IP Address Management (IPAM)

IP address management is difficult for large organisations with hundreds of networks. Windows Server 2012 has an IPAM feature that allows for management and configuration from a database perspective. 

Smaller organisations cannot appreciate the challenges that large organizations have in tracking, assigning, planning, and changing IP addresses. For these larger organisations, IPAM has become a necessity.

IPAM lets you view IP address availability and configuration from a database perspective, enabling you to use your addresses more efficiently. IPAM features such as IP reconciliation and automation can eliminate the need to use spreadsheets for tracking addresses.

In addition to monitoring functions, several DHCP server and scope properties can be configured from the IPAM console.

IPAM includes components for:

• Automatic IP address infrastructure discovery: IPAM discovers domain controllers, DHCP servers, and DNS servers in the domains you choose.

• Custom IP address space display, reporting, and management: The display of IP addresses is highly customizable. IPv4 and IPv6 address space is organized into IP address blocks, IP address ranges, and individual IP addresses. IP addresses are assigned built-in or user-defined fields that allows it to be grouped hierarchical or logical.

• Audit of server configuration changes and tracking of IP address usage: Operational events are displayed for the IPAM server and managed DHCP servers. IPAM also enables IP address tracking from Network Policy Server (NPS), domain controllers, and DHCP servers. Tracking is available by IP address, client ID, host name, or user name.

• Monitoring and management of DHCP and DNS services: IPAM availability monitoring for Microsoft DHCP and DNS servers across the forest. DNS zone health is displayed, and detailed DHCP server and scope management is available

IPAM Design Considerations

IPAM will periodically attempt to locate domain controllers, DNS, and DHCP servers on the network that are within the scope of discovery that you specify.

Certain security settings and firewall ports on a server must be configured to allow the IPAM to perform required monitoring and configuration functions. The IPAM server will communicate with managed servers using an RPC or WMI interface.  

The following local IPAM security groups are created when installing IPAM.

• IPAM Users: Members of this group can view all information in server discovery, IP address space, and server management. They can view IPAM and DHCP server operational events, but cannot view IP address tracking information.

• IPAM MSM Administrators: IPAM multi-server management (MSM) administrators have IPAM Users privileges and can perform IPAM common management tasks and server management tasks.

• IPAM ASM Administrators: IPAM address space management (ASM) administrators have IPAM Users privileges and can perform IPAM common management tasks and IP address space tasks.

• IPAM IP Audit Administrators: Members of this group have IPAM Users privileges and can perform IPAM common management tasks and can view IP address tracking information.

• IPAM Administrators: IPAM Administrators have the privileges to view all IPAM data and perform all IPAM tasks.

 

DHCP on Windows Server 2008 vs. 2012

Windows Server 2008

In Windows Server 2008 R2, there are two high availability options available for DHCP Server deployment.

1. DHCP in a Windows failover cluster. This option places the DHCP server in a cluster with an additional server configured with the DHCP service that assumes the load if the primary DHCP server fails. The clustering deployment option uses a single shared storage. This makes the storage a single point of failure, and requires additional investment in redundancy for storage. In addition, clustering involves relatively complex setup and maintenance.

2. Split scope DHCP. Split scope DHCP uses two independent DHCP servers that share responsibility for a scope. Typically 70% of the addresses in the scope are assigned to the primary server and the remaining 30% are assigned to the backup server. If clients cannot reach the primary server then they can get an IP configuration from the secondary server. Split scope deployment does not provide IP address continuity and is unusable in scenarios where the scope is already running at high utilization of address space, which is very common with Internet Protocol version 4 (IPv4).

Windows Server 2012

DHCP failover in Windows Server 2012 enables administrators to deploy a highly resilient DHCP service to support a large enterprise without the challenges of the options discussed earlier.

The main goals of the feature are the following:

• Provide DHCP service availability at all times on the enterprise network.

• If a DHCP server is no longer reachable, the DHCP client is able to extend the lease on its current IP address by contacting another DHCP server on the enterprise network.

The DHCP server failover feature provides the ability to have two DHCP servers provide IP addresses and option configuration to the same subnet or scope. The two DHCP servers replicate lease information between them, allowing one server to assume responsibility for servicing of clients for the entire subnet when the other server is unavailable. It is also possible to configure failover in a load-balancing configuration with client requests distributed between the two servers in a failover relationship.

Server sizing

IPAM System requirements
Processor	Minimum: 1.4 GHz 64-bit processor
RAM	Minimum: 4096 MB
Disk space	Minimum: 64 GB
Other requirements	DVD drive Super VGA (800 x 600) or higher-resolution monitor Keyboard and Microsoft® mouse (or other compatible pointing device) Internet access (fees may apply)
Network adapter	Two 10/100/1000 Fast Ethernet adapters supporting PXE

Table 2 - Server Sizing for IPAM server(s)

DHCP System requirements
Processor	Minimum: 2.0 GHz 64-bit processor
RAM	Minimum: 8192 MB
Disk space	Minimum: 120 GB
Other requirements	DVD drive Super VGA (800 x 600) or higher-resolution monitor Keyboard and Microsoft® mouse (or other compatible pointing device) Internet access (fees may apply)
Network adapter	Two 10/100/1000 Fast Ethernet adapters supporting PXE configured in a fault-tolerant NIC team

Table 3 - Server Sizing for DHCP server(s)