Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Next »

After you have entered and saved your VM configuration, you can view the information in the Summary panel. If for any reason you need to make changes to the configuration, you can go back to step 2 (Configure VM settings) to do so. If the configuration is correct, click OK to accept (as illustrated in Figure 1.4).

Figure 1.4 Viewing VM Summary

 

Performing vDiscovery on VNets

Infoblox provides vDiscovery for detecting and obtaining information about virtual entities and interfaces in the Microsoft Cloud. Infoblox vDiscovery supports the resource manager model in the Azure Portal. However, you must first register the new vDiscovery application with Azure Active Directory through the Azure classic portal.

Note: Discovered virtual networks in Microsoft Cloud is mapped to Network Containers in NIOS.

To perform a vDiscovery job for a VNet, complete the following tasks:

  1. Configure DNS resolver in NIOS, as described in Configuring DNS Resolver.
  2. Register an application with the Azure Active Directory through the Azure classic portal, as described in Integrating vDiscovery with Azure Active Directory.
  3. Add the new application as a user through the Azure resource manager portal, as described in Adding vDiscovery Application as New User.
  4. Perform vDiscovery for service instances and subnets in selected VNets. For detailed information, refer to ConfiguringvDiscoveryJobs in the InfobloxNIOSAdministratorGuide. When configuring the endpoint for the vDiscovery job, ensure that you select the following:
    • Server Type: Select Azure.
    • Client ID: Use the CLIENTID you obtained for the application you created in Azure.
    • Client Secret: Enter the key value of the application to authenticate the user account.
    • Service Endpoint: Use the token endpoint URL you selected for the new application.
  5. After performing a vDiscovery job on your VNets, you can view and manage discovered data in NIOS. For detailed information, refer to the InfobloxNIOSAdministratorGuide. You can also create DNS records for discovered IP addresses. For information, see Creating DNS Records for Discovered IP Addresses.

Azure Government Cloud vDiscovery job uses different service endpoints than that of Azure. The following table illustrates the use case of different endpoints:


Service Endpoint PatternAPI EndpointService Management Endpoint
Azurehttps://login.microsoftonline.com/*https://management.azure.com/https://management.core.windows.net/
Azure Govcloudhttps://login-us.microsoftonline.com/*https://management.usgovcloudapi.net/https://management.core.usgovcloudapi.net/

Note: Infoblox vNIOS configured in Azure does not currently support DHCP.

Configuring DNS Resolver

To perform vDiscovery for all resources in your Microsoft VNets, you must enable DNS resolvers in NIOS. To configure DNS resolver for the Grid, complete the following in the NIOS GUI, Grid Manager:

  1. From the Grid tab -> Grid Manager tab -> Members tab, expand the Toolbar, and then click Grid Properties.
  2. In the Grid Properties editor, do the following:
    • Click the DNS Resolver tab and select the Enable DNS Resolver check box if it is not already selected.
    • In the Name Servers list, click Add to add the IP address of the upstream DNS server to the list.
    • Enter the IP address and press Enter.
  3. Save the configuration. The changes may take a brief period of time to become active.

Integrating vDiscovery with Azure Active Directory

Before creating a vDiscovery job and performing vDiscovery in Azure, you must integrate the discovery application with Azure Active Directory (Azure AD) to provide secure sign in and authorization. To integrate the application with Azure AD, you must first register the application details with Azure AD through the Azure classic portal.
You can also register a service principal using the Azure CLI or PowerShell. If you choose to use the CLI or PowerShell, refer to the Microsoft documentation for information about the Azure authentication mechanism and how to create a service principal with Azure Resource Manager, available at https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-service-principal/#authe nticate-service-principal-with-password---azure-cli.

