network discovery multi- server mgmt (msm) visibility & audit.. automatic discovery of dc, dhcp...
TRANSCRIPT
Networking for Cloud Services in Windows Server 2012 R2Vithalprasad GaitondeSenior Program Manager
MDC-B376
Session objectives and takeawaysObjectivesUnderstand Windows Server 2012 DHCP, DNS and IPAMUnderstand what is new in Windows Server 2012 R2 DHCP, DNS and IPAMUnderstand how to use Windows Server 2012 R2 IPAM
Key TakeawaysWS 2012 R2 IPAM is a cost-effective, scalable and customizable solution for unified management of physical and virtual network IP address spaces, and DHCP and DNS services in both enterprise and hoster environments
Examples of IP Address Management Problems• I want to track my org’s address
space and know addresses in use and available across different locations…
• I have to find a free IP address for a new device and register it in DNS …
• A DHCP Scope is full and clients are not getting any addresses – I need to expand the scope or create a firefighting scope…
• I need to change a DHCP option like web proxy across dozens of scopes residing on multiple servers…
• I am adding a new lab and want to assign subnets from my address plan…
• I need to track user or machine activity in my network for troubleshooting or forensics…
IPAM Options
.
.
.
• Automation• Rich feature set• Integration with own
and MS DHCP/DNS
High acquisition and support costs
Commercial appliances
Con
s P
ros
.
.
• No CapEx investment
• Simple to use for small networks….at first
Labor intensive Only performs
address mgmt. Inflexible and does
not scale
Spreadsheets
.
.
.
• Automation• High degree of
customization
Maintenance cost Relies on in-house
support model Expensive to add
new capabilities
In-house tools
Windows Server 2012 IPAM
Network discovery
Multi-server mgmt(MSM)
Visibility & audit
.
.
Automatic discovery of DC, DHCP and DNS servers, and dynamic IP addresses in use
Centralized configuration and update of MS DHCP/DNS servers
Track and audit changes and provide real-time view of status
Address space mgmt(ASM)
Organize, assign, monitor and manage static and dynamic IPv4/v6 addresses
In-box solution that complements – and seamlessly integrated with – MS DHCP and DNS offerings
WS 2012IPAM
Windows Server 2012 DHCP and DNS
DHCP Policies
Automation
DNSSEC
.
. Grouping and network parameters provisioning of devices based on device type
Exhaustive PowerShell support for automation of DHCP and DNS
Online DNSSEC signing of zones to protect against cache poisoning
DHCPFailover
Provides multi-site deployment, continuous availability and IP address continuity
Core Network Services enabled for continuous availability, security and automation
WS 2012DHCP DNS
WS 2012 R2 – Network Services Environment
Fabric administrators
DHCP Servers
DC
DNS Servers
NPS
DHCP ServersDC
DNS ServersIPAM server
NPS
System administrators
VMM
Network administrator
VMM
DH
CP F
ailo
ver
HOSTER / ENTERPRISE
Tenan
t -
1
Tenant -
n
Tenant vNet
Datacenter - n
Datacenter - 1
Windows Server 2012 R2 IPAM – What’s New
WS 2012 R2 IPAM
Virtualized Network
Automation
Infrastructure server
management
• Unified administration of physical and virtual IP address spaces
• Plan, design and administer IP address schema of virtualized datacenter
• Integration with System Center VMM• Support network isolation - WNV & VLAN
• Granular role based access control to manage:
• IP address space in network• Infrastructure services like DHCP and
DNS• Delegate administration privileges within
and across datacenters
• Service monitoring• Single and multi-entity configurations of
reservations, failovers, policies, filters…• Multi-entity operations: overwrite,
append, find and replace, delete
• External database support (MS SQL Server)
• CIM based PowerShell
Granular RBAC Administration
Scale and automation
Support network automation in virtualized datacenter and cloud environments of enterprise, hoster and hybrid deployments
Windows Server 2012 R2 IPAM design
Serv
er
Dis
covery
Serv
er
Configu
rati
on
Add
ress
Uti
lizati
on
Event
Colle
ctio
n
Serv
er
Availa
bili
ty
Serv
er
Mon
itori
ng
Add
ress
Expir
y
Data-collection tasks
WCF
DHCP Server
DNS Server
DC Server
NPS Server
WS0
8;
WS0
8R
2 &
SPs;
WS 2
01
2,
WS 2
01
2 R
2
WS 2012 R2
IPAM ServerWID
Win 8.1
IPAM Client
PS / WS Man
IPA
M A
dm
inis
trato
rIP
AM
AS
M
Adm
inis
trato
rIP
AM
MS
M
Adm
inis
trato
rIP
AM
Use
rsIP
AM
Au
dit
A
dm
inis
trato
r
Security Groups
MS SQL Server
