Versions Compared

Old Version 4

changes.mady.by.user Panna .

Saved on

compared with

New Version 5

changes.mady.by.user Jyothi KP

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You can obtain the Infoblox vNIOS for AWS AMI by going to the CommunityAMI page in Amazon Web Services. Use 'NIOS' or 'Infoblox' as the search term to locate the AMI. For information, see see the Obtaining the Infoblox vNIOS for AWS AMIsection.

This section topic describes the procedure that you can use to launch and provision an Infoblox vNIOS for AWS instance for your AWS VPC in the AWS console. This procedure supports users who want to provision Infoblox vNIOS for AWS using the BYOL (Bring Your Own Licensing) model. It provides the complete sequence of procedures that you must perform to manually provision a new Infoblox vNIOS for AWS instance in AWS.

When you use the BYOL licensing model, you install licenses using the standard methods described in the InfobloxNIOS Documentation, including a set of temporary feature licenses. Ensure that you add the following licenses to the appliance: A vNIOS license for your Infoblox vNIOS for AWS instance, a DNS license to run DNS services, a DHCP license to run DHCP services in the Infoblox vNIOS instance deployed on AWS, the Enterprise (Grid) license to configure it as a Grid Master, a Grid member, or a Grid Master Candidate, and the CNA (Cloud Network Automation) license to manage cloud features on the Grid Master. All other NIOS features are available for use in Infoblox vNIOS for AWS instances and can be enabled by their respective licenses.

You may also use Elastic Scaling (dynamic licenses) to automatically provision and configure vNIOS instances in the AWS VPC. For more information about these licensing models, see ProvisioningInfobloxvNIOSforAWSusingElasticScaling.

title
Note

Note

DHCP services now can run on NIOS instances deployed on AWS to offer instances that are outside AWS. Due to AWS restriction, DHCP cannot be offered for instances running on AWS.

...

You can obtain the Infoblox vNIOS for AWS AMI from the AWS wizard's CommunityAMIs page. Installation of the Infoblox vNIOS for AWS AMI involves a series of steps in the AWS console where you configure and launch a new Infoblox vNIOS for AWS instance. You may use the BYOL to establish your Infoblox NIOS features for your deployment of an instance.

To obtain and configure vNIOS for AWS using BYOL, complete the following steps:

  1. Log in to AWS using your chosen AWS account.

  2. On the main AWS Console page, click EC2.

  3. Click the LaunchInstance button. The ChooseAMI page of the Amazon Launch Instance wizard opens.

  4. Click the CommunityAMIs tab.

  5. Search for the Infoblox vNIOS for AWS AMI by entering the strings NIOS or Infoblox in the SearchCommunityAMIs box. The Infoblox AMI listing appears in the search results.

  6. For the Infoblox vNIOS for AWS AMI, click Select.

  7. Select the EC2InstanceType based on your requirements. See Infoblox vNIOS for AWS AMI Shapes and Regions for your available options.

  8. Click Next:ConfigureInstanceDetails to define the networking settings for your new Infoblox vNIOS for AWS instance. For more information, see the Defining Network Settings for your New Infoblox vNIOS for AWS Instance section.

Defining Network Settings for your New Infoblox vNIOS for AWS Instance

Infoblox vNIOS virtual appliances require two network interfaces (MGMT and LAN1) for proper Grid communications. These interfaces must be assigned to separate subnets within the same VPC.
Note that the NIOS GUI communicates through the MGMT port. If for any reason you must make changes to the MGMT port, such as swapping NICs or changing the MGMT IP address from static to dynamic, ensure that you use the same IP address for the MGMT port before and after the changes. Otherwise, you might not be able to access the NIOS GUI.

Note
title

Note

Network settings made in your AWS cloud environment override changes made through the NIOS GUI or CLI. Therefore, when making changes to your network settings through the NIOS GUI or CLI, such as adding, modifying, or deleting network interfaces, ensure that the related changes are consistent with those in the cloud networks.

On the ConfigureInstanceDetailsConfigureInstanceDetails page of the AWS wizard, define the network settings for the new Infoblox vNIOS for AWS instance, including both the required network interfaces.

title
Note

Note

Networks with IPv6 addresses are supported only in NIOS 8.5.2.

  1. Choose your VPC from the Network drop-down list.

    1. If you have not yet created a VPC, click the Create

      new VPC

      new VPC link, and then specify the name and the IP address range (in standard CIDR format) for the new VPC.
      To also associate IPv6 IP address with the instance, select Amazon provided IPv6 CIDR Block. (The address range you specify in this step appears as the top-level network view in the NIOS

      Data Management

      Data Management -> IPAM page.)

