Universal DDI Licensing
- Sri Raghu
- Shirly Tsang
- Gary Leicht
Infoblox tailors the Universal DDI Management offerings to suit your specific network architecture and deployment needs, recognizing that different scenarios require distinct solutions. The versatile suite of Universal DDI Management includes Universal DNS Management, Universal DHCP Management, Universal IP Address Management, and Universal Asset Insights.
Before taking advantage of the Universal DDI functionality, ensure that you obtain the necessary tokens from Infoblox. For pricing details and how to calculate token allocations, please contact your Infoblox representative.
Management Tokens
Management tokens are mandatory for managing the following object types:
DDI objects: These are objects used for managing DNS, DHCP, and IPAM. They include (but are not limited to) DNS Zones/Records, DHCP Ranges, Subnets and DDNS records. The following table includes the list of supported objects:
Object Types | Supported Objects |
|---|---|
DNS objects | Views |
DHCP objects | Ranges |
IPAM objects | IP Spaces |
Active IP addresses: These are active IP addresses (IPs) being observed in your networking environment and managed by IPAM. Active IPs are de-duplicated based on the IP Spaces with which they are associated. Note that DNS source queries are not counted towards the active IP count. For example, if an IP address is observed via a DHCP lease and is seen sending DNS queries, it will be counted as a single active IP. Active IPs include unique occurrences across the following:
IP addresses found in new or renew DHCP leases
Discovered IP addresses
Reservations
Fixed Addresses
Managed Assets: A managed asset that is counted against the management tokens is an identified physical or virtual component on the network that has at least one associated IP address. Sample asset types with IP addresses include virtual machines, gateways, endpoints, firewalls, switches, routers, and servers. Asset types without associated IP addresses are also discovered, but they will not be allocated against the management token count. Sample asset types without IP addresses include security groups, S3 buckets, subnets, and projects. Assets are de-duplicated to make sure that information from multiple sources is consolidated and only counted as a single asset
Each management token is designed to support a specific number of objects. You can purchase management tokens and allocate them based on the objects that are configured and in-use in your network infrastructure. The tokens are designed to be flexible to support different object types. Instead of buying specific objects in specific quantities, you can use the management tokens to support a mix of object types based on your business requirements.
The following table shows the number of objects that can be managed per object type for each management token. Use the information in this table as guidelines to determine the number of tokens you may need to manage your Universal DDI infrastructure.
Object Type | Native Objects | NIOS Objects |
(Managed directly from the Infoblox Portal) | (Managed from the Infoblox Portal, through NIOS ) | |
# of Objects per Token | # of Objects per Token | |
DDI objects | 25 | 50 |
Active IP Addresses | 13 | 25 |
Assets | 3 | 13 |
Legends
Native Objects: Objects that are discovered or managed directly from the Infoblox Portal or via NIOS-X virtual servers or NIOS-X as a Service. If NIOS is not involved in the management or discovery of an object, the object will be classified as a native object.
NIOS Objects: Objects that are discovered or managed from the Infoblox Portal via the NIOS Grid Manager. These objects are counted separately, such as assets discovered by NIOS Network Insight and sent to the Infoblox Portal via NIOS Grid Connector. This is applicable to all object types: DDI objects, active IPs, and managed assets.
Server Tokens for NIOS-X Virtual Servers
NIOS-X virtual servers, formerly referred to as BloxOne Hosts, are self-hosted, running on customer-provided private cloud, public cloud, or physical servers (either customer-provided or Infoblox physical servers such as B1-105 and B1-212). You may still purchase Infoblox NIOS-X physical servers if your network infrastructure requires some. Please contact your Infoblox representatives for more information.
NIOS-X servers only require server tokens if you run one or more Universal DDI services on them (see the table below). NIOS-X servers are allocated server tokens based on their performance and capacity rather than the amount of CPU/RAM allocated to them.
The following table describes the supported NIOS-X virtual server form factors, their specifications, and token allocation.
Token usage is determined by actual usage, not by server specification. For example, you can deploy a NIOS-X server with 8 vCPU and 8 GB RAM and configure it as an XS form factor (using 250 tokens). If server usage increases and exceeds the limit of an XS server (e.g., QPS goes from 9k to 12k), the token consumption of that server will automatically change from XS (250 tokens) to S (470 tokens) without the need to add more CPU/RAM. This means that the B1-212 hardware may consume tokens based on its actual usage (XXS, XS, S, or M).
Form Factor | Performance | Capacity | Specifications | Required Tokens | ||||
|---|---|---|---|---|---|---|---|---|
Size | kQPS | LPS | Objects | Discovered Assets | CPU | RAM | Storage | |
2XS | 5 | 75 | 3,000 | 550 | 3 Core | 4 GB | 64 GB | 130 |
XS | 10 | 150 | 7,500 | 1,300 | 3 Core | 4 GB | 64 GB | 250 |
S | 20 | 200 | 29,000 | 5,000 | 4 Core | 4 GB | 128 GB | 470 |
M | 40 | 300 | 110,000 | 19,000 | 4 Core | 32 GB | 1 TB | 880 |
Server Tokens for NIOS-X as a Service
NIOS-X as a Service (NIOS-XaaS) is Infoblox-hosted and can include DDI services. If you are hosting DDI services, each NIOS-X form factor has guardrails for peak DNS query performance (kQPS), peak DHCP lease performance (LPS), and object count. If a guardrail is exceeded, a higher NIOS-X form factor is required.
