Infoblox Deployment Guide - Infoblox IPAM Plug-in 4.4.1 ...€¦ · Infoblox Plugin does DNS...

Deployment Guide Infoblox IPAM Plug-in 4.4.1 for VMware vRA 7.5

© 2019 Infoblox Inc. All rights reserved. Infoblox IPAM Plug-in 4.4.1 for VMware vRA 7.5 Deployment Guide August 2019

2

TABLE OF CONTENTS

1. DOCUMENT OVERVIEW ......................................................................................................... 5

2. DOCUMENT CONVENTION .................................................................................................... 5

3. NIOS SETUP ................................................................................................................................ 5

Create Networks in NIOS .................................................................................................................... 5

Extensible Attributes Required for the vRA Plugin .............................................................................. 6

Create Cloud API account ................................................................................................................... 8

4. INSTALL PLUGIN IN VMWARE VREALIZE ORCHESTRATOR ................................... 10

Enabling Embedded VMware vRealize Orchestrator in VMware vRealize Appliance ........................ 10

Verify vRA services are running ........................................................................................................ 10

Install Infoblox Plugin in VMware vRO .............................................................................................. 12

Install NIOS Certificate ...................................................................................................................... 15

5. SETUP INFOBLOX IPAM ENDPOINT TYPE .................................................................... 19

Accessing VMware vRealize Orchestration Server ............................................................................ 19

Run the Infoblox Setup Workflow..................................................................................................... 20

6. CREATING TENANTS IN VRA ............................................................................................. 28

Create Production Tenant ................................................................................................................. 28

Create dev tenant ............................................................................................................................. 31

Create qa tenant ............................................................................................................................... 31

7. TENANT CONFIGURATION ................................................................................................. 31

Role and Fabric Group Assignment ................................................................................................... 31

Create Production Business Group ................................................................................................... 34

Create Reservation ........................................................................................................................... 36

Create Production Service ................................................................................................................ 39


3

Create Entitlement ........................................................................................................................... 40

8. CREATE ENDPOINTS IN VRA ............................................................................................. 42

Create Infoblox NIOS Endpoint ......................................................................................................... 42

Create NSX endpoint ........................................................................................................................ 44

Create Network Profile ..................................................................................................................... 46

Add a Reservation ............................................................................................................................ 48

9. SINGLE MACHINE WITH EXTERNAL NETWORK PROFILE ...................................... 49

Single Machine Blueprint .................................................................................................................. 49

Add Property Group to VM ............................................................................................................... 53

Publish Blueprint .............................................................................................................................. 55

Add Catalog item .............................................................................................................................. 55

Provision VM .................................................................................................................................... 56

IP Address Provisioning and DNS Registration .................................................................................. 58

De-provisioning ................................................................................................................................ 60

10. NSX LOAD BALANCER WITH VM PROVISIONING ................................................... 62

NSX Load Balancer Blueprint ............................................................................................................ 62

Add Load Balancer ............................................................................................................................ 66

Publishing the Blueprint ................................................................................................................... 67

Assign the Catalog item to a service ................................................................................................. 68

Deploy from NSX Web Blue catalog item. ......................................................................................... 69

IP Address Provisioning and DNS Registration .................................................................................. 70

De-Provisioning ................................................................................................................................ 72

11. ROUTED NETWORK PROFILE ....................................................................................... 73

Add Network Container in NIOS ....................................................................................................... 73

Create External Network Profile in vRA. ........................................................................................... 75


4

Create Routed Network Profile ......................................................................................................... 77

Add Network Profiles to the Reservation ......................................................................................... 78

NSX Routed Network Blue Print ....................................................................................................... 80

Provision a Routed VM ..................................................................................................................... 87

De-provisioning ................................................................................................................................ 91

12. NAT NETWORK PROFILES ............................................................................................. 94

Create One to One NAT Profile ......................................................................................................... 94 13. Machine Blueprint for One to One NAT .............................................................................................. 96 14. Publishing Machine Blueprints ......................................................................................................... 102 15. Add Catalog item .............................................................................................................................. 102 16. Provision the VM from the Catalog Item .......................................................................................... 103

Create One to Many NAT Profile ..................................................................................................... 104 17. Machine Blueprint for One to Many NAT ......................................................................................... 106 18. Provision the VM from the Catalog Item .......................................................................................... 112

IP Address Provisioning and DNS Registration ................................................................................ 113

De-provisioning .............................................................................................................................. 117

19. APPENDIX.......................................................................................................................... 119

