Versions Compared

Old Version 3

changes.mady.by.user Jyothi KP

Saved on

compared with

New Version 4

changes.mady.by.user Jyothi KP

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For the NIOS vDiscovery feature to work on AWS VPCs with the Infoblox vNIOS for AWS instance on public or private subnets, you configure the DNS Resolver setting in the Grid Properties editor in NIOS to add the IP address of the upstream DNS server within AWS. The DNS server must resolve both the user-provided AWS service endpoint and the host name iam.amazonaws.com to the NIOS configuration. You define the setting for the Grid.
To configure DNS resolver for the Grid, complete the following in Grid Manager:

  1. From the Grid tab -> GridManager tab -> Members tab, expand the Toolbar, and then click GridProperties.

  2. In the Grid Properties editor, do the following:

    • Click the DNSResolver tab and select the EnableDNSResolver checkbox if it is not already selected.

    • In the NameServers list, click Add to add the IP address of the upstream DNS server to the list.

    • Enter the IP address and press Enter.

  3. Save the configuration. The changes may take a brief period of time to become active.

The following figures illustrate AWS cloud-based and on-premises-based appliances communicating with the AWS endpoints to initiate vDiscovery for their VPCs:


Figure 1.10 Infoblox vNIOS for AWS Appliance Routing to Endpoints for vDiscovery Tasks  DrawiobordertrueviewerToolbartruefitWindowfalsediagramName

Drawio
zoom1
simple0
inComment0
pageId22544567
custContentId47448401
lbox1
diagramDisplayName1.10
contentVer

...

1

...

revision

...

4

...

baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramName1.10
pCenter0
width597
links
tbstyle
height381

By adding the DNS resolver, communication by the Infoblox vNIOS for AWS appliance to the endpoints is automatic for vDiscovery. Figure 1.11 The following diagram illustrates the same process for an on-premises NIOS Cloud Platform appliance: Anchorbookmark53bookmark53

Figure 1.11 On-Premises NIOS Appliance Configured for vDiscovery Tasks

Drawio

...

zoom

...

1

...

simple

...

0

...

inComment

...

0

...

pageId

...

22544567

...

custContentId

...

46959868

...

lbox1
diagramDisplayName1.11
contentVer1
revision4
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramName1.11
pCenter0
width541
links
tbstyle
height416
Note

Note

Network routing may also be required to enable the member to communicate with the AWS endpoints.

You can also set up a proxy server in your data center so you can perform vDiscovery through the proxy server. For information about how to configure a proxy server on your NIOS virtual appliance, refer to the Infoblox NIOS Documentation.

Credentials for vDiscovery

When you configure a vDiscovery job through the Infoblox GUI (Grid Manager), you can choose to use Instance Profile or IAM Credential for authentication.
An instance profile is a container for an IAM role that you use to pass role information to an EC2 instance when the instance is up and running. Select this option if you want to collect information from AWS by waiving a user's credentials and using configuration of a predefined IAM role to get a temporary token that allows API calls. Note that you must first configure the option for "instance profile" in AWS, define an IAM role in the instance profile, and then set permissions for this role before you can select this option in NIOS. Otherwise, this option is disabled. When you select this, you do not need to provide user credentials for vDiscovery jobs.
You can also select IAM credentials if you want to authenticate by using IAM roles to grant secure access to AWS resources from your EC2 instances when they are up and running. When you select this authentication method, you must provide the Access Key ID and Secret Access Key for the AWS endpoint. This is the secret key pair for the administrator account that executes the vDiscovery job.

title
Note

Note

In AWS, access keys are used to digitally sign API calls made to AWS services. Each access key credential is comprised of an access key ID and a secret key. The secret key portion must be secured by the AWS account holder or the IAM user to whom they are assigned. As a best practice, users should rotate their access keys on a regular basis. Refer to the document AWS Security Best PracticesSecurity Best Practices by Amazon Web Services (http://aws.amazon.com/whitepapers/aws-security-best-practices/) and the AWS Documentation page IAM Best Practices (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html) for more information.

...

Before assignment to the NIOS cloud admin account, AWS users need the following AWS IAM permissions to use the vDiscovery feature to discover the resources in their VPCs and manage them through IPAM:

  • iam:GetUser

  • ec2:DescribeVpcs

  • ec2:DescribeSubnets

  • ec2:DescribeRouteTables

  • ec2:DescribeAddresses

  • ec2:DescribeNetworkInterfaces

  • ec2:DescribeInstances


For more information about how to configure vDiscovery, refer to Configuring vDiscovery Jobs in the Infoblox NIOS Documentation.

