Versions Compared

Old Version 4

changes.mady.by.user Arkadi_Bourkov

Saved on

compared with

New Version Current

changes.mady.by.user Shirly Tsang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This The NIOS 8.2 release includes the following new features and enhancements:Licensing for Appliance

Software-based DNS Cache Acceleration (vDCA) with Capacity Licensing (FLEX)

You can configure the IB-FLEX Infoblox introduces a new virtual platform called IB-FLEX, a scalable service-provider grade platform with flexible resource allocation to the virtual machine. To configure IB-FLEX, you first install the Flex Grid Activation license on the Grid Master and then enable the following features as a bundle on the IB-FLEX member: Grid (enterprise), DNS, DNS Traffic Control, Software ADP, Threat Protection Update, DNS Firewall, NXDOMAIN Redirect, FireEye, Threat Insight, and Cybersecurity Ecosystem. Contact your Infoblox representative for more information about IB-FLEX and the Flex Grid Activation license. For more information, see About IB-FLEX.

Enhancements to Infoblox Advanced DNS Protection

This release adds the following enhancements to the Advanced DNS Protection feature:

  • Software ADP: In addition to the hardware-based Advanced Appliances (PT appliances), you can now install software-based subscription licenses on supported appliances (physical and virtual) when deploying the Advanced DNS Protection solution. For more information, see About Infoblox Advanced DNS Protection.
  • Threat Protection Profiles: When you configure Grid or Member security properties, you now have an option to select an active ruleset or a threat protection profile. A threat protection profile defines specific security settings and a ruleset that you can apply to a specific member or a group of members that share a similar kind of traffic. You can also clone an existing one and modify the settings to create a new profile. For more information, see Adding Threat Protection Profiles.
  • Grid VPN on LAN1: You can now configure Grid VPN on LAN1 interface for any members (with Threat Protection enabled) in a Grid that supports Advanced DNS Protection.
  • MGMT Port for Cloud API Calls: Infoblox supports elastic scaling for Software ADP members. You can now join such members using cloud API calls through the MGMT port.
  • New Threat Protection Rules for Recursive Resolution: The updated ruleset now includes rules that are specifically designed for recursive caching servers. For more information, refer to the Threat Protection Rules document.
  • Custom rules via WAPI: You can now push custom rules to the Grid using WAPI calls. For more information, refer to the WAPI Documentation version 2.6.
  • WAPI Support for Threat Protection: This release adds new objects and structs for threat protection functions. For detailed information, refer to the WAPI Documentation version 2.6.

...

This release adds the following significant enhancements to the API Outbound Notification feature. For more information, see Using the RESTful API for Outbound Notifications.

  • New configuration and template capabilities: Additional configuration is now possible in areas such as rate limiting and login and logout templates. A few new variables and constructs are also added to the event templates. For detailed information about the new additions, refer to the Infoblox NIOS Administrator Guide.
  • WAPI Integration: This release supports WAPI integration for API outbound notifications. You can send requests to the local WAPI while processing endpoint events, making it easy to include synchronization information via extensible attributes. You can add WAPI integration username and password as well as server certificate validation when you configure endpoints.
  • More advanced XML parsing: You can now select XMLA as the parsing option for endpoint responses to support XML documents with tag attributes. XMLA quoting has also been added with additional capabilities compared to XML quoting, allowing for simple serialization of complex structures.
  • Event Deduplication for RPZ Hits: While configuring notification rules, you can decide whether you want to reduce the amount of redundant RPZ hit events or not. Oftentimes, RPZ hits come from the same client IPs, query FQDNs, or networks. To avoid receiving excessive RPZ events at the endpoint, you can configure the appliance to remove or deduplicate subsequent RPZ events (after sending the first event) within a certain time period based on Source IP, Query Name, RPZ Policy, and other related fields. Depending on your configuration, the appliance sends the first RPZ event and deduplicates subsequent events that match your filtering criteria within the configured lookback interval.

Enhancements to Network Insight

This release adds the following enhancements to the Network Insight feature. For more information, see Infoblox Threat Insight.

  • New Reports: This release adds the IP Address Inventory and Network Inventory reports. Each report provides an inventory of discovered IP addresses and subnets, and includes information such as VLANs on subnets, the managed status, and the timestamps when they were last discovered or became inactive.
  • Improvements for the VRF Mapping Window: When you have a lot of VRFs displayed in the VRF Mapping window, you can filter the data by VRF Name, Device Name, Device/IP Address, or Network View. You can also sort the data by ascending or descending order.
  • The Last Discovered Field for Subnets: Grid Manager now displays the Last Discovered data for networks (or subnets) that are discovered by NetMRI or during an IPAM sync.
  • Discovery Diagnostics Downloads in Text Format: This functionality allows you to download discovery diagnostics in text format from Network Insight members in the click of a button. If you have a large amount of data to download, this feature significantly reduces the download time.
  • IPAM Sync Improvements: When you use the "IPAM Sync" feature to synchronize data discovered by NetMRI, only the data related to discovered hosts appears in NIOS. Data related to hosts that are no longer discovered by NetMRI will be removed. This feature provides consistency in how NIOS handles discovered data through vDiscovery.
  • Inclusion of sysLocation and sysContact during IPAM Sync: Additional information discovered by NetMRI, such as sysLocation and sysContact, is added to NIOS during an IPAM sync. This release also adds a few new fields to be displayed in Grid Manager.
  • UI Consistency for Network Insight: To maintain consistency in field names across products, Grid Manager now displays VLAN name and ID as "VLAN Name" and "VLAN ID" (instead of "Discovered VLAN Name" and "Discovered VLAN ID") in the IPAM and Devices tabs.