Adding Failover Endpoints .............................................................................................................. 119

Limiting the Search Results ............................................................................................................. 120 20. Search Limit Custom Property .......................................................................................................... 120

Specifying Search Result Count during Network Profile Creation .................................................... 122 21. Max Results ....................................................................................................................................... 122 22. Specifying Max Results and Network ................................................................................................ 122 23. Specifying Max Results and Network wildcard ................................................................................. 123 24. Search Using Regular Expression ...................................................................................................... 123 25. Searching Using Type ........................................................................................................................ 124

Filtering by Max results, Extensible attributes and Type ................................................................. 125


5

1. Document Overview

The Infoblox IPAM Plug-in for VMware integrates automatic IP address allocation and DNS

registration capabilities into the VMware vCloud automation solutions. In this document, you

will find the deployment steps for the Infoblox IPAM plugin for VMware vRealize

Automation (vRA) 7.5 and Infoblox services. This is useful if you are just starting out;

however, if you already have a working environment, skip ahead through this document as

needed.

2. Document Convention

User input Text is shown in bold.

Output is shown in italics.

3. NIOS Setup

This section provides the steps for configuring NIOS in preparation of installing the Infoblox

IPAM plugin for VMware.

Create Networks in NIOS

Create the networks in NIOS which will be used for provisioning IP addresses. By default, the

Infoblox Plugin does DNS registration in the Zone specified in DHCP option Domain Name

set in the DHCP Options at the network and/or range level.

To create the networks which will be used for IP address assignment with the Infoblox plugin

for VMware:

1. Navigate to Data Management -> DHCP in your Grid Manager GUI.

2. Click on +. Select (IPv4) Network if you expanded the Add menu.

3. Select Add Network. Click Next.

4. Set the Netmask to the CIDR to be used for your network (e.g. 24, or 255.255.255.0).

5. Click + and type the address for your network (e.g. 172.26.1.0).

6. Click Next.

7. Click +. Select Add Infoblox Member if expanding the Add menu.

Note: If you have a single server in your Infoblox Grid, this should be automatically selected for

you. Otherwise, follow the selector window to select the Grid member(s) to assign to the network.

8. Click Next and Next again until you are on the step to configure the options for the network

(this is step 5 of 7 in NIOS version 8).

9. Set the options required for clients to operate properly the network, such as any Routers

(which will be the clients default gateway), along with the Domain Name option. DNS

records being created for VM instances will be placed into this zone by default.

Note: The plugin will not be able to read inherited options. The Domain Name option must be

overridden and set at the network and/or range levels; otherwise, updates from the plugin will

fail.


6

10. Click Next to configure Extensible Attributes (optional).

11. Click Save & Close.

12. Restart services.

Extensible Attributes Required for the vRA Plugin

Additional Extensible Attributes (EA’s) are required in NIOS and are typically added when the

Cloud Network Automation (CNA) license is installed. These include the following EA’s, with

the type that they should be created as noted in parentheses.

• VMware NIC index (integer)

• VMware resource ID (string)

• VMware On-Demand Network (string)

• VMware Network Profile (string)

• VMware External Network Profile ID (string)

• VMware External Range ID (string)

• VMware Request ID (string)

• VMware Blueprint Request ID (string)

Note: Only the name to be used for the EA is in bold. The remaining information indicates the

EA type, such as integer or string.


7

To create the required EA’s:

1. Navigate to Administration -> Extensible Attributes in your Infoblox Grid Manager GUI.

2. Click on the + (Add) button.

3. Enter the name for the EA, as displayed in bold in the list above.

4. Set the Type dropdown menu to the required setting (refer to the list above).

5. Optional: Add a comment

6. Click on the small arrow next to Save & Close and select Save & New to add additional

EA’s or click on Save & Close if done.


8

Create Cloud API account

Using an administrator account which is a member of the cloudapi-only group (or similar

group where the Allowed Interfaces configuration is set to API -> Cloud API -> Cloud API

Only (No PAPI)) is highly recommended as this allows the Infoblox IPAM plugin to send

detailed Tenant information to NIOS.

Create the Cloud API account. Here, we have created an account named cloudadmin and

assigned it to the default cloud-api-only group.


9

Example showing the Allowed Interfaces setting in the properties for the assigned group:

Permissions for the Cloud API account

Initially, it may be advisable to set everything to be allowed and then restrict these as required

later by removing permissions that are not needed. The permissions should allow the

operations that the Infoblox IPAM plugin will be performing, such as r/w for networks and

zones and if setting object level permissions, for the networks and zones that it will be

updating.


