Reduce cost and increase flexibility with Windows Server 2016 DDI

Download Report

Transcript Reduce cost and increase flexibility with Windows Server 2016 DDI 

Network services management of Cloud Datacenter
•
Unified IP
address
management
•
•
•
Tracking activity of IP
address/user/mc
IP utilization & trend
Audit config
Network audit
& visibility
WS 2016
•
Network
services
management
Disaster recovery
Multiple instance deployment
SQL database
Extensive PS support
Cross AD support
Scale,
robustness &
automation
•
•
•
IPAM
•
•
•
•
•
IP addressing management of physical
and virtual networks (SCVMM integration)
Integrated IP addressing, DNS and DHCP
management
Delegated
administration
Automatic server discovery
Single console DHCP and DNS
management across datacenters
Management of granular DNS properties
• Granular RBAC to manage IP address space,
DHCP & DNS
• Delegated administration within and across
datacenters
• PowerShell support
Scale,
robustness &
automation
Unified IP
address space
mgmt. (physical
& virtual)
Integrated
DDI mgmt.
Network
audit &
visibility
(native & 3rd
party)
Granular
RBAC &
delegation
IPAM SERVER
DC
NPS
DC
VMM
DC
NPS
NPS
VMM
DHCP
DNS
DHCP
DNS
DNS
DHCP
DNSServerConfiguration)
Note:
* - Host A or AAAA, CNAME, MX, AFS Database, ATM Address, DHCID, DNAME, Host Information, ISDN, Pointer, Responsible person, Route Through, Service Location, Text, Well Known Services,
X.25, Name Servers, WINS, WINS-R and SOA
** - Domain-joined DNS servers they can be file-based or AD integrated
Find free IP
range/subnet
•
find-IpamFreeRange
• New cmdlet to find one or more free IP ranges from an IP subnet based on
number of free IP addresses
•
find-IpamFreeSubnet
• New cmdlet to find one or more free IP subnets from an IP block based on
subnet size requirement
•
Introducing Get cmdlets to retrieve DNS and DHCP objects like zones, resource
records, conditional forwarders, scopes and Super scopes.
•
Introduced cmdlet to set access scope to the ASM, DNS and DHCP objects.
RBAC
Windows DDI @ SPAR Austria
SPAR
Microsoft IPAM solution benefits
Complexity
reduction
Evolving to meet
demand
•
>50 DNS servers, >250 DHCP servers  7 DNS servers, 7 DHCP servers
Mixture of Microsoft, Linux, Cisco and Infoblox products  Microsoft
IP address management with spreadsheets and an in-house web application
 Microsoft IPAM
Various management consoles  one console and simple UI
•
•
•
Digitalization and IoT make it necessary to automate as much as possible
Speed is crucial when opening new stores
Need for solutions which perfectly support our digital transformation strategy
•
•
•
SPAR
Microsoft IPAM solution benefits
Cost saving
Paving the way
for the future
Customer story
•
•
Operations teams saving up to 10 days’ work per month
Avoiding the cost of separate 3rd party solutions reduces capital expenses
•
Enable administrators to perform their tasks: around 60 administrators got access
to Microsoft IPAM by leveraging RBAC functionalities
New DNS management features in IPAM 2016 will further increase the solutions
value
•
•
https://customers.microsoft.com/Pages/CustomerStory.aspx?recid=29708
Location aware responses
Traffic
Management
High
Availability
Time of day
Improve availability of
critical applications by
failover policies
Application Load Balancing
based on the performance
Load of host
Balancing
Time of day based policies
Split Brain DNS &
Selective Recursion
Split Brain
Query Filters
Filters
DNS Policy – new construct in Windows DNS to control DNS query processing
Any combination of Client Subnet, Server Interface IP, FQDN, Internet protocol
(IPv4/v6), Transport Protocol (UDP/TCP), Time Of Day, Query Type
Criteria
