IP address management advice for virtual servers
Microsoft introduced the IP Address Management Server (IPAM) feature in Windows Server 2012 as a way of making IP address management more practical. Although the first version of IPAM worked well for managing IP address assignments for physical networks, it left a lot to be desired with regard to virtual networks. This was a big problem because organizations are increasingly moving away from simple virtual server deployments in favor of hybrid or private cloud architectures. Often these architectures allow authorized users to deploy their own virtual servers. This of course complicates IP address management because it is difficult to assign IP addresses to VMs that you do not directly control.
Microsoft’s solution to this in Windows Server 2012 R2 was to provide tight integration between IPAM and System Center Virtual Machine Manager (SCVMM). This makes it possible for administrators to configure SCVMM to treat an IPAM server as a defined resource. Doing this will allow you to use IPAM to configure and monitor IP addressing for both logical networks and VM networks.
It is worth noting that although IPAM is capable of managing IP addresses for both physical and virtual infrastructures, it is not intended for managing tenant address spaces. Private cloud tenants must continue to manage their own IP addresses.
Linking IPAM to SCVMM is a relatively easy process. Before you establish connectivity however, you must make sure that the clocks on your SCVMM servers are in sync with the clocks on your IPAM servers. The Windows Time Service should automatically keep the clocks synchronized assuming that the servers belong to a common forest.
To make SCVMM aware of your IPAM server, click on the Fabric workspace and then make sure that the Fabric Resources option is selected on the ribbon. Next, navigate through the console tree to Networking / Network Services.
Now, click on the ribbon’s Add Resources button, and choose the Network Service option from the resulting menu. This will cause Windows to open the Add Network Services Wizard. The wizard’s initial screen requires you to enter a name for the service that you are defining. You can use a generic name, such as IPAM, if you want, but it is a good idea to enter a meaningful description.
Click Next and you will be taken to the wizard’s Manufacturer and Model screen. Choose Microsoft from the Manufacturer menu and then set the Model to Microsoft Windows Server IP Address Management.
Click Next and you will be asked to provide a Run As account. The Run As account is a domain user account that provides the required permissions for administrative actions performed through SCVMM. If you do not currently have a Run As account, you can click the Browse button and then click the Create Run As Account button.
When you click Next, you will be taken to a screen that asks you to provide a connection string. Normally the connection string is the IPAM server’s Fully Qualified Domain Name. In some instances however, you may also need to provide a port number (example: ipam.mydomain.com:443).
The next screen that will be displayed is the Provider screen. This screen allows you to verify that SCVMM is able to communicate with your IPAM server. Simply select the Microsoft IP Address Management Provider option from the Configuration Provider drop down list and then click the Test button.
When the validation tests complete, click Next and then select the host group from which you want the network resource (in this case, the IPAM server) to be available.
Click Next one last time and you will see a summary screen detailing your configuration. Take a moment to make sure that the summary information appears to be correct and then click Finish. Your IPAM server will now be added to the Fabric workspace as a network service.
As you can see, it is relatively easy to link an IPAM server to SCVMM. Doing so provides a much easier IP address management for logical networks and for VM networks.