Module 2: Managing and Monitoring Dynamic Host

Download Report

Transcript Module 2: Managing and Monitoring Dynamic Host

Module 3:
Managing and Monitoring
Dynamic Host Configuration
Protocol (DHCP)
Overview
Managing a DHCP Database
Monitoring DHCP
Applying Security Guidelines for DHCP
Lesson: Managing a DHCP Database
Overview of Managing DHCP
What Is a DHCP Database?
How a DHCP Database Is Backed Up and Restored
How To Back Up and Restore a DHCP Database
How a DHCP Database Is Reconciled
How To Reconcile a DHCP Database
Overview of Managing DHCP
The DHCP service needs to be managed to reflect
changes in the network and the DHCP server
Scenarios for managing DHCP:
Managing DHCP database growth
Protecting the DHCP database
Ensuring DHCP database consistency
Adding clients
Adding new network service servers
Adding new subnets
What Is a DHCP Database?
The DHCP database is a dynamic database that is updated
when DHCP clients are assigned or as they release their TCP/IP
address leases
The DHCP database contains DHCP configuration data,
such as information about scopes, reservations,
options, and leases
Windows Server 2003 stores the DHCP database in the
directory %Systemroot%\System32\Dhcp
The DHCP database files include:
 DHCP.mdb
 Tmp.edb
 J50.log and J50*.log
 Res*.log
 J50.chk
How a DHCP Database Is Backed Up and Restored
DHCP Server
Restore
Offline Storage
DHCP
Back up
DHCP
Restore
Back up
Inthe
If
The
the
DHCP
administrator
original
eventservice
that
database
the
moves
automatically
server
is aunable
hardware
copy backs
of
to the
load,
fails,
backed
upthe
theDHCP
DHCP
administrator
up DHCP
service
database
database
can
to
thean
automatically
to
restore
backup
offline
onlydirectory
storage
from
restores
thelocation
on
offline
from
the local
the
storage
backup
drive
location
directory on the local drive
How to Back Up and Restore a DHCP Database
Your instructor will demonstrate how to:
Apply guidelines when backing up and restoring a
DHCP database
Configure a DHCP database backup path
Manually back up a DHCP database to the backup
directory on a local drive
Manually restore a DHCP database from the backup
directory on a local drive
How a DHCP Database Is Reconciled
DHCP
Database
Detailed IP
address lease
information
Registry
Summary IP
address lease
information
Compares
information to find
inconsistencies
Reconciles
inconsistencies in
the DHCP database
DHCP Server
Example
Summary information
Client has IP address
192.168.1.34
Detailed information
Reconciled DHCP database
IP address 192.168.1.34
is available
Create an active lease entry
How to Reconcile a DHCP Database
Your instructor will demonstrate how to:
Prepare to reconcile a DHCP database
Reconcile all scopes in a DHCP database
Reconcile a scope in a DHCP database
Practice: Managing a DHCP Database
In this practice, you will manage a DHCP
database
Lesson: Monitoring DHCP
Overview of Monitoring DHCP
Multimedia: Creating a Performance Baseline (Optional)
What Are DHCP Statistics?
How to View DHCP Statistics
What Is a DHCP Audit Log File?
How DHCP Audit Logging Works
How to Monitor DHCP Server Performance by Using the DHCP Audit
Log
Guidelines for Monitoring DHCP Server Performance
Common Performance Counters for Monitoring DHCP Server
Performance
Guidelines for Creating Alerts for a DHCP Server
Overview of Monitoring DHCP
Why monitor DHCP?
The DHCP environment is dynamic
Increased DHCP server performance
Provides the ability to plan for current and future needs
DHCP data includes:
DHCP statistics
DHCP events
DHCP performance data
Multimedia: (Optional) Creating a Performance Baseline
The objective of this presentation is to
provide high-level steps for creating a
performance baseline
After this presentation, you will be able to:
 Explain the purpose of a performance
baseline
 Explain that a performance baseline is the
level of system performance that you find
acceptable
 Explain that server performance is critical
to efficient network operations
What Are DHCP Statistics?
DHCP Server
DHCP statistics represent statistics collected at either the server
level or scope level since the DHCP service was last started
How to View DHCP Statistics
Your instructor will demonstrate how to:
Enable DHCP statistics to automatically refresh
View DHCP server statistics
View DHCP scope statistics
What Is a DHCP Audit Log File?
A DHCP audit log is a log of service-related events, such as when: the