  2. Define the Subnet to which the new vNIOS for AWS instance is assigned. Each VPC must have a default subnet. You can then select this subnetwork value for your configuration:

    1. If you have not yet created a subnet for your VPC, click the

      Create new subnet

      Create new subnet link.

    2. On the

      VPC Dashboard

      VPC Dashboard page, which may open in a new browser window, click Subnets.

    3. Click

      Create Subnet

      Create Subnet. In the Create Subnet dialog box, complete the following:

      1. In the VPC list, select the VPC you created in Step 1.

      2. From the IPv4 CIDR Block drop-down list, choose the IPv4 IP address range for the subnet.

      3. If you need to assign an IPv6 address to the subnet, from the IPv6 CIDR Block drop-down list, choose the IPv6 address range.

        Note
        titleNote
        The CIDR

        Note that the CIDR block must be a smaller prefix than the IP address range for the VPC.

    4. Click Yes, Create.
      You may create more than one subnet. The subnet prefix values appear in the Subnet field for each network interface in your AWS console.

  3. In the Auto-assign Public IP drop-down list, keep the default option, Use subnet setting (Disable).
    As you are creating an instance with two interfaces, AWS does not allow a Public IP assignment to the new vNIOS for AWS instance. AWS displays a warning to this effect when you create the second interface. (You may use an Elastic IP address or a private IP address.)

  4. In the Auto-assign IPv6 IP drop-down list, perform one of the following:

    1. Keep the default option, Use subnet setting (Disable) to assign only IPv4 addresses to the vNIOS instance.

    2. Choose Enable to also assign IPv6 addresses to the vNIOS instance. When the instance starts, it will be associated with both IPv4 and IPv6 addresses.

  5. Choose the IAM role for the vNIOS for AWS instance. Choose your IAM role from the list. You may use default settings for your initial testing. It can also be defined on the Identity and Access Management page in the AWS console. Your AWS administrator may not allow custom IAM accounts for your deployment, so this may not be a selectable value.


     NotetitleNote


    For more information about Amazon IAM, see the Amazon IAM documentation page at http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_Introduction.html. For information about how Amazon IAM roles and permissions work with your Infoblox vNIOS for AWS instances to ensure secure and accurate authorization of user privileges, see Credentials for vDiscovery and Assigning AWS User Credentials to the NIOS Cloud Admin Account.

  6. Keep the default Tenancy setting (Sharedtenancy(multi-tenanthardware). For information about tenant settings, see About Tenants.

  7. Select Network Interfaces -> eth0 and then choose the default Subnet from the drop-down list. This subnet should be the same one as the subnet described in Step 2 above. (If a default subnet is in the selected VPC, it automatically appears in this field.)


    Notetitle


    Note

    You

    that you must use two interfaces for your new Infoblox vNIOS for AWS instance: eth0 and eth1. You create a new eth1 interface for your instance. You use the eth1 interface to join the new Infoblox vNIOS for AWS instance to a NIOS Grid.

  8. Click the AddDevice button. A new eth1 interface listing appears.
    The eth1 interface, automatically designated as such during configuration of the new Infoblox vNIOS for AWS instance, is also labeled as LAN1 in NIOS. You cannot change this setting. By default, the eth1 interface is assigned with IPv4 address.


     NotetitleNote


    For SSH access to the vNIOS for AWS instance, you must always use the IP address associated with the LAN1 port.

    1. Choose

      Choose the default Subnet from the drop-down list. (For more information on usage of Elastic IP addresses for interfaces in your Infoblox vNIOS for AWS instances, see UsinganElasticIPAddress.)

    2. To set the AWS server to also assign IPv6 address to the eth1 interface, in the IPv6 IPs column, click the Add IP link.

  9. Open AdvancedDetails to configure the Userdata settings for your new instance.

    Note
    titleNote
    In order to access the NIOS GUI when

When you start the vNIOS for AWS instance, to access the NIOS GUI, you must install the vNIOS license

...

by setting the value "temp_license:vnios" in the User data settings. You can also use the NIOS CLI to set temporary or permanent licenses. For more information, see the

...

following section.

Initializing New Infoblox vNIOS for AWS Instances with the AWS User Data Field

You can provision the Infoblox vNIOS for AWS instance through the AdvancedDetails -> Userdata field without using Elastic Scaling. This section has instructions to define the administrator login settings and specify the feature licenses for the new Infoblox vNIOS for AWS instance. Complete the following steps:

  1. In the Advanced Details section, define the following plain-text values in the User data field:

    1. remote_console_enabled: Enables or disables the remote SSH CLI console for a new instance (syntax: y or n).