DNS Traffic Control Enhancements

This release adds the following enhancements to the DNS Traffic Control (DTC) feature. For more information, see Managing DNS Traffic Control.

  • CNAMESupportforLBDNRecords: You can now use DTC to respond directly to CNAME queries.
  • ServerNameIndication(SNI)Support: DTC now supports SNI for HTTPS health checks. This feature allows you to monitor different HTTPS sites on a single server.

Enhancement to Cloud Network Automation

You can now configure NIOS vDiscovery to automatically resolve conflicts with pre-existing DNS records for an IP address when new VMs are discovered. For more information, see IP Discovery and vDiscovery.

Support for EDNS Client Subnet

This release adds support for the EDNS Client Subnet (ECS) option for recursive DNS. When using this option, the recursive DNS resolver provides the client subnet to the authoritative DNS server so it can build an optimized reply. For more information, see Enabling Recursive Resolution Using EDNS Client Subnet (ECS) Option.

Specifying Source Port Settings

You can now configure BIND query-source, which defines the IP address and port used as the source for outgoing queries. For more information, see Specifying Port Settings for DNS.

TLS 1.2 Support for OpenVPN

This release uses TLS 1.2 for the key exchange for the Grid communication.

Support for Unrestricted Reporting Virtual Appliances

This release supports subscription-based reporting on virtual appliances that do not have capacity restrictions for reporting. For more information, see Infoblox Reporting and Analytics.

Enhancement to DHCP Lease Management

This release adds more options to how you can manage DHCP leases. In addition to one-lease-per-client per member support, you can now configure the appliance to release leases that have a client ID when the client moves from one network to another. You can also have the appliance retain all leases until they expire. For more information, see Configuring DHCP Lease Management.

Support for IPv6 NXDOMAIN Redirection

NIOS now supports IPv6 NXDOMAIN redirection. You can create rules that specify how a DNS member responds to queries for A and AAAA records for certain domain names and non-existent domain names. For more information, see About NXDOMAIN Redirection.

Thales HSM Client Upgrade

NIOS supports version 3.21.3 of Thales. For more information, see About HSM Signing.

Support for SafeNet Network HSM Upgrades

This NIOS release supports SafeNet Network HSM upgrades (formerly Luna SA). For more information, see Configuring a SafeNet HSM Device.

WAPI Enhancements

This release includes the following PAPI and WAPI enhancements. For more details, refer to the WAPI Documentation.

...

as a high-performance high-speed and very low latency caching-only name server by enabling virtual DNS cache acceleration on it.

Threat Insight

This feature performs analytics to detect malicious activities based on DDI data from your on-premises Grid when the Grid is running NIOS 7.3 or later. (Note: You need the Infoblox Data Connector to transport the data from your on-premises Grid to the Cloud.) If your Grid is running NIOS 8.2.x, you can also configure the on-premises Grid to pull detected malicious domains from Threat insight in the Cloud so you can block applicable traffic using the on-premises DNS firewall configuration.

RPZs for Blacklisted Domains (RFE-7158)

You can now add any Response Policy Zones (RPZs) from different DNS and network views to the RPZ list that you use to block malicious domains detected by Threat Insight in the Cloud (on-premises or in the Cloud).

DNSMessenger Module Support for Threat Insight

Threat Insight can now detect DNS tunneling activities instigated by the DNSMessenger malware. DNSMessenger is a Remote Access Trojan (RAT) that attackers use to conduct malicious Powershell commands on compromised devices. DNSMessenger uses DNS record queries and responses to create a bidirectional C&C channel that allows the submission of Powershell commands to infected devices and the return of responses back to the attackers.

Data Exchange Layer (DXL) Support for Outbound Notifications

In addition to REST (REpresentational State Transfer) enabled endpoints, NIOS also supports sending outbound notifications to DXL (Data Exchange Layer) endpoints.