service starts and stops; authorizations have been verified; or IP addresses
are leased, renewed, released, or denied
How DHCP Audit Logging Works
Audit logging is the daily collection of DHCP server events
into log files.
DHCP server closes the
existing log and moves to
the log file for the next
day of the week
12:00 am
3. DHCP closes
daily audit log
DHCPSrvLog-Tue.Log
DHCP server writes a
header message in the
audit log, indicating
that logging has started
1. DHCP opens
daily audit log
2. DHCP performs
disk checks
DHCPSrvLog-Mon.Log
Disk checks ensure that both the ongoing
availability of server disk space and the current
audit log file do not become too large or grow
too rapidly
How to Monitor DHCP Server Performance by Using the
DHCP Audit Log
Your instructor will demonstrate how to:
Enable and configure DHCP audit logging
View the DHCP audit log
Guidelines for Monitoring DHCP Server Performance
Create a baseline of performance data on the DHCP
server
Check the standard counters for server performance,
such as processor utilization, paging, disk
performance, and network utilization
Review DHCP server counters to look for significant
drops or increases that indicate a change in DHCP
traffic
Common Performance Counters for Monitoring DHCP
Server Performance
Performance
counters
Packets
received/second
What to look for after a baseline is
established
Monitor for sudden increases or decreases which
could reflect problems on the network
Monitor for sudden increases or decreases which
Requests/second could reflect problems on the network
Active queue
length
Duplicates
dropped/second
Monitor for increases both sudden and gradual
which could reflect increased load or decreased
server capacity
Monitor for any activity which could indicate that
more than one request is being transmitted on
behalf of clients
Guidelines for Creating Alerts for a DHCP Server
Define the acceptable level that a DHCP counter can
rise above or fall below, before creating an alert
Use scripts with your alerts
Practice: Monitoring DHCP
In this practice, you will monitor DHCP
Lesson: Applying Security Guidelines for DHCP
Guidelines for Restricting an Unauthorized User from
Obtaining a Lease
Guidelines for Restricting an Unauthorized, nonMicrosoft DHCP Server from Leasing IP Addresses
Guidelines for Restricting Who Can Administer the
DHCP Service
Guidelines for Securing the DHCP Database
Guidelines for Restricting an Unauthorized User
from Obtaining a Lease
To restrict an unauthorized user from obtaining a
lease:
Ensure that unauthorized persons do not have physical
or wireless access to your network
Enable audit logging for every DHCP server on your
network
Regularly check and monitor audit log files
Use 802.1X-enabled LAN switches or wireless access
points to access the network
Guidelines for Restricting Unauthorized, Non-Microsoft
DHCP Servers from Leasing IP Addresses
To restrict an unauthorized, non-Microsoft DHCP server
from leasing IP addresses:
Ensure that unauthorized persons do not have physical
or wireless access to your network
Microsoft DHCP Server
Only DHCP servers running Windows 2000 or Windows Server
2003 can be authorized in Active Directory
Unauthorized, non-Microsoft DHCP Server
Non-Microsoft DHCP server software does not include the
authorization feature that is included in Windows 2000 and
Windows Server 2003
Guidelines for Restricting Who Can Administer the
DHCP Service
To restrict who can administer the DHCP service:
Restrict the membership of the DHCP Administrators
group to the minimum number of users necessary to
administer the service
If there are users who need read-only access to the
DHCP console, then add them to the DHCP Users
group instead of the DHCP Administrators group
DHCP Users group
Have read-only DHCP console access to the
server
DHCP Administrators
group
Can view and modify any data about the DHCP
server
Guidelines for Securing the DHCP Database
To further secure the DHCP database:
Consider changing the default permissions of the
DHCP folder
Provide only the minimum permissions required to
users to enable them to perform their task
Provide Read permissions to users responsible for
analyzing DHCP server log files
Remove Authenticated Users and Power Users to
minimize access to the files in the DHCP folder
Lab A: Managing and Monitoring DHCP
In this lab, you will manage and monitor
DHCP