Versions Compared

Old Version 7

changes.mady.by.user Jyothi KP

Saved on

compared with

New Version 8

changes.mady.by.user Jyothi KP

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You can obtain the Infoblox vNIOS for AWS AMI by going to the CommunityAMI page in Amazon Web Services. Use 'NIOS' or 'Infoblox' as the search term to locate the AMI. For information, see the Obtaining the Infoblox vNIOS for AWS AMI section.

This topic describes the procedure that you can use to launch and provision an Infoblox vNIOS for AWS instance for your AWS VPC in the AWS console. This procedure supports users who want to provision Infoblox vNIOS for AWS using the BYOL (Bring Your Own Licensing) model. It provides the complete sequence of procedures that you must perform to manually provision a new Infoblox vNIOS for AWS instance in AWS.

When you use the BYOL licensing model, you install licenses using the standard methods described in the InfobloxNIOS Documentation, including a set of temporary feature licenses. Ensure that you add the following licenses to the appliance: A vNIOS license for your Infoblox vNIOS for AWS instance, a DNS license to run DNS services, a DHCP license to run DHCP services in the Infoblox vNIOS instance deployed on AWS, the Enterprise (Grid) license to configure it as a Grid Master, a Grid member, or a Grid Master Candidate, and the CNA (Cloud Network Automation) license to manage cloud features on the Grid Master. All other NIOS features are available for use in Infoblox vNIOS for AWS instances and can be enabled by their respective licenses.

Note

Note

  • DHCP services can run on NIOS instances deployed on AWS to offer instances that are outside AWS. Due to AWS restriction, DHCP cannot be offered for instances running on AWS.

  • When installing licenses for IB-FLEX appliances, first, you must set the hardware type by running the set hardware-type command, and then install the NIOS licenses. For more information about the IB-FLEX, see the About IB-FLEX section in the Infoblox NIOS Documentation.

You may also use Elastic Scaling (dynamic licenses) to automatically provision and configure vNIOS instances in the AWS VPC. For more information about these licensing models, see ProvisioningInfobloxvNIOSforAWSusingElasticScaling.

...

Note

...

configure vNIOS instances in the AWS VPC. For more information about these licensing models, see Provisioning Infoblox vNIOS for AWS using Elastic Scaling.

Obtaining the Infoblox vNIOS for AWS AMI

...

Defining Network Settings for your New Infoblox vNIOS for AWS Instance

Infoblox vNIOS virtual appliances require two network interfaces (MGMT and LAN1) for proper Grid communications. These interfaces must be assigned to separate subnets within the same VPC.
Note that the NIOS GUI communicates through the MGMT port. If for any reason you must make changes to the MGMT port, such as swapping NICs or changing the MGMT IP address from static to dynamic, ensure that you use the same IP address for the MGMT port before and after the changes. Otherwise, you might not be able to access the NIOS GUI.

Note

Note

Network settings made in your AWS cloud environment override changes made through the NIOS GUI or CLI. Therefore, when making changes to your network settings through the NIOS GUI or CLI, such as adding, modifying, or deleting network interfacesthrough the NIOS GUI or CLI, ensure that the related changes are consistent with those in the cloud networks.

Note

...

On the ConfigureInstanceDetails page of the AWS wizard, define the network settings for the new Infoblox vNIOS for AWS instance, including both the required network interfaces.

...

Note that networks with IPv6 addresses are supported only in NIOS 8.5.2.

  1. Choose your VPC from the Network drop-down list.

    1. If you have not yet created a VPC, click the Create new VPC link, and then specify the name and the IP address range (in standard CIDR format) for the new VPC.
      To also associate IPv6 IP address with the instance, select Amazon provided IPv6 CIDR Block. (The address range you specify in this step appears as the top-level network view in the NIOS Data Management -> IPAM page.)

  2. Define the Subnet to which the new vNIOS for AWS instance is assigned. Each VPC must have a default subnet. You can then select this subnetwork value for your configuration:

    1. If you have not yet created a subnet for your VPC, click the Create new subnet link.

    2. On the VPC Dashboard page, which may open in a new browser window, click Subnets.

    3. Click Create Subnet. In the Create Subnet dialog box, complete the following:

      1. In the VPC list, select the VPC you created in Step 1.

      2. From the IPv4 CIDR Block drop-down list, choose the IPv4 IP address range for the subnet.

      3. If you need to assign an IPv6 address to the subnet, from the IPv6 CIDR Block drop-down list, choose the IPv6 address range.
        Note that the CIDR block must be a smaller prefix than the IP address range for the VPC.

    4. Click Yes, Create.
      You may create more than one subnet. The subnet prefix values appear in the Subnet field for each network interface in your AWS console.

  3. In the Auto-assign Public IP drop-down list, keep the default option, Use subnet setting (Disable).
    As you are creating an instance with two interfaces, AWS does not allow a Public IP assignment to the new vNIOS for AWS instance. AWS displays a warning to this effect when you create the second interface. (You may use an Elastic IP address or a private IP address.)

  4. In the Auto-assign IPv6 IP drop-down list, perform one of the following:

    1. Keep the default option, Use subnet setting (Disable) to assign only IPv4 addresses to the vNIOS instance.

    2. Choose Enable to also assign IPv6 addresses to the vNIOS instance. When the instance starts, it will be associated with both IPv4 and IPv6 addresses.

  5. Choose the IAM role for the vNIOS for AWS instance. Choose your IAM role from the list. You may use default settings for your initial testing. It can also be defined on the Identity and Access Management page in the AWS console. Your AWS administrator may not allow custom IAM accounts for your deployment, so this may not be a selectable value.
    For more information about Amazon IAM, see the Amazon IAM documentation page at http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_Introduction.html. For information about how Amazon IAM roles and permissions work with your Infoblox vNIOS for AWS instances to ensure secure and accurate authorization of user privileges, see Credentials for vDiscovery and Assigning AWS User Credentials to the NIOS Cloud Admin Account.

  6. Keep the default Tenancy setting (Sharedtenancy(multi-tenanthardware). For information about tenant settings, see AboutConfiguring AWS Access for NIOS Cloud Admins#AboutTenantsTenants.

  7. Select Network Interfaces -> eth0 and then choose the default Subnet from the drop-down list. This subnet should be the same one as the subnet described in Step 2 above. (If a default subnet is in the selected VPC, it automatically appears in this field.)
    Note that you must use two interfaces for your new Infoblox vNIOS for AWS instance: eth0 and eth1. You create a new eth1 interface for your instance. You use the eth1 interface to join the new Infoblox vNIOS for AWS instance to a NIOS Grid.

  8. Click the AddDevice button. A new eth1 interface listing appears.
    The eth1 interface, automatically designated as such during configuration of the new Infoblox vNIOS for AWS instance, is also labeled as LAN1 in NIOS. You cannot change this setting. By default, the eth1 interface is assigned with IPv4 address.
    For SSH access to the vNIOS for AWS instance, you must always use the IP address associated with the LAN1 port.

    1. Choose the default Subnet from the drop-down list. (For more information on usage of Elastic IP addresses for interfaces in your Infoblox vNIOS for AWS instances, see UsinganElasticIPAddress.)

    2. To set the AWS server to also assign IPv6 address to the eth1 interface, in the IPv6 IPs column, click the Add IP link.

  9. Open AdvancedDetails to configure the Userdata settings for your new instance.

...

  1. In the Advanced Details section, define the following plain-text values in the User data field:

    1. remote_console_enabled: Enables or disables the remote SSH CLI console for a new instance (syntax: y or n).

    2. default_admin_password: Sets the password for the NIOS admin user during the first boot. This value does not have to be a default; it can be the password of any administrator who initializes the new instance. The minimum password length is four characters. If an invalid password is passed by this method, it will be ignored, and the default "infoblox" password remains in effect for the instance. Note that if you want to include a symbol character at the beginning of the password, ensure that you put the password in quotes ('') to avoid login issues. Example: '!Infoblox'.

      • In NIOS 8.5.2 or later, for a Grid Master or a standalone vNIOS for AWS instance, the default NIOS password must be reset on the first login in the NIOS UI. Otherwise, you can configure the new password in the User data field and log in to the NIOS UI using that password. The minimum password length is four characters. It must consist of at least one uppercase character, one lowercase character, one numeric character, and one symbol character. Example: Infoblox1!

        • If the symbol character is at the beginning of the password, then include the password within quotes (''). Example: '@Infoblox123'.

        • If you enter an invalid password, you will be prompted to reset the password in the NIOS UI on the first login.

        • The password that you set for the Grid Master is propagated to all its members.

      • To access the NIOS CLI, you must either use the key pair or key pair + password authentication that is configured in NIOS, because access to the CLI using the NIOS UI password only is blocked.

