How to configure Gateway in Windows Server 2008

how to set default gateway windows server 2012 and ipam windows server 2012 step by step and windows server 2012 r2 ipam/dhcp integration module
TristaMitashi Profile Pic
TristaMitashi,Jordan,Researcher
Published Date:19-08-2017
Your Website URL(Optional)
Comment
IP Address Management Integration with VMM for Hyper-V Network Virtualization In this chapter, we will cover the following recipes: f Installing IPAM in Windows Server 2012 R2 f Integrating IPAM into VMM f Using IPAM data for reporting Introduction IP Address Management (IPAM) was introduced as a feature of Windows Server in Windows Server 2012. Microsoft defines IPAM as follows ( http://technet.microsoft.com/en- gb/library/hh831353.aspx): "…an integrated suite of tools to enable end-to-end planning, deploying, managing and monitoring of your IP address infrastructure, with a rich user experience. IPAM automatically discovers IP address infrastructure servers on your network and enables you to manage them from a central interface."IP Address Management Integration with VMM for Hyper-V Network Virtualization In Windows Server 2012, IPAM could only integrate with the following: f Microsoft Windows DHCP Servers f Microsoft Windows DNS Servers f Microsoft Windows Network Policy Servers f Active Directory Domain Controllers The minimum version of Windows Server that IPAM will communicate with is Windows Server 2008. With the introduction of Windows Server 2012 R2, IPAM is able to communicate with System Center 2012 R2 Virtual Machine Manager so that IT administrators can get a complete view of their IP address estate. The integration with VMM covers any and all IP addresses that VMM can issue—for traditional VLAN-based IP networks as well as for Hyper-V Network Virtualization based networks. By integrating with IPAM you will be able to get a complete solution for managing and monitoring IP addresses in your IT infrastructure. Installing IPAM in Windows Server 2012 R2 f This will be a single server installation of IPAM to allow you to understand the potential capabilities of the feature and what you can do with it. Getting ready For this recipe, the following setup is required: f A Virtual Machine running Windows Server 2012 R2 Standard or higher with a GUI f A new instance of SQL Server for the IPAM database (alternatively, you can use the Windows Internal Database) Visithttp://technet.microsoft.com/en-us/library/dn758115.aspx for more details. 124Chapter 4 How to do it… The following diagram shows you the high-level steps involved in this recipe: 1. Launch an elevated PowerShell console on the new server. In this recipe, the server will be DEMO-IPAM01. 2. Enter the following PowerShell command: Install-WindowsFeature –Name IPAM -IncludeManagementTools 3. Open Server Manager and click on IPAM. You will see the following screen: 125IP Address Management Integration with VMM for Hyper-V Network Virtualization 4. You will see that you are connected to the local IPAM server and that it is yet to be configured. 5. In the QUICK START section, click on Provision the IPAM Server. 6. Read the information on the first page of the wizard. Click on Next. 7. Enter the appropriate SQL Server information (or if using the Windows Internal Database, select where you would like the database to be stored). Click on Next. 8. Enter the appropriate database credentials for your database. Click on Next. 9. For the provisioning method, select Group Policy Based and enter an appropriate prefix; in this case, it is DEMO. Click on Next. 10. Review the summary information. Click on Apply. 11. Click on Close. 12. The IPAM console will show several more options, as shown in the following screenshot: 126Chapter 4 13. The next stage is to configure server discovery. Server discovery defines the domains and functions that the IPAM server will monitor and manage. In the QUICK START section, click on Configure server discovery . 14. Click on Add to select the required domain. Click on OK. 127IP Address Management Integration with VMM for Hyper-V Network Virtualization 15. In the QUICK START section, click on Start server discovery. You will see a progress bar across the top of the QUICK START section. 16. Once the task is complete, click on Select or add servers to manage and verify IPAM access. 17. Right-click on the desired server and click on Edit Server. In the next window, ensure the appropriate options are selected. Click on OK. 18. You will receive the following error message: 128Chapter 4 19. Open an elevated PowerShell console, ensure that you have the permissions to create Group Policy Objects, and link them to the root of the domain and run the following PowerShell (all on one line, and substitute the correct domain name, GPO prefix, IPAM server FQDN, and Domain Controller FQDN for yours): Invoke-IpamGpoProvisioning -Domain ad.demo.com - GpoPrefixName DEMO -IpamServerFqdn DEMO- IPAM01.ad.demo.com -DomainController DEMO- DC01.ad.demo.com 20. After the GPOs are created, you will need to amend the security filtering on the GPOs to ensure they apply to the correct servers only. 21. Perform a Group Policy Update on the affected servers. 22. You will then need to add the IPAM server to the Event Log Readers AD group. This server is located in the Builtin container within Active Directory. This is because the IPAM server needs to read logs from Domain Controllers. Execute the following PowerShell on a Domain Controller: Set-ADGroup –Add:'Member'=" CN=DEMO- IPAM01,OU=Servers,OU=DemoEnv,DC=ad,DC=demo,DC=com" – Identity:"CN=Event Log Readers,CN=Builtin,DC=ad,DC=demo,DC=com" 23. On the IPAM server, right-click on the server you want and click on Refresh Server Access Status. 