Document toolboxDocument toolbox

Provisioning the PayGo Instance of vNIOS for AWS

Owned by Jyothi KP
Last updated: Sept 25, 2024
16 min read

This topic outlines the procedure to launch and provision an Infoblox vNIOS PayGo instance for your AWS VPC in the AWS console. This procedure is designed for users who want to provision an Infoblox vNIOS PayGo instance, which includes built-in licenses. It provides a comprehensive sequence of steps to manually provision a new Infoblox vNIOS PayGo instance in AWS.

When using the PayGo licensing model, the Infoblox vNIOS service can be directly installed from the AWS marketplace with a built-in license, eliminating the need for separate license purchases. This simplifies the deployment process, as the necessary licenses are included and automatically managed.

Note

  • DHCP services can run on NIOS instances deployed on AWS to offer instances that are outside AWS. Due to AWS restriction, DHCP cannot be offered for instances running on AWS.

To configure HA, complete the Prerequisites, perform the sequence of procedures defined in this topic, and additionally, configure the advanced network configuration defined in Configuring HA with vNIOS for AWS Instances.

Obtaining the vNIOS for AWS AMI

Installation of the vNIOS for AWS AMI involves a series of steps in the AWS console on which you can configure and launch a new Infoblox vNIOS for AWS instance. You can also obtain the vNIOS for AWS AMI from the Amazon Marketplace website. For information about navigating to the AWS Marketplace AMIs tab, see the AWS Marketplace Documentation at https://docs.aws.amazon.com/marketplace/


To deploy and configure Infoblox vNIOS on AWS using the PayGo model, follow these steps:

  1. Log in to the Amazon EC2 console using your AWS account credentials.

  2. Based on whether you use the Amazon EC2 console or AWS Marketplace to get the AMI, perform one of the following:

    1. If you are using the Amazon EC2 console to launch an instance, complete the following steps:

      1. On the Console Home page, in the Services box, search for and click EC2 in the search results.

      2. On the EC2 Dashboard tab > Launch instance section, expand Launch instance, and then choose Launch instance.
        The Launch an instance page is displayed.

      3. Expand Application and OS Images (Amazon Machine Image) and click Browse more AMIs.

      4. On the Choose an Amazon Machine Image (AMI) page, click the AWS Marketplace AMIs tab.

      5. Search for the name Infoblox NIOS PayGo to launch PayGo.

    2. If you are using AWS Marketplace to launch an instance, complete the following steps from the AWS Marketplace website:

      1. Visit the AWS Marketplace website and search for "Infoblox."

      2. In the displayed list, select the following AMI :

        • Infoblox NIOS PayGo

      3. Click Continue to Launch.

      4. Select the required version from the Software version drop-down list and launch the instance.
        Note that you may select prior versions of NIOS from the Software version drop-down list.

  3. Expand Instance type and select an appropriate shape from the Instance type drop-down list. Ensure the selected shape meets the minimum requirements of 8 CPU cores and 32 GB memory.

    The following is a complete list of licenses that would be installed for PayGo images in AWS:

NIOS VM Models

vCPU

Memory (GiB)

Amazon EC2 Shape

Amazon EC2 Shape for Melbourne, Jakarta, Spain

Grid Master/ Grid Master Candidate (Yes/No)

NIOS VM Models

vCPU

Memory (GiB)

Amazon EC2 Shape

Amazon EC2 Shape for Melbourne, Jakarta, Spain

Grid Master/ Grid Master Candidate (Yes/No)

IB-V926

8

32

m6i.2xlarge

m5.2xlarge

Yes

IB-V1516

16

64

m6i.4xlarge

m5.4xlarge

Yes

IB-V1526

16

128

r6i.4xlarge

r5d.4xlarge

Yes

IB-V2326

32

256

r6i.8xlarge

r5d.8xlarge

Yes

IB-V4126

48

384

r6i.12xlarge

r5d.12xlarge

Yes

Hence, when you select an 8 vCPU configuration, the PayGo instance best suited for deployment on a m6i.2xlarge virtual machine will be the IB-V926.

  1. Expand Key pair (login) and configure a key pair to securely connect to your instance. When you configure a key pair in AWS, the public key is uploaded to NIOS.
    Do one of the following:

    • In the Key pair name drop-down list, choose an existing key pair.