    2. default_admin_password: Sets the password for the NIOS admin user during the first boot. This value does not have to be a default; it can be the password of any administrator who initializes the new instance. The minimum password length is four characters. If an invalid password is passed by this method, it will be ignored, and the default "infoblox" password remains in effect for the instance. Note that if you want to include a symbol character at the beginning of the password, ensure that you put the password in quotes ('') to avoid login issues. Example: '!Infoblox'.

      • In NIOS 8.5.2 or later, for a Grid Master or a standalone vNIOS for AWS instance, the default NIOS password must be reset on the first login in the NIOS UI. Otherwise, you can configure the new password in the User data field and log in to the NIOS UI using that password. The minimum password length is four characters. It must consist of at least one uppercase character, one lowercase character, one numeric character, and one symbol character. Example: Infoblox1!

        • If the symbol character is at the beginning of the password, then include the password within quotes (''). Example: '@Infoblox123'.

        • If you enter an invalid password, you will be prompted to reset the password in the NIOS UI on the first login.

        • The password that you set for the Grid Master is propagated to all its members.

      • To access the NIOS CLI, you must either use the key pair or key pair + password authentication that is configured in NIOS, because access to the CLI using the NIOS UI password only is blocked.

    3. temp_license: Defines the NIOS feature licenses for the new instance. You can list a collection of temporary license names that apply to the instance during the initial boot. Using this directive allows you to quickly provision the new instance with temporary licenses without having to open a NIOS CLI session to do the same task. To access the NIOS GUI, you must provision the vNIOS license before you start the vNIOS instance. Infoblox recommends that you also provision the Grid and cloud licenses at the same time as follows: temp_license:grid cloud vnios. All text entries must be in all lower case.

      When For

      - When you use temp_license in the User data field to install a NIOS license, the Use AWS SSH authentication key option, is enabled by default.

      Note
      titleNote

      - For a IB-V4025 appliance, if you use the User data field to install the IB-V4025 license, the Use AWS SSH authentication key option will not be enabled by default. Therefore, Infoblox recommends that you first deploy the vNIOS instance without specifying the IB-V4025 license, and then install the license from the NIOS CLI.


      Valid license names include the following:

      • Infoblox vNIOS for AWS instances (IB-V825, IB-V1425 and IB-V2225):

        • grid

        • dns

        • enterprise

        • cloud

      • NIOS license for DDI (IB-V825, IB-V1425 and IB-V2225):

        • nios IB-

          Vxxxx

          Vxxxx
          where "xxxx" is the license number.

      • Cloud Platform Infoblox vNIOS for AWS instances (CP-V805, CP-V1405 and CP-V2205):

        • grid

        • dns

        • enterprise

        • cloud_api

Note

...

Note

  • When you use temp_license in the User data field to install a NIOS license, the Use AWS SSH authentication key option that is needed to enable the CLI access to AWS instances, is enabled by default. For more information see Creating Local Admins in the Infoblox NIOS Documentation. However, for the IB-V4025 appliances, the Use AWS SSH authentication key option is not enabled with this user data configuration. Therefore, Infoblox recommends that you install the IB-V4025 license after deploying the vNIOS instance.

  • Only the V1 and V2 (token optional) value is supported in the Metadata version field. The V2 (token required) value is not supported.

The following figure shows an example:
Figure: Defining User Data Settings for Provisioning an Instance without Elastic Scaling

...

 
All user data settings are optional directives that can be included or left out of a configuration. For example, you can include the remote_console_enabled and default_admin_password declarations to the Elastic Scale configuration in Figure: Figure Adding the Grid Master, Token and Certificate information to the AWS vNIOS InstancevNIOS Instance in topic Provisioning Infoblox vNIOS for AWS using Elastic Scaling. The temp_license command setting does not interfere with or override any dynamic license assignments through Elastic Scaling. For more information, see ProvisioningInfobloxvNIOSforAWSusingElasticScaling.

Example:

#infoblox-config

gridmaster:

ip_addr: 172.16.1.2
remote_console_enabled: y

default_admin_password: '#$&$#!'

temp_license: cloud vnios dns grid

Example for adding temp licenses for IB-V825, IB-V1425 and IB-V2225 appliances using AWS User data field:

#infoblox-config

remote_console_enabled: y

default_admin_password: password

temp_license: dns enterprise nios IB-V1425

2. Click Next:AddStorage to continue with setting up the instance. For more information, see the Defining Storage Settings for your New Instance section.

