Networking for Cloud Services in Windows Server 2012 R2Vithalprasad GaitondeSenior Program Manager

MDC-B376

Session objectives and takeawaysObjectivesUnderstand Windows Server 2012 DHCP, DNS and IPAMUnderstand what is new in Windows Server 2012 R2 DHCP, DNS and IPAMUnderstand how to use Windows Server 2012 R2 IPAM

Key TakeawaysWS 2012 R2 IPAM is a cost-effective, scalable and customizable solution for unified management of physical and virtual network IP address spaces, and DHCP and DNS services in both enterprise and hoster environments

Windows Server 2012 DDI

Examples of IP Address Management Problems• I want to track my org’s address

space and know addresses in use and available across different locations…

• I have to find a free IP address for a new device and register it in DNS …

• A DHCP Scope is full and clients are not getting any addresses – I need to expand the scope or create a firefighting scope…

• I need to change a DHCP option like web proxy across dozens of scopes residing on multiple servers…

• I am adding a new lab and want to assign subnets from my address plan…

• I need to track user or machine activity in my network for troubleshooting or forensics…

IPAM Options

.

.

.

• Automation• Rich feature set• Integration with own

and MS DHCP/DNS

High acquisition and support costs

Commercial appliances

Con

s P

ros

.

.

• No CapEx investment

• Simple to use for small networks….at first

Labor intensive Only performs

address mgmt. Inflexible and does

not scale

Spreadsheets

.

.

.

• Automation• High degree of

customization

Maintenance cost Relies on in-house

support model Expensive to add

new capabilities

In-house tools

Windows Server 2012 IPAM

Network discovery

Multi-server mgmt(MSM)

Visibility & audit

.

.

Automatic discovery of DC, DHCP and DNS servers, and dynamic IP addresses in use

Centralized configuration and update of MS DHCP/DNS servers

Track and audit changes and provide real-time view of status

Address space mgmt(ASM)

Organize, assign, monitor and manage static and dynamic IPv4/v6 addresses

In-box solution that complements – and seamlessly integrated with – MS DHCP and DNS offerings

WS 2012IPAM

Windows Server 2012 DHCP and DNS

DHCP Policies

Automation

DNSSEC

.

. Grouping and network parameters provisioning of devices based on device type

Exhaustive PowerShell support for automation of DHCP and DNS

Online DNSSEC signing of zones to protect against cache poisoning

DHCPFailover

Provides multi-site deployment, continuous availability and IP address continuity

Core Network Services enabled for continuous availability, security and automation

WS 2012DHCP DNS

Demo

Address Space Management

Windows Server 2012 R2 DDI

WS 2012 R2 – Network Services Environment

Fabric administrators

DHCP Servers

DC

DNS Servers

NPS

DHCP ServersDC

DNS ServersIPAM server

NPS

System administrators

VMM

Network administrator

VMM

DH

CP F

ailo

ver

HOSTER / ENTERPRISE

Tenan

t -

1

Tenant -

n

Tenant vNet

Datacenter - n

Datacenter - 1

Windows Server 2012 R2 IPAM – What’s New

WS 2012 R2 IPAM

Virtualized Network

Automation

Infrastructure server

management

• Unified administration of physical and virtual IP address spaces

• Plan, design and administer IP address schema of virtualized datacenter

• Integration with System Center VMM• Support network isolation - WNV & VLAN

• Granular role based access control to manage:

• IP address space in network• Infrastructure services like DHCP and

DNS• Delegate administration privileges within

and across datacenters

• Service monitoring• Single and multi-entity configurations of

reservations, failovers, policies, filters…• Multi-entity operations: overwrite,

append, find and replace, delete

• External database support (MS SQL Server)

• CIM based PowerShell

Granular RBAC Administration

Scale and automation

Support network automation in virtualized datacenter and cloud environments of enterprise, hoster and hybrid deployments

Windows Server 2012 R2 IPAM design

Serv

er

Dis

covery

Serv

er

Configu

rati

on

Add

ress

Uti

lizati

on

Event

Colle

ctio

n

Serv

er

Availa

bili

ty

Serv

er

Mon

itori

ng

Add

ress

Expir

y

Data-collection tasks

WCF

DHCP Server

DNS Server

DC Server

NPS Server

WS0

8;

WS0

8R

2 &

SPs;

WS 2

01

2,

WS 2

01

2 R

2

WS 2012 R2

IPAM ServerWID

Win 8.1

IPAM Client

PS / WS Man

IPA

M A

dm

inis

trato

rIP

AM

AS

M

Adm

inis

trato

rIP

AM

MS

M

Adm

inis

trato

rIP

AM

Use

rsIP

AM

Au

dit

A

dm

inis

trato

r

Security Groups

MS SQL Server

SQL 2008 R2; SQL 2012

• Network Administrator

• Fabric Administrator

• System Administrator

• Forensics Investigator VMM Server

SC 2012 R2

Integration plugin

Role Based Access Control

VMM Server

SC 2012 R2

Integration plugin

Understanding virtualized IP address space

Provider Address

Space (PA)

