Поделиться через


What is IPAM?

 

Applies To: Windows Server 2012 R2, Windows Server 2012

IP Address Management (IPAM) in Windows Server® 2012 is an integrated suite of tools to enable end-to-end planning, deploying, managing and monitoring of your IP address infrastructure, with a rich user experience. IPAM automatically discovers IP address infrastructure servers on your network and enables you to manage them from a central interface.

IPAM includes components for:

  1. Address Space Management

  2. Virtual Address Space Management

  3. Multi-Server Management and Monitoring

  4. Network Audit

  5. Role-based access control

Note

Virtual IP address space management is enabled through integration of IPAM with system center virtual machine manager and is available in Windows Server 2012 R2 and later operating systems. This feature is not available with IPAM in Windows Server 2012. The role-based access control feature is available in Windows Server 2012, but was significantly enhanced in Windows Server 2012 R2 to include detailed built-in and custom role-based access groups.

Address Space Management

IPAM’s address space management (ASM) feature enables you to gain visibility into all aspects of your IP address infrastructure from a single console. With IPAM, you can create a highly customized, multi-level hierarchy of address space on your network and use it to manage IPv6 addresses and IPv4 public and private addresses. The ASM feature includes a robust reporting capability that enables detailed tracking of IP address utilization trends with customized thresholds and alerts.

Key features of ASM include the following.

  • Integrated management of dynamic and static IP address space

  • Detection and management of conflicts, overlaps, and duplicates in address space across systems

  • Highly customizable inventory view of IP address space

  • Centralized monitoring and reporting of address utilization statistics and trends

  • Support for IPv4 and stateless IPv6 address utilization monitoring

  • Automated discovery of IP address ranges from DHCP scopes

  • Export and import of IP addresses and IP address ranges with Windows PowerShell support

  • IP address usage alerts and notifications with custom thresholds

  • Detection and assignment of available IP addresses

The following example shows how IPAM’s ASM feature enables you to monitor IP address utilization. In this example, 7 days of utilization data is displayed for the 10.72.144.0/22 IP address range.

For more information, see Managing IP Address Space.

Virtual Address Space Management

IPAM’s virtual address space management (VASM) feature enables the same functions and capabilities for your virtual IP address infrastructure as the ASM feature does for physical IP address space.

For more information, see Managing Virtual IP Address Space.

Multi-Server Management and Monitoring

IPAM’s multi-server management (MSM) feature enables you to automatically discover DHCP and DNS servers on the network, monitor service availability, and centrally manage their configuration. Using the Group Policy provisioning mode, IPAM provides quick and painless provisioning of agentless IPAM access settings on managed servers. A manual provisioning mode is also available.

Key features of MSM include the following.

  • Discovery of Microsoft DHCP and DNS servers automatically across an Active Directory forest

  • Manual addition or removal of managed servers

  • End-to end configuration and management of DHCP servers and scopes

  • Support for advanced constructs to enable add, delete, overwrite, or find and replace operations on multiple DHCP scopes and servers

  • Simultaneous update of common settings across multiple DHCP scopes or DHCP servers

  • Availability monitoring for DHCP and DNS services and DNS zones

  • Management of Microsoft DHCP and DNS servers running Windows 2008 or later operating systems

  • Addition of custom information to servers enabling visualization using logical groups based on business logic

  • Monitoring of DHCP scope utilization

  • Automatic and on-demand retrieval of server data from managed DHCP and DNS servers

  • DNS zone status monitoring based on DNS zone events

  • Classify discovered servers and roles as managed or unmanaged

The following example shows how IPAM’s MSM feature enables you to monitor IP DHCP scopes on the network. In this example, detailed data is displayed for the scope US_SEA_zzz3.

For more information, see Multi-server Management.

Network Audit

IPAM’s audit feature provides a centralized repository for all configuration changes performed on DHCP servers and the IPAM server, and for IP addresses issued on the network. IPAM audit tools enable you to view potential configuration problems on DHCP servers by actively tracking and reporting all administrative actions. Detailed IP address tracking data is also provided, including client IP addresses, client ID, host name, and user name. Advanced search capabilities enable you to selectively search for events and obtain results that associate user logons to specific devices and times.

Key features of network audit include the following.

  • Query the event catalog for DHCP configuration changes across multiple servers from a single console

  • Track users, devices, and IP addresses for specified intervals with advanced queries using DHCP lease logs and logon events from domain controllers and network policy servers

  • Track and report changes made to the IPAM server

  • Export audit findings and create reports

  • Quickly resolve configuration problems and track service level agreements

The following example shows how IPAM’s network audit feature enables you to track IP addresses on the network. In this example, details are displayed for a lease event in the contoso.com domain.

For more information, see IP Address Tracking and Operational Event Tracking.

Role-based access control

IPAM’s role-based access control feature enables you to customize the types of operations and access permissions for users and groups of users on specific objects in IPAM. Role based access control in Windows Server 2012 is less fine-grained than in Windows Server 2012 R2. See the following comparison.

Group

Windows Server 2012

Windows Server 2012 R2

Local IPAM security groups

IPAM Users

IPAM ASM Administrators

IPAM MSM Administrators

IPAM IP Audit Administrators

IPAM Administrators

IPAM Users

IPAM ASM Administrators

IPAM MSM Administrators

IPAM IP Audit Administrators

IPAM Administrators

Built-in IPAM role-based access groups

N/A

DNS Record Administrator

IP Address Record Administrator

IPAM Administrator

IPAM ASM Administrator

IPAM DHCP Administrator

IPAM DHCP Reservations Administrator

IPAM DHCP Scope Administrator

IPAM MSM Administrator

Custom IPAM role-based-access groups

N/A

Unlimited

See also

IPAM Terminology

Getting Started with IPAM

IPAM Deployment Planning

IPAM Architecture