Network Insight Enhancements

This release adds the following enhancements to Network Insight:

  • Cisco ACI Configuration: Integrating Cisco Application Policy Infrastructure Controller (APIC) on NIOS provides visibility into your Cisco APIC infrastructure, which allows you to view and manage discovered IP addresses through the Cisco ACI cluster. Once the Cisco ACI is integrated, Threat Insight can discover the SDN Controller and Elements (Spine, Leaf, and End Points). You can also view devices that are discovered by a discovery member.
  • Cisco ISE Integration for NetMRI (RFE-6984): After you successfully register a NetMRI appliance with NIOS, you can use the Cisco ISE integration feature without having to install the Discovery license. This feature enables you to enhance identity management across devices and applications that are connected to your network routers and switches. You can monitor domain users, the IP addresses they log on to, the login status, and the time duration of the current status in the IPAM tab of Grid Manager.
  • Discovery Diagnostic Tool Improvements (REF-6303)

This release adds the following improvements to the Discovery Diagnostics dialog:

      • View all existing discovery diagnostic tasks that have been executed in the last 12 hours.
      • Enable or disable SNMP debugging for the device.
  • Device Support Data for Discovered Devices (RFE-5452)

Network Insight now provides advanced visibility into device support data, such as the timestamp of the most recent data collection, data function and whether it is supported for the device, as well as the values collected for the device vendor, device model, and device version.

  • Discovered Wi-Fi Data: Network Insight now saves the discovered data for Wi-Fi access points and displays it in the IPAM tab -> Discovered Data tab of Grid Manager as well as the End Host History dashboard.
  • DNS Resolution for End Hosts (RFE-6541): You can now specify whether you want to perform DNS lookups for discovered network devices and end hosts. You can also adjust the throttle for the lookup to control the number of requests sent to the DNS server.
  • VLAN Smart Folder Improvements: When using smart folders, you can now find VLANs and group objects such as networks, interfaces, and unmanaged IP addresses by discovered VLANs.

Cisco ISE 2.2 Support

This release adds support for Cisco ISE version 2.2. You can integrate Cisco ISE with NIOS to exchange valuable network, user, device, and security-event information.

Cloud Network Automation Enhancement

This release adds the following enhancement for Cloud Network Automation:

  • High Performance Virtual Appliances Support for AWS and Azure: This NIOS release supports the following virtual appliances in AWS and Azure: IB-V825, IB-V1425, and IB-V2225. For detailed appliance specifications, see the table on page 4.

vDiscovery Enhancements

This release adds the following enhancements for vDiscovery:

  • Support for Multiple DNS Views (RFE-6828): When you configure vDiscovery jobs, you can enable NIOS to automatically create DNS records for discovered IP addresses of VM instances that are served by the appliance. You can now configure NIOS to add DNS records to a specific DNS view so NIOS can handle the auto-creation of DNS records associated with multiple views that manage the same DNS zones.
  • Capturing Tags from AWS and Azure: The metadata in the form of tags in AWS and Azure for NIOS can now be captured through a vDiscovery process and saved as extensible attributes.
  • Support of Keystone v3 for OpenStack (RFE-7622): NIOS now supports the Keystone server identity service version v2 and v3 when you configure OpenStack as the endpoint server for a vDiscovery job.

Microsoft Management Enhancements

  • Microsoft 2016 Support: This release adds support for Microsoft Windows Server 2016.
  • SMB Versions 2 and 3 Upgrade (RFE-7216): Infoblox now supports the following versions of SMB (Server Message Block) protocol for Microsoft Windows servers: SMB version 1 (SMBv1), DMS version 2.x (SMBv2.x), and SMB version 3.x (SMBv3.x).
  • Synchronizing Microsoft DNS Reporting Data (RFE-5140): You can now configure NIOS to synchronize DNS reporting data with Microsoft servers so you can view both Microsoft and NIOS data in the same NIOS DNS reports. You can also configure the synchronization interval using a newly added CLI command.

DTC Enhancements

This release adds the following enhancements to the DNS Traffic Control feature:

  • DTC Health Check (RFE-7044): If you have a multi-tier network architecture and want to monitor the availability of separate components for the DTC server, you can now add a health monitor for each individual IP address or domain configured for the DTC server.
  • DNS Scavenging Modifiable Timestamp for DDNS Records (RFE-7114): You can now enable the appliance to modify the creation time of resource records even when the records are unchanged during a DDNS update. This helps prevent unwanted DNS scavenging of valid records. F.
  • Dynamic Load Balancing Methods (RFE-6407): This release adds the following dynamic load balancing methods for DTC: Round Trip Delay (RTD) and SNMP.

Fault Tolerant DNS Caching (RFE-7343)

When an authoritative DNS server experiences an outage, all websites served by the DNS server become inaccessible. Enabling the DNS fault tolerant caching option allows you to access the websites served by the DNS server despite the DNS outage. When you enable this feature, DNS records are retained in the recursive cache even after they expire. Whenever recursive query times out or returns a SERVFAIL response, the appliance returns the cached response to the client instead of the SERVFAIL response.

NOTE: Infoblox recommends that you enable this feature right after you upgrade to NIOS 8.2. Enabling this during production requires a DNS service restart, which will clear the current cache.