Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 6 Next »

You can deploy the Legacy Data Connector VM from a remote web server or a local file system accessible from your management system. Instructions in this section assume that you have configured the server on your network, and that you are able to connect to it from your management system.
To deploy the Legacy Data Connector VM, log in to the vSphere Client, connect to the ESXi 5.x server, and then complete the following:

  1. Obtain the Legacy Data Connector virtual machine image file from Infoblox. For more information, see Requirements.
  2. Install the Legacy Data Connector VM on the ESXi server, as described in the section, Installing the Legacy Data Connector Virtual Appliance on this page.
  3. Configure the NIC (Virtual Network Adapter) for the Data Connector VM, as described in the section, Configuring the Virtual NIC on this page.
  4. Power on the Legacy Data Connector VM, as described in the section, Powering on the Legacy Data Connector Virtual Appliance on this page.
  5. Configure the Data Connector VM to collect DNS data from the Infoblox Grid, as described in the section, Configuring the Legacy Data Connector Virtual Appliance on this page.

Installing the Legacy Data Connector Virtual Appliance

To install the Legacy Data Connector VM:

  1. Obtain the Legacy Data Connector VM image file from Infoblox.
  2. Download the .OVA package file(s) for the Data Connector VM.
  3. From the vSphere Client, click File > Deploy OVF Template to start the Deploy OVF Template wizard, as shown in Figure 1.2. You use this feature to open the .OVA file to deploy your Data Connector VM.

    Figure 1.2 Deploy OVF Template Wizard

  4. Depending on the download location of the Legacy Data Connector VM, select Deploy from file to deploy the .OVA file from a local file system, or select Deploy from URL to deploy from a remote web server. Locate the .OVA file or enter the URL of the file, and then click Next.
  5. Verify the .OVA package file details and click Next.
  6. Specify a name for the Legacy Data Connector VM instance and click Next.
  7. Select the host or cluster on which the Legacy Data Connector VM instance must run and click Next.
  8. If applicable, select the host within the cluster to be used for the Legacy Data Connector VM instance.
  9. Select the resource pool on which to deploy and click Next.
  10. Select the destination storage for the Legacy Data Connector VM instance and click Next.
  11. Select the format in which you want to store the virtual disk and click Next.
  12. Select the network that the Legacy Data Connector will use and click Next.
  13. Verify the information in the summary screen and click Finish.
    The Legacy Data Connector VM installation begins. The Deployment Completed Successfully dialog box appears after the installation is complete.
  14. Click Close to close the dialog box.
  15. To verify the installation of the Legacy Data Connector VM, click the Virtual Machines tab in the vSphere Client.

Configuring the Virtual NIC

  1. From the vSphere Client, select the newly deployed Data Connector VM instance.
  2. Click Inventory > Virtual Machine > Edit Settings.
  3. In the Virtual Machine Properties dialog box, select the Hardware tab.
  4. From the Hardware list, select the network interface that the Legacy Data Connector VM uses to communicate with the Grid.
  5. Click OK.

Powering on the Legacy Data Connector Virtual Appliance

  1. From the vSphere Client, select the Data Connector VM instance.
  2. Click Inventory > Virtual Machine > Power > Power On.
    Note: After you power on the Legacy Data Connector VM, it may take a few minutes for the CLI prompt to appear while the appliance initializes.

Configuring the Legacy Data Connector Virtual Appliance

After you have successfully installed the Legacy Data Connector VM software package oXi server, power on the Data Connector VM and configure the Data Connector VM. You can configure the Legacy Data Connector VM using a Wizard or CLI commands. For more information, see Configuring the Legacy Data Connector Virtual Appliance using a Wizard and Configuring the Legacy Data Connector Virtual Appliance using the CLI respectively.
The data source, which is an Infoblox Grid, is connected to the Infoblox Legacy Data Connector VM that collects DNS data from the Grid and transfers it to the destination, either a Reporting member, an BloxOne Threat Defense Cloud, or a SIEM tool. You must configure the following in order to transfer data through the Legacy Data Connector VM:

  1. Configure the source.
  2. Configure the destination.
  3. Add SCP users who can upload files to the Data Connector VM.
  4. Configure the Legacy Data Connector VM.