DHCP

DNS

HOSTER

ENTERPRISE / TENANTS

IPAM

Physical Network

(Provider IP Address

Subnets)

Logical Networks (in VMM)

VMM

VMM

(CA)

VM Networks (in VMM)

Customer A

ddress

Space (C

A)(CA)

NA

T

(Virtual IP

Address

Subnets)

IPAM-VMM integration workflowF

ab

ric L

aye

r

Ne

two

rk A

dm

inF

ab

ric A

dm

in

SCVMMIPAM

VN

La

yer

Configure addr. space, subnets, pools, VLAN Subnets, Pools for NS / LN

Pool utilization, meta-data…

IP address, meta-data…

Address utilization tracking of PA (stats & trends)

Changes – Pools, VLANs, Address and meta-data

Conflict detection, notification and updates Notification and updates

Inventory of CA space, subnets, Pools

Address utilization tracking of CA

Configure VM Network (VN)

Configure VM subnets, Pools

Update Logical Network (LN)

Pool utilization, meta-data

IP address, meta-data

Subnets, Pools for VN

Demo

IPAM and VMM integration workflows

Role based access control

Access

Scope

Access Policy

User Role

Root

Object 1

Object 1.1

Object 1.2

Object 2

Object 2.1

(1) Define user role by selecting the required set of admin operations

(2) Define business

hierarchy model based on

the desired administration

levels and controls

(3) Define access policy based on configured user role & access scope and associate users or user groups to it

(4) Set/associate access scope to objects in IPAM

(5) New access control for leaf nodes or inherited from parent

DHCP/DNS integrationMonitoringServer availability; DHCP Scope utilization; DNS Zone replication health; DHCP Failover health; Entity specific status – enable/disable, activate/deactivate, allow/deny

ManagementDHCP Server; Scopes; Properties; Options; Filters; Failover relationships; Policies; Classes; Reservations; DNS Records. Operations – Duplicate, Import; multi-entity and; integrated

DHCP Service

DHCP server 2 DHCP server nDHCP server 1

DHCP Failover 1…n

DHCP - Scopes; Policies; Options; Classes; Filters; Reservations;

DNS Service

DNS server nDNS server 1

DNS Records 1…n

Demo

DHCP management and RBAC

External System IntegrationNetwork Discovery

SCCM or MAP

Network Discovery Module

IPAM Server W2012-R2

Network devices, clients, servers…

IPAM ConsoleICMP

Discovery Module

o IPAM PowerShell interfaces facilitates integration with other external systems like SCCM and MAP toolkit

o Integration with SCCM and MAP toolkit enables network discovery of IP address inventory on the network. One can also leverage ICMP based discovery module for the network discovery as well.

External System IntegrationActive Directory – Directory Services

o IPAM PowerShell interfaces facilitates integration with other external systems

o Integration with AD DS enables synchronization of Active Directory Sites and Subnets information from Active Directory to IPAM

Active Directory

AD DS integration

module

IPAM Server vNext

IPAM Console

Demo

Automation and integration scenarios

Session objectives and takeawaysObjectivesUnderstand Windows Server 2012 DHCP, DNS and IPAMUnderstand what is new in Windows Server 2012 R2 DHCP, DNS and IPAMUnderstand how to use Windows Server 2012 R2 IPAM

Key TakeawaysWS 2012 R2 IPAM is a cost-effective, scalable and customizable solution for unified management of physical and virtual network IP address spaces, and DHCP and DNS services in both enterprise and hoster environments

Track resourcesLearn more about Windows Server 2012 R2 Preview, download the datasheet and evaluation bits on http://aka.ms/WS2012R2Learn more about System Center 2012 R2 Preview, download the datasheet and evaluation bits on http://aka.ms/SC2012R2

Related content – Breakout SessionsMDC-B216: What’s new in Windows Server

2012 R2 NetworkingMDC-B350: How to Design and Configure Networking in Microsoft System Center - Virtual Machine Manager and HyperV  Part 1 MDC-B357: What’s new in System Center 2012 R2 – Virtual Machine ManagerMDC-B210: Everything you need to know about the Software Defined Networking solution from Microsoft

Related content – Instructor Led LabsMDC-IL207-R: Network Automation using

Windows Server 2012 R2 IPAM

msdn

Resources for Developers

http://microsoft.com/msdn

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

TechNet

Resources

Sessions on Demand

http://channel9.msdn.com/Events/TechEd

Resources for IT Professionals

http://microsoft.com/technet

Evaluate this session

Scan this QR code to evaluate this session.

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.