Versions Compared

Old Version 10

changes.mady.by.user Shirly Tsang

Saved on

compared with

New Version 11

changes.mady.by.user Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To ensure a successful deployment of hosts, consider the following best practices:

For BloxOne

...

Cloud

  • When connecting a hardware appliance to the Cloud Services Portal, ensure that you DO NOT enter the join token in the Device UI. Otherwise, the appliance will lose connectivity to the Cloud Service Portal when the host certificate expires. Instead, use the serial number of the appliance to connect to the Cloud Service Portal.
  • When you deploy a host as a container and plan to run DNS forwarding proxy and BloxOne DDI on the same host, ensure that port 1053 is open and available. Otherwise, you might encounter an error if the host OS is running other applications on port 1053.
  • When setting up DNS forwarding proxies as hosts for failover purposes, Infoblox recommends that you deploy two DNS forwarding proxies using one as the primary proxy and the other as the secondary.
  • If you have configured any name servers through the DHCP options or hosts, ensure that you point them to the DNS forwarding proxies.
  • If you change the IP address or make any configuration changes on the host outside of the Cloud Services Portal, you must restart the system for the change to take effect. If the change is made within the BloxOne Cloud infrastructure, no restart is required.
  • For DNS to function properly in OVA deployments on ESXi servers, ensure that you enable the Synchronize guest time with host option during the deployment and that your ESXi host is synchronized with the NTP server. If you do not select the Synchronize guest time with host option (or if this option is disabled), the host synchronizes with the Ubuntu NTP servers: ntp.ubuntu.com and ubuntu.pool.ntp.org. When you disable this option, ensure that you open the UDP 123 port for time synchronization with the Ubuntu NTP servers. For more information, see Synchronizing Time with NTP Servers.

  • When you enable hosts to BloxOne Threat Defense Cloud on a NIOS appliance, the QPS (query per second) throughput might vary, depending on your appliance models and the cache hit ratios. You might see a bigger performance impact when the cache hit ratio is lower. In general, NIOS can forward at least 3,500 QPS to BloxOne Threat Defense Cloud. For standalone installations, the QPS may vary depending on the hardware used and the cache hit. However, the number of queries per second should fall in the range of 3,500 QPS using an OVA with 512 MB memory and 1 CPU.

  • BloxOne has configured 52.119.40.100 as the default DNS resolver for all hosts, so you are not required to configure a local DNS resolver. However, if you do not want to use 52.119.40.100 as the default DNS resolver and you do not want Docker to resolve DNS queries using 8.8.8.8 or 8.8.4.4, you must configure at least one non-local DNS resolver. If you use only local DNS resolvers, Docker will resolve DNS queries using 8.8.8.8 or 8.8.4.4. Note that Infoblox does not recommend using the loopback address (127.0.0.1) when configuring a non-local DNS resolver.

...