Deploy vNIOS Instance in AWS
- Shirly Tsang
- Jason Radebaugh
Infoblox vNIOS for AWS instances can be deployed using many different methods, including the AWS CLI, CloudFormation, AWS Management Console, and many other orchestration and automation platforms. Starting with NIOS version 8.5.2, Infoblox vNIOS for AWS can also be found in the AWS Marketplace. This guide will use the AWS Marketplace and AWS Console for deployment. Refer to the Additional Resources section at the end of this guide for links to information on other deployment methods.
Beginning with NIOS 9.0.4, instances can be deployed as HA (high availability) pairs in AWS. Refer to the Installation Guide for vNIOS for AWS for prerequisites and deployment instructions specific to HA pairs in AWS.
Deploy From Marketplace
To begin, in the AWS Marketplace, search for “Infoblox”.
Select the desired listing and click Continue to Subscribe.
Read the Terms and Conditions. Click the link to view the EULA.
Click Continue to Configuration.
Select the Software Version.
Select your Region and click Continue to Launch.
From the Choose Action dropdown, select Launch through EC2.
Click Launch.
Warning: Do not select the Launch from Website option. This option will launch the instance with a single network interface instead of the required two, and the instance will not function properly.
Clicking Launch will bring you to the launch instance wizard in the AWS Console. Continue from the Enter Name and Add Tags section on the Deploy vNIOS Instance in AWS page.
Deploy From AWS Console
To begin, in the AWS console use the Services dropdown menu to select EC2 under Compute.
Select Instances from the EC2 menu.
Click the Launch Instances button.
Enter Name and Add Tags
In the first section of the launch instance wizard, provide a name for the instance and optionally add additional tags.
Enter a Name for the instance.
(Optional) Click on Add additional tags.
Click on Add tag.
Enter a Key.
Enter a Value.
Optionally, add additional tags.
Select AMI and Instance Type
In the next sections of the wizard, select an Amazon Machine Image (AMI) and select an appropriate VM instance size for the appliance. If deploying from the AWS Marketplace, the AMI is already selected; proceed to selecting the instance type.
Under Application and OS Images, enter Infoblox in the search box and press Enter.
Select the AWS Marketplace AMIs tab.
Click Select next to the desired version listing.
Note: Not all versions will be available in all regions. Versions may be added or removed without notice.
Optionally, read through the details.
Click Subscribe now when ready to proceed.
Instance Type: In this step, we will select a supported instance type for the vNIOS appliance model we are deploying. Not all AWS regions support every instance type. For more information on choosing the right instance type for your vNIOS appliance, refer to Infoblox AWS appliance documentation at: https://docs.infoblox.com/display/NAIG/Infoblox+vNIOS+for+AWS+AMI+Shapes+and+Regions.
Use the Instance type dropdown to select the correct instance type for your vNIOS model. For this guide, we will select m6i.2xlarge for a TE-V926 virtual appliance.
Key Pair
In the next section, we select or create a key pair. If you do not add a key pair on this step, you will not be able to connect to the instance through SSH until you configure this in Grid Manager.
Use the dropdown to select an existing key pair. Or, optionally, create a new key pair.
Network Configuration
In this section, configure VPC and interface settings as well as a Security Group. Infoblox vNIOS for AWS appliances require two network interfaces. The first AWS network interface, eth0 corresponds to the MGMT interface in NIOS. The second AWS network interface, eth1 corresponds to the LAN1 interface in NIOS.
Warning: Infoblox vNIOS for AWS instances require two virtual network interfaces to deploy successfully, corresponding to the NIOS MGMT(eth0) and LAN1(eth1) interfaces. No additional interfaces are currently supported.
In the Network settings section, click on Edit.
Use the VPC dropdown to select a VPC.
Use the Subnet dropdown to select a Subnet for the eth0 (MGMT) interface.
Configure Security Group
Next, we will configure a security group with rules to allow specific traffic to the vNIOS instance. Security groups function as a basic firewall for the instance. By default, the new security group will contain rules to allow common ports and protocols used for NIOS from all IP addresses. While this guide shows allowing traffic from anywhere (0.0.0.0/0) for demonstration purposes, you should restrict traffic to only necessary source IPs in your environment. The following table lists rules that may be needed for your vNIOS for AWS instance. For further information on ports and protocols used by Infoblox NIOS, refer to Security Considerations - Network Configuration. Optionally, you can select an existing security group to use instead.
Type | Protocol | Port Range | Description |
SSH | TCP | 22 | SSH for Administration |
DNS (UDP) | UDP | 53 | UDP DNS |
DNS (TCP) | TCP | 53 | TCP DNS |
HTTPS | TCP | 443 | HTTPS for Grid Manager |
Custom UDP Rule | UDP | 1194 | NIOS Grid Traffic |
Custom UDP Rule | UDP | 2114 | NIOS Grid Traffic |
Custom UDP Rule | UDP | 67-68 | DHCP |
Custom TCP Rule | TCP | 8787 | Infoblox AWS API Proxy |
(Optional) To change the allowed source for any of the default security group rules, use the Source type dropdown to select Custom.
(Optional) Under Source, enter the CIDR block to allow traffic from, or select a prefix list or security group from the dropdown.
(Optional) To remove any of the default security group rules that are not needed, click on Remove.
