Network Automation using IPAM 2012 R2


Windows Server 2012 introduced IPAM to help Administrators to manage IP address space and DHCP/DNS network services. Prior to Windows Server 2012, customers had little option outside of using disjointed tools, excel spreadsheets and custom scripts. These tools, although serving short-term purpose, impacted the Network administration productivity and cost overruns maintaining proprietary tools. IPAM 2012 enabled customers to migrate to a sophisticated solution and start managing large-scale complex networks with virtualized datacenter in a scalable & efficient way. Below is an illustrated summary of IPAM 2012 functionality and benefits for large organizations.



Figure 1: WS2012 IPAM (Refresher)

Feedback on IPAM 2012:

Along the way, we heard specific feedback from both enterprises and hoster’s to make the product better. Broadly, you wanted IPAM to help meet your global network goals by:

· Enabling Network Automation

· Streamlined administration of Physical and Virtual infrastructure

· Administration across large distributed networks

· Centralized administration of network services

In this blog, we will walk you through the new features in IPAM R2 solution and how it meets global Network needs as listed above.

New IPAM Features in R2:

IPAM R2 enables network automation in virtualized datacenter and cloud environments of enterprise, Hoster and Hybrid deployments.



Figure 2: R2 IPAM (New)

Scale and automation:

IPAM R2 enables you to automate your IP infrastructure. Automation is key to achieve a higher efficiencies in modern datacenter. Automation and integrating with various systems on the network (ex. Active Directory Sites and Subnets) using IPAM PowerShell (PS) manifest itself in many ways. For instance – you could configure various entities in the network as part of a Workflow – like Network provisioning or de-provisioning workflow or a new host provisioning in a Datacenter. You could also leverage PS to do routine diagnostics, troubleshooting and even notification on error conditions like IP address exhaustion in a subnet; check to ensure subnet don’t overlap as part of a Network audit cycle and many more. IPAM R2 can help you with your everyday processes through its powerful PowerShell interfaces. Below listed are use-cases which you can automate using IPAM PowerShell:

  • Importing Active Directory Sites and Subnets from Active Directory to IPAM
  • Importing network discovery data from SCCM and MAP toolkit

o Discover IPv4 & IPv6 subnets in the enterprise

  • Get automatic visibility into overlapping subnets

o Find free IP and make reservations


Figure 3: Network Services managed by IPAM R2

Virtualized Network Management:

We heard from you that keeping track of your address space across physical and virtual infrastructure is a nightmare. We have streamlined IP address space administration requirements of virtualized datacenter. With IPAM R2, Network Administrators can use IPAM console to create subnets, pools and logical networks required by System Center Virtual Machine Manager (VMM) and export this data from IPAM to SCVMM R2. The VMM-IPAM integration module keeps both IPAM and VMM entities in sync. The data sync enables IPAM to detect address conflicts, duplicates and overlaps across the IP address space configured in multiple instances of VMM across datacenters in a very effective way that can be leveraged for troubleshooting and remediation. IPAM 2012 R2 supports both NVGRE and VLAN isolated Networks. This way IPAM 2012 R2 provides a holistic IP address space administration across both provider and customer spaces in Hyper-V Network Virtualization deployments.


Figure 4: Network Creation in VMM R2

Infrastructure Server Management:

Network services administration are increasingly complex as organizations expand global footprint through new branch-offices or acquisitions leading to new networks being created or integrated. IPAM 2012 R2 provides centralized administration of these services and thus facilitate efficient roll-out of IP address.

IPAM R2 provides new capabilities including IP address continuity leveraging DHCP failover capability; configuration of global policy based IP address assignment and network settings configuration for hosts leveraging DHCP policies; administration and auto-synchronization of partner DHCP entities required for DHCP failover; global administration of link-layer based IP addressing leveraging DHCP filters; integrated administration of IP address, DHCP reservation and DNS resource records as part of IP address lifecycle management.

Granular RBAC Administration:

IPAM 2012 lacked support for multi-administrator environment in a granular and flexible manner. In a large global enterprise, there are several IT administrators who need access privileges to perform specific admin operations on specific entities (IP address blocks, subnets, IP address ranges, IP addresses and servers) as part of administration of IP address space and DNS/DHCP services in their administration boundary (ex. Geo location, sites and domains, offices – branch/remote …). For instance, a global enterprise with presence in several countries will have local DNS/DHCP service administrators managing network configuration on a day-to-day basis across time zones. In certain cases, the global DHCP service administrators is required to delegate a specific administration of DHCP scope properties to local system administrators for certain set of DHCP scopes on the DHCP servers. With IPAM 2012 R2, you now have the flexibility to define user privileges at an enterprise level or at a group of servers or network operations and so on. Since these administration access privileges data is very critical configuration for any network, IPAM offers capability to protect and secures this data with HMAC encryption, which will prevent any changes made outside of the IPAM framework like even a database administrator making changes to the database or tables directly.


Figure 5: RBAC administration in IPAM R2

IPAM-SQL Integration:

We also help you achieve high availability needs of your Network Data. With IPAM 2012 R2, you now have the option to use an external DB like SQL Server. This helps you achieve business continuity, backup and disaster recovery, leverage reporting infrastructure of SQL server and many more.


In summary, Windows Server 2012 R2 IPAM addresses your Global Network Address Space and integrated DHCP, DNS and IP address space administration needs. You can streamline your Network Operations for your enterprise or service providers with virtualized datacenters, VMM powered private clouds, business branch offices and your server data-center environments. With unbeatable scale and performance, IPAM 2012 R2 truly delivers global networks for your enterprise or service provider environments. We hope you deploy IPAM 2012 R2 in your environments. Refer the links below to learn more about IPAM 2012 R2 including deployment and operations guide.


TechED Talk: Network Automation using Windows Server 2012 R2 IPAM

What’s New in IPAM in Windows Server 2012 R2

Walkthrough: Demonstrate IPAM in Windows Server 2012 R2

Networking for Cloud Services in Windows Server 2012 R2