Note
title

Note

The SSH key will not be uploaded if the ssh_authorized_keys parameter is given in the User data. For information to upload the SSH key, see see the Completing Your Infoblox vNIOS for AWS Instance Launchsection.

Defining Storage Settings for your New Instance

You can use the AddStorage page to define the storage resources to be used by the new instance. Infoblox vNIOS for AWS instances provides a defined amount of instance data storage. The storage size varies according to the AMI you have chosen for your current instance. For more information, see Infoblox vNIOS for AWS AMI Shapes and Regions. You can adjust the amount of instance storage to its maximum value, and attach external storage volumes for an additional cost.

  1. In the AddStorage page, clear the DeleteonTermination checkbox. You can use this setting for your Infoblox vNIOS for AWS instances to de-couple the root partition deletion from the state of the new EC2 instance. This allows retention of the volume for debugging and event log inspection.
    Infoblox recommends keeping at least the minimum storage capacity defaults for the new Infoblox vNIOS for AWS instance.

  2. (For reporting appliances only) If you are deploying

    the vNIOS

    the vNIOS for AWS instance

    for reporting

    for reporting, you must create two virtual hard disks. One as the default disk used for storing regular NIOS data and a second disk for storing the reporting data. To add a second disk:

    1. On the Add Storage page, click the Add New Volume button.
      A new row appears for the second disk.

    2. In the Size (GiB) field, specify a size for the disk. Infoblox recommends that you allocate a minimum of 250 GB of additional disk space for the reporting storage requirements.

  3. Click Next:Tag Instance to continue setting up the new Infoblox vNIOS for AWS instance. For information, see the Using AWS Tags with Infoblox Extensible Attributes to Identify Resources for IP Address Assignments section.

Note
title

Note

Check the top of the AWS console page to see the wizard configuration step location. Click the Previous button at any time to navigate to previous configuration pages.

Using AWS Tags with Infoblox Extensible Attributes to Identify Resources for IP Address Assignments

title
Note

Note

AWS Tags that have a matching tag defined in NIOS extensible attributes have the tag value replicated into NIOS.

You can use the TagInstance page to define name-value pairs for categorizing, searching and identifying Amazon objects such as EC2 instances, subnets, VPCs, and IP addresses. If you already have extensible attributes defined for your Infoblox Grid, you can add those same extensible attributes to the new Infoblox vNIOS for AWS instance on this page. The tags that you define here apply only to the instance. You can choose to create the tags for the instance at a later time.

You can use extensible attributes to tag Infoblox network containers and networks, and to tag corresponding Amazon VPCs and subnets for assigning IP addresses to the new resources in the cloud. Without the NIOS extensible attributes definitions, the tags defined on the AWS objects will only be meaningful in AWS and you cannot search and match against managed AWS objects in Grid Manager.

Note
title

Note

For information about Cloud Extensible Attributes, see Extensible Attributes for Cloud Objects in the Infoblox NIOS Documentation.

  1. On the TagInstance page, enter the name for the first Key. This key name may match a Cloud EA defined in NIOS, or you can define that extensible attribute at a later time in Grid Manager.

  2. Enter the Value for the new tag.

  3. Click the CreateTag button to add a new tag entry to the list. For more information, see the Tagging Existing AWS Objects section.

  4. To add more tags to the list, create AddAnotherTag.

  5. When you are finished defining the tags, click Next:ConfigureSecurityGroup to continue setting up the new Infoblox vNIOS for AWS instance. For information,

    see 

    see the Defining an AWS Instance Security Groupsection.

Tagging Existing AWS Objects

Tagging existing objects in AWS is straightforward. Select a VPC, subnet within a VPC, an EC2 instance, or other object type residing in AWS, and then click the Tags tab.

Figure 1.6 Adding Tags to AWS ObjectsImage Removed

...


In NIOS, define the extensible attributes for each network in the Cloud -> Networks page, or under IPAM within the network view, as shown in the following figure.
Anchorbookmark38bookmark38

Defined Extensible Attributes for Cloud Objects in NIOS

Image Modified
When you consistently use AWS tags and extensible attributes in your networks, they become more useful and valuable. For example, you can use Infoblox API extensions with the extensible attributes that are appropriate for your applications. For information, see InfobloxExtensionstotheAWSAPI.

Defining an AWS Instance Security Group

title
Note

Note

Configure the AWS Security Group for your instance to only accept traffic for SSH (22) and HTTPS (443) from the specific computers or subnets that are used to manage the Infoblox appliance.

