Figure 7.1 shows the basic concept and operations of Cloud Network Automation, which includes two major components: the Grid Master that has a Cloud Network Automation license installed and one or more Cloud Platform Appliances that provide the ability to process API requests. Instead of sending all API requests to the Grid Master, you can send requests directly to the Cloud Platform Appliances. The Cloud Network Automation license installed on the Grid Master enables visibility and reporting on cloud tenants, VM IP addresses, and DNS record allocation. This license can be used in conjunction with Cloud Platform Appliances to provide local survivability and additional scalability of cloud API requests within individual data centers, or it can be used with an existing Grid Master servicing all cloud API requests.
A Cloud Platform Appliance is a Grid member designed and dedicated to accept and process WAPI (RESTful API) requests related to cloud objects, in addition to serving DNS and DHCP protocols. You can deploy multiple Cloud Platform Appliances within your Grid to scale the processing of API requests or to provide redundancy. Cloud Platform Appliances include built-in HTTPS proxy capability that redirects cloud API requests to the appropriate Cloud Platform Appliance or to the Grid Master for processing. In other words, cloud API requests can be sent to any of the Cloud Platform Appliances within the Grid and the call is either processed locally or transparently forwarded to the appliance that is authoritative for the object referenced in the cloud API request. For information about supported Cloud Platform Appliances and their specifications, see Supported Cloud Platform Appliance Models. Once you have installed the Cloud Platform license on the appliance, fixed address configuration takes effect immediately by default and no DHCP service restart is required on the Cloud Platform Appliance. For information about this feature, see Configuring Fixed Addresses without Restarting DHCP Service. You can also add and delete IPv4 and IPv6 fixed addresses, reservations, and host records within any delegated IP address ranges through Grid Manager (the Infoblox GUI), in addition to using cloud API calls. For more information, see Managing IPv4 DHCP Data and Managing IPv6 DHCP Data.
On the CMP, you can either deploy a cloud adapter and use it as the cloud API client for sending cloud API requests to the Cloud Platform Appliances, or you can customize your CMP to make cloud API requests directly to Cloud Platform Appliances or to the Grid Master. The cloud adapter can be configured to send API requests always to a single Cloud Platform Appliance or to different Cloud Platform Appliances to handle situations where the primary Cloud Platform Appliance may not be available or to distribute API load among multiple Cloud Platform Appliances. Infoblox Cloud Network Automation supports the following cloud adapters: Infoblox IPAM Plug-In for VMware, OpenStack Adapter, and AWS (Amazon Web Services) API Proxy. For information about the IPAM Plug-In for VMware and OpenStack Adapter, refer to their respective Quick Start Guides. For information about the AWS API Proxy and how to set up AWS configurations, refer to the InfobloxInstallationGuideforvNIOSforAWS.
In order to distribute API processing and provide additional scalability both for updating APIs and serving DNS and DHCP protocols, Cloud Network Automation enables you to delegate specific sets of IPAM, DNS, and DHCP data to one or more Cloud Platform Appliances. Once authority for an object or set of objects has been delegated to a Cloud Platform Appliance, cloud API requests to create, modify, or delete objects under the scope of delegation for that appliance are processed locally and available immediately for serving DNS and DHCP to VMs within the cloud. This eliminates the need to send requests to the Grid Master to create, modify, or delete objects within the Grid. Changes made to objects on individual Cloud Platform Appliances are synchronized with the Grid Master in near real time using Grid replication to provide centralized visibility while retaining distributed processing capability. If a Cloud Platform Appliance is not authoritative for the object referenced in the cloud API requests, it automatically proxies that request to the Cloud Platform Appliance that is authoritative for the object or to the Grid Master (if it is authoritative for the object). Similarly, cloud API requests made to the Grid Master are proxied to the authoritative Cloud Platform Appliance or processed locally on the Grid Master if it is authoritative for the object. For information about authority delegation for supported objects, see About Authority Delegation. For information about proxying cloud API requests, see Proxying Cloud API Requests.
Cloud API requests are processed through the cloud API service that operates on the Cloud Platform Appliance. This service can also be enabled on the Grid Master as well as other Cloud Platform Appliances. The cloud API service is HTTPS-based; therefore, to ensure that the cloud API service functions properly, port 443 for HTTPS connectivity must be open between the CMP and each Cloud Platform Appliance and/or the Grid Master receiving the cloud API requests. To ensure that the proxying function works properly, port 443 for HTTPS must be open bi-directionally between each of the Cloud Platform Appliances as well as between each Cloud Platform Appliance and the Grid Master. You must also configure your firewalls and ACLs accordingly. Note that this service uses the VIP address on each Infoblox appliance as the destination address.
All objects created, modified, or deleted by the cloud adapter are reflected in the NIOS database. You can view cloud objects and their associated data in the Cloud tab of Grid Manager if the Cloud Network Automation license is installed on the Grid Master. For more information, see Viewing Cloud Objects. Note that it is possible to use Cloud Platform Appliances without deploying the Cloud Network Automation license. However, without the Cloud Network Automation license, VM and tenant information is only displayed as extensible attributes associated with IPAM, DHCP, and DNS objects in Grid Manager rather than in separate tables under the Cloud Tab.
Before you can send cloud API requests to a Cloud Platform Appliance or the Grid Master, you must create admin groups that have cloud API access. Only admin users that have cloud API access and applicable permissions may be used for sending cloud API requests. If the Cloud Network Automation license is installed on the Grid Master, it is also possible to assign Tenant permissions to admin users to restrict these users to only be able to view objects related to a given tenant or a set of tenants. For information about admin groups and how to manage admin users, see Managing Administrators.
Note that there is no current capability to bi-directionally synchronize NIOS data with CMP data. Therefore, cloud information in NIOS is accurate only up to the point when specific cloud API requests are received by the Cloud Platform Appliance from an adapter running on a CMP. Only cloud information obtained through API requests to the Infoblox API service will be available in NIOS.
Unlike standard WAPI requests, all cloud API related events are logged to the NIOS syslog instead of the NIOS audit log.
Figure 7.1 Cloud Network Automation