Branch Office Infrastructure SolutionsDHCP Services Guide

Version 3.0

Published: February 2008

Revised: September 2008

For the latest information, please see microsoft.com/BranchOffice

Copyright © 2008 Microsoft Corporation. All rights reserved. Complying with the applicable copyright laws is your responsibility. By using or providing feedback on this documentation, you agree to the license agreement below.

If you are using this documentation solely for non-commercial purposes internally within YOUR company or organization, then this documentation is licensed to you under the Creative Commons Attribution-NonCommercial License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

This documentation is provided to you for informational purposes only, and is provided to you entirely "AS IS". Your use of the documentation cannot be understood as substituting for customized service and information that might be developed by Microsoft Corporation for a particular user based upon that user’s particular environment. To the extent permitted by law, MICROSOFT MAKES NO WARRANTY OF ANY KIND, DISCLAIMS ALL EXPRESS, IMPLIED AND STATUTORY WARRANTIES, AND ASSUMES NO LIABILITY TO YOU FOR ANY DAMAGES OF ANY TYPE IN CONNECTION WITH THESE MATERIALS OR ANY INTELLECTUAL PROPERTY IN THEM.

Microsoft may have patents, patent applications, trademarks, or other intellectual property rights covering subject matter within this documentation. Except as provided in a separate agreement from Microsoft, your use of this document does not give you any license to these patents, trademarks or other intellectual property.

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious.

Microsoft, Internet Security and Acceleration Server, Windows Server 2000, Windows Server 2003, Windows Server 2008, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

You have no obligation to give Microsoft any suggestions, comments or other feedback ("Feedback") relating to the documentation. However, if you do provide any Feedback to Microsoft then you provide to Microsoft, without charge, the right to use, share and commercialize your Feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft software or service that includes the Feedback. You will not give Feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties because we include your Feedback in them.

Solution Accelerators microsoft.com/technet/SolutionAccelerators

ContentsDHCP Services..............................................................................................2

Goals and Objectives..............................................................................2

Audience.................................................................................................2

Network Addressing Services........................................................................2

Dynamic Host Configuration Protocol.....................................................2

DHCP Server Placement...................................................................2

Service Co-Location Notes...............................................................2

Summary......................................................................................................2

Additional Resources.....................................................................................2

Feedback................................................................................................2

Solution Accelerators microsoft.com/technet/SolutionAccelerators

Solution Accelerators microsoft.com/technet/SolutionAccelerators

DHCP Services For many years, designing IT infrastructures that are capable of supporting branch sites has been a challenging task. The complexities introduced by the limitations in available network bandwidth, performance issues, and geographic separation, have a significant impact on an organization’s ability to implement an appropriate single IT solution for all of its sites. As wide area network (WAN) bandwidth and performance grows, client and server technologies are also introduced (or enhanced) so that they provide better support for branch operations. However, although the situation will improve, there will always be a fundamental difference between the design for a geographically distributed IT infrastructure and the design for a single site. The addition of branch sites introduces a number of significant constraints that modify the options that are available to solution designers.

This guide, as part of the Branch Office Infrastructure Solution (BOIS) series, updates the design that was described in the Network Addressing and Name Resolution section of Chapter 3 of the “Branch Office Infrastructure Solution for Microsoft Windows Server 2003 Release 2” guide and specifically deals with the changes that are introduced by the Microsoft Windows® Server® 2008 operating system. Although many of the fundamental design principles in this guide remain the same, there are some important implementation details that have changed, especially with the introduction of Windows Server 2008 Server Core installation options and improved virtualization technologies like Hyper-V. This guide provides the necessary updates needed to ensure that your branch infrastructure takes advantage of the latest Dynamic Host Configuration Protocol (DHCP) design approaches.

Goals and Objectives This guide introduces the design considerations that involve delivering DHCP services to service-based branch environments using new technologies, including Microsoft Windows® Server® 2008. The branch environment is typically part of a larger network that supports an organization's main sites and data centers. However, the addition of branch sites introduces a number of significant constraints that modify the options that are available to solution designers. This guide describes how to look at the specific requirements of branch DHCP services in the larger context of an organization's IT services.

