IP address management is a numbers game, one most administrators loathe. Many network managers will use a spreadsheet to record static IP address assignments and Dynamic Host Configuration Protocol (DHCP) scopes, an archaic method that introduces errors and is difficult to maintain. While rarely discussed as a data center management problem, IP address management vexes nearly every organization. But with the impending release of
The issue of IP address management
IP address management usually isn’t difficult for small organizations with a few servers with static IP addresses and a DHCP server that dispenses all other addresses. But this DHCP method of address management does not scale well in larger organizations with dozens — or even hundreds — of servers that require static IP addresses or even multiple static IP addresses. These organizations also tend to have a large collection of DHCP server scopes from which addresses can be dynamically assigned.
IP address management becomes difficult in larger organizations because there is no native operating system component that tracks IP address usage. The administrator manually checks that the same static IP address is not assigned twice and that overlapping DHCP scopes are avoided. IP address management can be a nightmare once you add virtualization and the rapid creation of servers in virtual machines.
Windows Server 8 attempts to remedy this with the introduction of a new tool called IP Address Management – or IPAM as Microsoft refers to it. IPAM is intended to provide administrators with a comprehensive view of how IP addresses are being used throughout the organization.
The promise and challenges of IPAM
The first challenge for administrators is to compile the initial IP address inventory. IPAM makes this process easier through its ability to import spreadsheet data.
IPAM also compiles the initial IP address inventory through automatic discovery by detecting domain controllers, DHCP servers and domain name system (DNS) servers. IPAM queries these servers for IP address information.
After compiling the initial IP address inventory, IPAM can also be used for address management. For example, DHCP scopes can be created directly through an IPAM server.
Despite IPAM’s promise for organizations that have large Windows deployments, it may prove to be difficult or impossible to manage addresses in mixed environments where administrators must manage non-Windows systems.
In order for IPAM to work with domain controllers, DNS servers or DHCP servers, the server must be designated as a managed server. A server can only become part of IPAM’s managed environment if it adheres to certain criteria. For example, the server must belong to a designated Windows domain, and Windows must be able to communicate with the server through Remote Procedure Calls (RPCs) or through Windows Management Instrumentation (WMI) calls. Servers that do not adhere to these requirements are designated as unmanaged, which means that IPAM will not collect IP address information from them. Some organizations may be forced to maintain manual IP administration for these non-Windows systems.
There are some other issues to consider. Even though IPAM’s requirements are relatively straightforward, comprehensive IP address management could prove to be elusive, even for organizations running Windows on all their computers. These organizations might encounter two potential problems.
The first problem comes from workgroup servers, which are not domain members, and cannot be managed by IPAM.
The other potential problem deals with hardware appliances. For example, the computers on my network all run Windows, but I have a hardware router that also acts as a DHCP server for my network. According to the documentation that Microsoft has released, it seems IPAM will be unable to manage DHCP appliances.
IPAM is still under development and some of its capabilities remain unclear. It is likely the IPAM console will allow administrators to manually reference unmanaged resources, but IPAM will not be able to manage such resources or collect information from them.
When Microsoft releases Windows Server 8, organizations wishing to use IPAM will need to determine which architecture best suits their needs. One option will be to use a centralized deployment, which uses a single IPAM server to manage and monitor IP address usage for the entire organization.
The other option is to use a distributed deployment, which features multiple IPAM servers. The IPAM servers do not share a database or attempt to replicate data to one another; each IPAM server is responsible for IP address management for a specific part of the network.
Microsoft recommends using a distributed deployment for larger organizations, because it induces far less network latency than a centralized deployment. Although each IPAM server manages a different portion of the network, it is still possible to create secondary IPAM servers that act as a backup. Microsoft also recommends that if you choose to perform a distributed deployment, plan to deploy at least one IPAM server in each Active Directory site.
Microsoft is sure to reveal more information about the IPAM planning and deployment process closer to the release of Windows Server 8. For now, Microsoft has confirmed IPAM must be installed on a member server within an Active Directory domain. Installing IPAM on a domain controller is not supported. IPAM lacks the ability to manage multiple forests.
Brien Posey is a seven-time Microsoft MVP with two decades of IT experience. During that time, Posey published thousands of articles and wrote or contributed to dozens of IT books. Prior to becoming a freelance writer, Posey served as chief information officer for a national chain of hospitals and healthcare facilities. He also worked as a network administrator for some of the nation’s largest insurance companies and for the Department of Defense at Fort Knox.
This was first published in February 2012