Export (0) Print
Expand All
37 out of 54 rated this helpful - Rate this topic

IP Address Management (IPAM) Overview

Published: February 29, 2012

Updated: August 5, 2013

Applies To: Windows Server 2012, Windows Server 2012 R2



This topic provides overview information about the IP Address Management (IPAM) Server feature in Windows Server® 2012 and Windows Server 2012 R2. Also see the following:

IPAM in Windows Server 2012 is a new built-in framework for discovering, monitoring, auditing, and managing the IP address space used on a corporate network. IPAM provides for administration and monitoring of servers running Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS). IPAM includes components for:

  • Automatic IP address infrastructure discovery: IPAM discovers domain controllers, DHCP servers, and DNS servers in the domains you choose. You can enable or disable management of these servers by IPAM.

  • Custom IP address space display, reporting, and management: The display of IP addresses is highly customizable and detailed tracking and utilization data is available. IPv4 and IPv6 address space is organized into IP address blocks, IP address ranges, and individual IP addresses. IP addresses are assigned built-in or user-defined fields that can be used to further organize IP address space into hierarchical, logical groups.

  • Audit of server configuration changes and tracking of IP address usage: Operational events are displayed for the IPAM server and managed DHCP servers. IPAM also enables IP address tracking using DHCP lease events and user logon events collected from Network Policy Server (NPS), domain controllers, and DHCP servers. Tracking is available by IP address, client ID, host name, or user name.

  • Monitoring and management of DHCP and DNS services: IPAM enables automated service availability monitoring for Microsoft DHCP and DNS servers across the forest. DNS zone health is displayed, and detailed DHCP server and scope management is available using the IPAM console.

An IPAM server is a domain member computer.

ImportantImportant
You cannot install the IPAM feature on an Active Directory domain controller.

There are two general methods to deploy IPAM servers:

  1. Distributed: An IPAM server deployed at every site in an enterprise.

  2. Centralized: One IPAM server in an enterprise.

  3. Hybrid: A central IPAM server deployed with dedicated IPAM servers at each site.

The following example displays the distributed IPAM deployment method, with one IPAM server located at the corporate headquarters and also at each branch office. There is no communication or database sharing between different IPAM servers in the enterprise. If multiple IPAM servers are deployed, you can customize the scope of discovery for each IPAM server, or filter the list of managed servers. A single IPAM server might manage a specific domain or location, perhaps with a second IPAM server configured as a backup.

IPAM Architecture

IPAM will periodically attempt to locate domain controllers, DNS, and DHCP servers on the network that are within the scope of discovery that you specify. You must choose whether these servers are managed by IPAM or unmanaged. In this way, you can select different groups of servers that are managed or not managed by IPAM.

To be managed by IPAM, security settings and firewall ports on a server must be configured to allow the IPAM server access so that it can perform required monitoring and configuration functions. You can configure these settings manually, or automatically using Group Policy Objects (GPOs). If you choose the automatic method, settings are applied when a server is marked as managed and settings are removed when it is marked as unmanaged.

The IPAM server will communicate with managed servers using an RPC or WMI interface. IPAM monitors domain controllers and NPS servers for IP address tracking purposes. In addition to monitoring functions, several DHCP server and scope properties can be configured from the IPAM console. Zone status monitoring and a limited set of configuration functions are also available for DNS servers. See the following figure.

IPAM Server Communications

The scope of IPAM server discovery is limited to a single Active Directory forest. The forest itself may be comprised of a mix of trusted and untrusted domains. IPAM requires membership in an Active Directory domain, and relies on a functional network infrastructure environment to integrate with other server installations across the AD forest.

IPAM has the following specifications:

  1. IPAM supports only Microsoft domain controllers, DHCP, DNS, and NPS servers running Windows Server® 2008 and above.

  2. IPAM supports only domain joined DHCP, DNS and NPS servers in a single AD forest.

  3. In its recommended configuration, IPAM is installed on a standalone server. You cannot install IPAM on a domain controller. If IPAM is installed on the same server with the DHCP Server role service, automatic discovery of DHCP servers on the network will be disabled.

  4. IPAM does not support management and configuration of non-Microsoft network elements. However, you can use Windows PowerShell to import and manage IP address data from non-Microsoft devices.

  5. IPAM in Windows Server 2012 does not support external databases. Only a Windows Internal Database is supported.

  6. A single IPAM server has been tested to support up to 150 DHCP servers and 500 DNS servers.

  7. A single IPAM server has been tested to support up to 40,000 DHCP scopes and 350 DNS zones.

  8. IPAM has been tested to store 3 years of forensics data (IP address leases, host MAC addresses, user login/logoff information) for 100,000 users in a Windows Internal Database. Data is not purged automatically. An administrator must purge data manually as needed.

  9. IP address utilization trends are provided only for IPv4.

  10. IP address reclaiming support is provided for IPv4 and IPv6.

  11. IPAM does not check for IP address consistency with routers and switches.

  12. IPAM does not support auditing of IPv6 stateless address auto configuration on an unmanaged machine to track the user.

  13. IPAM supports integration with System Center Virtual Machine Manager (VMM) using a Windows PowerShell script that is packaged and shipped with System Center VMM. This integration enables IPAM to display detailed utilization and inventory data for IP addresses and IP address ranges used in System Center VMM.

Monitoring and managing the IP address infrastructure on a corporate network is a critical part of network administration, and has become increasingly challenging as networks grow more dynamic and complex. Many IT administrators still track IP address allocation and utilization manually, using spreadsheets or custom database applications. This can be very time consuming and resource intensive, and is inherently prone to user error. IPAM in Windows Server 2012 provides a platform to manage the following IP administration needs.

  1. Planning: IPAM replaces manual tools and scripts that can introduce added time, inconsistency and expense into the planning process when business expansions and alterations occur, or new technology and scenario adoptions are required.

  2. Managing: IPAM provides a single management platform for IP address administration on the network. IPAM also allows for optimized utilization and capacity planning for DHCP and DNS services in distributed environment.

  3. Tracking: IPAM enables tracking and forecasting of IP address utilization. As the demand for public IPv4 address space continues to grow in an environment with limited supply, this can be of critical importance to an organization.

  4. Auditing: IPAM assists with compliance requirements such as HIPAA and Sarbanes-Oxley, and provides reporting for forensics and change management.

The installation of the IPAM Server feature can be performed through the Server Manager. The following features and tools are installed automatically when you install IPAM Server:

 

Feature or Tool Description

Remote Server Administration Tools

DHCP and DNS Server Tools and IP Address Management (IPAM) Client provides for remotely managing DHCP, DNS and IPAM servers.

Windows Internal Database

Windows Internal Database is a relational data store that can be used only by Windows roles and features.

Windows Process Activation Service

Windows Process Activation Service generalizes the IIS process model, removing the dependency on HTTP.

Group Policy Management

Group Policy Management is a scriptable Microsoft Management Console (MMC), providing a single administrative tool for managing Group Policy.

.NET Framework 4.5 Features

.NET Framework 4.5 provides a programming model for building and running applications designed for several different platforms.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.