AudienceThe primary audience for this guide is the experienced Infrastructure Architect or IT professional who is responsible for designing DHCP services for a branch site infrastructure. DHCP is a fundamental network client service and, as such, it can impact other services within the branch infrastructure. Therefore IT professionals responsible for other services within the IT infrastructure will also benefit from this guidance.

Network Addressing ServicesSeveral networking services are necessary to support the TCP/IP network environment. Some of those services deliver IP addresses to clients upon request and provide clients with a user-friendly name to resolve the IP addresses of different hosts and domains. These services include the Dynamic Host Configuration Protocol (DHCP), Domain Name Service (DNS), and Windows Internet Naming Service (WINS). This paper offers guidance on DHCP services for branch infrastructures. For more information about DNS

Solution Accelerators microsoft.com/technet/SolutionAccelerators

and WINS at branch locations, see the BOIS Name Resolution Services Guide, located at http://www.microsoft.com/branchoffice.

Dynamic Host Configuration Protocol DHCP in Windows Server 2008 enables the centralized automatic management of IP addresses and other TCP/IP settings for network clients. This section covers the functionality and design considerations that are specific to branch sites but does not provide complete functional and design information. For more information about DHCP and DHCP server roles in Windows Server 2008 see the “Dynamic Host Configuration Protocol” page at http://go.microsoft.com/fwlink/?LinkID=108876.

DHCP is a lightweight and highly scalable protocol. Figure 1 shows the design reference for DHCP in a network environment that supports branch sites.

Figure 1. DHCP design reference

The approach used for the DHCP design in the BOIS model is to centralize DHCP in the hub site. The following section shows the design considerations that should help you to determine whether this design meets the needs of your organization.

Solution Accelerators microsoft.com/technet/SolutionAccelerators

BOIS DHCP Services Guide 3

DHCP Server PlacementYou should first consider whether a DHCP server is required at the branch site. You should take the following design considerations into account: Administrative overhead. Each additional DHCP server generates a higher

administrative workload. Configuring, monitoring, and updating the server adds costs to the management of the infrastructure. Some of the management overhead may be reduced by deploying Windows Server 2008 Server Core installations for DHCP services. However, the hardware costs associated with devoting a single server to DHCP services at branch locations may be too high, unless server virtualization is used.

Network topology. You must consider the existing network infrastructure to ensure that the routers and firewalls in place can enable the intended design to function as planned and whether the routers and firewalls support IPv6, if that is in use. For example, a centralized DHCP topology typically requires the deployment of DHCP/bootstrap protocol (BOOTP) relay agents or the configuration of a helper address to forward the required network packets on Cisco routers.

Network availability. If the wide area network (WAN) link is likely to be down for periods of time that approach the DHCP lease period, the design may need to include a local DHCP service. If a centralized model is required, the lease time of the DHCP service should be extended to cover periods when the WAN link may be down.

Service availability. If a branch site-based service is planned, it may be impossible to provide a backup service at the local site. For more information, see “How to Configure Dynamic Host Configuration Protocol Servers with Split Scopes”, at http://go.microsoft.com/fwlink/?LinkId=47137.

WAN link speeds. The available bandwidths and the latency of the network WAN links are a significant consideration for the DHCP server. High latency links may not be able to support the passing of DHCP requests from the branch site clients to a centralized server. For example, an exchange between the DHCP client and the DHCP server typically consists of four packets, each containing a maximum of 4 kilobytes (KBs). So the maximum data requirement is 4 x 4 = 16 KBs per request. For more information about the DHCP exchange, see “Network Configuration Technologies” at http://go.microsoft.com/fwlink/?linkid=4614.

Hardware costs. If the branch sites require a local DHCP service, it is likely that this service can co-locate on a general purpose branch site server; DHCP is a relatively low impact service. For more information about service co-location, see the Service Co-location Notes section later in this guide. If service co-location is not possible due to incompatibility or performance issues, the service must be configured on new hardware. This hardware could be in the form of a simple network device, such as a site router that supports DHCP services, or it could be a new server. It is important to consider the ongoing management cost of this hardware as well as the hardware costs alone.