10

4. Install Plugin in VMware vRealize Orchestrator

Log on to the VMware vRealize Control Center.

Enabling Embedded VMware vRealize Orchestrator in VMware vRealize Appliance

Please note that with VMware vRealize Automation (vRA), the built-in vRealize Orchestrator

service is not enabled by default. To enable this, login to the vRA console as root and run the

following commands:

To make sure service is started when the appliance boots up, run the command:

Note: This is a one-time step. This step is not required when using an external vRO server.

Verify vRA services are running

Log on the vRA appliance and verify that all services show a status of REGISTERED.

Example URL to connect to your vRA appliance:

service vco-configurator start

chkconfig vco-configurator on

https://<vRA-name>:5480


11


12

Install Infoblox Plugin in VMware vRO

1. Log in to VMware vRealize Orchestrator Control center. Example:

2. Click on the vRealize Orchestrator Control Center link and login with the user name “root”

and the password used during setup.

https://<vra-appliance-name>


13

3. Click on the Manage Plug-ins button.

4. Click “BROWSE”.

5. Traverse to the location of the plugin. The plugin file will use a .dar extension.


14

6. Select the plugin file and click “Open”.

7. Click Upload.

8. Click “INSTALL”.

9. Click “SAVE CHANGES” to commit the plugin installation:


15

10. Verify that the Infoblox Plugin now shows in the Plug-in list and is enabled:

Install NIOS Certificate

1. Click on “VM” button to go back to home screen.


16

2. Click on “Certificates”.

3. Click on the “IMPORT” menu and select Import from URL.


17

4. Type the URL for your NIOS appliance and then click IMPORT.

5. Click “IMPORT”.


18

6. Verify that the NIOS certificate is now displayed in the Trusted SSL certificates list.

7. Log in to the VMware vRealize Orchestrator Control Center. Example:

8. Click on the vRA → Orchestrator button.

https://<vra-appliance-name>


19

9. Click “RESTART” to restart the vRealize Orchestrator server. Note: this process may take

couple of minutes to complete.

5. Setup Infoblox IPAM Endpoint Type

Accessing VMware vRealize Orchestration Server

The Infoblox IPAM endpoint is configured through the VMware vRealize Orchestration Server

(vRO). To access the vRO server:

1. Download the vRealize Orchestrator client from your vRA or vRO server.

Note: If using Embedded vRO, use the URL https://<vra-name>. For an External vRO, use the

URL https://<vro-name>.


20

2. Download and launch the Java Client. Continue through any warnings that may be displayed.

3. Type your user name and password. Click Login.

Run the Infoblox Setup Workflow

Now that the Infoblox Plugin has been installed, run “Setup Wizard” workflow to integrate the

plugin with vRO.

1. In the Run mode, toggle to the Workflows panel.


21

2. Navigate to Library -> Infoblox -> vRA -> Installation.


22

3. Right-click on Setup Wizard and select Start Workflow.

4. For environments using external vRO or you are creating a new vRA host, set the Create vRA

host option to Yes and provide the information for vRA. Click Next and skip to step 6 in this

guide.


23

5. Enter the User Credential information to be used for your vRA host and click Next.

a. Note: Skip ahead to step # 11 after completing this step.

6. For environments using embedded vRO and you will use the existing vRA host, set the create the

Create vRA host option to No.

7. Click on the magnifying glass (“Not set”) search bar.


24

8. Drill down to and click on the vRA server that you will be using. Click Select.

9. Click Next.


25

10. Enter the User credentials for your vRA host and click Next.

11. Provide your IaaS host information and click Next.


26

12. Provide your Iaas User credentials information and click Next.

13. Provide your Iaas host Domain and Workstation information and click Next.


27

14. Update the Group properties as required and click Submit.

15. The workflow will now run. This may take around a minute to complete.


28

16. Review the logs for the workflow to see the updates that were applied. This is also helpful to

review if any errors are encountered.

6. Creating Tenants in VRA

Create Production Tenant

Tenants are used to provide multiple environments within VMware. To complete the steps in

this guide, an existing tenant can be used if one (or more) already exist. To create a new tenant:

Login to vRA using your administrator credentials. Example: https://vra.test.local/vcac


29

1. In the Tenants panel, click + New.

2. Enter the General parameters for the tenant and click Submit and Next.


30

3. Click + New to create a new local user account.

4. Enter the User Details and click OK.

5. Click Next.


31

6. Give tenant and IaaS administrator permissions to the tenant administrator. In the search boxes,

type the administrators name, click on the search button and click on the search result to add the

administrator. Click on the Finish button once done.