    • Click Create new key pair and complete the following in the Create key pair window:

      1. Key pair-name: Enter a name for the key pair.

      2. Key pair type: Select the required type.

      3. Private key file format: Select the format to use for the private key.

      4. Click Create key pair.

    • (Not recommended) If you want to perform a simple deployment, proceed without configuring a key pair.

  2. Proceed to configure the network settings as defined in the Defining Network Settings for the vNIOS for AWS Instance section.

Note

If the vNIOS for AWS instance is a Grid Master, according to the authentication method configured for AWS SSH access for the admin account, you must use the key pair or key pair and password as the SSH login for all members in that Grid. For more information, see the Creating Local Admins topic in the Infoblox NIOS Documentation.

Defining Network Settings for the vNIOS for AWS Instance

Infoblox vNIOS virtual appliances require two network interfaces (MGMT and LAN1) for proper Grid communications. These interfaces must be assigned to separate subnets within the same VPC. Configuring the AWS member Management (MGMT) network and the Grid Master's LAN1 network in the same subnet is not supported. This can cause connectivity issues.

Note that the NIOS GUI communicates through the MGMT port. If for any reason you must make changes to the MGMT port, such as swapping NICs or changing the MGMT IP address from static to dynamic, ensure that you use the same IP address for the MGMT port before and after the changes. Otherwise, you might not be able to access the NIOS GUI.

If you are deploying the appliance in an HA setup, you must add three network interfaces (MGMT, LAN1, and HA).

Note

Network settings configured in your AWS cloud environment override changes made through the NIOS GUI or CLI. Therefore, when making changes such as adding, modifying, or deleting network interfaces through the NIOS GUI or CLI, ensure that the changes made to settings in NIOS are consistent with the corresponding settings in cloud networks.

On the Launch an instance page of the AWS wizard, define the network settings for the new vNIOS for AWS instance, including the required network interfaces. Note that networks with IPv6 addresses are supported from NIOS 8.5.2 onwards. HA is not supported with IPv6 networks.

  1. Expand Network settings and click Edit.

  2. In the VPC drop-down list, choose your VPC.

  3. In the Subnet drop-down list, choose the subnet to which the new instance must be assigned. Ensure that each VPC has a default subnet. You can select this subnet value for your configuration.
    If you have not yet created a subnet for your VPC, use the Create new subnet link to create a subnet.
    You may create more than one subnet. The subnet prefix values appear in the Subnet field for each network interface in your AWS console.

  4. In the Auto-assign Public IP drop-down list, keep the default option, Disable.
    As you are creating an instance with two interfaces, AWS does not allow a Public IP assignment to the new vNIOS for AWS instance. AWS displays a warning to this effect when you create the second interface. (You may use an Elastic IP address or a private IP address.)

  5. In the Auto-assign IPv6 IP drop-down list, perform one of the following:

    1. Keep the default option, Disable to assign only IPv4 addresses to the vNIOS instance.

    2. Choose Enable to also assign IPv6 addresses to the vNIOS instance. When the instance starts, it will be associated with both IPv4 and IPv6 addresses.
      For information on Infoblox NIOS appliances that support IPv6, see Infoblox vNIOS for AWS AMI Shapes and Regions.

  6. Proceed to configure the security group as defined in the Defining an AWS Instance Security Group section.

Defining an AWS Instance Security Group

In the Network settings > Firewall (security groups) section, define the firewall security settings for your new vNIOS for AWS instance. Amazon Web Services enforces a default Deny All policy for all security groups. Your new security group consists of a set of simple firewall rules that specifically allow known IP addresses and network prefixes to access your vNIOS for AWS instance and to use specific protocols. These are defined as Inbound rules. You may create a new security group or add new rules to an existing security group definition provided by your AWS administrator, depending on your AWS IAM privileges.

Use the following points and take appropriate action for creating new inbound rules:

  • Permit SSH traffic (TCP/22) from the preferred prefix.

  • Open the port for DNS (UDP/53).

  • Permit secure web traffic (HTTPS/443) only from a Custom IP prefix representing the network of hosts that access the vNIOS instance for management and configuration.

