Microsoft Azure AZ-800 — Section 15: Manage IP addressing in on-premises and hybrid scenarios Part 2
116. Create and manage IP reservations
I want to talk now about the concept of the HDP reservations, so reservations are utilized when you want to reserve a certain IP address for a certain device. Most popularly, this used with prayers. And if you talk to people in the industry about this and you know, over 20 some odd years, I’ve been doing this. Different people have different thoughts on this one being that when my printer comes online, it can request an address from DCP and you want your printer to get the same address because, you know, obviously clients are going to connect to the printer. You don’t want the address to change so that clients are point to the wrong IP address. But a lot of people out there also tell you that you can do a static IP address on the printer, and that’s another option.
So you could actually use the HP, or you could use a static IP address and then just manually type it in on the printer. Of course, you know you’d have to go around and put the address in manually on every one of your printers is the only thing at that point. The printer address would never change, which is not really that big of a deal as long as a printer is moving to different subnets, which usually printers don’t. The other way, of course, is to use reservations, and DHP generally is the way Microsoft recommends that you do it.
So let’s take a look at look at how that would work.
So, we’re just we’re here on our server. We’re going to click server manager. We’re going to go tools. We’re going to open up the HP. All right. From there, we will expand our server and IPv4 here. And then we’ve got we’ve got the super scope here for building one that I’d created. And then here scope, we’ll say scope is the maybe the subnet that the device is on. It doesn’t really have to be printers. It’s just printers are the most common things that use reservations. You could do it with servers if you wanted to, although most people like to do static addresses with servers.
So to do a reservation, I just click here. All right, click. I’m going to say new reservation and give it a name. I’ll call it, you know, HP office jet. You know, OfficeJet. One in building, one third floor, OK? Sales department or something, you know, give it a name. I like to be very district descriptive and then give it the address, so maybe I’m going to give it 10, 100, zero, not 60. Maybe, that’s the address. And then the key to this, the glue that ties all all this together is you need to know the Mac address of the printer, the hardware address.
So most printers will have a little sticker on the back that shows what the Mac address is. Or you can go into the little LCD screen of the printer and figure it out. But either way, whether you have a printer or whatever you’re using this reservation with, you need to know what the Mac addresses. The Mac address is going to be a 12 digit code basically like if you’re looking at your Mac address, this what my Mac address is all my Ethernet adapter on my computer right now, so, it’ll be 12 digits with letters and numbers, you need to know what that is.
Now, when you put the Mac address in, you don’t have to put the dashes.
So, I’m just going to put 12 zeros.
OK. And then from there you specify the supported types. Both the HP.
So HP is obviously what we’re dealing with now. Boot P, though, is for legacy.
So older printers out there require the older what are called it what is known as the UDP standards. This an older technology.
Nowadays, it’s it’s most everything uses DHCP, but most people will just leave the set to both because it really doesn’t matter.
So, we’ll click, add, click close. And we now officially created a reservation.
Now the key the other thing I want to point out what reservations you want to make sure that if you created exclusions when you created your scope, don’t ever want to exclude a reservation.
So, if I if I go here on address pool, you can see that I’ve excluded twenty three thirty, so you don’t want to put a reservation in that range. If you do, then the exclusion will overrule a reservation. Exclusions will always overrule reservation, so don’t ever make sure you don’t ever do that because that would definitely cause a problem. All right, the reservation now is here, and if a device boots up with that hardware address a Mac address, then it will get this address. And of course, that’s how you’re going to configure exclusions as you can.
Sorry, reservations as you can see, creating reservations with the HP is pretty straightforward.
117. Implement DHCP high availability
I now like to show you how we can configure failover for our DHB servers in Microsoft.
So DCP Dynamic Host Figuration Protocol in Windows servers do support a failover feature that allows multiple DHB servers to work together to make sure that if one dies, the other server is or is available.
Now there’s an older fellows over solutions that’s been out for decades now, and it was a concept called the 80-20 rule with the 75 25 rule. And it was basically a logic where you would have to DHB servers. You would give 20 percent of your addresses to one and 80 percent to the other. And they’ll be basically the way that it would work is if a DHB server got a voice, your clients got addresses from the one. Let’s say that was 80 percent. That DHB server could go down and your clients could continue to remove from the DHB server that had 20 percent of the addresses left, and the 20 percent was just in case you had any new clients. And, you know, it kind of sort of worked if we get the job done. But the DHB servers didn’t actually talk to each other, so there was no like heartbeats or anything like that. And so, you know, it was a little more difficult to make sure that we had good failover support in the old, older style.
Now Microsoft actually does have a fail over service that works in conjunction with the ACP. And so that’s what we’re going to take a look at right now.
OK, now I’ve already got up. I’ve already got my NYC server, one machine set up with the ECP. I’m now going to go ahead and install the HBP on NYC DC one as well.
So here we are. We’re going to open up server manager and we’re going to go ahead and give a static address over to this machine.
OK. Because we do have to have a static address. And I’m just going to give it based on the network that I’m currently on.
OK, and then we’ll go ahead and click, OK. Click close out of that. And that’s going to go ahead and give us that static address that we need. All right, there, I’m going to go to over here server manager, manager roles and features. We’re going to go ahead, install the DCP service on this machine. The NYC DC one.
So add features next, next, next and shouldn’t have to restart. But I always like to choose that and I’m going to click install and repulsive video while that’s installing.
OK, that’s done. We’re going to get close. We’re going to go in and authorize the server. Servers now authorized and will click tools. We’re going to go to HP and we’re open up the HP for the first time, as you can see, were authorized, but we have no scopes or anything on NYC DC one.