If you choose to use the Azure classic portal to register a service principal, you may still need to use the Azure CLI or PowerShell to customize the access scope for the newly created service principal. The default access scope is the subscription scope that is associated with the user who creates the service principal.
To create and integrate a vDiscovery application through the Azure classic portal:

  1. Log in to your Microsoft Azure classic portal account.
  2. On the Microsoft Azure web site, select Active Directory from the left panel, and then select your Active Directory from the list.
  3. Click Applications at the top of the panel.
  4. In the Applications panel, filter by Applications my company owns in the Show field, and then click the check icon. Azure displays all the applications your company owns. Select an application from the list. You can also add a new one by clicking the ADD icon at the bottom of the panel, and then go through the ADD APPLICATION wizard to define your new application. Ensure that you use a unique Sign-on URL and APP ID URI when you add a new application.
  5. After you have selected or added the application, open theCONFIGURE section by expanding ACCESS WEB APIs IN OTHER APPLICATIONS to add permissions and define a key.
  6. In the CONFIGURE section, click Configure it now to select permissions. The Configure panel displays the properties for your application, including NAME, SIGN-ON URL, LOGO, CLIENT ID, and others. In the keys section, select the duration for the key. The key will be displayed after you select the duration and save the final configuration.
    Note: Copy the key and save it for your vDiscovery jobs. The key is the Client Secret in NIOS when you configure the vDiscovery jobs.
  7. In the permissions to other applications section, click Add application.
  8. In the Permissions to other applications dialog, go the second page and select Windows Azure Service Management API from the list. Click the icon to select it (the icon changes to a check icon once you select it), and then click the check icon at the bottom to save your configuration.
  9. In the permissions to other applications section, hover your mouse over the Delegated Permissions field and select Access Azure Service Management as organization from the drop-down list.
  10. Validate all the configuration and information on this page. Click the Save icon to save your configuration.
    Note: Ensure that you copy your CLIENT ID and Key and save them for future use.
  11. From the application list, select the application you just created and click the VIEW ENDPOINTS icon at the bottom of the panel.
  12. Azure displays the App Endpoints page that contains endpoint information for the new application. vDiscovery uses the OAUTH 2.0 TOKEN ENDPOINT (the second last item on the list). Copy the link from the table. You use this information to define the vDiscovery endpoint.

Adding vDiscovery Application as New User

After you have set up the vDiscovery application in Azure Active Directory, you must add this application as a new user to your vNIOS for Azure subscription through the Azure resource manager portal, and then define its administrative role.
To add the application as a new user and define its role:

  1. Go to the Microsoft Azure web site.
  2. Log in to your Microsoft Azure account.
  3. On the Microsoft Azure web site, go to your Infoblox vNIOS for Azure subscription and select All settings on the right panel.
  4. In the Settings panel, select Users, and then click the + Add to add new access. In the Select a role panel, click Reader.
  5. In the Add users panel, locate the newly created vDiscovery application. You can use the filter function to locate the application. Select the application, and then click Select to create the user. Click OK in the Add access panel to save your configuration.
  6. You have added the new applications as a user with the Reader role

     
    You can now configure and perform a vDiscovery job through Grid Manager (Infoblox GUI). Ensure that you have the following information that you previously recorded in order to configure a vDiscovery job:
  • Client ID = Client ID in NIOS
  • Key value = Client Secret in NIOS
  • Token endpoint URL = Service Endpoint in NIOS

When creating a new vDiscovery job, select Azure as the Server Type. Infoblox also recommends that you select "The tenant's network view" as the network views for both public and private IP addresses. For detailed information about vDiscovery jobs and how to configure them, refer to Configuring vDiscovery Jobs in the Infoblox NIOS Administrator Guide.

Creating DNS Records for Discovered IP Addresses

When you configure vDiscovery jobs, you can enable the appliance to automatically create DNS records for discovered virtual entities in your VNets. When you enable this feature, NIOS automatically adds Host records or A and PTR records to the authoritative zones for the discovered IP addresses based on your configuration. You can also enter a formula that NIOS uses to create the DNS names for the discovered IP addresses based on their VM parameters such as vm_name or discovered_name for data discovered through Azure. By doing so, NIOS is able to discover public and private IP addresses by looking up the corresponding DNS names.
Discovered data includes IP addresses for the VMs and associated information such as VM name, VM ID, tenant ID, and others. Note that corresponding zones must already exist in order for NIOS to add DNS records. Otherwise, NIOS does not add any DNS records and it logs a message to the syslog.
NIOS automatically adds DNS records (in the network views specified for vDiscovery) based on the following conditions:

  • The corresponding DNS zones must already exist in the NIOS database. NIOS does not automatically create DNS zones for the records.
  • To create a PTR records, the corresponding reverse-mapping zone must exist.
  • A DNS zone cannot be associated with more than one DNS view. NIOS does not create DNS records for zones that are associated with multiple DNS views.
  • NIOS adds new DNS records only if the VM name for the discovered IP address is available and there is no conflict between the discovered data and the associated network view.