...

A number of different network object types are discovered, collected and added to the NIOS database during the vDiscovery process. You may convert some object types to Managed objects in NIOS IPAM.

  • Virtual Private Clouds

  • Availability Zone

  • Tenants

  • Subnets

  • EC2 Instances (virtual machines);

  • IP Addresses

title
Note

Note

vDiscovery is not supported for Elastic IP addresses allocated from a public IP address pool that you have brought to your AWS account, or from a private pool created from your on-premises network (Bring your own IP address). It is supported only if Elastic IP addresses are allocated from Amazon's pool of public IPv4 addresses.

Creating DNS Records for Discovered IP Addresses

When you configure vDiscovery jobs, you can enable the appliance to automatically create DNS records for discovered virtual instances in your AWS VPCs. When you enable this feature, NIOS automatically adds Host records or A and PTR records to the authoritative zones for the discovered IP addresses based on your configuration. You can also enter a formula that NIOS uses to create the DNS names for the discovered IP addresses based on their VM parameters such as vm_name or discovered_name for data discovered through AWS. By doing so, NIOS is able to discover public and private IP addresses by looking up the corresponding DNS names.
Discovered data includes IP addresses for the VMs and associated information such as VM ID, VM Name, Tenant ID, and others. Note that corresponding zones must already exist in order for NIOS to add DNS records. Otherwise, NIOS does not add any DNS records and it logs a message to the syslog.
NIOS automatically adds DNS records based on the following conditions:

  • The corresponding DNS zones must already exist in the NIOS database. NIOS does not automatically create DNS zones for the records.

  • To create a PTR record, the corresponding reverse-mapping zone must exist.

  • A DNS zone cannot be associated with more than one DNS view. NIOS does not create DNS records for zones that are associated with multiple DNS views.

  • NIOS adds new DNS records only if the VM name for the discovered IP address is available and there is no conflict between the discovered data and the associated network view.

The following matrix captures some scenarios about how vDiscovery handles various actions and what the outcome is for the information on the Cloud Platform appliance and in the NIOS database.

title
Note

Note

vDiscovery modifies records that are created by the vDiscovery process only. It does not create or update DNS records that are originally created by other admin users.

Actions and Conditions

Cloud Platform Data before vDiscovery

Cloud Platform Data after vDiscovery

NIOS Data before vDiscovery

NIOS Data after vDiscovery

  • Add new interface to existing VM (vma) with the same discovered name on Cloud Platform appliance

  • Automatic creation of Host records

  • In NIOS: existing zone corp1.com;

no DNS recordsNo data for vma

  • existing Host record (originally created by admin)

10.10.10.1
vma.corp1.com

Zone:

10.10.10.1
vma.corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Add new VM (vma

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

  • Add new interface to existing VM (vma) with different discovered name (vmb) on Cloud Platform appliance

  • Automatic creation of Host records

  • In NIOS: existing zone corp1.com; existing Host record (originally created by vDiscovery

or admin

  • )

No data for vma

10.10.10.1
vma.corp1.com

Zone: corp1.com
Host record:

10.10.10.1
vma.corp1.com

(

10.10.10.

1)Zone

2
vmb.corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)
Host record: vmb.corp1.com (10.10.10.2)

  • Add new interface to existing VM (vma) with

the same

  • different discovered name (vmb) on Cloud Platform appliance

  • Automatic creation of Host records

  • In NIOS: existing zone corp1.com; existing Host record (originally created by

vDiscovery

  •  admin)

10.10.10.1
vma.corp1.com

10.10.10.1
vma.corp1.com 10.10.10.2
vmb.corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1

,

)
Host record: vmb.corp1.com (10.10.10.2)

Add new interface to

  • Remove existing VM (vma)

with the same discovered name

  • on Cloud Platform appliance

  • Automatic creation of Host records

  • In NIOS: existing zone corp1.com; existing Host record (originally created by

admin

  •  vDiscovery)

10.10.10.1
vma.corp1.com

10.10.10.1
vma.corp1.com

No data for vma

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com

Host record: vma.corp1.com (10.10.10.1)Add new interface to existing VM (vma) with different discovered name (vmb

  • Remove existing VM (vma) on Cloud Platform appliance

  • Automatic creation of Host records

  • In NIOS: existing zone corp1.com; existing Host record (originally created by

vDiscovery

  •  admin)

10.10.10.1
vma.corp1.com

10.10.10.1
vma.corp1.com 10.10.10.2
vmb.corp1.com

No data for vma

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Host record: vmb.corp1.com

  • Remove existing interface (10.10.10.2)

Add new interface to existing

  • from VM (vma) with different discovered name (vmb) on Cloud Platform appliance

  • Automatic creation of Host records

  • In NIOS: existing zone corp1.com; existing Host record (originally created by

admin

  •  vDiscovery)

10.10.10.1
vma.corp1.com

10.10.10.