For an BloxOne Threat Defense Cloud destination, the Legacy Data Connector VM also collects additional data from the Grid for reporting and analytics. You can view these reports using the BloxOne Threat Defense Cloud portal when you configure Data Connectors. For more information, see Configuring BloxOne Threat Defense Cloud Destination.

Note: You must register a Legacy Data Connector VM with the Grid Master to forward output files to a Reporting destination. However, registration is not required for forwarding these files to an Infoblox BloxOne Threat Defense Cloud, or a SIEM tool.

To reduce data transfer between the Grid, Legacy Data Connector and BloxOne Threat Defense Cloud, enable the NIOS Object Change Tracking feature. When you enable this feature, the appliance tracks the changes that are made to NIOS objects and periodically synchronizes changed objects, through Data Connector, with the BloxOne Threat Defense Cloud destination.

Note that you must configure the NIOS appliance to send syslog messages to an external Data Connector VM over TCP. By default, the NIOS appliance sends these messages over UDP. To configure the NIOS appliance to send messages over TCP, log in to Grid Manager and from the Grid tab -> select the Grid Manager tab -> Members tab, and then click Grid Properties -> Edit from the Toolbar. In the Grid Properties editor, select the Monitoring tab, select the Log to External Syslog Servers check box, click the Add icon and specify the IP address of the Legacy Data Connector VM. Next, select Secure TCP or TCP as the Transport option. For more information about syslog, refer to the Infoblox NIOS Administrator Guide.

Configuring the Legacy Data Connector Virtual Appliance using a Wizard

Complete the following to configure the Data Connector VM with the Infoblox Grid:

  1. Connect to the CLI using the following command: ssh admin@vm_ip_address -p 2020

    admin@<vm_ip_address>'s password: password

    Name:    DataConnector

    Version: 3.0.0-371818

    Infoblox Data Connector Virtual Machine

    In the above command, the variable vm_ip_address is the IP address of the Data Connector VM. You can get the IP address from the VM console on the VMware ESXi server. The default username is admin and the default password is infoblox.

    You can run the wizard command to configure of the Legacy Data Connector VM. Using the wizard command, you can configure network settings, register the Legacy Data Connector VM with the Infoblox Grid, and add an SCP user who is allowed to upload files to the Legacy Data Connector VM. Note that you can register only one Legacy Data Connector VM with the NIOS Grid.

    Note: Ensure that your network configuration allows data exchange between the Legacy Data Connector VM and the destination, which can be the Reporting member, an Infoblox BloxOne Threat Defense Cloud, or a SIEM tool.

    Note that the following wizard output contains configuration of all the destinations as an example. To configure a Reporting destination, see Configuring Reporting Destination. For information about configuring a Splunk destination, see Configuring Splunk Destination. To configure an BloxOne Threat Defense Cloud, see Configuring BloxOne Threat Defense Cloud Destination. To configure a SIEM tool, see About Infoblox Legacy Data Connector.
    Run the wizard command as follows and enter the information as prompted:

    > wizard

    Do you want to configure admin network settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Please enter IPv4 configuration in format: 'mode [gateway address mask vlanid]'
    Current settings are [ static 10.36.0.1 10.36.130.1 255.255.0.0 0 ]:
    static 10.36.0.1 10.36.130.1 255.255.0.0 0
    ok
    Please enter dns configuration[ 10.0.0.0 ]:
    10.0.0.0
    DNS servers obtained by DHCP (if any) have higher precedence
    ok
    Please enter domain configuration[ dc-xyz.com ]:
    dc-xyz.com
    ok
    Please enter hostname configuration[ dc-xyz ]:
    dc-xyz
    ok
    Configured System Setting:
    gateway: 10.36.0.1
    mask: 255.255.0.0
    mode: static
    address: 10.36.130.1
    vlanid: 0
    vlan configuration is only in effect in the static mode.
    Configured DNS Setting:
    Dns Server(s): ['10.0.0.0']
    domain: dc-xyz.com
    hostname: dc-xyz
    Is it correct? y/n [y]:
    y
    Do you want to configure data output cloud registration settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Please enter cloud url[ https://usa-va.csp.infoblox.com/dnslog ]:
    Settings unchanged.
    Please enter api_key[ 1234 ]:8
    Is it correct? y/n [y]:
    y
    Please enter agent_id[ DEFAULT_ID ]:
    agent_1
    ok
    url: https://usa-va.csp.infoblox.com/dnslog
    api_key[ 1234 ]:8
    agent_id[ 1234 ]: agent_1
    Do you want to configure data output cloud settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Please enter Output cloud mode configuration[ hold ]:
    hold
    ok
    The output mode is hold
    Is it correct? y/n [y]:
    y
    Do you want to configure data output ArcSight settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Please enter ArcSight SIEM address[ 10.196.104.222 ]:
    10.196.3.4
    ok
    Do you want to add more values? y/n [n]:
    y

    Please enter ArcSight SIEM address[ 10.196.3.4 ]:
    10.196.3.5
    ok
    Do you want to add more values? y/n [n]:
    n
    Please enter ArcSight default port[ 514 ]:
    514
    ok
    Please enter ArcSight mode[ disabled ]:
    hold
    ok
    Address: 10.196.3.5
    ArcSight port is 514
    The output mode is hold
    Is it correct? y/n [y]:
    y
    Do you want to configure data output QRadar settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Please enter QRadar SIEM address:
    10.196.8.9
    ok
    Do you want to add more values? y/n [n]:
    y
    Please enter QRadar SIEM address[ 10.196.8.9 ]:
    10.196.8.10
    ok
    Do you want to add more values? y/n [n]:
    n
    Please enter QRadar default port[ 6514 ]:
    6514
    ok
    Please enter QRadar mode[ disabled ]:
    disabled
    ok
    Address: 10.196.8.10
    QRadar port is 6514
    The output mode is disabled
    Is it correct? y/n [y]:
    y
    Do you want to configure data maxSyslogDelayTime settings y/n [y]:
    n
    Do you want to configure data output splunk settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Please enter splunk indexers[ 10.10.1.2 ]:
    y
    'y' is not a valid IP address
    Please enter splunk indexers[ 10.10.1.2 ]:
    10.10.1.2
    Indexer 10.10.1.2 already defined
    Please enter splunk indexers[ 10.10.1.2 ]:
    10.10.1.3
    ok
    Do you want to add more values? y/n [n]:
    n
    Please enter splunk index name[ xyz ]:
    xyz
    ok
    Please enter splunk source type[ ib:dns:captures ]:
    Settings unchanged.
    Please enter splunk default indexer port[ 9997 ]:
    Settings unchanged.
    Please enter splunk mode[ disabled ]:
    hold
    ok
    Indexers:
    10.10.1.2
    10.10.1.3
    Index name is xyz
    Source type is ib:dns:captures
    Default indexer port is 9997
    The output mode is hold
    Is it correct? y/n [y]:
    y
    Do you want to configure data output McAfee settings y/n [y]:

    y

    Please use: '?' for help on available command options.

    Please enter McAfee SIEM address[ 10.196.104.222 ]:

    10.196.104.222

    Address 10.196.104.222 already defined

    Please enter McAfee SIEM address[ 10.196.104.222 ]:

    Settings unchanged.

    Please enter McAfee default port[ 6514 ]:

    Settings unchanged.