24. The status should then be Unblocked. 25. Right-click on the same server and click on Retrieve All Server Data. This concludes the installation and basic configuration of the IPAM feature. How it works… IPAM collects information from all of the Domain Controllers, DNS, and DHCP servers within the specified domain. The Group Policy Objects created by using the Invoke- IpamGpoProvisioning cmdlet ensures that the IPAM server has the correct firewall access to the appropriate servers and ensures that the required scheduled tasks are created on the relevant servers. The information collected by IPAM is stored in its database. IPAM then uses this data to visualize data to the IPAM administrators. 129IP Address Management Integration with VMM for Hyper-V Network Virtualization Integrating IPAM into VMM IPAM is capable of monitoring the IP addresses spaces in VMM to show trend analysis on IP address usage within VMM Logical Network. It is also capable of monitoring physical networks to give you a holistic approach to IP address management. It can show you all the IP addresses that are currently in use across your network in both the physical and virtual environments. Getting ready For this recipe, you will require the IPAM server to be installed (this was discussed in the previous recipe). Additionally, you will need a Run As account created in VMM that has the following permissions on the IPAM server: f IPAM ASM Administrators: This is a local group that exists on all IPAM servers and provides permissions for IP address space management (ASM) f Remote Management Users: This is a built-in group that provides access to WMI resources through management protocols, such as WS-Management through the Windows Remote Management service In this case, a new user called SVC_VMMIpam was created in thead.demo.com domain and manually added to the two groups above on the IPAM server. This account was added to VMM as a new Run As account called VMM-IPAM. How to do it… The following diagram shows you the high-level steps involved in this recipe: 1. In the VMM Console, navigate to Fabric Networking Network Service. Right-click on Network Service and click on Add Network Service. 2. Enter a name for this connection; in this case, it isDEMO-IPAM01. Click on Next. 130Chapter 4 3. On the Manufacturer and Model page, select Microsoft as Manufacturer and Microsoft Windows Server IP Address Management as Model, as shown in the following screenshot. Click on Next. 4. Select the Run As account you created earlier; in this case, VMM-IPAM. Click on Next. 5. Enter the FQDN of the IPAM server; in this case,DEMO-IPAM01.ad.demo.com. Click on Next. 6. Ensure the Configuration provider field is set to Microsoft IP Address Management Provider and click on Test. If the test comes back successful, click on Next. If any of the tests fails, please ensure the Run As account in VMM has been added to the two groups detailed in the Getting ready section for this recipe. 7. Select the Host Groups you want to apply this connection to; in this case, All Hosts. Click on Next. 8. Review the summary and click on Finish. 9. You should now have two Network Services listed in VMM, the first being the HNVGateway1 service added in the previous chapter and the second being the new IPAM service (DEMO-IPAM01), as shown in the following screenshot: 10. On the IPAM server, in this case DEMO-IPAM01, open Server Manager. 131IP Address Management Integration with VMM for Hyper-V Network Virtualization 11. Navigate to the IPAM section. Click on VIRTUALIZED IP ADDRESS SPACE. The following table can help you interpret some of the information that you see on the IPAM server (http://technet.microsoft.com/en-gb/library/dn249418.aspx): VMM name IPAM name Logical network VIRTUALIZED IP ADDRESS SPACE Provider IP Address Space: VMM Logical Network column Network site VIRTUALIZED IP ADDRESS SPACE Provider IP Address Space: Network Site column IP address subnet IP Address Subnet (same name in IPAM as in VMM) IP address pool IP Address Range VM network VIRTUALIZED IP ADDRESS SPACE Customer IP Address Space: VM Network column How it works… IPAM and VMM have bidirectional communication through the use of the configured Run As account; in this case, VMM-IPAM. By adding the IPAM server to VMM, it is possible to monitor and even congure fi logical networks, their network sites, and IP pools. By integrating IPAM with VMM, you will be able to monitor all networks—both physical and software defined—within your organization. Tenants, such as Tenant A and Tenant B, should not use IPAM to configure their networks and must use VMM. Using IPAM data for reporting IPAM has a wealth of information for managing and monitoring your IP address space. Many basic pieces of information can be seen in the IPAM client interface; however, it is also possible to export data from IPAM in CSV format. 132Chapter 4 Getting ready It is advisable to create several new VMs in VMM for each Tenant VM Network to establish some trend data. You will need access to a Windows PC with Microsoft Excel 2013 installed to utilize the information exported in CSV format. How to do it… The following diagram shows you the high-level steps involved in this recipe: 1. Open the IPAM client on the IPAM server and navigate to VIRTUALIZED IP ADDRESS SPACE, as shown in the following screenshot: 133IP Address Management Integration with VMM for Hyper-V Network Virtualization 2. Selecting the subnet for the VM Network for Tenant A, you will see a variety of information in the details view beneath: 3. It is possible to see the details that were entered in VMM; however, IPAM will show you the utilization status of the subnet in terms of the actual number of IP addresses used and that number expressed as a percentage of the overall number of addresses. 