One of the more useful, but least talked about features that Microsoft introduced in Windows Server 2012 was IPAM. IPAM is an acronym standing for IP Address Management. The basic idea behind IPAM is that every IPv4 network uses IP addresses. Some of those addresses may be static, while others are probably assigned dynamically. In any case, keeping track of IP address assignments can be a big job.
Traditionally, the tool of choice for managing IP addresses has been an Excel spreadsheet. The problem with using a spreadsheet, however, is that it is labor intensive and prone to human error. Microsoft created IPAM, which it included in Windows Server 2012 and above, as a tool for automating IP address management. Admittedly, Microsoft IPAM isn’t as comprehensive as some of the third-party tools, but it does a better job than Excel.
Today, of course, Windows Server networks tend to be heavily virtualized, and each virtual machine consumes at least one IP address. As such, it can be helpful to tie your IPAM server into System Center Virtual Machine Manager. That way, you will be able to use a single tool to manage both virtual machines and IP addresses.
For the purposes of this article, I will be showing you how to integrate Microsoft IPAM into System Center 2016. The technique that I will be using works with the Windows Server 2012 R2 and Windows Server 2016 versions of IPAM.
Integrating IPAM into System Center VMM
To add your IPAM server to Virtual Machine Manager, open the VMM management console, and then go to the VMM fabric workspace. Next, click on the Add Resources button found on the Home tab’s ribbon. When you do, VMM will display a list of the types of resources that you can add, as shown in the figure below. You will need to choose the Network Service option.
At this point, Windows will launch the Add Network Service Wizard. This wizard can be used to add all sorts of different networking services to the VMM fabric. Some common examples include load balancers, virtual switch extensions, and top-of-rack switches. As is usually the case with Microsoft wizards, you can just click Next to bypass the wizard’s initial screen.
The next screen that you will see asks you to enter a name and a description of the network service that you are adding. These fields exist solely for the purpose of helping you to identify the resource later on, so you don’t necessarily have to enter the IPAM server’s fully qualified domain name or anything like that.
Click Next, and you will be taken to a screen that asks you to specify a manufacturer and model. This screen admittedly feels a bit generic, but remember that the wizard can be used to add a variety of different network resources to the fabric. Set the Manufacturer to Microsoft, and set the model option to Microsoft Windows Server IP Address Management, as shown in the figure below.
Click Next, and you will be taken to the wizard’s Credentials screen. This screen prompts you to select a Run As account. The Run As account is simply an account that VMM will use to interact with the network service, in this case the IPAM server.
There are any number of VMM functions that require a Run As account, so there is a good chance that you already have a Run As account created. You can use an existing Run As account if you wish, but from a security standpoint it is better to use a dedicated Run As account that exists only for the purposes of managing IPAM.
Regardless of whether you choose to use an existing Run As account or create a new one, you are going to need to add the Run As account to the IPAM ASM Administrators group and the Remote Management Users group on the IPAM server.
Click Next, and you will be taken to the wizard’s Connection String page. To populate this screen, simply enter the IPAM server’s fully qualified domain name. Depending on how your IPAM server is configured, you may also have to enter a port number. For example, if IPAM is configured to use SSL encryption then you may need to append :443 to the end of the server’s fully qualified domain name as a way of indicating to the wizard that communications should take place over port 443.
The next screen that you will see is the Certificate screen. The nice thing about this screen is that you typically will not have to do anything. As you can see in the figure below, my connection string does not require a certificate to be used.
Click Next, and you will be taken to the Gather Information screen, shown in the figure below. This screen exists as a way of verifying that VMM can talk to the specified resource, which is in this case an IPAM server. The only thing that you have to do here is to click the Scan Provider, and then wait for VMM to do its thing.
Once the connectivity between VMM and IPAM has been validated, the wizard will display the Host Group screen. This screen requires you to select the host groups for which you wish to provide IPAM integration.
Click Next, and you will be taken to the Summary screen. Take a second to review the information that is shown on this screen, and click Finish. At this point, the VMM integration should be complete.
Easy does it
As you can see, Microsoft makes it relatively easy to connect a Microsoft IPAM server to VMM. It is worth noting that once you finish adding the IPAM server, you may need to refresh the VMM console before you will be able to see the IPAM server.
Photo credit: Shutterstock