You can use the ConfigureSecurityGroup page to define the firewall security settings for your new Infoblox vNIOS for AWS instance. Amazon Web Services enforces a default Deny All policy for all security groups. Your new security group consists of a set of simple firewall rules that specifically allow known IP addresses and network prefixes to access your Infoblox vNIOS for AWS instance and to use specific protocols. These are defined as Inbound rules. You may create a new security group or add new rules to an existing security group definition provided by your AWS administrator, depending on your AWS IAM privileges.

  1. On the ConfigureSecurityGroup page, define new Inbound rules for your new instance using the following:

    • Permit SSH traffic (TCP/22) from the preferred prefix.

    • Open the port for DNS (UDP/53).

    • Permit secure web traffic (HTTPS/443) only from a Custom IP prefix representing the network of hosts that access the vNIOS instance for management and configuration.

    • Open two ports for NIOS Grid Joining traffic:

      • UDP/1194.

      • UDP/2114.

    • Open the port for the Infoblox API Proxy (TCP/8787).

    • Open the following ports if you want to deploy the reporting appliance IB-V5005 that is supported in NIOS 8.6.2 and later versions:

      • 7000 WebUI (Master,Indexer)

      • 7089 Management

      • 7887 Replication

      • 9997 Data Forwarding

      • 8000 WebUI

      • 8089 Management

      • 9185 Splunk REST API

Configure a minimum of six rules based on the list above.

Note
title

Note

You can also add a rule, named 'myip' or similar, to allow access from your desktop computer to the VPC. Simply select My IP from the Source drop-down list.

Avoid using any prefixes other than those that must access the Infoblox vNIOS for AWS instances in the VPC.

2. Select AssignaSecurityGroup -> CreateaNewSecurityGroup.

3. Enter the Security group name (AWS uses a simple naming default with the prefix "launch-wizard-...").

4. Enter a Description for the new security group.

5. Click the Type drop-down list for the first rule, and then choose SSH.

For Source, choose CustomIP and then enter the IPv4 prefix containing the computer hosts that use SSH connections to the new instance. (You may need more than one rule if you have users from multiple networks accessing your instance.)

6. Click AddRule to create a second rule in the list.

7. Click the Type drop-down list for the second rule, and then choose HTTPS.

For Source, select Custom IP and then enter the IPv4 prefix containing the computer hosts that connect to Grid Manager for the new Infoblox vNIOS for AWS instance. (You may need more than one rule if you have multiple networks accessing your instance.)

8. When you complete the security group configuration, click Review and Launch. The Review Instance Launch page appears.

Completing Your Infoblox vNIOS for AWS Instance Launch

The ReviewInstanceLaunch page lists breakout sections with each category of settings, beginning with AMIDetails at the top. The page provides an Edit link for each category (such as Editinstancetype and Editsecuritygroups) for any final changes.

  1. When finished

    After reviewing the settings, click Launch. The Key Pair dialog box opens.

    Image Removed
    Note
    titleNote
    Image Added

    • You can choose the Choose an existing key pair, Create a new keypair, or 

    Proceed without key pair

    • Proceed without a key pair option if you want to perform a simple deployment. Selecting an existing key or creating a new key pair file on AWS will upload the public key to NIOS. Then, click the I

    acknowledge

    • acknowledge... checkbox

    .

    • The Infoblox standard configuration for Infoblox vNIOS for AWS deployment requires use of a VPN connection or a direct connection to the Amazon VPC(s) on which you are deploying and operating Infoblox vNIOS for AWS instances. This connection does not require an Internet-connected IP address or a secure key pair. All AWS Proxy API operations require use of an assigned and regularly rotated AWS-generated key pair assigned to the cloud-api-only account under Grid Manager. For information, see Assigning AWS User Credentials to the NIOS Cloud Admin Account.

  2. Click Launch

    Instances 

    Instances to launch your new instance. After a brief period of time, the Infoblox vNIOS for AWS instance is active in your VPC.

  3. Perform additional tasks for the vNIOS for AWS configuration to ensure that the virtual appliance is functioning properly. For more information, see AdditionalConfigurationforvNIOSforAWS.


    Notetitle


    Note:

    • The access to the CLI using the NIOS password is blocked, except for the root user. To gain CLI entry, other users have to allow SSH keys in the NIOS Grid Manager.

    • For a Grid Master or a standalone vNIOS for AWS instance, the default NIOS password must be reset on the first login in the NIOS UI.