Module 3: Managing and Monitoring Dynamic Host Configuration Protocol (DHCP)
-
Upload
eleanor-douglas -
Category
Documents
-
view
239 -
download
0
Transcript of Module 3: Managing and Monitoring Dynamic Host Configuration Protocol (DHCP)
Lesson: Managing a DHCP Database
Overview of Managing DHCP
What Is a DHCP Database?
How a DHCP Database Is Backed Up and Restored
How To Back Up and Restore a DHCP Database
How a DHCP Database Is Reconciled
How To Reconcile a DHCP Database
Overview of Managing DHCP
The DHCP service needs to be managed to reflect changes in the network and the DHCP server The DHCP service needs to be managed to reflect changes in the network and the DHCP server
Scenarios for managing DHCP:Scenarios for managing DHCP:
Managing DHCP database growth
Protecting the DHCP database
Ensuring DHCP database consistency
Adding clients
Adding new network service servers
Adding new subnets
Managing DHCP database growth
Protecting the DHCP database
Ensuring DHCP database consistency
Adding clients
Adding new network service servers
Adding new subnets
What Is a DHCP Database?
The DHCP database is a dynamic database that is updated when DHCP clients are assigned or as they release their TCP/IP address leases
The DHCP database is a dynamic database that is updated when DHCP clients are assigned or as they release their TCP/IP address leases
The DHCP database contains DHCP configuration data, such as information about scopes, reservations, options, and leases
Windows Server 2003 stores the DHCP database in the directory %Systemroot%\System32\Dhcp The DHCP database files include:
DHCP.mdb Tmp.edb J50.log and J50*.log
DHCP.mdb Tmp.edb J50.log and J50*.log
Res*.log J50.chk
Res*.log J50.chk
DHCP ServerDHCP Server
DHCP
DHCP
Offline StorageOffline Storage
How a DHCP Database Is Backed Up and Restored
Back up
The DHCP service automatically backs up the DHCP database to the backup directory on the local driveThe DHCP service automatically backs up the DHCP database to the backup directory on the local drive
Restore
Back up
Restore
If the original database is unable to load, the DHCP service automatically restores from the backup directory on the local driveIf the original database is unable to load, the DHCP service automatically restores from the backup directory on the local driveThe administrator moves a copy of the backed up DHCP database to an offline storage locationThe administrator moves a copy of the backed up DHCP database to an offline storage locationIn the event that the server hardware fails, the administrator can restore only from the offline storage locationIn the event that the server hardware fails, the administrator can restore only from the offline storage location
How to Back Up and Restore a DHCP Database
Your instructor will demonstrate how to:Your instructor will demonstrate how to:
Apply guidelines when backing up and restoring a DHCP database
Configure a DHCP database backup path
Manually back up a DHCP database to the backup directory on a local drive
Manually restore a DHCP database from the backup directory on a local drive
Apply guidelines when backing up and restoring a DHCP database
Configure a DHCP database backup path
Manually back up a DHCP database to the backup directory on a local drive
Manually restore a DHCP database from the backup directory on a local drive
How a DHCP Database Is Reconciled
Example
Summary information Detailed information Reconciled DHCP database
Client has IP address 192.168.1.34
IP address 192.168.1.34 is available Create an active lease entry
DHCP ServerDHCP Server
DHCPDatabase
Registry Summary IP address lease information
Summary IP address lease information
Detailed IP address lease information
Detailed IP address lease information Compares
information to find inconsistencies
Compares information to find
inconsistencies
Reconciles inconsistencies in
the DHCP database
Reconciles inconsistencies in
the DHCP database
How to Reconcile a DHCP Database
Your instructor will demonstrate how to:Your instructor will demonstrate how to:
Prepare to reconcile a DHCP database
Reconcile all scopes in a DHCP database
Reconcile a scope in a DHCP database
Prepare to reconcile a DHCP database
Reconcile all scopes in a DHCP database
Reconcile a scope in a DHCP database
Lesson: Monitoring DHCP
Overview of Monitoring DHCP
Multimedia: Creating a Performance Baseline (Optional)
What Are DHCP Statistics?
How to View DHCP Statistics
What Is a DHCP Audit Log File?
How DHCP Audit Logging Works
How to Monitor DHCP Server Performance by Using the DHCP Audit Log
Guidelines for Monitoring DHCP Server Performance
Common Performance Counters for Monitoring DHCP Server Performance
Guidelines for Creating Alerts for a DHCP Server
Overview of Monitoring DHCP
Why monitor DHCP?Why monitor DHCP?
The DHCP environment is dynamic
Increased DHCP server performance
Provides the ability to plan for current and future needs
The DHCP environment is dynamic
Increased DHCP server performance
Provides the ability to plan for current and future needs
DHCP data includes:DHCP data includes:
DHCP statistics
DHCP events
DHCP performance data
DHCP statistics
DHCP events
DHCP performance data
Multimedia: (Optional) Creating a Performance Baseline
The objective of this presentation is to provide high-level steps for creating a performance baseline
After this presentation, you will be able to:
Explain the purpose of a performance baseline
Explain that a performance baseline is the level of system performance that you find acceptable
Explain that server performance is critical to efficient network operations
What Are DHCP Statistics?
DHCP statistics represent statistics collected at either the server level or scope level since the DHCP service was last started DHCP statistics represent statistics collected at either the server level or scope level since the DHCP service was last started
DHCP ServerDHCP Server
How to View DHCP Statistics
Your instructor will demonstrate how to:Your instructor will demonstrate how to:
Enable DHCP statistics to automatically refresh
View DHCP server statistics
View DHCP scope statistics
Enable DHCP statistics to automatically refresh
View DHCP server statistics
View DHCP scope statistics
What Is a DHCP Audit Log File?