The following matrix captures some scenarios about how vDiscovery handles various actions and what the outcome is for the information on the Cloud Platform appliance and in the NIOS database.

Note: vDiscovery modifies records that are created by the vDiscovery process only. It does not create or update DNS records that are originally created by other admin users.

Actions and Conditions

Cloud Platform Data before vDiscovery

Cloud Platform Data after vDiscovery

NIOS Data before vDiscovery

NIOS Data after vDiscovery

  • Add new VM (vma) on Cloud Platform appliance
  • Automatic creation of Host records
  • In NIOS: existing zone corp1.com; no DNS records

No data for vma

10.10.10.1
vma.corp1.com

Zone: corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

  • Add new VM (vma) on Cloud Platform appliance
  • Automatic creation of Host records
  • In NIOS: existing zone corp1.com; existing Host record (originally created by vDiscovery or admin)

No data for vma

10.10.10.1
vma.corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

  • Add new interface to existing VM (vma) with the same discovered name on Cloud Platform appliance
  • Automatic creation of Host records
  • In NIOS: existing zone corp1.com; existing Host record (originally created by vDiscovery)

10.10.10.1
vma.corp1.com

10.10.10.1
vma.corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1,
10.10.10.2)

  • Add new interface to existing VM (vma) with the same discovered name on Cloud Platform appliance
  • Automatic creation of Host records
  • In NIOS: existing zone corp1.com; existing Host record (originally created by admin)

10.10.10.1
vma.corp1.com

10.10.10.1
vma.corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)
  • Add new interface to existing VM (vma) with different discovered name (vmb) on Cloud Platform appliance
  • Automatic creation of Host records
  • In NIOS: existing zone corp1.com; existing Host record (originally created by vDiscovery)

10.10.10.1
vma.corp1.com

10.10.10.1
vma.corp1.com 10.10.10.2
vmb.corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)
Host record: vmb.corp1.com (10.10.10.2)

  • Add new interface to existing VM (vma) with different discovered name (vmb) on Cloud Platform appliance
  • Automatic creation of Host records
  • In NIOS: existing zone corp1.com; existing Host record (originally created by admin)

10.10.10.1
vma.corp1.com

10.10.10.1
vma.corp1.com 10.10.10.2
vmb.corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)
Host record: vmb.corp1.com (10.10.10.2)

  • Remove existing VM (vma) on Cloud Platform appliance
  • Automatic creation of Host records
  • In NIOS: existing zone corp1.com; existing Host record (originally created by vDiscovery)

10.10.10.1
vma.corp1.com

No data for vma

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com

  • Remove existing VM (vma) on Cloud Platform appliance
  • Automatic creation of Host records
  • In NIOS: existing zone corp1.com; existing Host record (originally created by admin)

10.10.10.1
vma.corp1.com

No data for vma

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)
  • Remove existing interface (10.10.10.2) from VM (vma) with different discovered name (vmb) on Cloud Platform appliance
  • Automatic creation of Host records
  • In NIOS: existing zone corp1.com; existing Host record (originally created by vDiscovery)

10.10.10.1
vma.corp1.com 10.10.10.2
vmb.corp1.com

10.10.10.1
vma.corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)
Host record: vmb.corp1.com (10.10.10.2)

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

  • Remove existing interface (10.10.10.2) from VM (vma) with different discovered name (vmb) on Cloud Platform appliance
  • Automatic creation of Host records
  • In NIOS: existing zone corp1.com; existing Host record (originally created by admin)

10.10.10.1
vma.corp1.com 10.10.10.2
vmb.corp1.com

10.10.10.1
vma.corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)
Host record: vmb.corp1.com (10.10.10.2)

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)
Host record: vmb.corp1.com (10.10.10.2)