Create dev tenant

Follow the steps outlined in section 4.1 to create a tenant named dev. Create a user named

devadmin in this tenant.

Create qa tenant

Follow steps outlined in section 4.1 to create a tenant named qa. Create a user named qaadmin

in this tenant.

7. Tenant Configuration

Role and Fabric Group Assignment

Before the tenant can be used, additional configuration must be completed.


32

Log in to the production tenant. Example:

7. Navigate to Administration -> Users & Groups -> Directory Users & Groups.

8. Type the admin name (prodadmin) in the search box and click on the search button.

9. Click on the hyperlink for the admin account.

https://vra.test.local/vcac/org/prod

https://vra.test.local/vcac/org/prod


33

10. Enable the check boxes for the roles to be allowed in the Add roles to this User panel. If in doubt,

enable all roles and restrict these later as needed. Example:

11. Log out and log back in. This is required to reset your login session and make new

configuration items available.

12. Navigate to Infrastructure -> Endpoints -> Fabric Groups.

13. Click New.


34

14. Set the parameters for the fabric group and click OK.

15. Log out and log back in again. This is required to reset your login session and make new

configuration items available.

Create Production Business Group

Business groups are used to associate services and resources to a group of users. This enables

the users to be able to provision a VM. To create a business group:

1. Navigate to Administration -> Users & Groups -> Business Groups. Click + New.


35

2. Enter the required values under the General tab and click Next.

3. Search for your tenant administrator account and assign it to all available roles. Click Next.

4. Select the Default machine prefix and click Finish.


36

5. Verify that the Business group now appears in the Business Groups list:

Create Reservation

Reservations are used to assign resources that will be available to a business group when

provisioning services. In this example, we will create a vSphere (vCenter) reservation:

1. Navigate to Infrastructure -> Reservations -> Reservations.

2. Click + New and select vSphere (vCenter).

3. Set the parameters under the General tab and switch to the Resources tab.


37

4. Assign the resources for the reservation and switch to the Network tab.

5. Assign the Network Adapter and Network Profile to be used.


38

6. NSX settings are configured in the Advanced Settings section found below. In this example, we

are using the following:

7. Click OK to save the reservation.

8. The reservation will now be displayed in the Reservations list:


39

Create Production Service

To configure the production service:

1. Navigate to Administration -> Catalog Management -> Services.

2. Click + New.

3. Set the parameters for the service and click OK.

4. Verify that the Production Service is now shown in the Services list:


40

Create Entitlement

Create a new Entitlement

1. Navigate to Administration -> Catalog Management -> Entitlements.

2. Click + New.

3. Set the parameters for the entitlement, making sure to set the Status menu to Active. Click Next.

4. Click the + symbol for Entitled Services and select the service to be used. Click OK.


41

5. Click on the + symbol for Entitled Actions.

6. Enable the appropriate Entitled Actions and click OK.

7. Click Finish.

8. The entitlement will now show in the list.


42

8. Create Endpoints in vRA

Create Infoblox NIOS Endpoint

Create the Infoblox NIOS Endpoint in vRA

1. Connect to your vRA appliance and launch the vRealize Automation console.

2. Log in using the account that has been created in vRA. In this example, we have created the

account “vraadmin” in the domain vsphere.local. Be sure to use the user name and domain

for your environment.

3. Navigate to Infrastructure -> Endpoints.


43

4. Drill down through the + New menu and select IPAM -> Infoblox.

5. Provide the connection details for the connection to your Infoblox appliance. Click OK.

Note: It is recommended to use a Cloud API account in NIOS. This enables the Infoblox

IPAM plugin to send cloud specific data in its updates.

6. The Infoblox NIOS endpoint for IPAM will now show in the endpoint list:


44

Create NSX endpoint

When employing Network Virtualization using VMware NSX (Network Virtualization and

Security Platform), you will also require an endpoint for your NSX server. To create this

endpoint:

1. Navigate to Infrastructure -> Endpoints -> Endpoints while logged into your tenant for

vRA Note: In this example, we use a tenant named ‘dev’: https://vra73.qa.com/shell-ui-

app/org/dev/.

2. Click + New, drill down into Network and Security and select NSX.

3. Enter a descriptive name for your NSX endpoint, along with the address, user name and

password used for the connection to your NSX server.

https://vra73.qa.com/shell-ui-app/org/dev/

https://vra73.qa.com/shell-ui-app/org/dev/


45

4. Click on the Associations tab.

5. Click + New.

6. Click on the dropdown menu under the Name column and select the menu item for the

vCenter server that you want to associate with your NSX endpoint.

