Versions Compared

Old Version 3

changes.mady.by.user Shwetha S

Saved on

compared with

New Version Current

changes.mady.by.user Shwetha S

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. From the Grid tab, select the Grid Manager tab.

  2. Expand the Toolbar and select Grid Properties -> Edit.

  3. In the Grid Properties editor, select the General tab -> click the Basic tab, and then modify any of the following:

    • Grid Name: Type the name of a Grid. The default name is Infoblox.

    • Shared Secret: Type a shared secret that all Grid members use to authenticate themselves when joining the Grid. The default shared secret is test.

    • Shared Secret Retype: Type the shared secret again to confirm its accuracy.

    • Time Zone: Choose the applicable time zone from the drop-down list.

    • Date: Click the calendar icon to select a date or enter the date in YYYY-MM-DD format.

    • Time: Click the clock icon to select a time or enter the time in HH:MM:SS format.

    • VPN Port: Type the port number that the Grid members use when communicating with the Grid Master through encrypted VPN tunnels. The default port number is 1194. For more information about port numbers for grid communication, see Creating a Grid Master.

    • Enable Recycle Bin: Select the checkbox to enable the Recycle Bin. The Recycle Bin stores deleted items when the user deletes Grid, DNS, or DHCP configuration items. Enabling the Recycle Bin allows you to undo deletions and to restore the items on the appliance at a later time. If you do not enable this feature, deleted items from the GUI are permanently removed from the database.

    • Audit Logging: Select one of the following:

      • Detailed: This is the default type. It is automatically selected. It provides detailed information on all administrative changes such as the date and time stamp of the change, administrator name, changed object name, and the new values of all properties.

      • Brief: Provides information on administrative changes such as the date and time stamp of the change, administrator name, and the changed object name. It does not show the new value of the object.

      • WAPI Detailed: Select this option to view detailed WAPI (RESTful API) session information logs for successful WAPI calls such as PUT, POST, and DELETE. You can view the URI, InData and response time for each WAPI call. For more information, see Monitoring Tools.

      • In the Grid Properties editor, select the General tab -> click the Advanced tab (or click Toggle Advanced Mode) and modify any of the following:

        • Enable GUI Redirect from Member: Select this checkbox to allow the appliance to redirect the Infoblox GUI from a Grid member to the Grid Master.

          Note that if read-only API access is enabled for a Grid Master Candidate, then selecting the Enable GUI Redirect from Member checkbox for the Grid Master Candidate does not redirect the Infoblox GUI from the Grid Master Candidate to the Grid Master. For more information about enabling read-only API access on a Grid Master Candidate, see Enabling Read-only API Access on the Grid Master Candidate below.

        • Enable GUI/API Access via both MGMT and LAN1/VIP: Select this checkbox to allow access to the Infoblox GUI and API using both the MGMT and LAN1 ports for standalone appliances and MGMT and VIP ports for an HA pair. This feature is valid only if you have enabled the MGMT port. For information about enabling the MGMT port, see Appliance ManagementUsing the Using the MGMT Port.

          Note that the appliance uses the MGMT port only to redirect the Infoblox GUI from a Grid member to the Grid Master even after you enable the Enable GUI/API Access via both MGMT and LAN1/VIP feature.

    • Show Restart Banner: Select this checkbox to enable the appliance to display the Restart Banner at the top of Grid Manager whenever the appliance notifies you that a service restart is required.

    • Require Name: Select this checkbox to prompt the administrator to input the username before performing the service restart. When you select this checkbox, the appliance displays the Confirm Restart Services dialog box. Enter the username in the Name field and click Restart Services. For information about restarting service, see Restarting Services.

  4. Save the configuration.

If you changed the VPN port number, time zone, date or time, Grid Manager displays a warning indicating that a product restart is required. Click Yes to continue, and then log back in to Grid Manager after the application restarts.

...

Use Grid Manager, to configure a group of users that are allowed to delete or schedule the deletion of a network container, its child objects, a zone and the zone’s child objects. For instructions on deleting a network container or a zone, see Deleting Network Containers and Removing Zones.
When you select All Users or Superusers, these users can choose to delete a parent object and reparent its child objects, or they can choose to delete a parent object and all its child objects. These options appear only if a network container or a zone has child objects. For instructions on scheduling recursive deletion of network containers and zones, see Scheduling Recursive Deletions of Network Containers and Zones.
When you select Nobody, all the users can delete the parent object only. All the child objects, if any, are re-parented. For more information about scheduling deletions, see as described in Scheduling Deletions .Note that you can restrict specific users to perform recursive deletions of network containers and zones only through Grid Manager. These settings do not prevent other users from performing recursive deletions through the API.

...

The appliance puts all deleted objects in the Recycle Bin, if enabled. You can restore the objects if necessary. When you restore a parent object from the Recycle Bin, all its contents, if any, are re-parented to the restored parent object. For information about Recycle Bin, see Finding and Restoring Data.
To configure the group of users to perform recursive deletions:

...

