vDiscovery for AWS
- Shirly Tsang
Analytics
The Infoblox vDiscovery feature is very useful for detecting and obtaining information about Tenants, VPCs, Subnets, and Virtual Machines (VM’s) operating in your public cloud environments.
Many organizations operate hybrid and multi-cloud environments that may contain many subscriptions and accounts. These environments tend to be very dynamic, with things such as VMs being created and terminated on a frequent basis. This makes it difficult to keep track of everything. With Infoblox vDiscovery, tasks can be configured to run automatically allowing your Infoblox vNIOS appliance to keep track of all cloud environments, storing this data in IPAM. Infoblox vDiscovery can also be used to automate creation of DNS records for VMs running in your cloud environments. Using vDiscovery in conjunction with the Cloud Network Automation (CNA) feature, you will gain enhanced visibility into your cloud environments, all within a ‘single pane of glass’.
Beginning with NIOS 9.0.4, vDiscovery for AWS can be configured to discover multiple regions and accounts with a single vDiscovery job. Refer to the Installation Guide for vNIOS for AWS to view prerequisites and specific configuration instructions for multi-account vDiscovery.
Configure vDiscovery in Grid Manager
DNS Resolver: In order to conduct vDiscovery for AWS, your Infoblox vNIOS for AWS instance must be able to resolve AWS endpoints such as http://ec2.us-west-1.amazonaws.com . Configuring the DNS Resolver in NIOS will achieve this.
Log into the Grid Manager GUI of your vNIOS for AWS instance.
Navigate to the Grid → Grid Manager → Members tab.
In the Toolbar, Open the Grid Properties dropdown.
Select Edit.
Navigate to the DNS Resolver tab of the Grid Properties Editor.
Select the checkbox next to Enable DNS Resolver.
Click the
(Add) to add an upstream Name Server to use for DNS resolution.
Enter the IP address of the name server you wish to use. For example, 172.17.1.201.
Click Save & Close.
Note: If you have set up your vNIOS for AWS instance as a DNS resolver for the VPC, as specified in the Setup DNS Service section of this guide, you can enter the IP address of the instance’s eth1 (LAN1) interface, to use itself for DNS resolution. This method is used in the example system for this guide.
vDiscovery Job: To conduct vDiscovery in AWS, you must configure a discovery job, using the Access Key ID and Secret Access Key created with AWS IAM, as well as the regional EC2 Endpoint identified in AWS.
Log into the Grid Manager GUI of your vNIOS for AWS instance.
Navigate to the Data Management → IPAM tab.
In the Toolbar, Open the vDiscovery dropdown.
Select Discovery Manager.
In the vDiscovery Job Manager window, click
(Add) to add a new job.
In the vDiscovery Job Wizard, enter a name for the job.
Next to Member, click Select.
For a Grid with only one member, it will be automatically selected. If your Grid has multiple members, select the one you want to use for vDiscovery.
Click Next.
On Step 2, select AWS for Server Type.
For Service Endpoint, enter the ec2 endpoint for the AWS region you will conduct vDiscovery in, for example http://ec2.us-west-1.amazonaws.com . A full list of AWS endpoints can be found at AWS service endpoints - AWS General Reference .
Select Use IAM credential.
Enter the Access Key ID and Secret Access Key for the user you created in the section Security Considerations: IAM Configuration for vDiscovery. You will find these in the CSV file you downloaded earlier.
Note: If you have configured the IAM role to use with your vNIOS instance, select Use instance profile here instead.
Click Next.
Review the configuration for Network Views on Step 3.
Note: The most common cause for vDiscovery to fail to import any data is a “Sync Error” due to overlapping/conflicting address space. To account for any address space conflicts that are encountered during the vDiscovery process or with your existing IPAM data, you may need to select the option to use The tenant's network view (if it does not exist, create a new one).
Click Next.
Optional: For automatic creation of DNS records, on step 4 select the checkbox For every newly discovered IP address, create:
Select the desired DNS record object type. If in doubt, stick with the default (Host) option.
The name for DNS records that are created is controlled with a macro, with the most commonly used macro being ${vm_name). In the text box, type the desired macro, followed by the zone that you want to use. Example: ${vm_name}.testzone.com.
Note: If a different format is desired for the DNS record name, a full list of available macros can be found in the Help panel. To view this, click on 
Click Next.
Optional: Configure a schedule to automatically run the vDiscovery task.
Note: The scheduler enables you to run the vDiscovery task as frequently as once an hour. If this must be run more frequently, you can accomplish this using the API. Refer to the Infoblox REST API guide for examples and guidelines on this process.
Click Save & Close.
Run vDiscovery
To run your vDiscovery job, from the vDiscovery Job Manager window click the
(Action Menu) for your vDiscovery job.
Select Start.
Click Yes in the popup window.
vDiscovery Data
Data collected by vDiscovery can be tracked through Data Management (IPAM, DHCP and DNS) and if the CNA license is installed, additional details will be found under the Cloud tab. Objects created by vDiscovery will automatically include metadata in their properties or extensible attributes (EA’s), a useful addition that enables you to easily identify, locate and report on your resources deployed in the cloud.
Data Management: From the Data Management tab, you can access IPAM and DNS data discovered from your AWS environment.
IPAM: IPAM, or IP Address Management, provides an easy view of all data from an IP address perspective. If you are looking for an object based on its IP address, this can be one of the easiest ways to drill down and see everything there is for that IP, including all objects that are associated with it.
DNS: If you enabled the automatic creation of DNS records, the records can be viewed by drilling down into the DNS zone you specified.
Cloud Network Automation: When the CNA license is installed, you will find the Cloud tab in your Grid Manager GUI. The Cloud tab includes five additional tabs that each provide different perspectives for viewing your cloud data, making it easy to see what is running in your cloud environments.
Tenants: For AWS vDiscovery, entries on this tab correspond to AWS accounts. You can drill down to review all subnets and VMs that have been discovered under that account.
VPCs: This tab displays any discovered AWS VPCs. You can drill down to review all subnets and VMs that have been discovered under an individual VPC.
Networks: This tab displays all subnets that have been discovered in your AWS VPCs. Easily jump to IPAM or other perspectives to view additional details for a subnet. Searches, Smart Folders and reports can also leverage the metadata stored as EAs for each subnet.
VMs: This tab shows all VMs that have been discovered and are displayed per IP address. Metadata is stored in the properties for each VM, and you can readily jump to other perspectives to view and manage additional resources, including any DNS records that may have been created for the VM.
Metadata collected for each type of object discovered varies and is stored as Extensible Attributes in the Infoblox Grid. The following is an example of EAs for a Subnet.
