Understanding IP Address Management (IPAM)
What Is IPAM?
IP Address Management, or IPAM, according to Wikipedia.org, “a means of planning, tracking, and managing the Internet Protocol address space used in a network.” Every network today uses IP addressing – from the largest enterprises, to the SMB, and, smallest home network. Your phone, DVR, and even home appliances (in some cases) have IP addresses on them. Today, more than ever, IP addresses must have that planning, tracking, and management that makes IPAM provides.
Not every company needs IPAM or has a dedicated software application to perform IP address management. For many companies, they get by without IP address management. Instead, they create complex IP addressing convention, word docs or spreadsheets in order to track IP addresses and prevent duplicate IP addresses.
IP address conflicts (aka duplicate IP addresses in use on the network) are one of the most devastating issues that can happen on an enterprise network. Let’s think about it for a minute…
Everything today depends on the network. Here are some examples of problems you could run into without IPAM in place:
- Massive server outage - Your servers talk to the SAN using iSCSI, for example. You may have all your servers in a medium size datacenter talking to a single SAN array on one primary IP address. What if that IP address suddenly became in use by a newly configured desktop PC that was misconfigured with a conflicting IP address by a junior administrator? An IP address conflict (depending on what device it was conflicting on and if it was on the same VLAN) could cause massive server outages.
- Mass confusion and productivity loss – let’s say that you had an IP address conflict between just two devices. The devices may or may not be important (such as your own laptop or the CEO’s laptop), they are certainly less important than the SAN array. However, even though the entire datacenter isn’t down, you (and your coworkers) may still spend hours trying to troubleshoot an IP address conflict.
- Delays in deployment – when rolling out new servers or desktops (really any device in the infrastructure), you’ll need to assign one or multiple IP addresses to complete the job. You can’t just randomly pick an IP address or else you stand a good chance of having an IP address conflict. Too many times, an admin simply pings a random IP address to see if it is use and uses it. Likely, it’s later (and unexpected) when a device with that IP address comes online (maybe it was in a DHCP pool) and causes an IP address conflict.
Can you get by without IPAM?
You may be wondering, “If horrible things will happen without IPAM, how is it that I lived so long without it”? I can tell you that I ran an enterprise network with over 1000 devices and never had a real IPAM solution. Instead, we had spreadsheets and were able to “get by”. However, it did happen more than once that we experienced an IP address conflict. It also happened multiple times per week where we had to walk around or email everyone in the infrastructure group, asking what IP addresses were available or if we could use a particular IP address. After some time and effort, the resulting answer was usually “no one says that that particular IP isn’t available so.. most likely … it is.”. With millions of dollars of revenue counting on a strong IP infrastructure and applications, that “most likely” answer is not one that you want to hear. Instead, you want to be sure that you won’t have IP address conflict and that when you need to find a new static IP, you know exactly what is or is not available.
Examples of IPAM Solutions
With all this talk about what IPAM is and how it helps, what about IPAM solutions. Who offers one, what is required, and how are they priced?
Here is a list of the ones that I found with some research:
- Solarwinds IP address manager (IPAM)
- BlueCat Address Manager
- InfoBlox IP address manager
- Opensource – the NOC project – which does IP address management, among other things
- BT Diamond IP address management
- Efficient IP Smart DDI IP address manager
- Crypton Easy IP address management
- Windows Server 2012 R2 IP address management
With so many solutions out there, it can be tough to try to choose just one. What most people don’t know is that since it’s release, Windows Server 2012 has included an IP address manager (or IPAM). With the latest edition of Windows – Server 2012 R2 – offering a number of enhancements to the IP address manager, there is a lot of excitement around this included feature (caveat is below).
In fact, let’s talk about Windows 2012 and IPAM…
What does Windows Server 2012 IPAM offer you?
Similar to other IPAM solutions, the practical applications for Windows 2012 IPAM are:
- Planning IP address allocations and network device inventory
- Managing IP addresses across the entire infrastructure including DHCP scope capacity management
- Tracking and forecasting IP address usage
- Auditing allows you to report on IP address usage and changes so that you can monitor change, ensure compliance, and have the necessary information available for network security forensics
Figure 1: Windows 2012 IPAM
Once you have Windows Server 2012 IPAM in place, you’ll be able to automatically discover your existing IP infrastructure. From there, you can further plan, analyze, and report on your IP infrastructure. It offers auditing of any IP changes, as they happen and tracks who uses what IP address, over time. Finally, with IPAM, you’ll be able to monitor and manage the Windows DHCP and DNS infrastructure, from the same console.
Before considering Windows Server 2012 IPAM, you should know about the following requirements:
- A single IPAM server supports up to 150 DHCP servers and 500 DNS servers as well as up to 40,000 DHCP scopes and 350 DNS zones.
- IPAM is built into Window Server and must be installed on a member server (it cannot be installed on a Windows domain controller0
- No external database support is available
- Can store up to 3 years of forensics data
But the most crucial thing about Windows Server 2012 IPAM to differentiate it from the competition is that, by default, it only supports Microsoft devices. That’s right, it won’t inventory or support any devices except Windows servers and Windows workstations. However, you can use PowerShell to import IP addresses from non-Microsoft devices that you want added to the IPAM database.
Still, if your network is primarily a Windows network than using Windows Server as your IPAM, at no additional cost, may be a much-preferred solution over paying for a costly third-party alternative.
Interested in getting started with Microsoft Windows IPAM today? Here are some great resources from Microsoft.com-
- What’s New in IPAM with Windows Server 2012 R2
- IPAM Planning and Design Guide
- IPAM Deployment Guide
- IPAM Operations Guide
- Walkthrough demonstration: Windows Server 2012 IPAM
- Walkthrough demonstration: Windows Server 2012 R2 IPAM
I am looking forward to trying the new features in Windows Server 2012 R2 IPAM. Those features include:
- New role based access control
- New virtual address space management
- Improved DHCP server management
- New external database support
- New upgrade and migration support
- Improved Powershell support
Stay tuned for more information on Windows IPAM!