IPAM
architecture consists of four main modules, as listed in the following table
Module
|
Description
|
IPAM discovery
|
You use AD DS to discover servers that are running Windows
Server 2008 and newer Windows Server operating systems, and that have DNS,
DHCP, or AD DS installed. You can define the scope of discovery to a subset
of domains in the forest. You can also add servers manually.
|
IP address space management
|
You can use this module to view, monitor, and manage the
IP address space. You can dynamically issue or statically assign addresses.
You can also track address utilization and detect overlapping DHCP scopes.
|
Multi-server management and monitoring
|
You can manage and monitor multiple DHCP servers. This
enables tasks to execute across multiple servers. For example, you can
configure and edit DHCP properties and scopes, and track the status of DHCP
and scope utilization. You can also monitor multiple DNS servers, and monitor
the health and status of DNS zones across authoritative DNS servers.
|
Operational auditing and IP address tracking
|
You can use the auditing tools to track potential
configuration problems. You can also collect, manage, and view details of
configuration changes from managed DHCP servers. You can also collect address
lease tracking from DHCP lease logs, and collect logon event information from
NPS and domain controllers.
|
The IPAM server can only manage
one Active Directory forest. As such, you can deploy IPAM in one of three
topologies:
•
Distributed. You deploy an IPAM server to every site in the forest.
•
Centralized. You deploy only one IPAM server in the forest.
• Hybrid. You deploy a central
IPAM server together with a dedicated IPAM server in each site.
Note: IPAM servers do not communicate with one another or
share database information. If you deploy multiple IPAM servers, you must
customize each server’s discovery scope.
IPAM has two main components:
•
IPAM server. The IPAM server performs the data collection from the managed
servers. It also manages the Windows Internal Database and provides RBAC.
• IPAM client. The IPAM client
provides the client computer user interface. It also interacts with the IPAM
server, and invokes Windows PowerShell to perform DHCP configuration tasks, DNS
monitoring, and remote management.
Provisioning for IPAM
After you install an IPAM
server, servers that are managed by IPAM need to be provisioned to allow remote
management. You can either manage it manually or through a GPO. If you decide
to manually provision the managed servers, you will need to create all the
required network shares, security groups, and firewall rules on each managed
server.
If you decide
to manually provision for IPAM, you must first create a group in AD DS named
IPAMUG. This group contains the IPAM servers in the domain. The following table
summarizes the required configuration settings that would need to be manually
configured.
you choose to use GPO
provisioning, you will run the Invoke-IpamGpoProvisioning Windows
PowerShell command. Running this command will create three GPOs to configure
the settings described in the table above.
•
IPAM_DC_NPS. This GPO is applied to all managed AD DS servers and NPS servers.
•
IPAM_DHCP. This GPO is applied to all managed DHCP servers. This GPO includes
scripts to configure the network share for DHCP monitoring.
• IPAM_DNS. This GPO is applied
to all managed DNS servers. This GPO includes scripts to configure the event
log for DNS monitoring and to configure the IPAMUG group as a DNS
administrator.
Scenarios for Using IPAM
The general scenario for using
IPAM on Windows Server 2012 R2 is supporting network automation in a
virtualized datacenter, such as a cloud environment provided by a third-party
company or enterprise. There are many company scenarios where IPAM would be a
viable solution based on the general scenarios supported by Windows Server 2012
R2 IPAM. Discuss how you envision using the following IPAM features in your
environment with the class.
Virtualized Network
Automation
IPAM provides unified
administration of physical and virtual IP address spaces. When IPAM is
integrated with VMM you can manage the IP addresses for your hybrid cloud
solution from a single console.
Granular RBAC Administration
You can use RBAC to ensure that
administrators can only manage the specified areas in larger environments that
may require multiple administrators to manage the IP address spaces.
Infrastructure
Administration
You can use
IPAM to configure and manage the DNS and DHCP servers in your environment.
0 التعليقات:
إرسال تعليق