  • Open two ports for NIOS Grid Joining traffic:

    • UDP/1194

    • UDP/2114

  • Open the port for the Infoblox API Proxy (TCP/8787).

  • Open a port for VM VRRP (UDP/802) if the node is a member in an HA pair.

  • Open the following ports if you want to deploy the reporting appliance IB-V5005 that is supported in NIOS 8.6.2 and later versions:

    • 7000 WebUI (Master,Indexer)

    • 7089 Management

    • 7887 Replication

    • 9997 Data Forwarding

    • 8000 WebUI

    • 8089 Management

    • 9185 Splunk REST API

Configure a minimum of six rules based on the list above.

Avoid using any prefixes other than those that must access the Infoblox vNIOS for AWS instances in the VPC.

  1. In the Firewall (security groups) section, select Select existing security group, and then select an existing group from the Common security groups drop-down list, or create a new security group as follows:

    1. Select Create security group.

    2. In the Security group name field, enter a name for the security group.

    3. In the Description field, write a description for the security group.

    4. To add the first rule to the group, complete the following:

      1. Click Add security group rule.

      2. In the Type drop-down list, choose Custom SSH,

      3. In the Source type drop-down list, choose Custom.

      4. In the Source field, enter the IPv4 prefix containing the computer hosts that use SSH connections to the new vNIOS for AWS instance.
        Note that you may need more than one rule if you have users from multiple networks accessing your instance.

    5. To add another rule to the group:

      1. Click Add security group rule.

      2. In the Type drop-down, choose Custom HTTPS.

      3. In the Source type drop-down list, choose Custom.

      4. In the Source field, enter the IPv4 prefix containing the computer hosts that connect to Grid Manager for the new vNIOS for AWS instance.
        Note that you may need more than one rule if you have multiple networks accessing your instance.

  2. Proceed to add network interfaces as defined in the Defining Advanced Network Configuration section.

Defining Advanced Network Configuration

For a non-HA deployment, you must use two interfaces for the new vNIOS for AWS instance, network interface 1 and network interface 2 that are labelled as MGMT and LAN1 respectively in NIOS. Use network interface 1 to join the Infoblox vNIOS for AWS instance to a NIOS Grid. By default, the network interface 1 is assigned with an IPv4 address.

For an HA deployment, complete the steps defined in Configuring HA with vNIOS for AWS Instances.

  1. Under Network interface 1, which is for the MGMT port, retain the settings as is.
    You will notice that the subnet selected in the Subnet field is displayed here.
    Note:
    If you need to set a static IP address on the MGMT interface when configuring a vNIOS instance with multiple interfaces (LAN1 and MGMT), set it from the Grid Manager UI; for steps, refer to the Infoblox NIOS documentation. If you try to set the IP address by using the set interface mgmt command, the command will fail to enable the MGMT interface because NIOS assumes that the LAN1 IP address of a vNIOS instance deployed on any cloud platform is always dynamic.

  2. To add the LAN1 port, click Add network interface.

  3. Under Network interface 2, in the Subnet drop-down list, choose a subnet.
    The selected subnet and security groups must be in the same VPC.

  4. For SSH access to the vNIOS for AWS instance, you must always use the IP address associated with the LAN1 port.

    1. Choose the default Subnet from the drop-down list. (For more information on usage of Elastic IP addresses for interfaces in your Infoblox vNIOS for AWS instances, see Using an Elastic IP Address.)

    2. To set the AWS server to also assign IPv6 address to the interface, in the IPv6 IPs drop-down list, select Add IP.

  5. Proceed to configure storage settings as described in the Defining Storage Settings for the vNIOS for AWS Instance section.

Defining Storage Settings for the vNIOS for AWS Instance

You can use the settings under Configure storage to define the storage resources to be used by the new instance. Infoblox vNIOS for AWS instances provide a defined amount of instance data storage. The storage size varies according to the AMI you have chosen for the instance. For more information, see Infoblox vNIOS for AWS AMI Shapes and Regions. You can adjust the amount of instance storage to its maximum value and attach external storage volumes for an additional cost.

  1. For a root volume, retain the default values for size and volume type.
    The default values differ based on the AMI that you select.