A DHCP audit log is a log of service-related events, such as when: the service starts and stops; authorizations have been verified; or IP addresses are leased, renewed, released, or denied
A DHCP audit log is a log of service-related events, such as when: the service starts and stops; authorizations have been verified; or IP addresses are leased, renewed, released, or denied
How DHCP Audit Logging Works
3. DHCP closes daily audit log
2. DHCP performs disk checks
1. DHCP opens daily audit log
DHCP server writes a header message in the
audit log, indicating that logging has started
DHCP server writes a header message in the
audit log, indicating that logging has started
Disk checks ensure that both the ongoing availability of server disk space and the current audit log file do not become too large or grow
too rapidly
Disk checks ensure that both the ongoing availability of server disk space and the current audit log file do not become too large or grow
too rapidly
DHCP server closes the existing log and moves to
the log file for the next day of the week
DHCP server closes the existing log and moves to
the log file for the next day of the week
DHCPSrvLog-Mon.LogDHCPSrvLog-Mon.LogDHCPSrvLog-Tue.LogDHCPSrvLog-Tue.Log
Audit logging is the daily collection of DHCP server events into log files. Audit logging is the daily collection of DHCP server events into log files.
12:00 am12:00 am
How to Monitor DHCP Server Performance by Using the DHCP Audit Log
Your instructor will demonstrate how to:Your instructor will demonstrate how to:
Enable and configure DHCP audit logging
View the DHCP audit log
Enable and configure DHCP audit logging
View the DHCP audit log
Guidelines for Monitoring DHCP Server Performance
Create a baseline of performance data on the DHCP serverCreate a baseline of performance data on the DHCP server
Check the standard counters for server performance, such as processor utilization, paging, disk performance, and network utilization
Check the standard counters for server performance, such as processor utilization, paging, disk performance, and network utilization
Review DHCP server counters to look for significant drops or increases that indicate a change in DHCP traffic
Review DHCP server counters to look for significant drops or increases that indicate a change in DHCP traffic
Common Performance Counters for Monitoring DHCP Server Performance
Performance counters
What to look for after a baseline is established
Packets received/second
Monitor for sudden increases or decreases which could reflect problems on the network
Requests/second Monitor for sudden increases or decreases which could reflect problems on the network
Active queue length
Monitor for increases both sudden and gradual which could reflect increased load or decreased server capacity
Duplicates dropped/second
Monitor for any activity which could indicate that more than one request is being transmitted on behalf of clients
Guidelines for Creating Alerts for a DHCP Server
Define the acceptable level that a DHCP counter can rise above or fall below, before creating an alert Define the acceptable level that a DHCP counter can rise above or fall below, before creating an alert
Use scripts with your alertsUse scripts with your alerts
Lesson: Applying Security Guidelines for DHCP
Guidelines for Restricting an Unauthorized User from Obtaining a Lease
Guidelines for Restricting an Unauthorized, non-Microsoft DHCP Server from Leasing IP Addresses
Guidelines for Restricting Who Can Administer the DHCP Service
Guidelines for Securing the DHCP Database
Guidelines for Restricting an Unauthorized User from Obtaining a Lease
To restrict an unauthorized user from obtaining a lease:To restrict an unauthorized user from obtaining a lease:
Ensure that unauthorized persons do not have physical or wireless access to your networkEnsure that unauthorized persons do not have physical or wireless access to your network
Enable audit logging for every DHCP server on your networkEnable audit logging for every DHCP server on your network
Regularly check and monitor audit log filesRegularly check and monitor audit log files
Use 802.1X-enabled LAN switches or wireless access points to access the networkUse 802.1X-enabled LAN switches or wireless access points to access the network
Guidelines for Restricting Unauthorized, Non-Microsoft DHCP Servers from Leasing IP Addresses
To restrict an unauthorized, non-Microsoft DHCP server from leasing IP addresses:To restrict an unauthorized, non-Microsoft DHCP server from leasing IP addresses:
Ensure that unauthorized persons do not have physical or wireless access to your networkEnsure that unauthorized persons do not have physical or wireless access to your network
Microsoft DHCP ServerOnly DHCP servers running Windows 2000 or Windows Server
2003 can be authorized in Active Directory
Unauthorized, non-Microsoft DHCP ServerNon-Microsoft DHCP server software does not include the
authorization feature that is included in Windows 2000 and
Windows Server 2003
Guidelines for Restricting Who Can Administer the DHCP Service
To restrict who can administer the DHCP service:To restrict who can administer the DHCP service:
Restrict the membership of the DHCP Administrators group to the minimum number of users necessary to administer the service
Restrict the membership of the DHCP Administrators group to the minimum number of users necessary to administer the service
If there are users who need read-only access to the DHCP console, then add them to the DHCP Users group instead of the DHCP Administrators group
If there are users who need read-only access to the DHCP console, then add them to the DHCP Users group instead of the DHCP Administrators group
DHCP Users groupHave read-only DHCP console access to the server
DHCP Administrators group
Can view and modify any data about the DHCP server
Guidelines for Securing the DHCP Database
To further secure the DHCP database:To further secure the DHCP database:
Consider changing the default permissions of the DHCP folderConsider changing the default permissions of the DHCP folder
Provide only the minimum permissions required to users to enable them to perform their taskProvide only the minimum permissions required to users to enable them to perform their task
Provide Read permissions to users responsible for analyzing DHCP server log filesProvide Read permissions to users responsible for analyzing DHCP server log files
Remove Authenticated Users and Power Users to minimize access to the files in the DHCP folderRemove Authenticated Users and Power Users to minimize access to the files in the DHCP folder