After you successfully launch the vNIOS for AWS instance, complete the following tasks to set up your virtual appliance so it is operational. Note that some of these tasks are optional depending on your network configuration and business requirements.
- Configure the DNS settings for your VPC and its resources. For information, see Setting the DNS Name Server for the Amazon VPC.
- To test the starting and stopping of the virtual appliance. For information, see Starting and Stopping the vNIOS Appliance in AWS.
- Perform a DNS Zone transfer (AXFR) to the new Infoblox vNIOS for AWS instance. For information, refer to Enabling Zone Transfers in the Infoblox NIOS Documentation.
- Delegate the required VPC networks and other objects for management by the Infoblox vNIOS for AWS instance. For information, see Delegating NIOS Objects to the Infoblox vNIOS for AWS Grid Member.
- If necessary, perform a DNS Zone transfer (AXFR) to the Infoblox vNIOS for AWS instance you designate as the name server in the AWS VPC. For information, see Enabling Zone Transfers in the Infoblox NIOS Documentation. (This process excludes the use of AWS Route 53.)
- Perform vDiscovery of all virtual machines and subnets within the AWS VPC. For information, see Configuring vDiscovery Jobs in the Infoblox NIOS Documentation.
To ensure that vDiscovery works in your Amazon VPC, you configure a DNS resolver in your Grid Properties.
For information, see vDiscovery on AWS VPCs.
- For required Amazon-specific IAM permission settings to support vDiscovery, see Credentials for vDiscovery.
- If you wish to use your Infoblox vNIOS for AWS instance as an AWS API Proxy, see the topics beginning with Setting Up the Infoblox AWS API Proxy.
- To set up your new Infoblox vNIOS for AWS instance in your Infoblox Grid, refer to the topics beginning with Deploying a Grid in the Infoblox NIOS Documentation.
Infoblox recommends that you secure all network connections to your new Amazon deployments to allow traffic only from the specific network addresses involved in your deployment. Your AWS corporate account should use a VPN configuration or direct connection associated with one or more virtual private clouds under the account. You can access the AWS VPN endpoints through your on-premise firewall. Ensure that the correct infrastructure is in place to allow secure communication to your AWS cloud. For examples in the Amazon documentation, refer to http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario3.html.
Setting the DNS Name Server for the Amazon VPC
After configuration and launching of your new instance, you configure it so that your Amazon VPC is within your DNS domain. To do this, you change your virtual private cloud (VPC) DHCP-OPTION-SET configuration in the Amazon console to point to your organization's Infoblox-managed DNS domain. Complete the following:
- Open the AWS Console and go to the main VPCDashboard page.
- Select your Amazon VPC from the list. Ensure that its checkbox is selected.
- Click DHCPOptionsSets in the left-pane menu.
- Click the CreateDHCPoptionsset button.
Amazon does not allow you to edit existing DHCP Options Sets in the console. You can delete them and create new ones with different settings.
5. Enter the following values as necessary:
- Domain name: This is the top-level DNS domain for the organization. (Required.)
- Domain name servers: The IP addresses of the DNS servers in the organization. (Required.)
- NTP Servers: The Network Time Protocol server for your organization.
- NetBIOS name servers and NetBIOS Node Type: For Microsoft support only.
Figure 1.9 shows an example.
Figure 1.9 Setting the VPC's DHCP Options to bind the VPC DNS to the DNS Domain
6. Click Yes, Create.
You should ensure that no other DHCP Option sets conflict with the settings that you define here.
Starting and Stopping the vNIOS Appliance in AWS
For Infoblox vNIOS for AWS instances, Infoblox recommends using the shutdown mechanisms provided in the NIOS UI or in the NIOS CLI. In the NIOS UI, go to Cloud -> Cloud Platform Members, select the Infoblox vNIOS for AWS member, and then click Stop in the Toolbar.
To start and stop Infoblox vNIOS for AWS instances in your AWS VPC, do the following:
- Go to the top-level Amazon Web Service console page.
- Select Compute -> EC2.
- Select Resources -> ( ) Running Instances. AWS displays the list of all instances currently running in your VPC.
- Right-click the Infoblox vNIOS for AWS instance and choose Instance State -> Stop. AWS may take a moment to stop the instance operation. You may also choose from the following:
- Reboot: Reboots the instance;
- Terminate: Spins down the Infoblox vNIOS for AWS instance and erases it and its disk contents from the VPC (unless you have selected the Delete on Termination feature checkbox for storage settings, in which case the disk information from the instance remains available for reference in the VPC).
To restart an AWS vNIOS instance, do the following:
- Go to the top-level AWS console.
- Select Compute -> EC2.
- Select Resources -> ()RunningInstances.
- Right-click the stopped vNIOS instance (it shows an orange Stopped icon) and choose InstanceState -> Start.
Wait a few minutes after you power on the virtual appliance for the CLI prompt to appear while the appliance initializes.
5. To access Grid Manager on the instance, open a Web browser and enter https://<your_ip_address> as the URL.
Delegating NIOS Objects to the Infoblox vNIOS for AWS Grid Member
You can delegate networks and resources in your Amazon VPC for control by your Infoblox vNIOS for AWS instances. This process is called delegation.
Authority delegation in Cloud Network Automation assigns full and exclusive control of IP addresses and DNS name spaces to a Cloud Platform Appliance, such as an Infoblox vNIOS for AWS instance in an AWS VPC. You can perform authority delegation only through the Grid Master.
When you delegate the authority of IP addresses and DNS name spaces to a Cloud Platform Appliance, the Grid Master loses its authority over the scope of delegation for these IP addresses and name spaces along with any objects within them. That authority is given to the Cloud Platform Appliance.
For a complete discussion of the process of authority delegation, refer to the Infoblox NIOS Documentation.
This page has no comments.