© 2013 Unicomp Inc. All Rights Reserved. Infoblox Basic Works 1 By Unicomp.

© 2013 Unicomp Inc. All Rights Reserved. Agenda 2 Overviews System Setting HA & Grid Setting DNS Overview DNS configuration Others Overviews System Setting HA & Grid Setting DNS Overview DNS configuration Others

© 2013 Unicomp Inc. All Rights Reserved. Overviews 4 Solutions  Integrated DNS, DHCP and IP Address Management on hardened physical and virtual appliances that offer resiliency, security, redundancy and world-class performance  Patented Grid™ technology delivers high scalability and a level of network services availability unique to Infoblox  Seamless integration with VMware and Microsoft servers delivers IPAM for your entire environment, without any negative impact

© 2013 Unicomp Inc. All Rights Reserved. Overviews 6 Automated Disaster Recovery Grid Master Member Infoblox Grid Grid Master Candidate Member is disconnected from master: Changes maintained by member and then synchronized with master upon reconnection Catastrophic failure of Master (both devices fail): Admin may promote any ‘Grid Master Candidate’ to Master – members re-synch automatically Device failure in HA: Failover to secondary device via VRRP—applies to members and master Individual device failover: Plug in new device and it instantly inherits all attributes of previously deployed device via master Member

© 2013 Unicomp Inc. All Rights Reserved. Overviews 7 Delegated Administration Internal Grid Members Grid Master Virtual Environment Internal Grid Members Grid Master Virtual Environment Internal Grid Members Grid Master Virtual Environment Multi-Grid Master Candidate Master Grid Single view of Global IPv4 and IPv6 data Multi-version and Upgrade Management High Availability, Disaster Recovery & System Integrity Massive Scalability Reporting, Logging & Monitoring Centrally manage up to 50 Grids, each Grid with up to 250 members for a total of 12,500 members Centrally manage up to 50 Grids, each Grid with up to 250 members for a total of 12,500 members

© 2013 Unicomp Inc. All Rights Reserved. System Setting 9 Appliance Hardware Serial Port - Login with default username and password. ▪ username : admin, password : infoblox MGMT - Shutdown in default USB - Disabled, reserved for future use Serial Port - Login with default username and password. ▪ username : admin, password : infoblox MGMT - Shutdown in default USB - Disabled, reserved for future use Serial port MGMT Lan1 HA Lan2

© 2013 Unicomp Inc. All Rights Reserved. System Setting 10 System login Default account and password ： admin / infoblox Default management interface is shutdown. Default Lan1 address is 192.168.1.2/24 Use command “show network” to show the network setting. Use command “set network” to modify the Lan1 address. The system would restart after modify the address. Default account and password ： admin / infoblox Default management interface is shutdown. Default Lan1 address is 192.168.1.2/24 Use command “show network” to show the network setting. Use command “set network” to modify the Lan1 address. The system would restart after modify the address.

© 2013 Unicomp Inc. All Rights Reserved. System Setting 14 Reset system “reset all” ： To reset the configuration but keep the licenses. “reset all license” ： To reset the configuration and remove the licenses. “reset all” ： To reset the configuration but keep the licenses. “reset all license” ： To reset the configuration and remove the licenses.

© 2013 Unicomp Inc. All Rights Reserved. System Setting 15 Show system information Also show grid status (Master or member) Also show HA status Show current version and serial number Show current version and serial number

© 2013 Unicomp Inc. All Rights Reserved. HA Configuration 31 HA Overviews HA pair consists of two nodes: Active and Passive. Active send VRRP advertisements every second to Passive to indicate that it is alive. Passive listens for advertisements and remains in passive state. If Passive doesn’t receive an advertisement in three seconds, it takes over as new Active. HA pair consists of two nodes: Active and Passive. Active send VRRP advertisements every second to Passive to indicate that it is alive. Passive listens for advertisements and remains in passive state. If Passive doesn’t receive an advertisement in three seconds, it takes over as new Active. L2 Switch Lan HA Lan HA HA node1 HA node2 HA VIP

© 2013 Unicomp Inc. All Rights Reserved. HA Configuration 32 bloxSYNC Database synchronization process is called bloxSYNC. Active sends updates to the Passive. -Host names, IP addresses, zones, leases, configuration, etc. If Passive has to assume operation, there is little or no loss of data. Database synchronization process is called bloxSYNC. Active sends updates to the Passive. -Host names, IP addresses, zones, leases, configuration, etc. If Passive has to assume operation, there is little or no loss of data.

© 2013 Unicomp Inc. All Rights Reserved. HA Configuration 33 bloxHA Communication Active and Passive use SSLVPN tunnel for data transfer. - Active node HA interface  Passive node Lan interface. - Data is synchronized through this connection. VRRP Advertisements are sent outside the tunnel. - Active node HA interface  Passive node HA & Lan interfaces. Lan Port on Active plays minor role. -Used for SSH access, SNMP, syslog, … DNS and DHCP service work on HA port. Active and Passive use SSLVPN tunnel for data transfer. - Active node HA interface  Passive node Lan interface. - Data is synchronized through this connection. VRRP Advertisements are sent outside the tunnel. - Active node HA interface  Passive node HA & Lan interfaces. Lan Port on Active plays minor role. -Used for SSH access, SNMP, syslog, … DNS and DHCP service work on HA port.

