A Workgroup Model Is Recommended For Networks Of What Size?
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical back up.
IPAM Deployment Planning
Applies To: Windows Server 2012 R2, Windows Server 2012
IPAM is an agentless multi-server, multi-service management feature that leverages standard Windows remote management protocols to manage, monitor and collect data from IP accost infrastructure servers. IPAM relies on a host of remote management technologies to provide total functionality. Communication with multiple network elements throughout the enterprise is required for data gathering and configuration management. Depending on the telescopic of managed elements, this communication may demand to traverse multiple security boundaries or domains.
Note
IPAM must exist installed on a domain member computer. You cannot install IPAM on a domain controller. If IPAM is installed on the same server with DHCP, then DHCP server discovery volition be disabled.
An IPAM server provides support for a single Agile Directory forest. Multi-woods topologies are not supported. Multiple IPAM servers can support a unmarried domain, or a single IPAM server can support all domains in an Active Directory forest.
In this topic
-
Deployment topologies
-
Hardware and software requirements
-
IPAM specifications
-
Capacity planning
Deployment topologies
IPAM supports the following topologies for deployment in the enterprise:
-
Distributed: An IPAM server deployed at every site in the enterprise.
-
Centralized: One IPAM server in the enterprise.
-
Hybrid: A central IPAM server deployed with defended IPAM servers at each site.
The post-obit diagram illustrates an example of the hybrid deployment model.
There is no automatic built-in communication or database sharing between different IPAM servers. If multiple IPAM servers are deployed, yous can customize the telescopic of discovery for each IPAM server, or filter the list of managed servers.
If desired, yous can leverage consign and import functions in Windows PowerShell for IPAM to periodically update IP address range and address information between multiple IPAM servers.
Y'all tin also customize the role of different IPAM servers that are deployed. For example, a single IPAM server might be implemented to manage IP addressing for the entire enterprise. A different IPAM server might exist used to monitor DNS zone health or configure DHCP scopes. Alternatively, you can limit the discovery and management scope to create a defended IPAM server that volition perform all functions but only for a specific group of managed servers. The telescopic of direction assigned to an IPAM server is flexible and can exist updated if the demand arises by adding or removing managed servers and domains.
Hardware and software requirements
IPAM Server must be installed on a figurer running Windows Server® 2012 or a later operating organization. IPAM Client must be installed on a computer running Windows Server 2012, Windows® 8, or a later operating system. To install IPAM Client on a reckoner running a client operating system, y'all must commencement install the Remote Server Administration Tools (RSAT). Each customer operating system has its ain version of RSAT, for instance:
-
Remote Server Administration Tools (RSAT) for Windows 8 are required to manage Windows Server 2012.
-
Remote Server Administration Tools (RSAT) for Windows 8.i are required to manage Windows Server 2012 R2.
Active Directory: An IPAM server must be joined to a domain equally a domain member server. Installation in a workgroup environs is not supported, and installation on a domain controller is not supported.
Network: An IPAM server requires a functional networking environment that includes IPv4 and IPv6 network connectivity to integrate with existing network services in the Agile Directory forest. Server discovery requires that network settings on the IPAM server be configured to provide admission to at least one domain controller and authoritative DNS server. Discovery of IPv6 address space requires that IPv6 is enabled on the IPAM server. The IPAM server must also have network connectivity to all servers that are marked as managed in the server inventory.
Other roles or features: An IPAM server is intended every bit a single-purpose server. Information technology is not recommended to collocate other network infrastructure roles such equally DNS or DHCP on the aforementioned server. IPAM installation is not supported on a domain controller, and discovery of DHCP servers will be disabled if you lot install IPAM on a server that is likewise running the DHCP Server service. The post-obit features and tools are automatically installed when you install IPAM Server.
Feature or Tool | Clarification |
---|---|
Remote Server Administration Tools | DHCP and DNS Server Tools and IP Address Management (IPAM) Client provides for remotely managing DHCP, DNS and IPAM servers. |
Windows Internal Database | Windows Internal Database is a relational information store that can be used only by Windows roles and features. |
Windows Process Activation Service | Windows Procedure Activation Service generalizes the IIS procedure model, removing the dependency on HTTP. |
Grouping Policy Direction | Group Policy Management is a scriptable Microsoft Management Console (MMC), providing a single administrative tool for managing Grouping Policy. |
.Internet Framework four.5 Features | .Cyberspace Framework iv.five provides a programming model for edifice and running applications designed for several unlike platforms. |
The post-obit are the minimum and recommended hardware requirements for IPAM Server.