The following table shows the supported NIOS-XaaS form factors, their specifications, and token allocation.
Form Factor | Performance | Capacity | Required Tokens | ||
|---|---|---|---|---|---|
Size | kQPS | LPS | Connections | Objects | |
S | 20 | 200 | 10 | 29,000 | 2,400 |
M | 40 | 300 | 20 | 110,000 | 4,100 |
L | 70 | 400 | 35 | 440,000 | 6,100 |
XL | 115 | 675 | 85 | 880,000 | 8,500 |
NIOS-X as a Service is limited by the number of connections it can support. A connection is an "Access Location" that may use multiple WAN IP addresses and VPN connections. For more information, see Configuring NIOS-X as a Service.
NIOS-X Services and Server Tokens
The following table lists the NIOS-X services and their respective token requirements.
NIOS-X Services | Server Tokens Required (Yes/No) | Comments |
|---|---|---|
Access Authentication | No | This service is related to Infoblox Threat Defense, which does not require tokens. |
Anycast | No | Anycast does not use server tokens on its own. It uses server tokens through the DNS service. |
Data Connector | No |
|
DHCP | Yes |
|
Discovery | No |
|
DNS | Yes |
|
DNS Forwarding Proxy | No | This service is related to Infoblox Threat Defense, which does not require tokens. |
MS AD Sync | No |
|
NTP | No |
|
Reporting Tokens
You may purchase reporting tokens and allocate them based on the number of log entries or log events per month. Use reporting tokens for the following options:
30-day active search: All DNS and DHCP logs appear in reports and can be searched and filtered.
Logs stored in an S3 bucket: For asynchronous retrieval.
Ecosystem events: Sent via Cloud Data Connector (CDC) to preferred destinations. Ecosystem reporting tokens are allocated in increments of 10M logs per month.
The following table shows the reporting token allocation for the Reporting and Ecosystem options described above.
Pack Size for Reporting | S3 Bucket | 30-day Active Search | 60-day Reporting Asynchronous | One-year Download |
|---|---|---|---|---|
10M log events per month | 40 tokens | 80 tokens | Coming Soon | Coming Soon |
Ecosystem 10M log events per month (via CDC): 40 tokens | ||||
Token Usage
The following sections describes how Infoblox calculates token usage and where and what you can see in the usage reports.
Reporting
Current and historic usage of the following is viewable on the License Entitlement page of the Infoblox Portal. The following data will be available internally to Infoblox via the Customer 360 dashboard:
Management token usage: Split out by DDI objects, IP addresses, and assets.
Server token usage: Split out by server size and type (Virtual Server or as a Service).
Reporting token usage: Split out by report logging type and ecosystem.
Server and as-a-Service highwater marks: On performance (kQPS/LPS) and capacity (per server object count or discovered network device count).
Intervals
Minutes
Every five (5) minutes, a management token allocation snapshot will be taken. This will reflect the total number of managed DDI objects, IP addresses, and assets at the time of the snapshot.
Every five (5) minutes, a server token allocation snapshot will be taken. This will reflect the total count, size, and type of the servers deployed at the time of the snapshot.
Every five (5) minutes, for each server deployed (NIOS-X virtual Server or NIOSXaaS), DNS queries per second (kQPS), DHCP leases per second (LPS), and capacity count (objects or discovered assets) will be calculated and recorded.
Calendar Month
The highest five-minute value for management token allocation across the month will be recorded as the monthly management token high watermark.
The highest five-minute value for server token allocation across the month will be recorded as the monthly server token high watermark.
For each server, the highest five-minute value for each of kQPS, LPS, and capacity count (objects or discovered assets) across the month will be recorded as the monthly kQPS, LPS and capacity (object count or discovered asset count) high watermark.
Rolling Three Month Average
The average of the monthly management token high watermarks, taken across the previous three calendar months, will be recorded monthly as the Management Token rolling three-month average. This value will be compared with the purchased Management Token count.
The average of the monthly server token high watermarks, taken across the previous three calendar months, will be recorded monthly as the Server Token rolling three-month average. This value will be compared with the purchased Server Token count.
For each server, the average of the monthly kQPS, LPS, and capacity count (objects or discovered assets) high watermark, taken across the previous three calendar months, will be recorded monthly as the server’s kQPS, LPS, and capacity count (objects or discovered assets) rolling three-month average. These values will be compared against the Server size guardrail values for each server.
Usage Reports
The current and historic usage of the following are viewable on the License Entitlement page of the Infoblox Portal.
Management token usage grouped by DDI objects, IP addresses, and assets
Server token usage grouped by server size and type (NIOS-X virtual Server or NIOS-XaaS)
Server and as-a-Service highwater marks on performance (kQPS/LPS) and capacity (per server object count or discovered network device count).
Guardrails and True-Forward Process
If any of the following conditions occur, your account is operating outside of your license entitlements and is subject to Infoblox’s true-forward process:
The management token rolling three-month average exceeds the purchased management token count.
The server token usage rolling three-month average exceeds the purchased server token count.
The reporting token rolling three-month average exceeds the purchased reporting token count.
For a deployed NIOS-X Virtual Server or NIOS-X as a Service, the kQPS, LPS, or capacity count (objects or discovered assets) rolling three-month average exceeds the corresponding server size guardrail value for that server, and there are no available server tokens to allocate to a larger server size to cover the difference.