© 2013 Unicomp Inc. All Rights Reserved. HA Configuration 35 HA Pair Configuration Configure the Vrouter ID, VIP, HA, LAN IP address in Active Device. Configure the Vrouter ID, VIP, HA, LAN IP address in Active Device.

© 2013 Unicomp Inc. All Rights Reserved. Grid Configuration 43 Grid is Managed by Grid Master A Grid is a network of Infoblox appliances. Grid Master is administrative center of grid. - Is the only member that you can log into via the GUI. - Functions as library for the grid – backs up all data in grid. - Displays health and services of grid members. - May be a single box or HA pair. A Grid is a network of Infoblox appliances. Grid Master is administrative center of grid. - Is the only member that you can log into via the GUI. - Functions as library for the grid – backs up all data in grid. - Displays health and services of grid members. - May be a single box or HA pair. Master Candidate Only Master Candidates receive a full database.

© 2013 Unicomp Inc. All Rights Reserved. Grid Configuration 44 Data Replication Master Candidate Data move from GM only to active Active node Passive node Active updates passive Grid uses two UDP ports for grid communication over VPN. UDP 2114 – Builds the VPN tunnel. UDP 1194 – VPN communication.

© 2013 Unicomp Inc. All Rights Reserved. Grid Configuration 45 Grid Failover Master Candidate Member Catastrophic failure of Master ： Admin may promote any GMC to Master. You Must manually run CLI command: #set promote_master

© 2013 Unicomp Inc. All Rights Reserved. Grid Configuration Building a Grid Buillding the Grid is a two-step process: 1. On the GM, identify the member who are going to join the grid. - In the Grid Management, add members. - Migrate data to members (include zones, networks etc.) 2. Login members via the GUI and “Grid Management > Members” and select “Join Grid” from the Toolbar or SSH to the appliance and run “set membership” CLI command. Alternatively, you can add data to members after they join the grid. Buillding the Grid is a two-step process: 1. On the GM, identify the member who are going to join the grid. - In the Grid Management, add members. - Migrate data to members (include zones, networks etc.) 2. Login members via the GUI and “Grid Management > Members” and select “Join Grid” from the Toolbar or SSH to the appliance and run “set membership” CLI command. Alternatively, you can add data to members after they join the grid.

© 2013 Unicomp Inc. All Rights Reserved. DNS Overview Panel - Zones All zones, sub-zones, forward and reverse-lookup zones and all records are created, viewed, edited and deleted from this tab. This is also the place where DNS views are created and viewed. DNS Views are an advanced topic and covered in the Advanced Administration Course.

© 2013 Unicomp Inc. All Rights Reserved. DNS Overview Panel – Members The Members tab is where Member level DNS settings are set, as well as starting/ stopping the DNS services can done. In a grid, all members doing DNS services will be shown here.

© 2013 Unicomp Inc. All Rights Reserved. DNS Overview Panel – Name Server Groups - DNS servers can be organized in functional groups. - One server would be designated primary with multiple secondary servers. - Zones/records can be associated with the Name Server Group, and any changes made to those zones/records would be immediately shared with all the servers in the group. - This will save time and effort and reduce the possibility of errors or typos.

© 2013 Unicomp Inc. All Rights Reserved. DNS Overview Panel – Shared Record Groups - A group of records can be defined and clustered together in one group. - This group can be “shared” with many zones. - This reduces the number of records that need to be created/edited/deleted. - Saves on the total number of database writes required if each zone had a separate record created and written to the database.

© 2013 Unicomp Inc. All Rights Reserved. DNS Overview Panel – Blacklist Rulesets - A set of rules can be defined, based on a blacklist of domains. - Blacklist usually consists of domains that are considered to be not acceptable to be accessed. - The rulesets define actions to be taken should a query for any domain on the blacklist be received.

© 2013 Unicomp Inc. All Rights Reserved. DNS Overview Panel – DNS64 Groups - Define a synthesis group, using an IPv6 prefix. - This group is used on an Infoblox appliance to “synthesize” a AAAA record, where none exists, from an IPv4 A record. - This synthesized AAAA record can be used by an IPv6 host to reach an non-IPv6 device. - This mechanism must be used with a NAT64 device.

© 2013 Unicomp Inc. All Rights Reserved. DNS Configuration Configure a Forwarder Enterprise Internet Forwarder Forwarding Server - Does internet-bound lookups for other servers - Builds up large cache - Only server to have internet access - Also called caching server

© 2013 Unicomp Inc. All Rights Reserved. DNS Configuration Configure a Forwarder If these DNS servers have no reply, this forwarder would forward query to the root DNS server. Unless check the box labeled “Use Forwarders Only”.