Component | Requirement |
---|---|
Processor | Minimum: 1.four GHz (x64 processor) Recommended: quad-core, 2.66 GHz or faster |
Memory | Minimum: 2 GB RAM Recommended: 4 GB RAM or greater |
Disk Space | Minimum: ten GB Recommended: lxxx GB or greater* |
*****Use a fast storage device to host the IPAM database (on the root drive) to significantly improve IPAM performance.
Bodily hardware requirements will vary based on the number of managed servers that are monitored and managed by the IPAM server.
IPAM specifications
IPAM Server has the following specifications:
-
The telescopic of IPAM server discovery is limited to a unmarried Active Directory wood. The forest itself may be comprised of a mix of trusted and untrusted domains.
-
IPAM supports merely Microsoft domain controllers, DHCP, DNS, and NPS servers running Windows Server® 2008 and to a higher place.
-
DHCP operational result auditing is supported for DHCP servers running Windows Server® 2008 R2 and above.
-
IPAM installation on a DHCP server is not recommended. The IPAM server discovery characteristic will not be able to observe DHCP roles if DHCP Server is installed on the aforementioned reckoner.
-
IPAM supports merely domain joined DHCP, DNS and NPS servers in a single Active Directory forest.
-
IPAM does not support management and configuration of non-Microsoft network elements.
-
IPAM does not support external databases. Only a Windows Internal Database is supported.
-
A single IPAM server can support up to 150 DHCP servers and 500 DNS servers.
-
A single IPAM server has been tested to back up up to 6000 DHCP scopes and 150 DNS zones.
-
IPAM stores 3 years of forensics data (IP address leases, host MAC addresses, user login/logoff information) for 100,000 users in a Windows Internal Database. There is no database purge policy provided, and the administrator must purge data manually as needed.
-
IP address utilization trends are provided only for IPv4.
-
IP address reclaiming support is provided only for IPv4.
-
No special processing is done for IPv6 stateless address auto configuration individual extensions.
-
No special processing for virtualization technology or virtual car migration.
-
IPAM does not check for IP address consistency with routers and switches.
-
IPAM does non support auditing of IPv6 stateless accost car configuration on an unmanaged car to runway the user.
-
IPAM users must be logged in using domain credentials. Practice not log sign in to the IPAM server using the local Administrator account or another local user business relationship on the IPAM server.
-
If y'all are accessing the IPAM server from a remote IPAM client, you must be a member of the WinRMRemoteWMIUsers grouping on the IPAM server, in addition to being a member of the appropriate local IPAM security group.
-
If the Grouping Policy based provisioning method is used, users must accept domain ambassador privileges to mark servers as managed or unmanaged in the server inventory.
Capacity planning
When planning disk space requirements and determining the number of IPAM servers to use on your network, consider the following questions:
-
How many IP address ranges volition be managed by IPAM?
-
How many DHCP-enabled devices are connected to the network?
If the number of IP address ranges that you lot plan to manage with IPAM is less than 20,000 each for IPv4 and IPv6, you can deploy a unmarried IPAM server to manage your IP address space. This is bold a typical IP address range prefix is /24 for IPv4 and /64 for IPv6.
However, you might wish to deploy more than than i IPAM server to manage an expanding network. For example, if the organization has 30,000 IP address ranges and is increasing in size, y'all should deploy at to the lowest degree two IPAM servers. Y'all might also plan to deploy more than 1 IPAM server if you will assign specific roles to dissimilar servers or y'all volition deploy IPAM in a distributed or hybrid topology. For more information, see Program Your IPAM Deployment.
Planning disk chapters
IPAM uses several data drove tasks to gather data from managed servers. This data includes information such as DHCP scopes, DHCP scope utilization, DNS zones, DNS zone events, DHCP charter logs, IPAM and DHCP configuration events, and network authentication events. Data collection tasks run in groundwork and regularly update the local IPAM database, increasing its size. The IPAM database is located on the system root drive (the operating organization drive), therefore it is important to ensure enough disk space is available on the system root bulldoze to adjust this data.
Note
For purposes of planning deejay capacity, a system lifetime of 5 years is assumed.
Disk space requirements for the IPAM database can be evaluated based on three categories of stored information:
-
Base database size: This is the disk space required to hold IP address blocks, IP address ranges, IP address records, custom fields, DHCP configuration information, DHCP scopes, and other static managed server information. This blazon of data doesn't increase over time; it grows but when more records are created in IPAM by administrators or if new managed servers are added. Yous should classify 1.0 GB of free infinite on the root drive to accommodate this data.
