Keeping track of 50,000 PCs, tablets, phones, and other devices isn’t easy. That’s how many devices the Stockholm (Sweden) County Council managed, mostly to support an extensive healthcare delivery system. IP address and network management had
to result in a system that was secure, highly available, easily managed, and flexible enough to support new devices and solutions. After having concerns about its third-party IP address technology, the Council migrated to a Microsoft-based solution and adopted
the IP Address Management (IPAM) solution in Windows Server 2012 even before its formal release in September 2012. The Council says it will use IPAM in Windows Server 2012 to gain the security and near-total availability that it needs, reduce the time spent
managing the address space, and adopt new devices and solutions as it’s ready to do so.
Every day in Stockholm, Sweden, nearly 21,000 people visit a doctor; about 3,500 people are admitted to the city’s seven hospitals; and about 80 children are born. They are the concern of hospital administrators, doctors, nurses, physician’s assistants,
The IT managers at Stockholms Läns Landsting, the Stockholm County Council—may not know the names of any of these people on any given day, but they are concerned for them too, because the medical care they receive is dependent, in part, on the directory
||We know that people are depending on us to keep the network up all the time. With IPAM in Windows Server 2012, we can get a lot closer to that goal.
|Directory Services Server Manager, Stockholm County Council
That infrastructure includes about 1,000 server computers and 50,000 client devices, mostly desktop PCs. And it’s growing. Those computers require management and maintenance of various sorts—from hardware replacements to software updates. Key among those needs
is management and maintenance of the Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) servers. DNS servers are often compared to phone books; they provide the IP addresses that are the equivalent of the telephone numbers by which people
locate and contact each other. DHCP clients use DNS server information, an IP address, and other data to configure the PCs or other devices on which they reside so that they can communicate over a network, and—when authorized—over the Internet.
Keeping all that information organized for 50,000 devices can be difficult. Traditionally, many enterprises stored the data manually in spreadsheets, which were time-consuming to maintain and prone to error. Years ago, Stockholm County Council adopted an
IP management solution, running on UNIX, to manage its DNS and DHCP servers. The system generally worked, which the Council liked, but DNS registrations were unsecured and the registered records weren’t always up-to-date due to some infrastructure issues—which
the Council didn’t like.
It was possible, for example, for computers to be misidentified with incorrect or multiple addresses. This would be a problem for any enterprise, but it was a special problem for a network focusing on healthcare delivery. Olle Rundlöf, Directory Services
Server Manager at Stockholm County Council, makes the problem clear with a single example: “Imagine a hospital’s office PCs undergoing a regular, scheduled update,” he says. “Now, imagine a surgeon’s PC in an operating room being misidentified as one of those
office PCs—and updating and rebooting itself during a crucial moment in a surgical operation.”
Addressing the problems of security, high availability, and accuracy were foremost in the minds of Rundlöf and his colleagues, but there were others, too. With the infrastructure expanding and the Council under the same financial pressure as governments
everywhere, they wanted a way to boost the efficiency of address and network management so that they could meet service level agreements (SLAs) more consistently and do more with less.
That “more” was a key part of the challenge. Doctors and others in the Council’s healthcare system want to use not just their traditional PCs, but also tablets and other mobile devices. And they want to use new devices in new ways—such as medical equipment
that needed to be connected to the network, but restricted for use by specific staff members during specific hours of operation. All this added complexity. The Council needed to meet these needs while ensuring a secure, highly available system.
The Council began its search for a better address and network management solution in 2009, when it engaged Microsoft Services Consulting to help it redesign and rebuild its infrastructure and implement a domain consolidation based on Active Directory
||Imagine a surgeon’s PC in an operating room being misidentified as one of those office PCs—and updating and rebooting itself during a crucial moment in a surgical operation.
| Olle Rundlöf
Directory Services Server Manager, Stockholm County Council
“Most of our hospitals and facilities are on their own domains, a mixture of Active Directory, UNIX, and Novell, and this adds unnecessary complications,” says Gunnar Karsbrink, Project Manager at the Swedish County Council. “We were moving some parts of our
technology to Microsoft products, so centering our domain structure on Active Directory would give us consistency and efficiency throughout our resources.”
While engaged in the consolidation, the Council decided to switch its DCHP and DNS roles from third-party solutions to servers running the Windows Server 2008 R2 operating system, in order to address the issues of security and accuracy. To obtain the high
availability that the Council needed, it ran the migrated services in a failover cluster of four nodes.
That arrangement worked, but it lacked the elegance of an innately high-availability solution, one that would not require the additional capital and operating expenses of the cluster solution. This was the part of the solution that the Council still lacked,
until it heard about Windows Server 2012. Rundlöf and his colleagues were so interested in the high-availability DHCP role in Windows Server 2012 that they wanted to adopt the technology even before its formal release in September 2012. To do so, they joined
the Microsoft Rapid Deployment Program, which gave them access to the prerelease software and to Microsoft expertise as early as March 2012.