7. Click on the Ok button located just below the row for the association that you are adding.

8. Click on the Test Connection found at the bottom right of the window. Accept any prompts

or Security Alerts that may be displayed, allowing you to confirm that the connection

between your vCenter server and NSX endpoint is working.

9. Very that the connection test completed successfully.

10. Click OK.


46

Create Network Profile

Create the network profile which will be used to set the network parameters for a machine

blueprint. In this example, we create an External network profile:

1. Under Infrastructure -> Reservations -> Network Profiles, expand the + New menu and

select External.

2. Set the parameters for the profile and select the Infoblox NIOS endpoint for IPAM.

3. Switch to the Network Ranges tab.

4. Click on the Address space menu and select the Network View in NIOS that you want to use

for this profile.

Note: If no network view is selected, the “default” network view is used automatically.


47

5. Click on + Add button.

6. Click on the Search button.

Note: See the Appendix for information on how to limit search results.

7. Select the network or range in NIOS that you want to be used for IP provisioning. Click OK

to close the Network Range selector.

8. Select the range to verify its DHCP options.

Note: The DNS suffix must be configured in the properties for the network and/or

range in NIOS. If this is not completed, provisioning done by the Infoblox IPAM

plugin will fail.


48

9. Click OK to save the network profile.

Add a Reservation

Add the configured External Profile to the reservation.


49

9. Single Machine with External Network Profile

Single Machine Blueprint

To create a Single Machine blueprint:

1. Navigate to the Design tab and click New.

2. Enter a name, ID and any other settings as required.

3. Switch to the NSX Settings tab. If using NSX, make sure to set the Transport zone.

Note: This is not required for non-NSX environments.

4. Click OK once done.

5. You will now be on the Design Canvas. Select the Machine Types category.


50

6. Drag and drop the vSphere (vCenter) Machine object to the center of the design canvas.

7. Update the settings on the General tab as required.

8. Switch to the Build Information tab and update the settings as required.

9. Select the Network and Security category and drag and drop the Existing Network

object onto the design canvas.


51

10. Click on the “Network Profile” bubble and select the (Infoblox-External) network

profile. Click OK.


52

11. Click on the vSphere object in the design canvas and switch to the Network tab.

12. Click New and select the (InfobloxExternal) network.

13. Set the Assignment Type menu to Static IP and click OK.


53

10. You should now see the vSphere and network objects linked in the design canvas.

Click Finish.

Add Property Group to VM

The Infoblox property group is what is used to control how the Infoblox IPAM Plugin behaves

and must be assigned to the blueprint before it will be used when the blueprint is deployed. To

assign the Infoblox property group to a blueprint:

1. While in the design canvas for the blueprint, switch to the Properties -> Property Groups

tab and click Add.

2. Select the Infoblox property group (Infoblox-Default) and click OK.


54

3. Click Finish.

4. Verify that the blueprint has been saved successfully.


55

Publish Blueprint

Blueprints must be published before they can be used. To publish a blueprint:

1. Select the row for your blueprint.

2. Click on the Publish button.

3. Verify that the status for the blueprint changes to Published.

Add Catalog item

Before being able to use a catalog item, you must specify the service that it will use.

1. In your vRA tenant, navigate to Administration -> Catalog Management -> Catalog

Items.

2. Click on the row to select the catalog item that you want to configure.

Note: Do not to click on the hyperlink for the Catalog Item’s name.

3. Click Configure.


56

4. Expand the Service dropdown menu and select the service to be used. Click OK.

Provision VM

To deploy a VM from the Service Catalog:

1. Switch to the Catalog tab.

2. Click on the Request button for the catalog item to be provisioned.


57

3. Set deployment parameters as required and click Submit.

4. Verify that the request has been submitted successfully. Click OK.


58

IP Address Provisioning and DNS Registration

IP address assignment and DNS name registration in NIOS is done by the Infoblox IPAM.

• The following example demonstrates the Allocate workflow process:


59

• IPAM details in NIOS allow you to easily verify the IP address allocated to a

provisioned VM:


60

• You will also find the DNS record for the VM registered in NIOS:

De-provisioning

De-provisioning (destroy) a deployment will release any allocated IP addresses and delete the

associated IPAM data and DNS records in NIOS. To destroy a deployment:

1. In vRA, navigate to Items -> Deployments and select the row for the provisioned object that

you want to destroy.