    Please enter McAfee mode[ disabled ]:

    disabled

    ok

    Address: 10.196.104.222

    McAfee port is 6514

    The output mode is disabled

    Is it correct? y/n [y]:

    y

    Do you want to configure data syslogBatchSize settings y/n [y]:

    n
    Do you want to configure admin system settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Please enter Greeting banner text[ This is Infoblox Data Connection Virtual Machine ]:
    This is Infoblox Data Connector VM.
    ok
    This is Infoblox Data Connector VM.
    Is it correct? y/n [y]:
    y
    Do you want to configure data input scp settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Please enter SCP users[ dc_scp_user ]:
    dc_scp_user
    Enter password for user dc_scp_user:
    Enter again:
    ok
    Do you want to add more values? y/n [n]:
    n
    Registered user(s):
    admin1
    user123
    dc_scp_user
    Is it correct? y/n [y]:
    y
    Do you want to configure data input grid settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Enter the IP address (or FQDN) of the NIOS Grid Master[ 10.35.5.49 ]:
    Settings unchanged.
    Enter the NIOS admin username[ admin ]:
    Settings unchanged.
    10.35.5.49
    admin
    Is it correct? y/n [y]:
    y
    Do you want to configure data output reporting settings y/n [y]:
    y
    Please use: '?' for help on available command options.
    Please enter reporting mode[ hold ]:
    Settings unchanged.
    The output mode is hold
    Is it correct? y/n [y]:
    y

    Setup wizard finished successfully  
  2. After successfully completing the configuration for the Data Connector VM, you can log in to the NIOS Grid and enable the Grid to start capturing DNS queries and/or DNS responses to be sent to the Data Connector VM. For more information, see Configuring DNS Queries and Responses.
  3. You must also add the IP address of the Data Connector VM and the user credentials of the SCP user to the Logging tab -> Advanced tab of the Grid DNS Properties editor. For more information, refer to the Infoblox NIOS Administrator Guide.
    Note: You must add user credentials of only superuser administrators.

  4. For Reporting destinations, use the following command to register the Data Connector VM with the Grid Master:

    data.destination.reporting.registration > register
    Getting Grid Data Connector information... done.
    Generating certificate for Splunk forwarder... done.
    Signing Splunk forwarder certificate with the Grid... done.
    Registering Data Connector with the Grid... done.
    Saving changes to database... done.

Configuring the Data Connector Virtual Appliance using the CLI

Besides the wizard, you can execute the following commands in the CLI to configure the Data Connector VM for respective output destinations:

  1. Connect to the CLI using the following command:

    ssh admin@vm_ip_address -p 2020
    admin@<vm_ip_address>'s password: password

    Name:           DataConnector

    Version:        3.0.0-371818

    Infoblox Data Connector Virtual Machine
    In the above command, the variable vm_ip_address is the IP address of the Data Connector VM. You can get the IP address from the VM console on the VMware ESXi server. The default username is admin and the default password is infoblox. 

  2. Configure the data source for the Data Connector VM to collect DNS query and response data. Next, configure relevant output destinations. An output destination can be a Reporting member, an BloxOne Threat Defense Cloud, or a SIEM tool. For more information about configuring the source and Reporting destination for a Data Connector VM, see Configuring Reporting Destination. For more information about configuring the source and Infoblox BloxOne Threat Defense Cloud destination, see Configuring BloxOne Threat Defense Cloud Destination. To configure the source and Splunk destination, see Configuring Splunk Destination. For more information about configuring the source and IBM QRadar SIEM tool, see Configuring Data Connector for IBM QRadar. To configure the source and McAfee ESM, see Configuring Data Connector for McAfee ESM. For more information about configuring the source and Micro Focus ArcSight ESM, see Configuring Data Connector for Micro Focus ArcSight ESM.
  3. Add SCP user details on the Grid members to allow them to upload files to the Data Connector VM. For information, see Configuring Data Connector for NIOS.
  4. Configure Data Connector VM for output destination. For more information about configuring the source and Reporting destination for a Data Connector VM, see Configuring Reporting Destination. For more information about configuring the source and BloxOne Threat Defense Cloud destination, see Configuring BloxOne Threat Defense Cloud Destination. To configure the source and Splunk destination, see Configuring Splunk Destination. For more information about configuring the source and IBM QRadar destination, see Configuring Data Connector for IBM QRadar. To configure the source and McAfee ESM, see Configuring Data Connector for McAfee ESM. For more information about configuring the source and Micro Focus ArcSight ESM, see Configuring Data Connector for Micro Focus ArcSight ESM.
  • No labels