SQL 2008 R2; SQL 2012
• Network Administrator
• Fabric Administrator
• System Administrator
• Forensics Investigator VMM Server
SC 2012 R2
Integration plugin
Role Based Access Control
VMM Server
SC 2012 R2
Integration plugin
Understanding virtualized IP address space
Provider Address
Space (PA)
DHCP
DNS
HOSTER
ENTERPRISE / TENANTS
IPAM
Physical Network
(Provider IP Address
Subnets)
Logical Networks (in VMM)
VMM
VMM
(CA)
VM Networks (in VMM)
Customer A
ddress
Space (C
A)(CA)
NA
T
(Virtual IP
Address
Subnets)
IPAM-VMM integration workflowF
ab
ric L
aye
r
Ne
two
rk A
dm
inF
ab
ric A
dm
in
SCVMMIPAM
VN
La
yer
Configure addr. space, subnets, pools, VLAN Subnets, Pools for NS / LN
Pool utilization, meta-data…
IP address, meta-data…
Address utilization tracking of PA (stats & trends)
Changes – Pools, VLANs, Address and meta-data
Conflict detection, notification and updates Notification and updates
Inventory of CA space, subnets, Pools
Address utilization tracking of CA
Configure VM Network (VN)
Configure VM subnets, Pools
Update Logical Network (LN)
Pool utilization, meta-data
IP address, meta-data
Subnets, Pools for VN
Role based access control
Access
Scope
Access Policy
User Role
Root
Object 1
Object 1.1
Object 1.2
Object 2
Object 2.1
(1) Define user role by selecting the required set of admin operations
(2) Define business
hierarchy model based on
the desired administration
levels and controls
(3) Define access policy based on configured user role & access scope and associate users or user groups to it
(4) Set/associate access scope to objects in IPAM
(5) New access control for leaf nodes or inherited from parent
DHCP/DNS integrationMonitoringServer availability; DHCP Scope utilization; DNS Zone replication health; DHCP Failover health; Entity specific status – enable/disable, activate/deactivate, allow/deny
ManagementDHCP Server; Scopes; Properties; Options; Filters; Failover relationships; Policies; Classes; Reservations; DNS Records. Operations – Duplicate, Import; multi-entity and; integrated
DHCP Service
DHCP server 2 DHCP server nDHCP server 1
DHCP Failover 1…n
DHCP - Scopes; Policies; Options; Classes; Filters; Reservations;
DNS Service
DNS server nDNS server 1
DNS Records 1…n
External System IntegrationNetwork Discovery
SCCM or MAP
Network Discovery Module
IPAM Server W2012-R2
Network devices, clients, servers…
IPAM ConsoleICMP
Discovery Module
o IPAM PowerShell interfaces facilitates integration with other external systems like SCCM and MAP toolkit
o Integration with SCCM and MAP toolkit enables network discovery of IP address inventory on the network. One can also leverage ICMP based discovery module for the network discovery as well.
External System IntegrationActive Directory – Directory Services
o IPAM PowerShell interfaces facilitates integration with other external systems
o Integration with AD DS enables synchronization of Active Directory Sites and Subnets information from Active Directory to IPAM
Active Directory
AD DS integration
module
IPAM Server vNext
IPAM Console
Session objectives and takeawaysObjectivesUnderstand Windows Server 2012 DHCP, DNS and IPAMUnderstand what is new in Windows Server 2012 R2 DHCP, DNS and IPAMUnderstand how to use Windows Server 2012 R2 IPAM
Key TakeawaysWS 2012 R2 IPAM is a cost-effective, scalable and customizable solution for unified management of physical and virtual network IP address spaces, and DHCP and DNS services in both enterprise and hoster environments
Track resourcesLearn more about Windows Server 2012 R2 Preview, download the datasheet and evaluation bits on http://aka.ms/WS2012R2Learn more about System Center 2012 R2 Preview, download the datasheet and evaluation bits on http://aka.ms/SC2012R2
Related content – Breakout SessionsMDC-B216: What’s new in Windows Server
2012 R2 NetworkingMDC-B350: How to Design and Configure Networking in Microsoft System Center - Virtual Machine Manager and HyperV Part 1 MDC-B357: What’s new in System Center 2012 R2 – Virtual Machine ManagerMDC-B210: Everything you need to know about the Software Defined Networking solution from Microsoft
Related content – Instructor Led LabsMDC-IL207-R: Network Automation using
Windows Server 2012 R2 IPAM
msdn
Resources for Developers
http://microsoft.com/msdn
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
Resources for IT Professionals
http://microsoft.com/technet
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.