1

2

vma

vmb.corp1.com

10.10.10.

2

1

vmb

vma.corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com


Host record:

vma

vmb.corp1.com (10.10.10.

1)

2)

Zone: corp1.com
Host record:

vmb

vma.corp1.com (10.10.10.

2

1)

  • Remove existing

VM (vma)

  • interface (10.10.10.2) from VM (vma) with different discovered name (vmb) on Cloud Platform appliance

  • Automatic creation of Host records

  • In NIOS: existing zone corp1.com; existing Host record (originally created by

vDiscovery

  •  admin)

10.10.10.1
vma.corp1.com 10.10.10.2
vmb.corp1.com

No data for vma

10.10.10.1
vma.corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone

Host record: vmb.corp1.com

  • Remove existing VM (vma) on Cloud Platform appliance
  • Automatic creation of Host records
  • In NIOS: existing zone corp1.com; existing Host record (originally created by admin)

(10.10.10.

10.1
vma.corp1.comNo data for vmaZone: corp1.com

2)

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)


Host record:

vma

vmb.corp1.com (10.10.10.

1

2)

Remove existing interface (

  • Update record name (from vma to vm1) for the existing interface (10.10.10.

2) from VM (vma) with different discovered name (vmb

  • 1) on Cloud Platform appliance

  • Automatic creation of Host records

  • In NIOS: existing zone corp1.com; existing Host record (originally created by vDiscovery)

10.10.10.1
vma

.corp1.com 10.10.10.2
vmb

.corp1.com

10.10.10.1

vma

vm1.corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com
Host record:

vmb

vm1.corp1.com (10.10.10.

2

1)

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Remove

  • Update record name (from vma to vm1) for the existing interface (10.10.10.

2) from VM (vma) with different discovered name (vmb

  • 1) on Cloud Platform appliance

  • Automatic creation of Host records

  • In NIOS: existing zone corp1.com; existing Host record (originally created by admin)

10.10.10.1
vma

.corp1.com 10.10.10.2
vmb

.corp1.com

10.10.10.1

vma

vm1.corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com
Host record:

vmb

vma.corp1.com (10.10.10.

2)Zone: corp1.com

1)
Host record:

vma

vm1.corp1.com (10.10.10.1)

Host record: vmb.

  • Automatic creation of Host records

  • Change FQDN template from ${discover_name) to ${vm_name}

  • In NIOS: existing zone corp1.com; existing Host record (originally created by vDiscovery)

10.10.10.

2)Update record name (from vma to vm1) for the existing interface (

1
vma.corp1.com vm_name: ABC

10.10.10.1

) on Cloud Platform appliance
  • Automatic creation of Host records
  • In NIOS: existing zone corp1.com; existing Host record (originally created by vDiscovery)


    • vm1.corp1.com vm_name: ABC

    Zone: corp1.com
    Host record: vma.corp1.com (10.10.10.1)

    vma.

    Zone: corp1.com
    Host record: ABC.corp1.com (10.10.10.1)

    • Automatic creation of Host records

    • Change FQDN template from ${discover_name) to ${vm_name}

    • In NIOS: existing zone corp1.com; existing Host record (originally created by admin)

    10.10.10.1
    vma.corp1.com vm_name: ABC

    10.10.10.1
    vm1.corp1.com vm_name: ABC

    Zone: corp1.com
    Host record: vma.corp1.com (10.10.10.1)

    Zone: corp1.com
    Host record:

    vm1

    vma.corp1.com (10.10.10.1)

    Update record name (from vma to vm1) for the existing interface

    Host record: ABC.corp1.com (10.10.10.1)

    on Cloud Platform applianceAutomatic

    • Change vDiscovery task configuration from creation of Host record to A and PTR records

    • In NIOS: existing zone corp1.com; existing Host record (originally created by

    admin

    •  vDiscovery)

    10.10.10.1
    vma.corp1.com

    10.10.10.1

    vm1

    vma.corp1.com

    Zone: corp1.com
    Host record: vma.corp1.com (10.10.10.1)

    Zone: corp1.com

    Host Automatic

    A record: vma.corp1.com (10.10.10.1)

    Host record: vm1.corp1.com (10.10.10.1)