So, we’re going to do now. We’re going to jump over to our NYC server one and we’re going to start the film over. Hey, we are all in one server, one, we’re going to go to ols and we’re going to open up the HP.
So right there you can see that I’ve got my scopes that I created earlier.
OK, super scope and all that fun stuff. And now what I’m going to do is it’s going to expand this out super scope for building one. I’m going to right click and say, configure, fail over. It’s going to bring me into the fell over wizard. And then from there, I’m going to get to select which scopes of the super scope that I would like to support.
OK, now I’m going to click next and right here to the primary server. You can click Add Server. I’m going to actually type the address in just to make sure 100 percent because I’ve changed my addresses so many times, only servers. I want to make sure that I’ve got the correct address here. But yeah, normally in the real world, you just click Add Server and you’re good to go. All right.
So, I’m just put my address in and 192, 168, one point one eighty six, we’re going to click next. And then that’s going to bring us to the screen right here. It’s it’s got what’s called the relationship name. This just a name and gives it you can change that name if you want.
OK. Anything you want here. But I’m just going to name it based on what they the name is that they want to give it.
OK, so, we’ll just paste that back in. All right. And then the maximum point lead time, this the amount of time that a partner server is going to need to know if a server has gone down before. The server has said, OK, that other server is down, it’s going to give it an hour by default.
So before a secondary server decides, OK, I’m going to, I might do something about this. I’m going to give it an hour. That’s the emcee LTE. All right. Then you have a couple of options. You can do what are called load balancing load balance mode or hot standby load balance mode means that by default is just going to split the scopes in half.
So this server is going to get 50 percent of the addresses and the partner server is going to get 50 percent of the addresses. And then from there they’ll they can issue addresses. Based on that, they can they can both issue addresses if we want. And you know, it’s it’s, you know, first come first, serve whoever, you know, whoever the client receives an offer from. First, the client is going to select OK. The other option is to go a hot standby port. Standby would make it where that your partner server is really there is a standby, meaning he’s he’s passive, but he’s not really going to do a whole lot unless the main server was to go down to the primary server was to go down.
OK, so your role, your partner will be the standby in this case, so that would be the other server. Currently, I’m in NYC server once that’d be NYC DC one. And then he addresses reserved for the standby server would be five percent. That’s just so so the standby server can renew addresses for clients. But then you’re giving five percent of the addresses just in case a situation arises where perhaps there are new clients while the server is down. Keep in mind of the servers down, the admin cando something about it.
OK, now you’re also going to notice that there’s another option on states called state switch over.
Now, here’s the crazy thing even though the maximum point lead time set to an hour whenever a situation arises where the primary server fails or a partner server fails, all that’s going to happen is it’s going to fail. And if you go into DHCP, you’ll see a message that lets you know that it’s failed and then the admin would mean it would have to manually basically say, OK, I want to fail over 100 percent to the server.
So one thing that’s a little screwy about that is it does not do auto failover. You have to select this option here. State switch over interval that is going to do automatic switch over.
So, if the server fails, then it’s going to automatically switch over and you’ll have the view. At that point, you’ll have 100 percent that other server is controlling everything. 100 percent, OK? And of course, this going to be you. I’m going to go to hot standby for this focus on hot standby. And then the next thing is enable message authentication. Message authentication just means that essentially there’s going to be messages passed back and forth between the servers, and they will authenticate with each other to make sure that there’s not like a man in the middle attack or a hacker is trying to pretend like a DHB server to trigger a failover. It’s going to require that the servers authenticate when they talk to each other. The other thing you can do is you can set up what’s called a shared secret. This going to encrypt everything so that they can when when they authenticate with each other, they have to authenticate with an encrypted, shared secret. All right. And so from there, if I want, I can plug in a code or password if I want and, you know, go from there. All right.
So, I’ll say, I’m just going to put in a password, OK, and then we’ll click next and we’ll click finish. And there you go.
So configure failover successful. We’re going to hit close. And as you can see, we’ve got our failover. And here on just this, this one super scope, and if we go here, we haven’t created it on the second super scope yet.
OK, so let’s jump back over now to NYC D.C. one.
OK, so over here on NYC, D.C, what I’m going to close out and just reopen just to make sure everything’s good refreshed. Although you can refresh from the menu, I like to do it that way.
So then we’ll expand the server out and there we go. Take a look. We now officially have this super scope building one. And you can see that it’s been set up. It’s it’s synchronizing.
So ultimately, though, you can tell that it is working and we’ve got a proper synchronization between the between the two servers.
Now, a couple of other quick things about your failover with the HP. First off, if you ever want to, if you ever make a change to an individual scope and you want to just replicate the changes immediately for that scope, you can right click a scope and you can say replicate scope if you want to replicate all scopes, like if you make a change to a bunch of things you want to replicate at all, you can click on Replicate Relationship. And then lastly, if you want to configure the failover, you can also choose the decon figure that’ll break the fill of a relationship between the servers. The only other thing that I want to mention is about the firewall. If you’re using the Windows Defender firewall, then the HP will add rules itself and you’ll see that by going into settings and then go to update and security, go to Windows Security and then click on Firewall and Network and then go to advanced settings.
So here’s advanced settings right here, and then you just need to make sure that you have on your servers. You have this inbound rule. Scroll down, you’ll see the inbound role. Right here, this inbound rule here, and you can see the port number now, if you’re using your own firewall software on your server, then you would have to manually create the rule.
So just want to throw that out there, you want to make sure that your firewall is not blocking that replication of the foroe of the replication was going through a router. Also, to make sure a router firewall, you want to make sure your firewall is not blocking that. Other than that, that is how you configure the HP failover.