4. Click on the Utilization Trend tab. 134Chapter 4 5. Select a range to view the trend analysis for, as shown in the following screenshot: 6. This will show you how the usage of IP addresses within the VM Network has been trending. 7. Above the details view, where the subnets are listed, click on TASKS on the top right-hand corner and click on Export. 135IP Address Management Integration with VMM for Hyper-V Network Virtualization 8. Select the location to save the CSV and enter a file name. Click on Save. 9. Copy the CSV file to the PC where you have Microsoft Excel 2013 installed. 10. Open the CSV file in Excel. 11. You will see that all of the data shown in the details view is on the same line as the subnet. 12. Select the following columns: ‰ C: Network ‰ K: Provider IP Address Space ‰ O: Percentage Utilized ‰ P: Assigned Addresses ‰ Q: Utilized Addresses 13. Copy these columns to a new worksheet in Excel. 14. Clean up the Provider IP Address Space columns. In this example, each value had the_address_space information removed from the end and the two Tenant networks were named correctly, as shown in the following screenshot: 15. Click on the Insert tab on the ribbon bar. 16. Click on Recommended Charts. 17. Excel will show you a variety of charts it can create based on the data presented on the worksheet. 136Chapter 4 18. For this example, select 100% Stacked Bar. Click on OK. 137IP Address Management Integration with VMM for Hyper-V Network Virtualization 19. This will insert a chart object into your Excel worksheet. 20. This chart can then be altered as required within Excel and utilized in other applications as required. This can include colors, width, height, and so on. How it works… As IPAM has all of the available data from VMM, it can be used to monitor IP address usage in VMM defined networks. It is possible to use PowerShell to export the data from IPAM. Excel is capable of providing rich data visualizations and can give you the ability to slice data as appropriate. This can lead to high-quality management information reporting. 138 Windows Server Gateway Configuration In this chapter, we will cover the following recipes: f Network Address Translation (NAT) with the gateway f Direct Routing and how it is different from NAT Introduction Windows Server 2012 R2 includes an inbox gateway solution for Hyper-V Network Virtualization (HNV) within the Routing and Remote Access server role. As HNV uses the NVGRE protocol, a gateway server must be able to understand the protocol and undertake the required functions. If a gateway is configured to use Network Address Translation (NAT), it will mask the internal HNV network behind the NAT interface. If a gateway is configured for Direct Routing, then it will perform the decapsulation of network packets leaving an HNV network and also the encapsulation of data entering an HNV network. Network Address Translation with the gateway In Chapter 3, Creating the Gateway for Virtual Machine Communications, you created a Windows Server Gateway so that VMs could access resources outside of the VM Network they resided upon. This access was only one way: outbound; this recipe will show you how to create inbound NAT rules on the gateway to allow access to your VM's resources. A typical use case of this would be to host a website behind a public IP address.Windows Server Gateway Conguration fi In this recipe, you will create a simple web server and publish it using NAT rules on the Windows Server Gateway. Getting ready For this recipe, you will need access to a computer that is outside of the VM Networks created so far, but it can access the IP range you used for the external network. How to do it… The following diagram shows you the high-level steps involved in this recipe: Now, perform the following steps: 1. Start a Tenant A VM on your Hyper-V cluster; in this case, Tenant A – VM 10. 2. Once the VM has started, log on to the VM using an administrative account. 140Chapter 5 3. Open an elevated PowerShell window and enter the following PowerShell and press Enter: Install-WindowsFeature Web-Server,Web-WebServer,Web-Common- Http,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web- Static-Content,Web-Health,Web-Http-Logging,Web- Performance,Web-Stat-Compression,Web-Security,Web- Filtering,Web-Mgmt-Tools,Web-Mgmt-Console 4. This will then install IIS with the required features for this recipe, as shown in the following screenshot: 5. Once IIS is complete, open Internet Explorer and go to the URLhttp://localhost. You will be greeted with the default IIS page. 6. Open an elevated Notepad window. 7. Enter the following HTML code between thebody and/body tags. Please enter some text of your choosing. Make a note of the text you have entered. Some example code is as follows: HTML HEAD TITLEHNV Testing/TITLE HEAD BODY h1Software Defined Networking Rocks/h1 pThis is some test text for the Hyper-V Network Virtualization Cookbook/p /BODY /HMTL 141Windows Server Gateway Conguration fi 8. Save this file as HNV.htm inC:\InetPub\wwwroot, as shown in the following screenshot: 142