To us Windows systems administrators, the term “TCP/IP network
infrastructure” typically brings the following technologies to mind:
- IP addressing strategy (IPv4 and IPv6)
- Dynamic Host Configuration Protocol (DHCP)
- Domain Name Service (DNS)
- Active Directory Domain Services (AD DS)
- (Optionally) Network Policy Server (NPS)
Microsoft has given us an excellent suite of TCP/IP infrastructure administration tools in Internet Protocol Address Management (IPAM). IPAM is a new feature of Windows Server 2012 (currently known as Windows Server 8 Beta) that makes network infrastructure maintenance spreadsheets (!) or expensive enterprise solutions like Microsoft System Center irrelevant, at least with regard to IP address management.
In this blog post we will dive right into the IPAM setup workflow. After that we will examine some of the business use cases of this technology.
Installing IPAM
We install IPAM on our management server by using either Windows PowerShell or the Add Roles and Features Wizard from Server Manager. As you can see in the following figure, IPAM is officially classified as a feature.
Installing IP Address Management (IPAM)
Provisioning IPAM
In order to link our network infrastructure servers with our centralized IPAM solution, we must either configure settings manually on each server, or use Group Policy Object (GPO)-based provisioning. Obviously, the latter technique is preferred because it is largely automated.NOTE: Trust me, you do NOT want to configure the IPAM provisioning steps manually. Talk about tedious!
The Provision IPAM Wizard deploys separate GPOs for provisioning IPAM on your DHCP servers, DNS servers, domain controllers, and NPS servers. In addition, the Provision IPAM Wizard creates the required network shares and security groups as well as creates the necessary Windows Firewall network traffic exceptions.
The Provision IPAM Wizard
NOTE: You cannot configure IPAM on a domain controller. I promise you that IPAM provisioning will fail if you try to do so.Configuring and starting Server Discovery
During the IPAM server discovery step, we instruct IPAM to scour our Active Directory domain in search of network infrastructure servers.As you can see in the following screen shot, we can simply select the domain(s) to discover and then click OK to continue.
Configuring IPAM Server Discovery
To actually start server discovery, we click Start server discovery in the IPAM Server Tasks pane in Server Manager. Once discover completes successfully, we can proceed.
Performing Server Discovery
Adding servers to manage
From Server Manager, we can click Select or add servers to manage and verify IPAM access to continue our journey of IPAM initial configuration.We need to grant our IPAM server permission to manage my network infrastructure server(s) by using GPOs. To do that, we can run the Invoke-IpamGpoProvisioning Windows PowerShell cmdlet. In the following example, we specify dc01 as our network infrastructure server, ipamgpo as our GPO prefix, and nuggetlab.com as our AD DS domain.
Invoke-IpamGpoProvisioning –Domain nuggetlab.com –GpoPrefixName ipamgpo –IpamServerFqdn dc01.nuggetlab.com
In addition to the IPAM access status displaying as Unblocked for your infrastructure servers, you will also want to open the Group Policy Management Console and verify that the GPOs have been created for your managed TCP/IP network services.
Verifying IPAM GPOs in Group Policy Management Console
Retrieving data from managed servers
In the IPAM Server Inventory list, we can right-click an infrastructure server and select Retrieve All Server Data to query the system and, well, retrieve all server data that is related to the network service(s) that it hosts.As you see in the following screenshot, a properly configured IPAM server offers the administrator a wide variety of centralized management and monitoring information, all within easy reach.
IPAM admin tasks
0 comments:
Post a Comment