To promote a Grid Master candidate to a Grid Master, you must have already designated a member as a Grid Master Candidate, by selecting the Master Candidate option in the General tab of the Grid Member Properties editor. You can designate any member as a Grid Master Candidate. The Grid Master Candidate gets a complete copy of the Grid database. Therefore, Infoblox recommends that you configure the same appliance models for the Grid Master and Grid Master Candidates. By default, the Grid Master promotion uses UDP port 1194. Make sure that the UDP 2114 and UDP 1194 ports are open between the Grid members and a newly designated Grid Master. During a Grid Master promotion, the newly promoted Grid Master continuously contacts all Grid members, including the original Grid Master on the UDP port 2114, until it reaches them. Upon reaching them, the newly promoted Grid Master notifies all Grid members that it is the new Grid Master. Next, the Grid Members restart and attempt to establish normal Grid communications (via BloxSync) with the newly promoted Grid Master. Before promoting a Grid Master Candidate, check your firewall rules to ensure that the Master Candidate can communicate with all the Grid members. For information about grid communications, see About Grids.

Note

Note

Before promoting a Grid Master Candidate, ensure that valid client SSL certificates are installed. For more information about installing certificates, see Managing Certificates.

Testing the Connection of the Master Candidate with the Grid Members

Before promoting a Grid Master Candidate, check whether the Grid Master Candidate is connected to the rest of the Grid members, by scheduling a test promotion. You can do this either by using Grid Manager or by using the NIOS CLI. For information about scheduling a test promotion by using the NIOS CLI, see show test_promote_master and set test_promote_master.

The connection of the Grid Master Candidate to the rest of the Grid members is checked by sending specifically crafted test packets from the Grid Master Candidate and checking whether the Grid members are able to receive these packets.

...

  1. Establish a serial connection (through a serial console or remote access using SSH) to the Master Candidate. For information about making a serial connection, as described in Method 2-Using the CLI, see Deploying a Single Independent Appliance.

  2. At the CLI prompt, use the command set promote_master to promote the Master Candidate and send notifications to all Grid members immediately, or promote the Master Candidate to the Grid Master immediately and specify the delay time for the Grid members to join the new Grid Master. For more information about the command, refer to the Infoblox CLI Guide.

  3. To verify the new master is operating properly, log in to the Infoblox Grid Manager on the new master using the VIP address for an HA master or the IP address of the LAN1 port for a single master.

  4. Check the icons in the Status column. Also, select the master, and then click the Detailed Status icon in the table toolbar. You can also check the status icons of the Grid members to verify that all Grid members have connected to the new master. If you have configured delay time for Grid member notification, it will take some time for some members to connect to the new master. You can also check your firewall rules and log in to the CLI to investigate those members.

Note

Note that when you promote the Master Candidate to a Grid Master, the IP address will change accordingly. If you have configured a FireEye appliance, then any changes in the Grid Master IP address, FireEye zone name, associated network view or the DNS view will affect the Server URL that is generated for a FireEye appliance. The FireEye appliance will not be able to send alerts to the updated URL when there is a change in the IP address. You must update the URL in the FireEye appliance to send alerts to the NIOS appliance. For more information, seeConfiguring FireEye RPZs.

Reconnecting Groups After Grid Master Candidate Promotion

...

After enabling the Grid Master Candidate group promotion, use the set promote_master CLI command to start the Grid Master Candidate promotion.
Use the set gmc_promotion disable CLI command to disable the Activate GMC Group Promotion Schedule option. Note that, this command can be executed on Grid Master and Grid Master Candidate. For more information see, set gmc_promotion.

Note

Notes

  • If the Activate GMC Group Promotion Schedule option is not enabled on Grid Master, and if you choose to continue with Grid Master Candidate promotion using the command, set promote_master, then the Grid Master Candidate promotion works as described in Promoting the Master Candidate.

  • By default, all the members are part of the Default group. The Grid Master Candidate group members can be customized according to your requirement; however Grid Master Candidate cannot be customized as Grid Master Candidate is part of the Default group only.

  • If you want to reconnect members of any group to the newly promoted Grid Master, irrespective of the scheduled time, you can click Join Group Now option, by selecting the following Join Group Now icon,

    in GMC Group Promotion Schedule editor. This works only during the promotion of a Grid Master Candidate. That is, Join Group Now is activated (enabled) only during the promotion of Grid Master Candidate group; it is disabled after the scheduled time of all the groups expires after the Grid Master Candidate is promoted. For any offline member, the Join Group Now will be disabled 8 hours after the Grid Master Candidate promotion.

  • The Add GMC Group Wizard in the GMC Group Promotion Schedule editor is available only for future schedules. The maximum scheduled time for the promotion of any Grid Master Candidate group is 8 hours.

  • We do not recommend enabling a schedule Grid upgrade and GMC Group Promotion Schedule at the same time.

  • The Time Zone for any group, displays the Grid Manager’s time zone, and if there are any member(s) in the group, the Time Zone automatically reflects the first group member(s) time zone.

  • The scheduled Time displays the new time zone, if the Time Zone is modified or if a member is moved across different groups.

  • During the Grid Master Candidate promotion, if a Grid member is offline, Grid Manager continuously attempts to connect to the offline Grid member for every 60 seconds.

  • If the GMC Group Promotion Schedule editor is disabled after Grid upgrade, then you can unset the previously triggered Grid Master Candidate promotion, by using the CLI command set gmc_promotion forced_end. It is recommended to run this command when the Grid is completely upgraded. For more information see, set gmc_promotion.

Enabling Read-only API Access on the Grid Master Candidate

...