This chapter explains how to deploy single independent appliances and independent HA pairs. Independent appliances run NIOS without the Grid upgrade and are deployed independently from a Grid. This chapter includes the following sections:
-
- Independent Deployment Overview
- Deploying a Single Independent Appliance
- Configuration Example: Deploying a NIOS Appliance as a Primary DNS Server
- Cabling the Appliance to the Network and Turning On Power
- Specifying Initial Network Settings
- Specifying Appliance Settings
- Enabling Zone Transfers on the Legacy Name Server
- Importing Zone Data on an Independent Appliance
- Designating the New Primary on the Secondary Name Server (at the ISP Site)
- Configuring NAT and Policies on the Firewall
- Deploying an Independent HA Pair
- Configuration Example: Configuring an HA Pair for Internal DNS and DHCP Services
- Cabling Appliances to the Network and Turning On Power
- Specifying Initial Network Settings
- Specifying Appliance Settings
- Enabling Zone Transfers
- Importing Zone Data
- Defining Networks, Reverse-Mapping Zones, DHCP Ranges, and Infoblox Hosts
- Defining Multiple Forwarders
- Enabling Recursion on External DNS Servers
- Modifying the Firewall and Router Configurations
NIOS 8.1NIOS Administrator Guide (Rev. A)339
Deploying Independent Appliances
340NIOS Administrator Guide (Rev. A)NIOS 8.1
Independent Deployment Overview
Independent Deployment Overview
Note: Infoblox appliances support IPv4 and IPv6 networking configurations in most deployments cited in this chapter. You can set the LAN1 port to an IPv6 address and use that address to access the NIOS UI and the NIOS Setup Wizard. All HA operations can be applied across IPv6. You can also set a dual mode appliance by configuring both IPv4 and IPv6 address for the LAN1 port. Topics in this and following chapters generally use IPv4 examples. Also note that LAN2 and the MGMT port also support IPv6. DNS services are fully supported in IPv6 for the LAN1, LAN2, MGMT and VLAN ports. DHCP services are fully supported in IPv6 for the LAN1 and LAN2 ports. Example networks throughout this chapter use IPv4 addressing.
You can deploy the NIOS appliance as a Grid member in an Infoblox Grid or independently as a standalone deployment. NIOS appliances support both IPv4 and IPv6 networks and you can deploy them in either IPv4, IPv6, or dual mode (IPv4 and IPv6). Grids offer many advantages for large organizations while independent deployments can be sufficient for smaller sites. For example, if your ISP hosts one name server to respond to external DNS queries, you can deploy a single independent NIOS appliance as the other name server, as shown in Figure 6.1.
Figure 6.1 Single Independent Appliance as a DNS Server
Internet ISP
Site
The ISP hosts a secondary DNS server for the corpxyz.com domain.
The primary and secondary name servers provide DNS protocol redundancy. If one of them cannot respond to a query for the corpxyz.com
Firewall
The NIOS appliance is the primary DNS server for the corpxyz.com domain. It answers queries from the Internet for public-facing servers in the DMZ network.
DMZ
Internal Network
Switch domain name =
corpxyz.com
LAN or
LAN1 Port
Servers for Public Access
Using primary and secondary name servers provides DNS protocol redundancy, and configuring two DHCP servers as DHCP failover peers provides DHCP protocol redundancy. However, you can only have hardware redundancy if you deploy appliances in an HA (high availability) pair. Should the active node in an HA pair fail, the passive node becomes active and begins serving data, as shown in Figure 6.2. For more information about HA pairs, see About HA Pairs .
NIOS 8.1NIOS Administrator Guide (Rev. A)341
Deploying Independent Appliances
Figure 6.2 Independent HA Pair
Internet ISP
Site
This is the same situation as that in Figure 6.1, but the primary DNS server is an independent HA pair to provide hardware redundancy.
Firewall
Internal Network
Secondary DNS Server
Switch
LAN (LAN1)
and HA
LAN (LAN1)
and HA
Primary DNS Server (Independent HA Pair)
Active Node
Passive
Servers for Public Access
DMZ
If the active node fails, the passive node becomes active and continues serving DNS.
System Manager GUI
When you deploy an independent appliance, you use System Manager to manage the appliance. Though other chapters in this guide contain information that assumes a Grid deployment and describes the Grid Manager GUI, most of the configuration procedures are applicable to an independent appliance, with the following differences:
-
- In the Dashboard, there is no Grid Status widget, and the Members Status widget in Grid Manager is the System Status widget in System Manager.
- Functions related to a Grid, such as joining a Grid and managing Grid licenses, do not exist in System Manager.
- The Grid related tabs and functions in Grid Manager are the system related tabs and functions in System Manager.
- Functions related to the Members tab in Grid Manager appear in the Nodes tab or the Toolbar of another subtab in System Manager.
For example, the following navigation path for a Grid:
-
- From the Grid tab, select the Grid Manager tab -> Members tab -> member check box, and then click HTTPS Cert -> Download Certificate from the Toolbar.
is the following for an independent appliance:
-
- From the System tab, select the System Manager tab -> Nodes tab, and then click HTTPS Cert -> Download Certificate from the Toolbar.