© 2013 Unicomp Inc. All Rights Reserved. DNS Configuration Zone Configuration Zone panel is used to create ： - Forward mapping zones - Reverse zones - Records - Views Zone panel is used to create ： - Forward mapping zones - Reverse zones - Records - Views

© 2013 Unicomp Inc. All Rights Reserved. DNS Configuration Add Authoritative Zone Select the member, if there was only one member, it will automatically be listed, then click Add. The stealth option will hide the NS record for the primary name server from DNS queries.

© 2013 Unicomp Inc. All Rights Reserved. DNS Configuration Host Record Configuration - A Host Record is an Infoblox record type. - Provides a convenient method of entering DNS and DHCP information as one entity and not as separate records. - Allow you to enter up four type of data as a single Infoblox object ： - A record - PTR record - CNAME record (optional) - MAC address (optional) - Maintains consistency because you are entering/deleting one record.

© 2013 Unicomp Inc. All Rights Reserved. DNS Configuration Host Record Configuration DHCP: Select this to enable the DHCP services to manage the host IP address. If you do not select this option, the host IP address is not managed by the DHCP server.

© 2013 Unicomp Inc. All Rights Reserved. Agenda 89 Overviews System Setting HA & Grid Setting DNS Overview DNS configuration DNS Others Overviews System Setting HA & Grid Setting DNS Overview DNS configuration DNS Others

© 2013 Unicomp Inc. All Rights Reserved. DNS Others Name Server Groups An easier way to assign members to zones is to use Name Server Groups. A Name Server Groups is an alias for a primary server and optionally one or more secondary servers. Makes zone configuration easy – define once and use it over and over. Reduces configuration errors since the definition is performed once. An easier way to assign members to zones is to use Name Server Groups. A Name Server Groups is an alias for a primary server and optionally one or more secondary servers. Makes zone configuration easy – define once and use it over and over. Reduces configuration errors since the definition is performed once. Name Server Group DNS Primary Secondary Servers

© 2013 Unicomp Inc. All Rights Reserved. DNS Others Configure Name Server Groups Click the “+” button and add a Grid Primary or Secondary. If there are multiple name servers, you will be shown a window with the name servers to choose from. Continue these steps until all name servers that are to be part of the Name Server Group are added.

© 2013 Unicomp Inc. All Rights Reserved. DNS Others Shared Record Groups Shared Record Groups are groups of DNS records that can be shared by multiple zones and views. - For example, you can create a shared record group called test, add 10 records to it and then import this group into multiple zones. The main advantage ： - Reduces effort needed to maintain records across multiple zones. - When updated, Shared Records dynamically update in all associated views and zones. The “Gotcha” ： - When using a Shared Record Group, the IP address of each record must be the same in each zone the Shared Record Group in used in. - If you need to change the IP address of a shared record in a zone, you will not be able to use the Shared Record Group in that zone as changing the IP address of a shared record for one zone is not possible!

© 2013 Unicomp Inc. All Rights Reserved. DNS Others Shared Record Groups Shared Record Groups behave like zones. Records will be shared amongst the group’s zones. Shared Record Groups behave like zones. Records will be shared amongst the group’s zones.

© 2013 Unicomp Inc. All Rights Reserved. DNS Others Blacklist Rulesets Blacklisting is usually used to redirects users attempts to get to certain domains which a company may want to deny access to. - For example a user may type: www.badsite.com - And get redirected to: hrpolicy.widget.com This is similar to a NODATA response or a NXDOMAIN Redirection, except that the site for which the data was requested actually exists. Specifically if a Name Server receives a query for an A record that matches a Blacklisted domain name two options exist for response ： - Return one or more A records. - Return a Refused response code. If the ruleset contains duplicate domain names, the first rule is loaded and subsequent rules are discarded. Blacklist rules can only be imported through the CSV import feature. Blacklisting is usually used to redirects users attempts to get to certain domains which a company may want to deny access to. - For example a user may type: www.badsite.com - And get redirected to: hrpolicy.widget.com This is similar to a NODATA response or a NXDOMAIN Redirection, except that the site for which the data was requested actually exists. Specifically if a Name Server receives a query for an A record that matches a Blacklisted domain name two options exist for response ： - Return one or more A records. - Return a Refused response code. If the ruleset contains duplicate domain names, the first rule is loaded and subsequent rules are discarded. Blacklist rules can only be imported through the CSV import feature.

Thank You 104

© 2013 Unicomp Inc. All Rights Reserved. Infoblox Basic Works 1 By Unicomp.

Similar presentations

Presentation on theme: "© 2013 Unicomp Inc. All Rights Reserved. Infoblox Basic Works 1 By Unicomp."— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

© 2013 Unicomp Inc. All Rights Reserved. Infoblox Basic Works 1 By Unicomp.

Similar presentations

Presentation on theme: "© 2013 Unicomp Inc. All Rights Reserved. Infoblox Basic Works 1 By Unicomp."— Presentation transcript:

Similar presentations

About project

Feedback