There are several limitations for IPAM under Windows Server 2012 R2. From a system configuration and deployment...
perspective, IP address management (IPAM) only handles a single Active Directory forest, and a single server can support up to 150 DHCP servers and 500 DNS servers. Although this should allow ample DHCP scopes and DNS zones for most enterprise situations, it's important for IPAM adopters to understand potential limits.
But perhaps the broader limitation of IPAM is its dependence on Microsoft products. For example, IPAM only handles domain controllers, DHCP servers and DNS servers using Windows Server 2008 or later. IPAM does not configure or manage other non-Microsoft network devices (such as appliances) -- though the IP address data from other network devices can be imported through PowerShell. IPAM also does not support non-Microsoft databases, so IPAM depends on a Windows database.
In terms of forensic data, IPAM is reported to support up to three years of tracking data for 100,000 users. This includes activity information such as IP address leases and renewals, MAC addresses, user logon details and so on. It's important for IPAM adopters to consider the composition of this forensic data and ensure that retention is adequate and protected. If logging does not capture the details or provide the retention necessary to address the company's regulatory compliance or auditing needs, it may be necessary to reconsider the adoption of IPAM.
IPAM tools, such as the features included with Windows Server 2012 R2, allow automatic device discovery, monitoring, management and reporting. But like most management-type tools, it's important for organizations to approach this new or enhanced functionality with a careful proof-of-principle project. Lab testing and evaluation can allow IT professionals to develop comfort and confidence with IPAM techniques, and better inform business decision makers about the business value of IPAM technology before it is rolled out to a production environment.
Dig Deeper on Enterprise infrastructure management
Related Q&A from Stephen J. Bigelow
Microsoft Hyper-V on Windows comes with advanced protection schemes, including several virtualization-based security features the company introduced ... Continue Reading
The BitLocker encryption technology continues to evolve from its roots as a Windows Vista feature to protect resources both in the local data center ... Continue Reading
Some enterprises avoid the public cloud due to its multi-tenant nature and data security concerns. Learn what data separation is and how it can keep ... Continue Reading