    • Change vDiscovery task configuration from creation of Host

    records
  • Change FQDN template from ${discover_name) to ${vm_name}
    • In

    • record to A and PTR records

    • In NIOS: existing zone corp1.com; existing Host record (originally created by

    vDiscovery

    •  admin)

    10.10.10.1
    vma.corp1.com

    vm_name: ABC

    10.10.10.1

    vm1

    vma.corp1.com

    vm_name: ABC

    Zone: corp1.com
    Host record: vma.corp1.com (10.10.10.1)

    Zone: corp1.com
    Host record: vma.corp1.com (10.10.10.1)
    A record:

    ABC

    vma.corp1.com (10.10.10.1)

    • Add new VM (vma) on Cloud Platform appliance

    • Automatic creation of

    Host recordsChange FQDN template from ${discover_name) to ${vm_name}

    • Host records

    • In NIOS: existing zone corp1.com;

    existing Host record (originally created by admin)10.10.10.1
    vma.corp1.com vm_name: ABC

    • no DNS records

    No data for vma

    10.10.10.1

    vm1.corp1.com vm_name: ABCZone:

    vma.corp1.com

    Host record: vma.corp1.com (10.10.10.1)

    Zone: corp1.com

    Zone: corp1.com
    Host record: vma.corp1.com (10.10.10.1)

    Host record: ABC.corp1.com (10.10.10.1)
  • Change vDiscovery task configuration from creation of Host record to A and PTR records
    • In

    • Add new VM (vma) on Cloud Platform appliance

    • Automatic creation of Host records

    • In NIOS: existing zone corp1.com; existing Host record (originally created by vDiscovery or admin)

    10.10.10.1
    vma.corp1.com

    No data for vma

    10.10.10.1
    vma.corp1.com

    Zone: corp1.com
    Host record: vma.corp1.com (10.10.10.1)

    Zone: corp1.com

    A

    Host record: vma.corp1.com (10.10.10.1)

    • Add new interface to existing VM (vma)

    Change vDiscovery task configuration from

    • with the same discovered name on Cloud Platform appliance

    • Automatic creation of Host

    record to A and PTR

    • records

    • In NIOS: existing zone corp1.com; existing Host record (originally created by

    admin

    •  vDiscovery)

    10.10.10.1
    vma.corp1.com

    10.10.10.1
    vma.corp1.com

    Zone: corp1.com
    Host record: vma.corp1.com (10.10.10.1)

    Zone: corp1.com
    Host record: vma.corp1.com (10.10.10.1

    )
    A record: vma.corp1.com (

    ,
    10.10.10.

    1

    2)



    To enable the appliance to automatically create DNS records, complete the following in Grid Manager:

    1. For a new vDiscovery job: From the Data Management tab, select the IPAM tab, then select vDiscovery -> New from the Toolbar; or from the Cloud tab, select vDiscovery -> New from the Toolbar.
      or
      To modify an existing job: From the Data Management tab, select the IPAM tab and click vDiscovery -> Discovery Manager from the Toolbar, or from the Cloud tab, select vDiscovery -> Discovery Manager from the Toolbar. In the vDiscovery Job Manager editor, click the Action icon

      Image Removed

      next to a selected job and select Edit from the menu.

    2. In step four of the vDiscovery Job wizard, or on the Data Consolidation tab of the vDiscovery Job Properties editor, complete the following:
      For every newly discovered IP address, create: Select this checkbox to enable NIOS to automatically create or update DNS records for discovered VM instances if the records were originally created by vDiscovery.

      • Host: Select this to automatically create Host records for discovered VMs.

      • A & PTR Record: Select this to automatically create A and PTR records for discovered VMs. Note that the DNS zones and reverse-mapping zones to which the records belong must exist in NIOS. Otherwise, vDiscovery does not create the records.

      • The DNS name will be computed from the formula: Enter the formula that NIOS uses to create FQDNs for discovered VMs. You can use the auto-generated FQDNs for DNS resolution purposes. You must use the syntax of ${parameter name} for this formula. For AWS, this field supports the vm_name and discovered_name parameters. For example, when you enter ${vm_name}.corp100.com and the discovered vm_name = XYZ, the DNS name for this IP becomes XYZ.corp100.com. When you enter ${discover_name} here and the discovered name for the IP is ip-172-31-1-64.us-west-1.compute.internal, the DNS name for this IP is  ip-172-31-1-64.us-west-1.compute.internal.

        Notetitle


        Note

        If

        that if the ${vm_name} parameter of an instance contains any special character, the appliance will not be able to identify this instance and will convert it to a managed VM using the vm_id parameter.