Tab l e o f Co n ten ts - Secure DNS, DHCP & IPAM (DDI)

1 Table of ContentsTable of Contents1 Introduction3 Prerequisites3 Workflow3 Azure Objects3 Infoblox vNIOS for Azure Use Cases4 DNS and RPZ Services4 Fault Tolerance and Disaster Recovery4 Maximum Availability4 Deploy vNIOS From Azure Marketplace4 Basic Configuration5 Monitoring Deployment12 Connect to and Configure Infoblox vNIOS in Azure12 Find Private and Public IP Addresses of vNIOS12 Connect to vNIOS for Azure Appliance14 Virtual Serial Console14 Secure Shell14 Grid Manager GUI15 Configure Grid Master16 Configure NTP and DNS19 Start the NTP Service19 Start and Configure DNS Service20 Create a DNS Zone22 Configure vNIOS as Primary DNS for Azure VNets25 Infoblox vDiscovery for Azure27 Infoblox Deployment Guide - Infoblox vNIOS for Microsoft Azure (September 2021) 1 Enable vDiscovery in Azure27 Create an App Registration in Azure AD27 Add Role Assignment to Subscription33 Configure vDiscovery in Grid Manager34 Run vDiscovery39vDiscovery Data40 Data Management40 cloud Network Automation41 Alternative Deployment Methods44 ARM Templates44 Azure CLI44 Additional Resources44 Infoblox Deployment Guide - Infoblox vNIOS for Microsoft Azure (September 2021)

2 2 IntroductionInfoblox vNIOS for Azure is a virtual appliance designed for deployment as a Virtual Machine (VM) in MicrosoftAzure. Infoblox vNIOS for Azure enables you to deploy robust, manageable, and cost effective Infobloxappliances in the Microsoft NIOS is the underlying software running on Infoblox appliances and provides core network servicesand a framework for integrating all the components of the modular Infoblox solution. It provides integrated, Secure , and easy-to-manage DNS (Domain Name System), IPAM (IP address management) and vNIOS for Azure appliances can be joined to an existing on-premise or hybrid /multi cloud grid, or theentire grid can run in Azure.

3 The vNIOS appliance can be configured as a primary DNS server for your Azurevirtual networks. You can also use Infoblox cloud Network Automation with vNIOS for Azure to improvevisibility of cloud resources and increase the flexibility of your cloud following are prerequisites for deploying and managing an Infoblox vNIOS for Azure appliance: Valid subscription for Microsoft Azure. Permissions to create Resource Groups, Virtual Networks, Virtual Machines, and App Registrations inyour Azure subscription. Understanding of basic networking concepts and tools, including public and private IP addressing,DNS, Secure Shell (SSH), and command line/terminal following outline lays out the basic steps to deploy and configure Infoblox vNIOS in a new vNIOS VM using the Azure to Azure vNIOS the vNIOS Azure VNet DNS vDiscovery for ObjectsBefore implementing Infoblox vNIOS for Azure, an administrator must understand common terms or objectsavailable in Azure related to the implementation of vNIOS.

4 The following are common objects and terms: Azure Subscription:An account which is used to accessAzure services and through which billing ismanaged. Azure Marketplace:An online storefront where applicationsand other services (including virtualmachines) can be hosted or purchased. VNet:A virtual network where individual subnets andother network settings (such as security groups)are applied. VNet Peering:Connects one or more (non-overlapping)VNets together. Network Security Group:The configuration where portaccess can be allowed or blocked (firewall).Infoblox Deployment Guide - Infoblox vNIOS for Microsoft Azure (September 2021) 3 Availability Set:Maintain maximum availability of servers/applications by placing more than one in anavailability set.

5 Storage Account:Holds the image files for the OSor boot diagnostics for a VM. Resource Group:A container which holds objects suchas VM s and their related resources and canbe used to simplify management of all objects within that resource group. Express Route:A direct connection between an ISPand the Azure cloud which is used to providefaster and more Secure connections. Virtual Network Gateway:The connection point thatis used as part of a VPN gateway and enablesconnectivity between different vNets or VPN vNIOS for Azure Use CasesThe following are some of the common use cases for the Infoblox vNIOS for Azure appliance: Providing DNS and RPZ/DNS Firewall services from within the Azure cloud for Azure, on-prem, andpublic clients.

6 Expanding services to the Azure cloud for additional fault tolerance and disaster recovery (DR)purposes. Providing services with maximum availability and across multiple and RPZ ServicesIn this use case, DNS and RPZ services are hosted in the Azure cloud . This enables you to distributeenterprise DNS services for clients operating in the Azure cloud , on-prem, and across the Internet. One or moreInfoblox vNIOS for Azure appliances are deployed in Azure, assigning as many as possible to an AvailabilitySet. These appliances can also be integrated with an existing Grid. Clients are then updated to use yourInfoblox vNIOS for Azure appliance(s) for DNS resolution, providing them with your enterprise DNS and Tolerance and Disaster RecoveryThis use case is for Fault Tolerance and Disaster Recovery.

7 In case of failure in the Primary Datacenter (poweroutage, network outage, or other critical failure) an Infoblox vNIOS for Azure appliance enabled as a GridMaster Candidate (GMC) can be promoted to the Grid Master role so that Grid services can continue tooperate. DNS services can also be redirected to servers operating in the Azure cloud , possibly without evenrequiring any manual intervention and helping ensure the business can continue to AvailabilityIn many cases, it can be a challenge to implement services in a way that maximizes availability across adistributed environment in a Secure manner and without deploying more resources than are required. Onemethod for accomplishing this may be by leveraging management or transit VNets where critical services,including your Infoblox servers, operate from.

8 VNet peering can be used to connect other VNets to themanagement VNet. This allows for seamless communications between those VNets and the managementVNet, without allowing connectivity between the other subnets. Traditional routing and/or VPN s can also beused to allow connectivity into the management VNet for VNets which cannot leverage VNet peering or evenfor networks from outside of vNIOS From Azure to the Azure Portal Deployment Guide - Infoblox vNIOS for Microsoft Azure (September 2021) onCreate a the Azure Marketplace search box, typeInfobloxand the latest Infoblox vNIOS for Azure : Offerings can change often as new vNIOS versions are released.

9 Versions currently available may varyfrom those displayed the Overview page and the Basics tab, select the desiredSubscriptionfrom the dropdown if you have more than Resource group, clickCreate new. Name the resourcegroup and Deployment Guide - Infoblox vNIOS for Microsoft Azure (September 2021) 5 Warning: When setting up vNIOS deployment through the Azure Portal, a new or empty resource group aRegionfrom the aNIOS modelfrom the aNamefor the vNIOS and confirm aPasswordfor the admin : The password must be between 12 and 72 characters long, and contain characters from all of thefollowing groups: uppercase letters, lowercase letters, numbers, and special characters.

10 Additionally, Azuredoes not allow some specific passwords. The list can be found here: # : VM the VM Settings tab, under Storage account, clickCreate : You can alternatively select an existing storage account from the dropdown. A Premium performancestorage account is : Newer offerings of vNIOS for Azure use managed disks which do not require this storage account. Skipto step 16 when deploying these Deployment Guide - Infoblox vNIOS for Microsoft Azure (September 2021) the Create storage account blade, enter aNamefor the storage : Azure requires that the storage account name must be globally Deployment Guide - Infoblox vNIOS for Microsoft Azure (September 2021) the VM Settings tab, under Storage account for BootDiagnostics, clickCreate : You can alternatively select an existing storage account from the the Create storage account blade, enter aNamefor the storage.