12 Apr 2013

Intro to Windows Server 2012 IPAM

IPAM, as known as IP Address Management is an important part of any IT infrastructure. As organization grows IP management becomes more challenging as well. With introduction of virtualization and IPV6, IP management can be even more challenging. IPAM is more of a model for provisioning, discovering, maintaining and auditing IP address in your IT environment. IPAM usually integrates other infrastructure components such as DHCP and DNS.

Traditionally this is handed via notepad, excel spreadsheet or a wiki page. Imagine tracking IPv6 addresses via a spreadsheet. This can be very painful due to the complexity of IPv6 and its address length. In past a few years, 3rd part vendors are offering IPAM hardware appliances at outrageous cost. These devices are very complicated to use with very little support. Vendors such as Info***x offers IPAM solution bundled with infrastructure services such as DNS and DHCP. This introduces a new, unproven, unfamiliar technology to the environment. IT admins have been using Microsoft DNS and DHCP for years while it has proven its stability. 3rd party vendors will often try to convince IT admins to replace these services just so they can have full integration with the IPAM software.

Windows Server 2012 now provides full IPAM solution that integrates with its DNS and DHCP services. This feature that's part of Windows Server 2012 does not require additional license except for the operation system itself. IPAM feature Windows Server 2012 includes majority of the features compared to 3rd party vendors. Here is the list:

    Support for IPv4 and IPv6
    Automatic environment discovery
    Trend monitoring and IP allocation statistics
    Support for reporting
    Allow importing from csv file
    Full integration with Microsoft DNS and DHCP
    APIs support for 3rd party DHCP servers and SCVMM ( Microsoft version of VMware vCenter)
    Auditing for configuration changes
    Logon event tracking of IP Addresses
    Agentless deployment via GPO
    Logical visualization of IP ranges
    Support for Custom Field attributes

IPAM allows IT administrators to single value and multivalued custom attributes addition to the built-in ones. This allows for custom attribute tagging for defining logical groups which display IP address subnets in logical perspective. IPAM supports for CSV file import of IPaddress and IP ranges. This requires that column fields in the csv must match the IPAM field columns. When import, the order of the columns in CSV doesn't matter but field names must match. Use the "Import-NamsRange" to import IP addresses from CSV file. IMO, IP address tracking feature in Windows Server 2012 IPAM is a game changer. It is essential to have trail of IP devices during a specific time used by the end user. Current DHCP technology only keeps track of current DHCP leases. Theses leases change expires and change which makes it hard to track down who had the particular address at certain time.

Windows Server 2012 IPAM Requirements

    * Healthy Active Directory ( IPAM Server must be part of the domain )
    * Access to domain controller for automatic discovery
    * Account logon" event logging must be on for Address Tracking feature
    * IPAM should not collocate with other roles
    * IPAM cannot collocate with Active Directory role

To install IPAM features, use the "Add Roles and Features Wizard". After installing IPAM feature on your Windows Server 2012, you are ready to configure and deploy. You can choose to manual provisioning method or deploy via Group Policy for managed DHCP and DNS servers. As always Microsoft recommends using GPO to provision IPAM configuration. A mentioned in last a few artices, IPAM automatically discover DNS and DHCP servers by utilizing Active Directory. "Involke-IpamGpoProvisioning" PowerShell command to crete IPAM GPOs. This powershell command will create a GPO for DHCP, DNS and NPS.


No comments:

Post a Comment