Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Note

vDiscovery on VNets can be performed for vNIOS appliances deployed on Azure public cloud and Azure Government only.

A vDiscovery job retrieves information about virtual entities in cloud environments that are managed through a cloud management platform (CMP) such as Azure. The current vDiscovery feature supports tenants, networks, and compute VMs only. It does not support data that is retrieved from load balancer networks, load balancer VMs, Kubernetes platform VMs, application gateways, service VMs, SQL VMs, or any other VMs that are created by cloud services such as Kubernetes service or analytics service, where the IPAM is handled by the respective orchestration engines of the cloud provider.
Note that if the vDiscovery job retrieves unsupported data from Azure, then it impacts the performance of the vDiscovery process.

Infoblox vDiscovery supports the resource manager model in the Azure Portal. However, you must first register the new vDiscovery application with Azure Active Directory through the Azure classic portal.

Note

  • Discovered virtual networks in Microsoft Cloud is mapped to network containers in NIOS.
  • Updates done by Microsoft to the root CAs of Azure services can cause vDiscovery to fail. If vDiscovery fails with ERROR: PycURL error: (60, 'SSL certificate problem: unable to get local issuer certificate'): 
    1. Download the DigiCert Global Root G2 Certificate from DigiCert Root Certificates.
    2. Upload the certificate to NIOS as described in the Uploading CA Certificates section in the Infoblox NIOS Documentation.


To perform a vDiscovery job for a VNet, complete the following tasks:

  1. Configure DNS resolver in NIOS, as described in the Configuring DNS Resolver section.
  2. Register an application with the Azure Active Directory through the Azure classic portal, as described in Integrating vDiscovery with Azure Active Directory.
  3. Add the new application as a user through the Azure resource manager portal, as described in Adding vDiscovery Application as a New User.

  4. Perform vDiscovery for service instances and subnets in selected VNets. For detailed information, refer to Configuring vDiscovery Jobs in the Infoblox NIOS Documentation.

    When configuring the endpoint for the vDiscovery job, ensure that you select the following:

    • Server Type: Select Azure.
    • Client ID: Use the CLIENT ID you obtained for the application you created in Azure.
    • Client Secret: Enter the key value of the application to authenticate the user account.
    • Service Endpoint: Use the token endpoint URL you selected for the new application.
  5. After performing a vDiscovery job on your VNets, you can view and manage discovered data in NIOS. For detailed information, refer to the Infoblox NIOS Documentation. You can also create DNS records for discovered IP addresses. For information, see Creating DNS Records for Discovered IP Addresses22806693

The vDiscovery job of Azure Government uses different service endpoints than that of Azure public cloud. The following table illustrates the use case of different endpoints that Infoblox supports:

CloudService Endpoint PatternAPI EndpointService Management Endpoint
Azure public cloudhttps://login.microsoftonline.com/*https://management.azure.com/https://management.core.windows.net/
Azure Governmenthttps://login.microsoftonline.us/*https://management.usgovcloudapi.net/https://management.core.usgovcloudapi.net/

The following service endpoints are currently not supported by Infoblox:

CloudService Endpoint Pattern
Azure AD Germanyhttps://login.microsoftonline.de
Azure AD China operated by 21Vianethttps://login.chinacloudapi.cn

Configuring DNS Resolver

To perform vDiscovery for all resources in your Microsoft VNets, you must enable DNS resolvers in NIOS. To configure DNS resolver for the Grid, complete the following in the NIOS GUI, Grid Manager:

  1. On the Grid tab -> Grid Manager tab -> Members tab, expand the Toolbar, and then click Grid Properties.
  2. In the Grid Properties editor, complete the following:
    • On the DNS Resolver tab, select the Enable DNS Resolver checkbox if it is not already selected.
    • In the Name Servers list, click Add to add the IP address of the upstream DNS server to the list.
    • Enter the IP address and press Enter.
  3. Save the configuration. The changes may take a brief period of time to become active.
  • No labels