  2. To define settings for Elastic Block Storage volumes, click Advanced.
    The default configuration of volume 1 is displayed.

  3. In the Storage (volumes) > EBS Volumes > Volume 1 (AMI Root) section, complete the following steps for Elastic Block Storage (EBS) volumes:

    1. Size (GiB): Retain the default value.

    2. Volume type: Choose gp3 from the drop-down list.

    3. Delete on termination: Choose Yes if you want to delete the volume when the instance is terminated, or choose No to keep the volume.
      You can use this setting for your vNIOS for AWS instances to de-couple the root partition deletion from the state of the new EC2 instance. This allows retention of the volume for debugging and event log inspection.
      Infoblox recommends keeping at least the minimum storage capacity defaults for the new Infoblox vNIOS for AWS instance.

    4. Encrypted: To enable encryption on the EBS volume, choose Encrypted.
      Encryption of EBS volumes is supported only in NIOS 8.6.3 and later versions of 8.6.x.

    5. KMS key: Select a key that must be used to encrypt the volume.
      This field is accessible only when encryption is enabled.

  4. (For reporting appliances only) If you are deploying the vNIOS for AWS instance for reporting, you must create two virtual hard disks. One as the default disk used for storing regular NIOS data and a second disk for storing the reporting data. To add a second disk:

    1. In the Configure storage/Storage (volumes) section, click the Add New Volume button.

    2. In the Size (GiB) field, specify a size for the disk. Infoblox recommends that you allocate a minimum of 250 GB of additional disk space for the reporting storage requirements.

Defining Advanced Details

Use the settings under Advanced Details to define settings such as user data, IAM role, and Tenancy.

Initializing vNIOS for AWS Instances with the AWS User Data Field

You can provision the vNIOS for AWS PayGo instance through the Advanced Details -> User data field without using Elastic Scaling. Follow these instructions to define administrator login settings and initial configuration for the new instance::

  1. Expand Advanced Details and scroll down to the User data field.

  2. Define the following plain-text values in the User data field:

    1. remote_console_enabled: Enables or disables the remote SSH CLI console for a new instance (syntax: y or n).

    2. default_admin_password: Sets the password for the NIOS admin user during the first boot. This value does not have to be a default; it can be the password of any administrator who initializes the new instance. The minimum password length is four characters. If an invalid password is passed by this method, it will be ignored, and the default "infoblox" password remains in effect for the instance. Note that if you want to include a symbol character at the beginning of the password, ensure that you put the password in quotes ('') to avoid login issues. Example: '!Infoblox'.

      • For a Grid Master or a standalone vNIOS for AWS instance, the default NIOS password must be reset on the first login in the NIOS UI. Otherwise, you can configure the new password in the User data field and log in to the NIOS UI using that password. The minimum password length is four characters. It must consist of at least one uppercase character, one lowercase character, one numeric character, and one symbol character. Example: Infoblox1!
        Consider the following points for defining a password:

        • If the symbol character is at the beginning of the password, then include the password within quotes (''). Example: '@Infoblox123'.

        • If you enter an invalid password, you will be prompted to reset the password in the NIOS UI on the first login.

        • The password that you set for the Grid Master is propagated to all its members.

      • To access the NIOS CLI, you must either use the key pair or key pair + password authentication that is configured in NIOS, because access to the CLI by using only the NIOS UI password is blocked.

All user data settings are optional directives that can be included or left out of a configuration. For example, you can include the remote_console_enabled and default_admin_password to the Elastic Scale configuration in Figure Adding the Grid Master, Token and Certificate information to the AWS vNIOS Instance in topic Provisioning Infoblox vNIOS for AWS using Elastic Scaling. In the PayGo model, the temp_license command is not required since all necessary licenses are automatically included with the instance. Therefore, there is no need to manage or specify licenses manually, and the absence of the temp_license command will not affect the operation or scaling of the instance. For more information, see Provisioning Infoblox vNIOS for AWS using Elastic Scaling.

Example:

#infoblox-config

gridmaster:

ip_addr: 172.16.1.2
remote_console_enabled: y

default_admin_password: '#$&$#!'

 

Defining IAM Role

In the Advanced details section, you can configure the IAM role for the vNIOS for AWS instance.

