit at home using DirectAccess (part of the Windows Server 2012 R2 remote access story), this uses Virtual Smart Card technology too so providing you have a modern system with a TPM on board you can dispense with the physical card for remote access. The TPM also enables BitLocker Drive Encryption which protects all your valuable data.

All this is Dogfood here and all of this is available out of the box in Windows Server 2012 R2. Why not go and try it out here now.

I haven’t even started on the use of System Center, Windows Azure, Office 365 – all in use to run the company not just for demonstration or evaluation.

Why not come along to one of our IT Camps in April to see how Windows Server 2012 R2 and the System Center 2012 R2 components help to build the modern data center based Private Clouds and also the see the Hybrid cloud model using Windows Azure.

Book Here, they are being held in some very special places!

See you there

 

 

The start of something new and exciting

I always look forward to new challenges with a mixture of excitement and nerves.

Well this one is a real biggy. On Monday 3rd March I start work for Microsoft UK as a Technical Evangelist focusing on Infrastructure products.

It’s taken a long time getting to this point, many years, hundreds of exams and hours of reading, teaching, presenting and blogging. Excited – You bet!

I will be posting a great deal more than I have in the past and this page will be a mixture of tech and business / career related posts. I will also be revamping the theme and making it a more ‘professional’ experience!

My first week already looks a busy busy time, Reading, Manchester, London, Surrey – I look forward to the experience ahead.

Ed

Pick a Server – any Server

Ever wondered which edition of Windows Server 2012 R2 is right for you , your company or which one to evaluate?

Well Microsoft has released a single page, PDF download which shows everything you wanted to know about all the possible editions of the product and were too afraid to ask.

products

It covers.

Windows Server 2012 R2 Datacenter

Windows Server 2012 R2 Standard

Windows Server 2012 R2 Essentials

Windows Server 2012 R2 Foundation

Microsoft Hyper-V Server 2012 R2

Windows Storage Server 2012 R2 Standard

Windows Storage Server 2012 R2 Workgroup

This family of products caters for business of all sizes from 2 users to millions of users. From no virtualization  to unlimited VM’s. Not forgetting the completely free edition Microsoft Hyper-V Server 2012 R2.

Why not visit the Cloud OS Evaluation page and try out the one you think would be best for you?

For those chasing certification in any area that includes Windows Server 2012 R2 – this is an invaluable desktop study resource.