Scalability. You should consider adding a level of growth into the user base at each site to ensure that the service does not fail as natural company growth occurs over the lifetime of the design.

Internet Protocol Version. You should consider whether IPv6 or IPv4 protocols can be used in the environment and the impact this may have on the design requirements. Using IPv6 at one or more locations may require configuration changes to firewalls or the use of tunneling protocols, such as Toredo, which encapsulate IPv6 packets for traversal through incompatible gateways or firewalls.

For the BOIS design model, the DHCP services are not critical for everyday operations because the lease times are set to exceed most potential outages. New clients or roaming clients could experience problems if brought online while DHCP is not in service,

Solution Accelerators microsoft.com/technet/SolutionAccelerators

4 BOIS DHCP Services Guide

but some organizations may consider his to be an acceptable risk and would avoid deploying and managing DHCP in each branch site.

Figure 2 shows the centralized approach that is used in the BOIS design model.

Figure 2. BOIS DHCP design model

Service Co-Location NotesLike DNS and WINS, DHCP can generally coexist with other services on a shared instance of the operating system, which makes it suitable for co-location on a single instance of the operating system. As with any other service, you should use the least privileges possible. The DHCP administrator must be a member of the Administrators group on the local computer.

The following list shows the options for co-locating DHCP with other services (if it cannot be centralized): Co-locate DHCP with Active Directory and DNS. This is useful for organizations in

which DHCP is operated by the same group that operates Active Directory® domain service and DNS. If you decide to run the DHCP service with Active Directory and DNS, see "Installing Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) on a Domain Controller," at http://go.microsoft.com/fwlink/?LinkId=47139

Note   This article is based on Microsoft Windows™ 2000 Server, but the information is also valid for Microsoft Windows Server™ 2003 and Windows Server 2008.

Co-locate DHCP with file and print services. This can be a good choice for organizations that want to separate DHCP from Active Directory and DNS. This is feasible only if the service administration can be coordinated (when separation of administration is not required).

Co-locate DHCP on a networking server. This can be a good solution for branch sites with a Windows-based networking server. DHCP can be co-located with Microsoft Internet Security and Acceleration (ISA) Server or run on a virtual machine on the networking server (although additional software licensing and management costs related to the virtual machine are sometimes difficult to justify).

Solution Accelerators microsoft.com/technet/SolutionAccelerators

BOIS DHCP Services Guide 5

SummaryDHCP services are a part of the core network services in Windows Server 2008 and can be used to centrally manage IP addressing and other related configuration parameters in enterprise network environments. By deploying DHCP services correctly you can reduce administrative overhead by automatically configuring TCP/IP services on a number of clients and devices.

Additional ResourcesThe following resources can be used to learn more about DHPC services in Windows Server 2008:

For more information about DHCP Server roles in Windows Server 2008, see “Dynamic Host Configuration Protocol” at http://go.microsoft.com/fwlink/?LinkID=108876.

For more information about using Network Access Protection with DHCP, see the “Step-by-Step: Demonstrate NAP DHCP Enforcement in a Test Lab” guide at http://www.microsoft.com/downloads/details.aspx?FamilyID=AC38E5BB-18CE-40CB-8E59-188F7A198897&displaylang=en

For information about the new networking features of Windows Server 2008, see “New Networking Features in Windows Server 2008 and Windows Vista” at http://technet.microsoft.com/en-us/library/bb726965.aspx

For more information about server core installations, see the Server Core Installation Option for Windows Server 2008 Step-by-Step Guide at http://technet2.microsoft.com/windowsserver2008/en/library/edc9ae73-8df6-4bb5-a863-45fdcb5496cb1033.mspx?mfr=true

For more information about server virtualization in Windows Server 2008, see The Windows Server 2008 Hyper-V TechCenter at http://go.microsoft.com/fwlink/?LinkId=101268

FeedbackPlease direct questions and comments about this guide to satfdbk@microsoft.com.

Solution Accelerators microsoft.com/technet/SolutionAccelerators