Before you start the deployment, do the following:
- Ensure that your Docker environment meets the minimum deployment requirements.
- On the on-prem hosts, open all ports listed in Port Usage for Bare-Metal On-Prem Hosts, in addition to opening the ports required for firewalls.
- Ensure that there are no other processes using port 53 on the host system on which your on-prem host will be deployed. For example, some Ubuntu systems running local DNS cache (system-resolved) might occupy port 53, and your on-prem host might not function properly in this case.
To deploy on-prem hosts by using the Infoblox Docker container, do the following:
- In the Cloud Services Portal, go to Administration > Downloads.
- On the Downloads page, click Download Package for Docker, and then save the .tar.gz file on your system.
- Set up the Docker environment on your system. Ensure that the Docker version is supported as described in Deployment Requirements and Port Usage for Bare-Metal On-Prem Hosts. For information about how to install Docker, refer to the Docker Documentation.
Download the Infoblox Docker image tar file to your server, and then execute the following command at the root. Note that to execute Docker commands, you must have root privileges.
# docker load -i <BloxOne_OnPrem_Docker_<VERSION>.tar.gz
The system displays the download process. The following is an example:
7cbcbac42c44: Loading layer [====================================>] 5.05 MB/5.05 MB d6f064e063f6: Loading layer [====================================>] 2.218 MB/2.218 MB f77e7ee6f8c6: Loading layer [====================================>] 69.11 MB/69.11 MB fa005789404e: Loading layer [====================================>] 4.096 kB/4.096 kB 4024a9f13d19: Loading layer [====================================>] 12.05 MB/12.05 MB 70fdf570286f: Loading layer [====================================>] 4.608 kB/4.608 kB e8b22bfeae7a: Loading layer [====================================>] 4.608 kB/4.608 kB 6fabe6521295: Loading layer [====================================>] 4.608 kB/4.608 kB 5f70bf18a086: Loading layer [====================================>] 1.024 kB/1.024 kB Loaded image: infobloxcto/onprem.agent:x.x.xx
Execute the following command to verify that the Infoblox Docker image has been downloaded properly:
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE infobloxcto/onprem.agent 3.1.xx 68f5ed0a1645 20 hours ago 96.9MB
On the Docker system, execute the following command:
sudo docker run -d \ --name blox.noa \ --network=host \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /var/lib/infoblox/certs:/var/lib/infoblox/certs \ -v /etc/onprem.d/:/etc/onprem.d/ \ -v /etc:/mount/etc:ro \ -v /usr/share/zoneinfo:/usr/share/zoneinfo:ro \ infobloxcto/onprem.agent:<VERSION> \ --jointoken $JOIN_TOKEN
Notes
You must use “blox.noa” as the container name; do not change this. You can capture the onprem.agent version in the “Loaded image” field when you download the Infoblox Docker image. Only the Docker image version 19.03.5 or greater supports the jointoken option.
To be fully compatible with the BloxOne services, you must update the Docker daemon settings and set the log driver to "json-file". For more information, refer to the Docker documentation, at https://docs.docker.com/config/containers/logging/configure/.
- You can verify that the Infoblox Docker container images are properly deployed on the system, by using the following command:
# docker ps
- You have now successfully deployed an on-prem host. It might take a couple of minutes for the proxy and BloxOne Threat Defense Cloud to connect. Once connected, the host starts collecting information from your on-prem devices and transmitting the data to BloxOne Threat Defense Cloud.
- To check the current status of the proxy, go to Manage > On-Prem Hosts in the Cloud Services Portal. For more information, see Viewing On-Prem Host Status.