(Optional) To add additional security group rules, click on Add security group rule.
Add Network Interface
In this section, we add the second network interface (eth1/LAN1). This interface is required for vNIOS deployment in AWS.
Note: If the instance will use an Elastic IP for Grid communication over the public internet, ensure this network interface is attached to a public facing subnet with an internet gateway configured.
Expand the Advanced network configuration section.
Scroll down to click on Add network interface.
Under Network Interface 2, use the Subnet dropdown to select a Subnet for the eth1 (LAN1) interface. This should be a different subnet from eth0 in the same availability zone.
Note: By default, this interface and subnet will be used for all connections to and services provided by your vNIOS for AWS instance.
Configure Storage
AWS instance disks are stored as Elastic Block Store (EBS) volumes. There are multiple EBS types that can be selected for your boot disk. General Purpose SSD is the base level for SSD and will work for most vNIOS deployments. Provisioned IOPS SSD supports high levels of input and output and may be useful for high read/write volume environments. Magnetic (standard) EBS is not recommended for vNIOS deployments except in non-production environments.
Verify Size is set correctly. For storage sizing information for each version, refer to Infoblox AWS appliance documentation at: https://docs.infoblox.com/display/NAIG/Infoblox+vNIOS+for+AWS+AMI+Shapes+and+Regions.
Select the Root volume type: gp2.
Additional Storage
Infoblox reporting appliances require an additional storage volume. For the TR-V5005 appliance, size of this volume can be selected based on requirements for your Grid. Infoblox recommends a minimum of 250 GB.
Note: This additional storage is for reporting appliances only. Skip this step for other appliance types.
Click Add new volume.
Set the volume Size as needed.
Select the EBS volume type: gp2.
Configure Advanced Details
In the advanced details section, you can add an IAM instance profile to use for Infoblox vDiscovery and Route 53 Sync. Refer to the vDiscovery credentials section of this guide for details. You can also add user data for some initial configuration of NIOS. Configurations in this section are optional in vNIOS for AWS deployment.
IAM Instance Profile (Optional): An instance profile with appropriate permissions can be used for vDiscovery and Route 53 Sync in vNIOS for AWS.
Expand the Advanced details section.
(Optional) Use the IAM instance profile dropdown to select an IAM Role to use.
User Data (Optional): You can use the User Data field in AWS instance deployment for some initial configuration of your Infoblox vNIOS appliance’s operating system. For vNIOS, the user data field can pass cloud-init directives, an open-source package used for initial configuration. You can specify settings such as administrator password and allowing SSH access. This section will cover a common configuration for a standalone appliance.
Warning: When deploying NIOS PayGo, you cannot set temporary licenses through user data. Licenses are already provided in these images. Other user data settings can still be used.
Warning: When installing licenses for IB-FLEX appliances, first, you must set the hardware type by running the set hardware-type command, and then install the NIOS licenses. For more information about IB-FLEX, see the About IB-FLEX section in the Infoblox NIOS Documentation.
Scroll down in the Advanced details section.
Use the Metadata version dropdown to select V1 and V2 (token optional).
Enter the following in the User data text box:
#infoblox-config
remote_console_enabled: y
default_admin_password: complex_password
temp_license: enterprise dns dhcp cloud nios IB-V825
This will enable SSH connection to the instance, set an admin password, and apply temporary licenses for the Grid, DNS, DHCP, CNA, and NIOS model TE-V825 virtual appliance.
Temporary Licenses: To include temporary licenses in user data, use the temp_license: <licenses> entry. All licenses should be listed with a single space between them. For example:
#infoblox-config
temp_license: enterprise dns dhcp cloud nios IB-V825
The following temporary licenses can be used with vNIOS for AWS:
On any vNIOS for AWS instance: enterprise dns dhcp rpz cloud vnios
nios should always be followed by the model. For TE appliances, supported licenses are: IB-V825 IB-V1425 IB-V2225, IB-V4015, IB-V4025, IB-V926, IB-V1516, IB-V1526, IB-V2326, IB-V4126. For CP appliances, supported licenses are: CP-V805 CP-V1405 CP-V2205. For reporting appliances, the IB-V5005 is supported.
For a CP appliance, the cloud_api license is also required. For example:
#infoblox-config
temp_license: enterprise dns dhcp cloud_api nios CP-V805
Warning: When deploying NIOS PayGo, you cannot set temporary licenses through user data. Licenses are already provided in these images. Other user data settings can still be used.
For additional information and use cases regarding user data, refer to NIOS documentation at https://docs.infoblox.com.
Launch Instance
Once all configuration is complete, review details and launch the instance.
Click Launch instance.
On the Launch Status page, you can view status logs and click View all instances to return to the Instances page and view your new vNIOS instance.
Troubleshooting
Deploying and configuring your Infoblox vNIOS for AWS instances is generally a straightforward process. One of the most common issues encountered while deploying a vNIOS for AWS instance is not adding the required second network interface. This issue can be identified when the instance Status Check is stuck at 1/2 checks passed.
Verify that a missing interface is the issue by selecting the instance and reviewing the Networking tab.
The Networking tab in the screenshot shows only the single eth0 interface in the Network interfaces section.
To resolve this issue:
Create a new network interface in the same VPC as your instance..
Attach the network interface to your instance.
Restart your Infoblox vNIOS for AWS instance.