  • Update record name (from vma to vm1) for the existing interface (10.10.10.1) on Cloud Platform appliance
  • Automatic creation of Host records
  • In NIOS: existing zone corp1.com; existing Host record (originally created by vDiscovery)

10.10.10.1
vma.corp1.com

10.10.10.1
vm1.corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com
Host record: vm1.corp1.com (10.10.10.1)

  • Update record name (from vma to vm1) for the existing interface (10.10.10.1) on Cloud Platform appliance
  • Automatic creation of Host records
  • In NIOS: existing zone corp1.com; existing Host record (originally created by admin)

10.10.10.1
vma.corp1.com

10.10.10.1
vm1.corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)
Host record: vm1.corp1.com (10.10.10.1)
  • Automatic creation of Host records
  • Change FQDN template from ${discover_name) to ${vm_name}
  • In NIOS: existing zone corp1.com; existing Host record (originally created by vDiscovery)

10.10.10.1
vma.corp1.com vm_name: ABC

10.10.10.1
vm1.corp1.com vm_name: ABC

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com
Host record: ABC.corp1.com (10.10.10.1)

  • Automatic creation of Host records
  • Change FQDN template from ${discover_name) to ${vm_name}
  • In NIOS: existing zone corp1.com; existing Host record (originally created by admin)

10.10.10.1
vma.corp1.com vm_name: ABC

10.10.10.1
vm1.corp1.com vm_name: ABC

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)
Host record: ABC.corp1.com (10.10.10.1)

  • Change vDiscovery task configuration from creation of Host record to A and PTR records
  • In NIOS: existing zone corp1.com; existing Host record (originally created by vDiscovery)

10.10.10.1
vma.corp1.com

10.10.10.1
vma.corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com
A record: vma.corp1.com (10.10.10.1)

  • Change vDiscovery task configuration from creation of Host record to A and PTR records
  • In NIOS: existing zone corp1.com; existing Host record (originally created by admin)

10.10.10.1
vma.corp1.com

10.10.10.1
vma.corp1.com

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)

Zone: corp1.com
Host record: vma.corp1.com (10.10.10.1)
A record: vma.corp1.com (10.10.10.1)


To enable the appliance to automatically create DNS records, complete the following in Grid Manager:

  1. For a new vDiscoveryjob: From the Data Management tab, select the IPAM tab, then select vDiscovery -> New from the Toolbar; or from the Cloud tab, select vDiscovery -> New from the Toolbar.
    or
    To modify an existing job: From the Data Management tab, select the IPAM tab and click vDiscovery -> Discovery Manager from the Toolbar, or from the Cloud tab, select vDiscovery -> Discovery Manager from the Toolbar. In the vDiscovery Job Manager editor, click the Action icon next to a selected job and select Edit from the menu.
  2. In step four of the vDiscovery Job wizard, or in the Data Consolidation tab of the vDiscovery Job Properties editor, complete the following:
    • For every newly discovered IP address, create: Select this check box to enable NIOS to automatically create or update DNS records for discovered VM instances if the records were originally created byvDiscovery.
    • Host: Select this to automatically create Host records for discovered VMs.
    • A & PTR Record: Select this to automatically create A and PTR records for discovered VMs. Note that the DNS zones and reverse-mapping zones to which the records belong must exist in NIOS. Otherwise,vDiscovery does not create the records.
    • The DNS name will be computed from the formula: Enter the formula that NIOS uses to create FQDNs for discovered VMs. You can use the auto-generated FQDNs for DNS resolution purposes. You must use the syntax of ${parameter name} for this formula.  For Azure, this field supports the vm_name and discovered_name parameters. For example, when you enter ${vm_name}.corp100.com and the discovered vm_name = XYZ, the DNS name for this IP becomes XYZ.corp100.com. When you enter ${discover_name} here and the discovered name for the IP is ip-172-31-1-64.us-west-1.compute.internal, the DNS name for this IP is ip-172-31-1-64.us-west-1.compute.internal

      Note: If the ${vm_name} parameter of an instance contains any special character, the appliance will not be able to identify this instance and will convert it to a managed VM using the vm_id parameter.




Click Add(+).

  • No labels