Versions Compared

Old Version 7

changes.mady.by.user Chetan Kumar P G

Saved on

compared with

New Version Current

changes.mady.by.user Jyothi KP

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Set up a Microsoft Azure account and create a resource manager in Azure public cloud.

  • Install and set up an Azure command line interface (CLI) as described in the Installing the Azure CLI section. This is required to deploy the vNIOS appliance from the Azure CLI.

  • Configure an on-prem Infoblox Grid or Grid Master. This is required only if you want to join the vNIOS for Azure instance to the on-prem Grid. For more information, refer to the Infoblox NIOS Documentation.

  • Create an Azure managed disk from the Azure CLI as described in the Creating an Azure Managed Disk section.
    Azure virtual appliances can be deployed with managed disks from NIOS 8.5.3 onwards. From NIOS 9.0.1 onwards, they can be deployed only with managed disks.

  • To deploy vNIOS for Azure instances in an HA (high availability) setup, a capability introduced in NIOS 9.0.4:

    • In the Microsoft Azure portal, create a user-assigned managed identity with a custom role that is assigned with permissions listed in the Creating an User-Assigned Managed Identity section below.

    • When configuring HA, you must create three network interfaces for MGMT, LAN1, and HA on each node of the HA pair. Additionally, assign a secondary IP address to the HA interface on one of the nodes, and ensure that the LAN1 and HA interfaces of both nodes and the secondary IP address are assigned to the same subnetwork. For more information, see Deploying the vNIOS Instance with HA.

    • In NIOS, configure a DNS resolver in the Grid Properties Editor. For more information about DNS resolvers, refer to the Enabling DNS Resolution topic in the Infoblox NIOS Documentation.

...

Excerpt
nameCreate_Managed_Disk

Creating an Azure Managed Disk

To create a managed disk, run the following command in the Azure CLI by specifying the mentioned parameters:

az disk create --name <managed_disk_name> --resource-group <resource_group_name> --size 250 --sku Premium_LRS --source "https://<resource_group_name>.blob.core.windows.net/<storage_container_blob_name>/<vhd_image_name>" --source-storage-account-id "/subscriptions/<subscription_name>/resourceGroups/<resource_group_name>/providers/Microsoft.Storage/storageAccounts/<storage_account_name>" --os-type Linux

Note: For better performance, specify Premium_LRSas thesku.

Example:
az disk create --name nios-managed-disk --resource-group rg-east-01 --size 250 --sku Premium_LRS --source "https://rgeastcloudautomation.blob.core.windows.net/images/nios-image.vhd" --source-storage-account-id "/subscriptions/1abcd012-2abc-123a-4abc-12a345678ab1/resourceGroups/rg-east-01/providers/Microsoft.Storage/storageAccounts/rgeastcloudautomation" --os-type Linux

Creating an User-Assigned Managed Identity

To form an HA pair with vNIOS instances, the permissions defined outlined in this section are a minimum requirement. These The permissions are required for the vNIOS instance allow the instances to manage resources in the Azure cloud.

In Azure, create perform the following:

  1. Create a custom role that is assigned with permissions listed in this section.

  2. Create a user-assigned managed identity with

...

  1. its Azure role assignment Scope as Subscription and assign the custom role that

...

  1. you created.
    Defining Subscription as the scope allows the managed identity to access all resources and/or resources groups in the subscription.
    Note that the scope that you select displays under Resource Type after the role assignment is saved.

  2. Attach the managed identity to the vNIOS instance.

For more information about managed identities and custom roles, refer to Managed identities for Azure resources and Role-based access control respectively.

A sample JSON script is as follows:

{

   "id": "/subscriptions/3b9ac093-9baa-421e-8ee2-62f682759ca4/providers/Microsoft.Authorization/roleDefinitions/3fe1ef8a-86f3-452a-99ba-7be482b33e34",

...