If policy matches what action to take : ALLOW, DENY, IGNORE
Action
If Action is allow, what data to respond with and in what ratio.
Content
North
America
www 182.0.0.1
Europe
Asia
Default
www 151.0.0.1
www 163.0.0.1
www 200.0.0.1
Dublin
Seattle
Chicago
Resolve
contoso.com
ZoneScope Seattle
contoso.com = 182.0.0.1
Amsterdam
Resolve
contoso.com
Delhi
Resolve
contoso.com
ZoneScope Chicago
contoso.com = 192.0.0.1
ZoneScope Dublin
contoso.com = 151.1.0.1
ZoneScope Amsterdam
contoso.com = 141.1.0.1
DNS
Server
balance between Seattle
and Chicago
servers for requests
from
U.S.
in ratio
2:1
1LoadAmericaLBPolicy
clientSubnet
EQ AmericaSubnet
Allow,
Use
Seattle
or Chicago
ZoneScope in ratio 2:1
Zone “contoso.com”
balance between Dublin
& Amsterdam
servers for requests
inAmsterdam
ratio 2:1 ZoneScope in ratio 2:1
2LoadEuropeLBPolicy
clientSubnet
EQ EuropeSubnet
Allow,from
Use Europe
Dublin or
balance across all servers
for requests from rest of world
in ratio
3LoadWorldWideLBPolicy
*
Allow,
Use 1:1:1:1
All ZoneScopes in ratio 1:1:1:1
What?
What
changed?
-Zone
-Server
-Record
Who?
Who
changed?
-DC admin
-Tenant admin
When?
-For
Reporting
-Audit Trails
-diagnostics
Real Time Query
Logs
• All queries and responses
• Name
resolution,
Dynamic
Updates and Zone transfers
• Formatted logs based on ETW
framework
Minimal
performance impact
• Less than 3% perf impact on full
fledged logging
• Can be enabled on production
servers
Diagnostics and
Analytics
• Source and destination info
• Failure reasons
• Failure frequency
• Query trends
•
•
•
•
•
•
•
•
•
•
Name resolution performance of Windows
DNS server 2012 R2
DNS server startup time improvements in
Windows Server 2012 R2
Response Rate Limiting
In Summary…what’s new in DNS in WS 2016
• DNS Policies
• Response Rate Limiting
• Support for DANE (RFC 6698)
• TLSA record type
• Unknown Record (RFC 3597)
• IPv6 root hints
Partnerships with leading
firewall, router, DNS
server, switches and load
balancer vendors
Seasoned team with deep
security expertise and DNS,
including inventor of DNS
Funded by original investors in
Google
Turn your DNS Server into a DNS
Firewall
•
•
•
Automated, continuous delivery of
threat intelligence
Interdict communications with threat
actors to monitor/log, redirect or block
Visibility into affected machines for
quick remediation
Use Cases:
• Healthcare
• Higher education
• Critical infrastructure
• Add a Device at ThreatSTOP.com
• Run Setup on Windows Server 2016
• Customize your Security Policy
• View Powerful Web Reporting
• Investigate Using Advanced Research Tools
DNS Features
•
•
•
•
•
•
•
Top queried internal and external domain names
Dynamic DNS update statistics
DNS stale entry identification
Configuration change audit
Query load
Identify chatty clients
Report of Malware infected devices
DHCP Features
•
•
•
•
•
DHCP Scope Utilization
DHCP vendor class distribution
Configuration change audit
Log audit
DHCP performance statistics
28
29
30
31
32
33
34
www.microsoft.com/itprocareercenter
www.microsoft.com/itprocloudessentials
www.microsoft.com/mechanics
https://techcommunity.microsoft.com
http://myignite.microsoft.com
https://aka.ms/ignite.mobileapp
SPAR Austria
•
•
•
•
European Retail Leader
3000 stores across 5 countries
Austria, Italy, Hungary, Croatia, Slovenia
Rapid expansion of stores across Europe
DDI @ SPAR
•
•
•
•
•
50 DNS Servers
160 DNS Zones
70,000 DNS records
250 DHCP servers
150,000 IP addresses
Gains from Windows DDI @ SPAR
•
•
•
•
Simple and intuitive user interface for IPAM
10 days of work per month saved for Ops team
Build automation using PowerShell
Able to delegate specific permissions for differing
administrative needs
• Cut down on licensing costs