IP Address Management (IPAM) is a set of tools that enables to plan, deploy, monitor or manage the IP address space. IPAM is able to manage address spaces or virtual address spaces from Virtual Machine Manager. IPAM provides also a centralized interface from the Server Manager.
The first feature of IPAM is the Address Space Management (ASM) that enables to gain visibility on the IP Address infrastructure. This feature detects DHCP scope, conflict or duplicate address space. It enables also to monitor and make reports of address utilization statistics and trend.
The second feature of IPAM is the Multi-Server Management (MSM) that enables to discover DNS and DHCP servers and to monitor the service availability. MSM is also able to perform updates simultaneously in the DNS and the DHCP scopes.
The third feature is the Virtual Address Space Management (VASM) that enables to gain visibility on virtual address spaces that are configured in Virtual Machine Manager. VASM provides the same features than ASM.
To finish IPAM provides Network Audit which is a centralized repository that contains each change performed on the DHCP server, IPAM server and IP issued on the network. That enables to view potential configuration problems on DHCP servers. Detailed IP address tracking data is also provided, including client IP addresses, client ID, host name, and user name. Advanced search capabilities enable you to selectively search for events and obtain results that associate user logons to specific devices and times.
IPAM Deployment
IPAM Installation
First I create a Virtual Machine called VMIPM01 based on Windows Server 2012 R2. I update the system and then I run the below PowerShell command:
install-WindowsFeature IPAM, IPAM-Client-Feature
Once the IPAM features are installed, you can navigate to IPAM from the Server Manager.
Provision the IPAM Server
Next I make the provisioning of the IPAM Server. In the below screenshot, you can see the process to follow to configure the IPAM.
Next I choose to use a Microsoft SQL Server to host the IPAM database. I specify an AlwaysOn Availability Group to ensure high availability.
To connect to the database, I use the IPAM server credentials. So I add Home\VMIPM01$ security login to SQL Server as Sysadmin. When the database will be created, I will remove the Sysadmin right to Home\VMIPM01$.
To allow IPAM access to the managed servers as DNS or DHCP, some parameters have to be set. This can be done manually or by GPO. I choose to use GPOs to automate the configuration of managed servers. I set the GPO prefix to IPAM.
Once the IPAM databases and parameters are set successfully it is necessary to create the GPOs in each IPAM managed domain.
To create the GPOs, I use the below script:
Invoke-IpamGpoProvisioning -Domain "Home.net" ` -GpoPrefixName "IPAM" ` -IPAMServerFQDN "VMIPM01.home.net"
This command create three GPOs:
Database configuration
Because I use AlwaysOn, I want to add the IPAM database to the Availability Group. So first I configure the recovery model of the database to Full:
USE master; ALTER DATABASE IPAM SET RECOVERY FULL ; Go
Next I make a backup of the database:
Use master GO Backup DATABASE IPAM TO DISK='E:\MSSQL\MSSQL11.SQLI01\MSSQL\Backup\IPAM.bck' GO
Then I navigate to the Availability Group and I select Add Database.
I select the IPAM database and I click on next.
Once the database is added to the AlwaysOn Availability Group, I run the below script on the other SQL Server node to create the security login.
-- Login: HOME\VMIPM01$ CREATE LOGIN [HOME\VMIPM01$] FROM WINDOWS WITH DEFAULT_DATABASE = [master]
IPAM configuration
Next it is necessary to configure the server discovery.
So I select the domains and the server roles to discover. I don’t have a DHCP server in the infrastructure because I almost use only virtual machines and so I use Static IP Address Pool.
Next I start the server discovery to find the Domain Controllers and DNS servers.
Once the server discovering is finished, I click on Select or add servers to manage and verify IPAM access. So I right click on the server to edit it.
I change the Manageability status to Managed.
When you set the manageability status to Managed, the GPO security filtering is updated:
Then after that the GPO is applied on the server, the IPAM Access Status should be Unblocked.
Integrate IPAM to VMM
Now I can add the IPAM network service to Virtual Machine Manager. So I open the VMM console and I navigate to the Fabric. Then I add a new network service. I call it IPAM.
I choose Microsoft as Manufacturer and Microsoft Windows Server IP Address Management as Model.
Next I choose the Run As account.
Then I specify the FQDN of the IPAM server.
Next I run the validation to check if all is ok.
Once the network service is added, I gain the visibility of Virtual IP Address Space in the IPAM console.
Use IPAM
In the IPAM, it is easy to find information about Static IP Address distributed by VMM. In the below screenshot, I have information about IP Address distributed as the host name of the related server, the network site and so on.
The IP Address Ranges view shows us the state of the Static IP Address Pool.
If I select an IP Address Range, I have more information in the details view as the percentage utilized, the gateway addresses and so on.
It is also possible to gain the visibility of all Virtual IP Address Spaces and their percentage utilized. Thanks to this view, it is easy to make network capacity management.
In the details view, a utilization trend is available to view the percentage of free IP in the address space in function of time.