2. Expand the Actions menu and select Destroy.


61

3. Click Submit.

4. Click Ok.

During this process, the Release workflow for Infoblox Plugin is called. This workflow

triggers the deletion of the IP address and DNS objects in Infoblox.


62

10. NSX Load Balancer with VM Provisioning

NSX Load Balancer Blueprint

1. To create a new Blueprint with an NSX Load Balancer, navigate to the Design ->

Blueprints tab and click New.


3. Switch to the NSX Settings tab, select the Transport Zone (for NSX) and click OK.


63

4. You will now be placed in the design canvas. Select the Machine Types category and drag

and drop the vSphere (vCenter) Machine object to the center of the design canvas.

5. Click on the vSphere Machine object in the design canvas.


64

6. Update the General tab as required. For the Instances option, set the Maximum Limit to 4.


8. Select the Network and Security category and drag and drop the Existing Network

object onto the design canvas.


65

9. Click on the Network profile button.

10. Select the (Infoblox External) network profile to be used and click OK.

11. Click back to the vSphere object in the design canvas.

12. Switch to the Network tab and click + New.

13. Select the (InfobloxExternal) network profile and click OK.


66

Add Load Balancer

1. While still in the design canvas for the blueprint, select the Network & Security category

and drag and drop the ON Demand Load Balancer object to the design canvas.

2. On the General tab, update the settings as required.

3. In the Virtual servers section, click New.

4. Select the desired protocol, update any settings as required and click OK. Repeat this step

to add additional virtual server protocols.

5. Click back to the vSphere object in the design canvas.

6. Switch to the Properties -> Property Groups tab and click Add.


67


The following example demonstrates how the completed blueprint will appear:

Publishing the Blueprint

Blueprints must be published before they can be assigned to a catalog item. To publish the

blueprint:

1. Navigate to Design -> Blueprints.

2. Click on the row for your blueprint (taking care not to click on the hyperlink).


4. Verify that the status for the blueprint has changed to “Published”.


68

Assign the Catalog item to a service

Published blueprints become available as catalog items. These must be assigned to a service

and entitled to a business group before they will be available in the Service Catalog. To assign

your catalog item to a service:

1. Navigate to Administration -> Catalog Management -> Catalog Items.

2. Click on the hyperlink for your catalog item or select its row and click Configure.

3. Expand the Service dropdown menu and select the service that you want to assign to the

catalog item.

4. Click OK.


69

• The catalog item should now appear in the Service Catalog.

Deploy from NSX Web Blue catalog item.

• Navigate to the Catalog tab and click on the Request button for your blueprint.

• Update the settings as required and click Submit.

• The deployment will now begin. Switch to the vRO client to view workflows as they are

triggered during the deployment process. Depending on the Infoblox property group

settings, this may include the Create IP Ranges, Get IP Ranges, Get Address Spaces,

Allocate and Update workflows.


70


The traditional method of verifying VM status has been through the vSphere client, such as is

demonstrated here where we can see the IP address that was provided by Infoblox for the NSX

device.


71

• Here, we can see the IP address provisioned from Infoblox for the production Linux

VM.

• With Infoblox IPAM, it is easy to track the IP addresses assigned for deployed

instances. Here we can see the IPAM details for the deployed NSX device and VM.


72

• Infoblox IPAM also makes it easy to locate any DNS record(s) created for the

objects that have been deployed, records which are stored under Data

Management -> DNS.

De-Provisioning

The Infoblox IPAM plugin for VMware is also effective with automating the cleanup of

objects when an item is destroyed (deleted). To destroy a deployed item:

1. Navigate to the Items tab in vRA.

2. Select the deployment item you want to remove and in the Actions menu, select Destroy.


73

3. Click Submit.

As this process completes, any assigned IP addresses, DNS records and networks created by

the plugin will be removed from Infoblox.

11. Routed Network Profile

Starting with vRA 7.2 and version 4.2.1 of the Infoblox IPAM plugin for VMware, you will

find support for Routed Networks with NSX integrations. This section describes how to create

Routed Networks using Infoblox and vRA 7.5.

Add Network Container in NIOS

To support routed networks, a Network Container must be defined in Infoblox. To add a

Network Container that will be used for Routed Networks:

1. In your Infoblox GUI, navigate to Data Management -> IPAM. Note: If you are not at

the Network View level, click on the IPAM Home link found at the top-left of the window.

