Page tree

Contents

This section explains the main steps required to configure, deploy, and manage your network using BloxOne DDI. 

The following diagram explains the high-level steps to deploy and configure BloxOne DDI:

Deploying On-Prem Hosts

Deploy on-prem hosts to communicate between your local network and the Cloud Services Portal. 

For a list of deployment options, see Deploying BloxOne DDI.

  1. Navigate to Manage -> On-Prem Hosts.  Select the on-prem host and click Edit. Expand Application & Services. Depending on your licenses, enable the required services by toggling the state to Enabled.
  2. Check if the on-prem host is online from the Manage -> On-Prem Hosts page. Make sure that State = Online.

Configuring DNS

BloxOne DDI provides the ability to set up and manage DNS architecture including DNS servers, zones, resource records, and zone transfers. You can configure a primary zone to store the master copy of the zone data. You can create a  secondary zone that is a read-only copy of the primary zone stored on a different server. The secondary zone cannot process updates and can only retrieve updates from the primary zone. The secondary zone can answer DNS name resolution queries from client nodes, which helps reduce the workload on the primary zone. When you want to forward queries for data in a particular zone, define the zone as a forward zone and specify one or more DNS servers, an on-premise host, or an IP address that can resolve queries for the zone. You can create DNS resource records that provide information about objects and hosts. DNS servers use these records to respond to queries for hosts and objects. You can also configure zone transfers to transfer the zone files from the primary server to a secondary server. 

The following diagram explains the high-level steps to configure DNS:

All the settings for DNS are stored in the Global DNS Configuration. When creating a DNS Config Profile (specific to an on-prem host), some settings are inherited from the Global DNS Configuration. Also, you can choose to Inherit or Override some settings from Global DNS Configuration. Configure the Global DNS Configuration from Manage -> DNS -> Global DNS Configuration page. For more information on how to configure the Global DNS Configuration, see Configuring Global DNS Properties

The following steps guide you through the process of configuring DNS. You may skip one or more of the following steps depending on your business requirements:

  1. Create a DNS View. DNS zones are organized within a DNS View. Go to Manage -> DNS -> Zone. Click Create DNS View. For more information, see Configuring DNS Views.
  2. Create a Primary Zone. A primary zone resides in a DNS view and stores a master copy of all the zone data. Go to Manage -> DNS -> Zone -> DNS View. Click Create -> Primary Zone. For more information, see Creating a Primary Zone.
  3. Create a Forward Zone. A forward zone resides in a DNS view and resolves a hostname to an IP address. Go to Manage -> DNS -> Zone -> DNS View. Click Create -> Forward Zone. For more information, see Creating a Forward Zone.
  4. Create a Secondary Zone. A secondary zone resides in a DNS view and is a read-only copy of the primary zone. Go to Manage -> DNS -> Zone -> DNS View. Click Create -> Secondary Zone. For more information, see Creating a Secondary Zone.
  5. Create a DNS Config Profile. A DNS Config Profile is specific to the on-prem host that is assigned to it. Settings for the DNS Config Profile are inherited from the Global DNS Configuration. The inherited settings can be overridden and custom values can be specified. Go to Manage -> DNS -> DNS Config Profiles. Click Create DNS Config Profile.  Modify the DNS Config Profile to assign it to an on-prem host. For more information, see Configuring DNS Config Profiles.
  6. Create a DNS Server Group. An authoritative DNS server group is a collection of primary DNS servers and secondary DNS servers. After you create an authoritative DNS server group, you can then assign it to serve authoritative forward-mapping and reverse-mapping zones. Go to Manage -> DNS -> DNS Server Groups. Click Create -> Authoritative DNS Server Group. For more information, see Creating Authoritative DNS Server Groups.
  7. Create Resource Records. Resource records are entries in DNS zone files. Go to Manage -> DNS -> Zone -> DNS View. Go to the newly created Primary Zone, Secondary Zone, or Forward Zone. Click Create -> Record. For more information, see Configuring Resource Records.
  8. Configure DNS Servers. You can configure an existing on-prem host as a DNS server. Go to Manage -> DNS -> DNS Servers. For more information, see Configuring DNS Servers.

Configuring DHCP/IPAM

BloxOne DDI provides global parameters that can assist you in streamlining the management of your IP scopes and networks. You can set parameters to control how the DHCP server responds to lease requests for clients and hardware. When you choose to deny the lease requests, the application does not assign IP addresses to the clients and hardware that are defined in the list. You can also configure the DHCP server to assign or deny IP addresses to unknown DHCP clients. You can configure DHCP options that provide specific configuration and service information to DHCP clients. These options appear as variable-length fields at the end of the DHCP messages that DHCP servers and clients exchange. You can enable thresholds for DHCP utilization. This allows you to be notified if the DHCP utilization goes above or below a certain percentage. The DHCP server can send dynamic updates to an external primary server that you specify. For each IP space, you can specify the zone to be updated and the IP address of the primary server for that zone. 

