One of the more general requirements placed on every administrator is that of always maintaining an overview. Any reasonable person will confirm that this is desirable, yet in practice often difficult - if not impossible. But when it comes to IT and its availability, reason is not always the prevailing quality, and administrators can use every conceivable aid to keep their IT under control.
This includes all the information about the address range of the IP network. The professionals are not only responsible for ensuring that each device receives a unique network address, but also, of course, for keeping a general overview of the IP address space. If you discuss this topic with administrators, you will often get evasive information about how the IP addresses in your own company are really managed. The listing of IP addresses in an Excel spreadsheet is still the tried and tested choice in many IT departments, but the actual administrative work of many IT professionals involves the use and maintenance of the DNS and DHCP servers in the company network. But hardly a professional will doubt that the number of different devices in the network remains constant and thus also the "consumption" of IP addresses. The number of addresses required will also continue to rise due in large part to the steady growth in virtualized systems. There will be a further jump in terms of the sheer number of addresses, as more and more IoT devices find their way onto companies' networks.
However, a technology called IPAM (Internet Protocol Address Management) can help them. This is basically a method that is used to monitor and manage the information concerning the IP address space. For example, they can use IPAM to obtain information about the following details:
- How much free IP address space is still available in my network?
- IP address ranges can be organized by the IT team with the help of IPAM for both IPv4 and IPv6 networks in the form of IP address blocks, address areas or other forms of individual addresses.
- You can also determine which subnetworks are in use and how large these are.
- The software automatically finds DHCP and DNS servers as well as domain controllers on its own network. It can also monitor the availability of these two services. Administrators can then use IPAM to centrally manage, enable and disable DHCP and DNS servers, as well as manage dynamic IP address ranges.
- The host names that are connected to each IP address and the hardware that is used under these IP addresses, can also be determined relatively easily by IT experts with the help of IPAM.
IPAM as part of the Windows server
IPAM is not a new technology. Some software companies, such as Efficient iP or Infoblox, have long offered appropriate IP management solutions. Cisco also offers such a solution with the product "Prime Network Registrar" and the open source community also provides a software with NetDB (Network Tracking Database), which offers very wide-ranging functionalities. Microsoft first integrated IPAM as a feature in Windows Server 2012 and further expanded this functionality with the 2012 R2 release and with Windows Server 2016. The ability to act as an IPAM server is offered by Microsoft exclusively on Windows Server 2012 / 2012 R2 and 2016. According to current information, there will be no update for Windows Server 2008 R2 or even older server versions. However, it is possible to manage this server version from one of the newer versions using IPAM.
The IPAM server stores the detected data in a Windows Internal Database (WID) by default. If the user cannot replace it with another database under Windows Server 2012, starting with the R2 version, administrators have the option to use a Microsoft SQL database for this purpose. According to Microsoft, data such as user logon and logoff information, MAC addresses of the hosts, and the address leases of the IP addresses are stored in the database for up to 100,000 users (!) for a period of three years.
Within the network infrastructure, IT professionals can integrate and manage additional DHCP, DNS, domain controllers, and network policy servers running Windows Server 2008 and later. Other servers will not be managed and other network devices such as switches, printers, routers, or DHCP relays cannot be detected. Up to Windows Server 2012 R2, only the DHCP and DNS servers of the single Active Directory forest could be managed with the IPAM server itself. With the implementation of the IPAM server under Windows Server 2016, administrators can now manage DNS and DHCP servers that belong to another AD forest when they have a bidirectional trust relationship with forest in which the IPAM server is located.
Other innovations that Microsoft introduced with the IPAM server with Windows Server 2016 include, among other things, a significantly expanded support of IPAM by PowerShell. Administrators now have access to PowerShell support for role-based access control. You can use PowerShell commands on Windows Server 2016 to find DNS and DHCP objects in IPAM and modify the access permissions accordingly. If you need more information, you will find an overview of the PowerShell cmdlets for working with IPAM on TechNet. However, this entry still applies to the cmdlets that were already available for Windows Server 2012 R2 and Windows 8. A further article deals with the use of the role-based access control via PowerShell on Windows Server 2016.
In practice: A test network is a practical measure
One of the most important prerequisites for using a Windows Server 2012/2012 R2 or Windows Server 2016 as an IPAM server is making the computer with the IPAM server a member of a domain. Moreover, the installation of the IPAM feature is not supported on a server carrying out the role of the domain controller. However, Server Manager also specifically instructs the administrator to add this feature to the server.
We first gained experience with IPAM in a very simple test network with Windows Server 2012 R2 and Windows Server 2008 systems. We quickly found out that this tool has a certain complexity: With the help of the "Quick Start Assistant" of the Server Manager, anyone can manage the first steps of the configuration and put the IPAM server into operation. If, however, problems arise afterwards, such as non-functioning access to other machines, you will probably fall back to searching the help texts. If you want to enter IPAM with a Windows server - whether Windows Server 2012 R2 or Windows Server 2016 - we would advise you to go through the helpful step-by-step instructions for configuring IPAM in a test environment, offered by Microsoft at TechNet under the URL: http://technet.microsoft.com/de-de/library/hh831622.aspx.
Although this guide applies to Windows Server 2012, it can also be used problem-free for the first attempts with the current server 2016. In this way, IT professionals can avoid errors and see where they could improve in own infrastructure.