2. In the horizontal toolbar (displayed above the list of networks), click on the + button. If

prompted, select IPv4 Network. If using the + Add menu from the vertical Toolbar on the

right-hand side of the page, expand the menu and select Network -> IPv4.

3. Select Add Network Container and click Next.


74

4. Set the Netmask and Network Containers options to the desired settings. In this example,

we create a 10.10.0.0/16 network container.

5. Click Next to update any other settings as required. Click Save & Close once done.

6. You should now see the Network Container listed in IPAM.


75

Create External Network Profile in vRA.

Routed Networks require an External Network profile. To create the External Network Profile:

1. In vRA, navigate to Infrastructure -> Reservations -> Network Profiles.

2. Expand the New menu and select External.

3. Enter a name for the network profile.

4. Expand the IPAM endpoint menu and select the endpoint for your Infoblox appliance.


6. Expand the Address space menu and select the Network View that you want to use from

Infoblox. Note: If you have not customized the Network Views, you will only see the

‘default’ Network View.


76

7. Click Add.

8. Click on the magnifying glass to display all available networks and DHCP ranges from

Infoblox (up to 1000 by default). If needed, you can also leverage filters in the Search box,

including for networks, ranges and extensible attributes. Multiple filters are comma

separated and do support a simple syntax (string) or regex. For example:

network = 172.26.*, building = 1

9. Select the desired address space and click OK.

10. Click OK once done to save the network profile.


77

Create Routed Network Profile

To create the Routed Network Profile:

1. In vRA, navigate to Infrastructure -> Reservations -> Network Profiles.

2. Expand the New menu and select Routed.

3. Enter a name for the network profile.

4. Expand the IPAM endpoint menu and select the endpoint for your Infoblox appliance.

5. Select the previously created External network profile, along with the Range subnet mask

that you want to use for your routed networks.

6. Switch to the IP Blocks tab and verify that the correct Network View is selected in the

Address space menu.

7. Click on the Add button and select the IP block that you want to use. Depending on your

existing configurations, this may default for you.


78

8. Click OK.


Add Network Profiles to the Reservation

Create a new reservation or add Network profile to existing reservation. Here we are creating a

new reservation.

1. In vRA, navigate to Infrastructure -> Reservations -> Reservations.

2. Click New.

3. Set the Name, Tenant and Business Group. Verify that the ‘Enable this reservation’ option

is enabled.


79

4. Switch to the Resources tab and set the resources as required.

5. Switch to the Network tab and select the Network Adapter, Network Profile and

any other settings that you want to use for your deployment.


80

NSX Routed Network Blue Print

1. To create a new blueprint with a Routed Network profile, navigate to the Design ->

Blueprints tab and click New.


3. Switch to the NSX Settings tab, select the Transport Zone (for NSX) and click OK.

4. You will now be placed in the design canvas. Select the Machine Types category and drag

and drop the vSphere (vCenter) Machine object to the center of the design canvas.


81

5. Update the General tab as required.


82


7. Switch to the Properties tab and click + Add.


83


9. Select the Network & Security category and drag and drop the On-Demand Routed

Network object to the canvas.

10. In the General tab, click on the Parent network profile button.


84

11. Select the network profile (Infoblox-Routed-1) for this blueprint. Click OK.

12. In the design canvas, click on the vSphere object.

13. Switch to the Network tab and click New.


85

14. In the Network menu, select the Routed network (InfobloxRouted1) and click OK.


86

15. You should now see the routed network and the vSphere machine linked together.

Click Finish.


17. Click on the row for your blueprint (taking care not to click on the hyperlink).


19. Navigate to the Catalog tab. You should now see the blueprint here.


87

Provision a Routed VM

To deploy a VM using the blueprint with the routed network:

1. In vRA, navigate to the Catalog tab.

2. Click on the Request button for your routed network blueprint.

3. Update the options as required and click Submit.

4. This will trigger Infoblox Create IP Ranges and other workflows. Switch to the vRO client

to view and monitor these workflows as they are triggered.

5. A new network will be automatically created in the network container. Switch to the Data

Management -> IPAM -> 10.10.0.0/16 -> List tab in the Infoblox GUI to view this.


88

6. This will also trigger the Allocate workflow. This is used to get an IP address from this

network


89

7. As observed in the Infoblox GUI, the provisioned VM will have IP address assigned from

the routed network.