The high-availability DHCP capability is part of a larger innovation in Windows Server 2012, an IP Address Management (IPAM) framework designed specifically for comprehensive DHCP and DNS server management, including discovering, monitoring, auditing, and
managing the IP address space. With IPAM, domain controllers and DHCP and DNS servers can be discovered automatically, and enabled or disabled as needed; the display and organization of IP addresses is highly customizable; finely detailed tracking and utilization
data is available; service availability monitoring is automated; and a single IPAM console displays DNS zone health and detailed DHCP server and scope management.
The Council began its evaluation of IPAM by building a high-availability DHCP server running Windows Server 2012 and comparing it to the third-party product it was using. The Council concluded that it could configure its Windows Server 2012 DNS servers to
accept only secure updates with authenticated records and its Windows Server 2012 DHCP servers to use a proxy service to update client records without the disruptions it had experienced earlier.
“With IPAM in Windows Server 2012, we are confident we won’t see the incidents we had earlier, and Microsoft gives us an end-to-end solution,” says Carl Sörqvist, Technical Expert at the Swedish County Council.
The initial architecture for the IPAM solution includes a pair of Windows Server 2012 DHCP servers, one in each of the Council’s two data centers, and a Windows Server 2012 IPAM server to provide integrated, one-console management and monitoring of the combined
DHCP and DNS services. The two DHCP servers will replace several servers that the Council needed with its former solution.
Before the general release of Windows Server 2012, the Council put the solution into production with about 100 IP addresses in the IT department and the Council itself. Stockholm City Council plans to roll out the solution to the hospitals and other medical
With its adoption and continued rollout of Windows Server 2012, the Swedish County Council has the highly secure, highly available, effective, and flexible IP address and network management solution that it sought.
Gains Security, High Availability for Better SLA Management
Security and high availability were key requirements for the Council’s address and network management solution. “IPAM will help us to ensure that unauthorized devices don’t inadvertently gain access to information through an IP address error. We will
use the auditing and tracking capability to better identify any potential security issues,” Rundlöf says.
||Centering our domain structure on Active Directory would give us consistency and efficiency throughout our resources.
| Gunnar Karsbrink
Project Manager, Swedish County Council
High availability is crucial to a system that includes life-saving equipment. Sörqvist points to features in Windows Server 2012 IPAM that help to deliver this benefit. For example, the dual DHCP server architecture doesn’t just spread the DHCP function across
two servers; it makes that function fully redundant between them. If one DHCP server should fail, the full IP address space can be maintained and serviced by the other. “With Windows Server 2012, we can eliminate a single point of failure that we used to have
with address management,” says Magnus Larsson, Technical Expert . “That will help our users in hospitals and medical centers to avoid disconnections from the network that could become anything from inconvenient to fatal.”
It also helps the IT department to meet its SLAs with those users so that the high expectations that they have for the network are met consistently. “We know that people are depending on us to keep the network up all the time,” says Larsson. “With IPAM in
Windows Server 2012, we can get a lot closer to that goal,” Rundlöf says.
Expects to Reduce IP Address Management Time
The Council expects to improve system reliability because IT professionals can more effectively manage the system and avert potential problems before they become actual ones. With tight public sector budgets, any factor that reduces the complexity
of address and network management without adding to its cost is welcome. According to Rundlöf, Windows Server 2012 is one of those factors. “It used to be that we’d have to manage DHCP and DNS separately, constantly moving between them,” says Rundlöf. “With
Windows Server 2012, everything we want to monitor and manage in these two systems is in one place. We know where to go to identify problems. And we know where to go for the tools to solve them.”
The Council will also gain other management capabilities it previously lacked. For example, it can use the IPAM auditing capability to track which computer has any specific IP address at any point in time. “We couldn’t track IP addresses like this before
Windows Server 2012,” says Sörqvist. “It was a much harder, manual process. Now, we’ll have the information immediately. That will be a real help in responding to a virus attack or any hostile code, or even an instance of unauthorized access.”
The console, together with streamlined and automated management, plus a more reliable system that simply needs less attention, will all combine to reduce the amount of time that the Council’s IT department spends on IP address and network management.
Gains Flexibility to Offer New Services
It’s not enough for the Council to respond to traditional address and network management challenges—it has to respond to untraditional ones, too. According to Karsbrink, Windows Server 2012 is helping the Council to do that. “Broadening our service
offerings to our customers is vital,” he says. “Maybe it’s including new medical devices in our network or securing them so that they can only be accessed by certain users or certain systems. Many of our users want to use tablets, and use them to connect to
our network, not just to the Internet. Maybe we want to create a physicians’ portal that doctors can access from their tablets and phones. We can use Windows Server 2012 for the policy-based IPAM that can make all of this possible.”
Windows Server 2012
Windows Server drives many of the world’s largest data centers, empowers small businesses around the world, and delivers value to organizations of all sizes in between. Building on this legacy, Windows Server 2012 redefines the category, delivering hundreds
of new features and enhancements that span virtualization, networking, storage, user experience, cloud computing, automation, and more. Simply put, Windows Server 2012 helps you transform your IT operations to reduce costs and deliver a whole new level of
For more information, visit
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers in the United States and Canada who are deaf or hard-of-hearing
can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to
For more information about Stockholm County Council, call (46) (08) 737 25 00 or visit the website at: