Versions Compared

Old Version 10

changes.mady.by.user Shirly Tsang

Saved on

compared with

New Version Current

changes.mady.by.user Sri Raghu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Warning

...

Important Note

The minimum system requirements specified for

...

NIOS-X servers must be dedicated to the

...

server you plan to deploy. They cannot be shared with or used for other non-Infoblox

...

servers. Doing so will negatively affect the performance of your

...

Infoblox Platform services. For information about the minimum system requirements and port usage, see the following:

...

...

...

...

To ensure a successful deployment of hostsNIOS-X servers, consider the following best practices:

For

...

Infoblox Platform

  • When connecting a

    hardware appliance

    NIOS-X physical server to the

    Cloud Services

    Infoblox Portal, ensure that you DO NOT enter the join token

    in

    using the Device UI. Otherwise, the

    appliance

    server will lose connectivity to the

    Cloud Service

    Infoblox Portal when the

    host

    server certificate expires. Instead, use the serial number of the

    appliance

    server to connect to the

    Cloud Service

    Infoblox Portal.

  • When you deploy a

    host

    NIOS-X server as a container and plan to run DNS forwarding proxy and

    BloxOne

    Universal DDI on the same

    host

    server, ensure that port 1053 is open and available. Otherwise, you might encounter an error if the

    host

    server OS is running other applications on port 1053.

  • When setting up DNS forwarding proxies as

    hosts

    NIOS-X servers for failover purposes, Infoblox recommends that you deploy two DNS forwarding proxies using one as the primary proxy and the other as the secondary.

  • If you have configured any DNS name servers through the DHCP options or

    hosts

    NIOS-X servers, ensure that you point them to the DNS forwarding proxies.

  • If you change the IP address or make any configuration changes on the

    host

    NIOS-X server outside of the

    Cloud Services

    Infoblox Portal, you must restart the system for the change to take effect. If the change is made within the

    BloxOne Cloud

    Infoblox Platform infrastructure, no restart is required.

  • For DNS to function properly in OVA deployments on ESXi servers, ensure that you enable

    the 

    the Synchronize guest time with

    host option

    server option during the deployment and that your ESXi

    host

    server is synchronized with the NTP server. If you do not select

    the 

    the Synchronize guest time with

    host option

    server option (or if this option is disabled), the

    host

    NIOS-X server synchronizes with the Ubuntu NTP servers: ntp.ubuntu.com and ubuntu.pool.ntp.org. When you disable this option, ensure that you open the UDP 123 port for time synchronization with the Ubuntu NTP servers. For more information, see Synchronizing Time with NTP Servers.

  • When you enable hosts to BloxOne Threat Defense Cloud NIOS-X servers to Infoblox Platform on a NIOS appliance-X physical server, the QPS (query per second) throughput might vary, depending on your appliance server models and the cache hit ratios. You might see a bigger performance impact when the cache hit ratio is lower. In general, NIOS can forward at least 3,500 QPS to BloxOne Threat Defense CloudInfoblox Platform. For standalone installations, the QPS may vary depending on the hardware used and the cache hit. However, the number of queries per second should fall in the range of 3,500 QPS using an OVA with 512 MB memory and 1 CPU.

  • BloxOne

    Infoblox Platform has configured 52.119.40.100 as the default DNS resolver for all

    hosts

    NIOS-X servers, so you are not required to configure a local DNS resolver. However, if you do not want to use 52.119.40.100 as the default DNS resolver and you do not want Docker to resolve DNS queries using 8.8.8.8 or 8.8.4.4, you must configure at least one non-local DNS resolver. If you use only local DNS resolvers, Docker will resolve DNS queries using 8.8.8.8 or 8.8.4.4. Note that Infoblox does not recommend using the loopback address (127.0.0.1) when configuring a non-local DNS resolver.

Note

Note
DNS uses both TCP and UDP ports. Therefore, the interface must have both TCP and UDP available.

For

...

Universal DDI

  • When connecting a

    hardware appliance

    NIOS-X physical server to the

    Cloud Services

    Infoblox Portal, ensure that you DO NOT enter the join token in the Device UI. Otherwise, the

    appliance

    server will lose connectivity to the

    Cloud Service

    Infoblox Portal when the

    host

    server certificate expires. Instead, use the serial number of the

    appliance

    server to connect to the

    Cloud Service

    Infoblox Portal.

  • When you deploy a

    host

    NIOS-X server as a container and plan to run DNS forwarding proxy and

    BloxOne

    Univeral DDI on the same

    host

    server, ensure that port 1053 is open and available. Otherwise, you might encounter an error if the

    host

    server OS is running other applications on port 1053.

  • For any

    host

    NIOS-X server using the

    BloxOne

    Universal DDI capabilities, the interface should be reachable through LAN/WAN for queries from external clients to be resolved.

  • When setting up DNS forwarding proxies as

    hosts

    NIOS-X servers for failover purposes, Infoblox recommends that you deploy two DNS forwarding proxies using one as the primary proxy and the other as the secondary.

  • If you have configured any DNS name servers through the DHCP options or

    hosts

    NIOS-X servers, ensure that you point them to the DNS forwarding proxies.

  • If you change the IP address or make any configuration changes on the

    host

    NIOS-X server outside of the

    Cloud Services

    Infoblox Portal, you must restart the system for the change to take effect. If the change is made within the

    BloxOne Cloud

    Infoblox Platform infrastructure, no restart is required.

  • For DNS to function properly in OVA deployments on ESXi servers, ensure that you enable the Synchronize guest time with

    host

    NIOS-X server option during the deployment and that your ESXi

    host

    server is synchronized with the NTP server. If you do not select the Synchronize guest time with

    host

    NIOS-X server option (or if this option is disabled), the

    host

    NIOS-X server synchronizes with the Ubuntu NTP servers: ntp.ubuntu.com and ubuntu.pool.ntp.org. When you disable this option, ensure that you open the UDP 123 port for time synchronization with the Ubuntu NTP servers. For more information, see Synchronizing Time with NTP Servers.

  • BloxOne

    Infoblox Platform has configured 52.119.40.100 as the default DNS resolver for

    all  hosts

    all NIOS-X servers, so you are not required to configure a local DNS resolver. However, if you do not want to use 52.119.40.100 as the default DNS resolver and you do not want Docker to resolve DNS queries using 8.8.8.8 or 8.8.4.4, you must configure at least one non-local DNS resolver. If you use only local DNS resolvers, Docker will resolve DNS queries using 8.8.8.8 or 8.8.4.4. Note that Infoblox does not recommend using the loopback address (127.0.0.1) when configuring a non-local DNS resolver.

Note
title

Note

DNS uses both TCP and UDP ports. Therefore, the interface must have both TCP and UDP available.

For Data Connector

  • When connecting a

...

  • NIOS-X physical server to the

...

  • Infoblox Portal, ensure that you DO NOT enter the join token in the Device UI. Otherwise, the

...

  • server will lose connectivity to the

...

  • Infoblox Portal when the

...

  • server certificate expires. Instead, use the serial number of the

...

  • server to connect to the

...

  • Infoblox Portal.

  • To change the IP address of the

...

  • NIOS-X server after configuring it on a VM, restart the system; this is necessary for the change to take effect.

  • To redeploy Data Connector on the same

...

  • NIOS-X server on a container and not on a VM, manually clean up the /Infoblox directory on the

...

  • server before redeploying Data Connector.

  • For Data Connector to function properly in OVA deployments on ESXi servers, specify the NTP server during deployment. If you do not specify the NTP server, then open the UDP 123 port for time synchronization with the Ubuntu NTP servers. For more information, see Synchronizing Time on the ESXi Servers.

  • Before deploying Data Connector, prepare your environment according to the requirements for the supported platforms, and open all ports necessary for unrestricted outbound access. When deploying Data Connector, configure it as a

...

  • NIOS-X server through the

...

  • Infoblox Portal.

  • To reduce data transfer that takes place when IPAM metadata is synchronized between the Grid, Data Connector, and the

...

  • Infoblox Platform destination, enable NIOS Object Change Tracking. When you enable this feature, the

...

  • NIOS-X server tracks the changes made to NIOS objects and periodically synchronizes changed objects. For more information on NIOS, see the Infoblox NIOS Guide.

  • Threshold levels for

...

  • sever CPU Usage,

...

  • Server Disk, Usage, and

...

  • Server Memory Usage should be configured at less than 75%. For details on configuring application notification settings in the

...