The following diagram explains the high-level steps to configure DHCP:

All the settings for DHCP are stored in the Global DHCP Properties. When creating a DHCP Config Profile (specific to an on-prem host), some settings are inherited from the Global DHCP Properties by default. Also, you can choose to Inherit or Override some settings from Global DHCP Properties. For more information, see Configuring Global DHCP Properties on how to configure Global DHCP Configuration.

The following steps guide you through the process of configuring DHCP. You may skip one or more of the following steps depending on your business requirements:

  1. Create an IP Space. An IP Space stores the IP addresses that are unique to the particular IP Space. Go to Manage -> IPAM/DHCP. Click Create -> IP Space. For more information, see Creating IP Spaces.
  2. Create an Address Block. An Address Block contains subnets. Address Blocks are used to group subnets. Address blocks are stored in an IP Space. is Go to Manage -> IPAM/DHCP. Click Create -> Address Block. For more information, see Creating Address Blocks
  3. Create a Subnet. A subnet is a parent network for address ranges and fixed addresses with which it is associated.  Go to Manage -> IPAM/DHCP. Click Create -> Subnet. For more information, see Creating Subnets.
  4. Create a Range. An address range is a pool of IP addresses from which BloxOne DDI allocates IP addresses to DHCP clients. Go to Manage -> IPAM/DHCP. Click Create -> Range. For more information, see Configuring Address Ranges
  5. Create a Fixed Address. You can configure fixed addresses for network devices, such as routers and email servers, that are not frequently moved from network to network. Go to Manage -> IPAM/DHCP. Click Create -> Fixed Address. For more information, see Configuring Fixed Addresses.
  6. Create an IPv4 Reservation. You can reserve an IP address for future use. Go to Manage -> IPAM/DHCP. Click Create -> IPv4 Reservation. For more information, see Configuring IPv4 Reservation.
  7. Create DHCP Config Profile. A DHCP Config Profile is specific to the on-prem host that is assigned to it. Settings for the DHCP Config Profile are inherited from the Global DHCP Configuration. The inherited settings can be overridden and custom values can be specified. Go to Manage -> IPAM/DHCP -> DHCP Config Profiles. Click Create DHCP Config Profile. Modify the DHCP Config profile to assign it to an on-prem host. For more information, see Configuring DHCP Config Profiles.

Optional Settings 

To further enhance your DNS, DHCP, and IPAM configuration, Infoblox provides the following optional features you can configure for BloxOne DDI based on your business requirements.

Configuring Optional DNS and DHCP Settings

  • Configure Access Control Lists. Grant legitimate hosts access to specific tasks and operations using an access control list (ACL). Go to Manage -> DNS -> Access Control Lists. For more information, see Configuring Access Control Lists.
  • Configure Option Spaces. Go to Manage -> IPAM/DHCP -> Option Spaces. Click Create Option Space. For more information, see Configuring Option Spaces.
  • Configure Option Groups. Option groups are a collection of option spaces or other option groups. Go to Manage -> IPAM/DHCP -> Option Group. Click Create Option Group. For more information, see Configuring Option Groups.
  • Configure IPv4 Filters. Option filters are used to classify DHCP clients and decide which DHCP options each group of clients can receive regardless of the subnet they belong to. Go to Manage -> IPAM/DHCP -> IPv4 Filters. Click Create and select the required option. For more information, see Configuring IPv4 Filters.
  • Configure DHCPv4 Fingerprints. BloxOne DDI utilizes DHCP fingerprint detection to identify IPv4 mobile devices such as laptop computers, tablets, and smartphones on your network. Go to Manage -> IPAM/DHCP -> DHCP Fingerprints. Click Create DHCP Fingerprint and select the required option. For more information, see Configuring DHCPv4 Fingerprints.
  • Configure Hosts. Go to Manage -> IPAM/DHCP -> Hosts. Click Create Host. For more information, see Configuring Hosts.
  • Configure High Availability for DHCP. An HA (High Availability) group is a collection of two on-premise hosts, which are located in the same IP space, and can serve the same set of leases for an HA group. Go to Manage -> IPAM/DHCP -> HA Groups. Click Create HA Group. For more information, see Configuring HA Groups.

Additional Components

BloxOne DDI provides additional components to enhance your network configuration. 

Setting Up NIOS Grid Connector

If you are using NIOS, configure the NIOS Grid Connector. NIOS Grid Connector provides a unified view of both on-premise NIOS Grid deployments and cloud-managed BloxOne DDI deployments. For more information, see Configuring NIOS Grid Connector.

Configuring Anycast 

Enable Anycast on BloxOne DDI. Anycast is a one-to-nearest network communication, where the sender (client) is directed to the nearest recipient (server). if DNS anycast has been set up on multiple servers, a DNS client that tries to connect to the DNS server IP address is routed to the nearest instance, providing both a performance boost and redundancy to the DNS service. DNS must be enabled for Anycast to work. To configure Anycast, see Anycast Addressing.

Configuring Data Connector 

The Infoblox Data Connector is a utility designed to collect DNS query and response data, and security logs from specified sources. If you want to send your DNS/DHCP to SIEMs, see Data Connector

Configuring Notifications 

The Cloud Services Portal displays notifications for specific events, such as license expiration or CPU usage. To configure notifications, see BloxOne Notifications.

  • No labels

This page has no comments.