    3. temp_license: Defines the NIOS feature licenses for the new instance. You can list a collection of temporary license names that apply to the instance during the initial boot. Using this directive allows you to quickly provision the new instance with temporary licenses without having to open a NIOS CLI session to do the same task. To access the NIOS GUI, you must provision the vNIOS license before you start the vNIOS instance. Infoblox recommends that you also provision the Grid and cloud licenses at the same time as follows: temp_license:grid cloud vnios. All text entries must be in all lower case.
      - When you use temp_license in the User data field to install a NIOS license, the Use AWS SSH authentication key option, is enabled by default.
      - For a IB-V4025 appliance, if you use the User data field to install the IB-V4025 license, the Use AWS SSH authentication key option will not be enabled by default. Therefore, Infoblox recommends that you first deploy the vNIOS instance without specifying the IB-V4025 license, and then install the license from the NIOS CLI.
      Valid license names include the following:

      • Infoblox vNIOS for AWS instances (IB-V825, IB-V1425 and IB-V2225):

        • grid

        • dns

        • enterprise

        • cloud

      • NIOS license for DDI (IB-V825, IB-V1425 and IB-V2225):

        • nios IB-Vxxxx
          where "xxxx" is the license number.

      • Cloud Platform Infoblox vNIOS for AWS instances (CP-V805, CP-V1405 and CP-V2205):

        • grid

        • dns

        • enterprise

        • cloud_api

Note

Note

  • When you use temp_license in the User data field to install a NIOS license, the Use AWS SSH authentication key option that is needed to enable the CLI access to AWS instances, is enabled by default. For more information see Creating Local Admins in the Infoblox NIOS Documentation. However, for the IB-V4025 appliances, the Use AWS SSH authentication key option is not enabled with this user data configuration. Therefore, Infoblox recommends that you install the IB-V4025 license after deploying the vNIOS instance.

  • Only the V1 and V2 (token optional) value is supported in the Metadata version field. The V2 (token required) value is not supported.

The following figure shows an example:
Defining User Data Settings for Provisioning an Instance without Elastic Scaling

...

2. Click Next:AddStorage to continue with setting up the instance. For more information, see the Defining Storage Settings for your New Instance section.

Note

Note

The SSH key will not be uploaded if the ssh_authorized_keys parameter is given in the User data. For information to upload the SSH key, see the Completing Your Infoblox vNIOS for AWS Instance Launch section.

...

  1. In the AddStorage page, clear the DeleteonTermination checkbox. You can use this setting for your Infoblox vNIOS for AWS instances to de-couple the root partition deletion from the state of the new EC2 instance. This allows retention of the volume for debugging and event log inspection.
    Infoblox recommends keeping at least the minimum storage capacity defaults for the new Infoblox vNIOS for AWS instance.

  2. (For reporting appliances only) If you are deploying the vNIOS for AWS instance for reporting, you must create two virtual hard disks. One as the default disk used for storing regular NIOS data and a second disk for storing the reporting data. To add a second disk:

    1. On the Add Storage page, click the Add New Volume button.
      A new row appears for the second disk.

    2. In the Size (GiB) field, specify a size for the disk. Infoblox recommends that you allocate a minimum of 250 GB of additional disk space for the reporting storage requirements.

  3. Click Next:Tag Instance to continue setting up the new Infoblox vNIOS for AWS instance. For information, see the Using AWS Tags with Infoblox Extensible Attributes to Identify Resources for IP Address Assignments section.

Note

Note

Check the top of the AWS console page to see the wizard configuration step location. Click the Previous button at any time to navigate to previous configuration pages.

Using AWS Tags with Infoblox Extensible Attributes to Identify Resources for IP Address Assignments

Note

Note

AWS Tags that have a matching tag defined in NIOS extensible attributes have the tag value replicated into NIOS.

You can use the TagInstance page to define name-value pairs for categorizing, searching and identifying Amazon objects such as EC2 instances, subnets, VPCs, and IP addresses. If you already have extensible attributes defined for your Infoblox Grid, you can add those same extensible attributes to the new Infoblox vNIOS for AWS instance on this page. The tags that you define here apply only to the instance. You can choose to create the tags for the instance at a later time.

You can use extensible attributes to tag Infoblox network containers and networks, and to tag corresponding Amazon VPCs and subnets for assigning IP addresses to the new resources in the cloud. Without the NIOS extensible attributes definitions, the tags defined on the AWS objects will only be meaningful in AWS and you cannot search and match against managed AWS objects in Grid Manager.

Note

Note

For information about Cloud Extensible Attributes, see Extensible Attributes for Cloud Objects in the Infoblox NIOS Documentation.

...

Defining an AWS Instance Security Group

Note

Note

Configure the AWS Security Group for your instance to only accept traffic for SSH (22) and HTTPS (443) from the specific computers or subnets that are used to manage the Infoblox appliance.

...

Configure a minimum of six rules based on the list above.

Note

Note

You can also add a rule, named 'myip' or similar, to allow access from your desktop computer to the VPC. Simply select My IP from the Source drop-down list.

...