How to Add an IPAM Server in VMM in System Center 2012 R2
Updated: May 13, 2016
Applies To: System Center 2012 R2 Virtual Machine Manager
With Virtual Machine Manager (VMM) in System Center 2012 R2, you can add an IP Address Management (IPAM) server that runs Windows Server 2012 R2 to the resources in VMM. After you add the IPAM server, the IP address settings that are associated with logical networks and virtual machine networks (VM networks) in VMM are kept in synchrony with settings that are stored in the IPAM server.
Note
After you add an IPAM server to your VMM configuration, you can use the IPAM server to configure and monitor logical networks and their associated network sites and IP address pools. You can also use the IPAM server to monitor the usage of VM networks that you have configured or changed in VMM. However, tenants must continue to use the VMM server (not IPAM) to configure VM networks that use network virtualization—in other words, to control the address space that is typically controlled by tenants rather than by VMM administrators.
This topic describes how you can add an IPAM server to the list of resources in VMM in System Center 2012 R2 only. For information about how to add a virtual switch extension manager to the list of resources in VMM in System Center 2012 SP1, see How to Add a Virtual Switch Extension Manager in System Center 2012 SP1.
Use the following procedure to add an IPAM server to VMM in System Center 2012 R2.
Prerequisites
Before you can add an IPAM server to your configuration in VMM, you must perform the following actions:
On a server running Windows Server 2012 R2, install the IPAM feature by using Add Roles and Features (in Server Manager) or Windows PowerShell commands. Then configure the IPAM server as described in the relevant IPAM documentation. Examples of IPAM topics on TechNet are IP Address Management (IPAM) Overview and Checklist: Deploy IPAM Server.
Note
The IPAM server must be installed on a domain member computer, and must meet other requirements that are described in Install IPAM Server.
Create or identify a domain account and, to avoid issues with expiration of the password, ensure that the account is set to never expire. Then, on the IPAM server, ensure that the account has at least the minimum necessary permissions by adding the account to the following two groups:
IPAM ASM Administrators: A local group that exists on all IPAM servers, and provides permissions for IP address space management (ASM). For more information, see Assign Administrator Roles.
Remote Management Users: A built-in group that provides access to WMI resources through management protocols, such as WS-Management through the Windows Remote Management service.
Confirm that the IPAM server and the VMM are being kept in time synchrony. Time synchrony depends on settings for the Windows Time Service. In most configurations, if two servers are in the same forest, Windows Time Service keeps them in synchrony. For information about the Windows Time Service command, W32tm, and the /resync option in that command, see W32tm. If you cannot control the time synchrony of the IPAM server and the VMM server, see the instructions in the “Important configuration notes” at the end of this topic.
Make sure that you know the fully qualified domain name (FQDN) of the IPAM server to use as a connection string.
Make sure that you know the names of the VMM host groups for which you want integration between the IPAM server and the VMM server. You can also choose to include all host groups in the integration.
The provider software for an IPAM server running Windows Server 2012 R2 is already included in the VMM management server in System Center 2012 R2. You do not have to install it. If you want to review the provider software on your VMM server, open the Settings workspace and in the Settings pane, click Configuration Providers. The list of providers appears in the Configuration Providers pane.
To add an IPAM server in System Center 2012 R2
Open the Fabric workspace.
On the Home tab, in the Show group, click Fabric Resources.
In the Fabric pane, expand Networking, and then click Network Service.
Network services include gateways, virtual switch extensions, network managers (which include IPAM servers), and top-of-rack (TOR) switches.
On the Home tab, in the Add group, click Add Resources, and then click Network Service.
The Add Network Service Wizard opens.
On the Name page, type a name and optional description, and then click Next.
On the Manufacturer and Model page, in the Manufacturer list, click Microsoft, and in the Model list, click Microsoft Windows Server IP Address Management. Then click Next.
On the Credentials page, either click Browse and then on the Select a Run As Account dialog box, specify the account described in the previous Prerequisites section, or click Create Run As Account and create a new Run As account with the permissions that are listed in the Prerequisites section. After you specify the account, click Next.
On the Connection String page, in the Connection string box, type the fully qualified domain name (FQDN) of the IPAM server, and then click Next.
For example, you might enter the following connection string:
IPAMserver1.contoso.com
If you have configured a specific port on the IPAM server, the string can also end in that port number preceded by a colon (for example, :443). If a port number is not specified, the default port for the IPAM server is used.
On the Provider page, in the Configuration provider list, select Microsoft IP Address Management Provider, and then click Test to run basic validation tests with the provider. If tests indicate that the provider works as expected with the IPAM server, click Next.
Results that say Passed or Failed indicate whether the provider works as expected. One possible cause of failure is insufficient permissions in the Run As account. Results that say Implemented and Not implemented are informational only, and indicate whether the provider supports a particular API.
On the Host Group page, select one or more host groups for which you want integration between the IPAM server and the VMM server.
On the Summary page, review and confirm the settings, and then click Finish.
Confirm that the IPAM server is listed under Network Services. Whenever you want to send or receive the latest settings to and from the IPAM server, you can right-click the listing for the IPAM server and then click Refresh.
On the IPAM server, to view the logical networks and related settings that were configured in VMM, navigate to VIRTUALIZED IP ADDRESS SPACE, and then to Provider IP Address Space. For each logical network, the IPAM server will have an address space (an overarching category that is found in IPAM, but not in VMM) with a name that is based on the name of the logical network. The logical network will be contained within the address space, with the name of the logical network displayed under the heading VMM Logical Network. To see the types of information that are stored in IPAM, expand the address space and select different views.
The following table can help you interpret some of the information that you see on the IPAM server:
VMM name | IPAM name |
---|---|
Logical network | VIRTUALIZED IP ADDRESS SPACE Provider IP Address Space: VMM Logical Network column |
Network site | VIRTUALIZED IP ADDRESS SPACE Provider IP Address Space: Network Site column |
IP address subnet | IP Address Subnet (same name in IPAM as in VMM) |
IP address pool | IP Address Range |
VM network | VIRTUALIZED IP ADDRESS SPACE Customer IP Address Space: VM Network column |
Important configuration notes
If you want to use the IPAM server to delete a logical network, delete the IP address subnets assigned to that logical network, and do not delete the name associated with the VMM Logical Network field on the IPAM server. The two servers will then be able to synchronize correctly, and the logical network will be deleted. If you do delete the name associated with the VMM Logical Network field on the IPAM server, you must go to the VMM server and delete the network sites and the logical network. Then, after the two servers synchronize, the deletion will be complete.
If you cannot control the time synchrony of the IPAM server and the VMM server as described in the Prerequisites in this topic, you must update permissions on the IPAM server so that the provider software (included in VMM in System Center 2012 R2) can query the current time setting on the IPAM server. To do this, on the IPAM server, run wmimgmt.msc to open the WMI Control (Local) snap-in. Right-click WMI Control (Local), click Properties, and then click the Security tab. Navigate to Root\CIMV2, click the Security button, select the account that you created for the Prerequisites in this topic, and then for Remote Enable, select the Allow box.
See Also
IP Address Management (IPAM) Overview
Configuring Logical Networking in VMM Overview
How to Add a Virtual Switch Extension or Network Manager in System Center 2012 R2
How to Add a Virtual Switch Extension Manager in System Center 2012 SP1