To define, from the IAM instance profile drop-down list, choose a profile.

You may use default settings for your initial testing. It can also be defined on the Identity and Access Management page in the AWS console. Your AWS administrator may not allow custom IAM accounts for your deployment, so this may not be a selectable value.

If you are setting up the instance for HA, see Configuring HA with vNIOS for AWS Instances for the permissions required.

For more information about Amazon IAM, see the Amazon IAM documentation page at . For information about how Amazon IAM roles and permissions work with your Infoblox vNIOS for AWS instances to ensure secure and accurate authorization of user privileges, see Credentials for vDiscovery and Assigning AWS User Credentials to the NIOS Cloud Admin Account.

Defining Tenancy Setting

In the Advanced details section, you can configure the tenancy settings for the vNIOS for AWS instance from the Tenancy drop-down list. Keep the tenancy setting as is. For information about tenant settings, see About Tenants.

Defining Name and Tags for the vNIOS for AWS Instance

An AWS tag is a name-value pair. You can define tags for categorizing, searching, and identifying Amazon objects such as EC2 instances, subnets, VPCs, and IP addresses.

Use AWS tags with Infoblox extensible attributes to identify resources for IP address assignments. If you already have extensible attributes defined for your Infoblox Grid, you can add the same extensible attributes to the new vNIOS for AWS instance. The tags that you define here apply only to the instance. You can choose to create tags when provisioning an instance or at a later time.

You can use extensible attributes to tag Infoblox network containers and networks, and to tag corresponding Amazon VPCs and subnets for assigning IP addresses to the new resources in the cloud. Without the NIOS extensible attributes definitions, the tags defined on the AWS objects will only be meaningful in AWS, and you cannot search and match against managed AWS objects in Grid Manager. For information about cloud extensible attributes, see Extensible Attributes for Cloud Objects in the Infoblox NIOS Documentation.

  1. In the Name and tags section of the Launch an instance page, type a name for your instance in the Name field.
    The name is a tag defined by a key-value pair in which Name is the key and the value that you specify is the value.

  2. To define an additional tag, click Add additional tags and specify values in the Key and Value fields.

Tagging Existing AWS Objects

To tag existing objects in AWS, select a VPC > subnet within a VPC > an EC2 instance or other object types residing in AWS, and then use the Manage tags button on the Tags tab.

Adding Tags to AWS Objects

In NIOS, define the extensible attributes for each network in the Cloud -> Networks page, or under IPAM within the network view.

When you consistently use AWS tags and extensible attributes in your networks, they become more useful and valuable. For example, you can use Infoblox API extensions with the extensible attributes that are appropriate for your applications. For more information, see Infoblox Extensions to the AWS API.

Completing Your Infoblox vNIOS for AWS Instance Launch

The Summary panel on the Launch an Instance page lists settings that you have configured. Each setting is a link. You may click on a setting to navigate to that section directly and make appropriate changes.

Click the Launch instance button to launch the vNIOS for AWS instance. After a brief period of time, the vNIOS for AWS instance will be active in your VPC.
You can perform additional tasks for the vNIOS for AWS configuration to ensure that the virtual appliance is functioning properly. For more information, see Additional Configuration for vNIOS for AWS.

Connecting to the EC2 Serial Console of the Instance

vNIOS for AWS instances running on NIOS 8.6.3 or later versions of 8.6.x and deployed with r6i EC2 shapes, support connecting to the EC2 serial console on the vNIOS for AWS instance. You can connect to the serial console to perform activities such as installing licenses or for troubleshooting purposes.
To connect to the EC2 serial console, complete the following steps:

  1. In the Amazon EC2 console, navigate to the Instances page.

  2. Select the instance for which you want to access the serial console and click Connect.

  3. On the Connect to instance page > EC2 serial console tab, click Connect.

License List

The following is a complete list of licenses that will be installed for PayGo instances in AWS:

  • DNS

  • DHCP

  • GRID

  • NIOS

  • DNS Traffic Control

  • Response Policy Zone

  • Cloud Network Automation

vNIOS PayGo Configuration Guidelines

The following guidelines apply to vNIOS Paygo instances:

Â