-
Utilization data: IPAM keeps a rails of utilization for IP address blocks, IP address ranges and DHCP scopes by periodically sampling and storing utilization statistics for these items. Each sample is stored in the local IPAM database to enable graphical display of utilization trends. The amount of data collected and stored depends on the number of IP accost ranges in the arrangement. Monthly usage is near 1.0 GB of information for every 10,000 IP address ranges. There is no simple method for immigration or purging utilization information from the organization. Therefore, you should plan disk space consumption for a menses of 5 years or the anticipated system lifetime. For example, if your IPAM server volition manage 2000 IP Address ranges for a period of 5 years, you must classify 1*v*12 = 60 GB of disk infinite on the system root bulldoze to arrange utilization data.
# of IP Address Ranges
Deejay Space Required
10,000 or less
1 GB / month
ten,001 to xx,000
2 GB / month
20,001 to twoscore,000
three GB / month
-
Outcome catalog data: IPAM collects DHCP charter logs, DHCP configuration events, IPAM configuration events, and hallmark events from all managed NPS servers and domain controllers. Depending on the size of your network, this data tin require several GB of disk space. The amount of disk space required for storing effect catalog data depends upon frequency at which these events occur on the network. To summate disk space requirements for event itemize data, you lot must approximate the number of events per month together with the length of time you lot wish to maintain these events in IPAM database. Approximately 0.6 GB of costless deejay space is required for ane million events.
For instance, on a network with 2500 users where each user has a laptop, a desktop, and a smart phone, you can allocate four IP addresses to each user: one IP address each for the desktop calculator, ane for the phone and two for the laptop (wired + wireless). This means y'all will have virtually 10,000 IP addresses to manage. Besides, assuming that a DHCP lease on wireless interfaces will be renewed every 8 hours and every 4 days on wired interfaces, you lot can expect three lease events per day (24/viii) for the wireless devices and one lease effect on a wired interface in 4 days. Over a period of four days you can judge a full of 2500*2*3*4 (wireless) + 2500*2*1*4 (wired) = 80,000 DHCP charter events corresponding to 80000*30/four =600000 DHCP lease events per month.
Similarly, if you accept 2500 users on the network, and expect each user to login, lock, and unlock their device 20 times per day, y'all can expect 2500*twenty*22 = 1100000 user authentication events per month (assuming 22 working days in month). This corresponds to 600000+1100000= 1700000 records per calendar month. To retain information initially for 6 months, and then purge three month one-time information on a quarterly basis, the disk must be able to store 1700000*6 = 10200000 records, corresponding to 0.6*10200000/1000000= half-dozen.12 GB of disk infinite.
Note
These calculations exercise not take into account DHCP and IPAM configuration change events, machine authentication events, and DHCP events such equally granting and expiration of leases. These events do not typically touch deejay infinite requirements. All the same, you lot tin can accept these events into consideration if required.
To calculate overall disk space requirements, use the post-obit formula:
Deejay infinite = Base database size + Utilization data + Event catalog data
In the example used previously, a network with 2500 users will crave 1 GB + 60 GB + 6.12 GB = 67.12 GP of free deejay infinite for the IPAM database, storing utilization data for 5 years.
System Size | Base Size | Utilization Data | Consequence Catalog Data | Full |
---|---|---|---|---|
25,000 users | 1 GB | 60 GB | 59 GB | 120 GB |
50,000 users | 1 GB | lx GB | 117 GB | 178 GB |
100,000 users | one GB | sixty GB | 234 GB | 295 GB |
Assumptions:
-
iv IP addresses are allocated per user.
-
All IP addresses are issued by managed DHCP servers. Half of the IP addresses are wireless with leases refreshing every viii hours; the other half are wired interfaces with leases refreshing every 4 days.
-
Each user generates 20 domain controller hallmark events and ane NPS hallmark event per working day.
-
Event catalog data is purged every three months. Information is initially collected for 6 months and and then three month old information is purged quarterly.
-
There is an average of 22 working days per month.
For data most purging event catalog data, run across Consequence Itemize.
Run into also
What is IPAM?
IPAM Terminology
Getting Started with IPAM
IPAM Compages
IPAM Fill-in and Restore
A Workgroup Model Is Recommended For Networks Of What Size?,
Source: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj878312%28v=ws.11%29
Posted by: christensendouner.blogspot.com
0 Response to "A Workgroup Model Is Recommended For Networks Of What Size?"
Post a Comment