8. The routed interface is also automatically added in the DLR.


90

9. The provisioned VM has also obtained an IP address from the Network.

10. The DNS record has also been updated by the Infoblox plugin.


91

De-provisioning

When the provisioned item is deleted, it will trigger the workflow to release the IP address

back to the pool and delete the range that was created. To destroy a deployment:

1. In vRA, navigate to the Items tab.

2. Select the deployment (do not click on the hyperlink).

3. Expand the Actions menu and select Destroy.

4. Click Submit to confirm the request.


92

5. During this process, the Release workflow will be triggered as the VM is shut down and

deleted. This will release the IP address for the VM from Infoblox.


93

6. When the DLR is shut down and deleted, the Delete IP Ranges workflow will be

triggered. This will delete the provisioned network.

7. After this, you can verify in the Infoblox GUI that the network has been deleted.


94

8. The Release workflow also deletes the Host record in DNS.

12. NAT Network Profiles

Create One to One NAT Profile

The network profile sets the network parameters that will be used when deploying an instance

in a One to One NAT configuration.

1. In your vRA tenant, navigate to Infrastructure -> Reservations -> Network Profiles.

2. Click New and select NAT.


95

3. Complete the fields in the “New Network Profile - NAT” configuration, being sure to set the

IPAM endpoint menu to your Infoblox NIOS IPAM endpoint and NAT type to One-to-

One.

a. Note: The External network profile selected here must contain only one network or

network range and have at least two available IP addresses.

4. Switch to the DNS tab. Optional: Enter DNS settings here to override the DNS settings from

Infoblox.


6. Click New and provide a name, description (optional), Start IP address and End IP.

7. Click OK to save the network range.



96

13. Machine Blueprint for One to One NAT

The Machine Blueprint sets the design for instances that are being deployed. This section

describes the steps for creating a blueprint used to create instances in a One to One NAT

configuration.


2. Click New to create a Single Machine blueprint.

3. Under the NSX tab, set the Transport zone to be used for the NSX connection.

4. Click OK.


97

5. Here we have the machine blueprint named “Web” and selected machine prefix “prod-“

6. Set the Build Information:

7. In the Categories panel, select Network and Security (1).


98

8. In the bottom left panel, drag the Existing Network button (2) to the Design Canvas (3).


99

9. Click on the Existing_Network icon in the Design Canvas (1) and then the selector button for

“Parent network profile” (2).

10. Select the one to one NAT network profile created previously and click OK.


100

11. Click on the icon for your machine in the Design Canvas and switch to the Network tab.

12. Click + New.

13. Expand the dropdown menu under the Network column and select your One to One Nat network

profile.


101


15. Select your Infoblox property group and click OK.

16. Click Finish.


102

14. Publishing Machine Blueprints

Machine Blueprints must be published before they can be used. The steps in this section apply

for all Machine Blueprint types, including for Machine Blueprints documented in later sections

in this guide.


2. Click on the row for the blueprint that you want to publish (taking care not to click on the

hyperlinked name for the blueprint).

3. Click Publish.

4. Verify that the status for the blueprint shows as Published.

15. Add Catalog item Add Catalog item to the Service.

1. Navigate to Administration -> Catalog Management -> Catalog Items.

2. Click on the name for your catalog item that you are updating.

3. Set the Status dropdown menu to Active and in the Service menu, the service to be used.


103

4. Click OK.

16. Provision the VM from the Catalog Item

1. Navigate to Catalog.

2. Click on the Request button for your One to One NAT catalog item.

3. Set the parameters under the General and Properties tabs as required.


104

4. Click Submit.

5. Verify that the request has completed successfully.

Create One to Many NAT Profile

The network profile sets the network parameters that will be used when deploying an instance

in a One to Many NAT configuration.

1. In your vRA tenant, navigate to Infrastructure -> Reservations -> Network Profiles.

2. Click New and select NAT.


105

3. Complete the fields in the “New Network Profile - NAT” configuration, being sure to set the

IPAM endpoint menu to your Infoblox NIOS IPAM endpoint and NAT type to One-to-

Many.

4. Switch to the DNS tab and enter in your DNS configuration.


6. Click New and provide a name, description (optional), Start IP address and End IP.

7. Click OK to save the network range.



106

17. Machine Blueprint for One to Many NAT

The Machine Blueprint sets the design for instances that are being deployed. This section

describes the steps for creating a blueprint used to create instances in a One to Many NAT

configuration.


2. Click + New.

3. Set the General properties for your Single Machine blueprint.

4. Switch to the NSX Settings tab and select the Transport zone to be used. Click OK.


107

5. Here we have the machine blueprint named “Web” and selected machine prefix “prod-“

6. Set the Build Information:

7. In the Categories panel, select Network and Security (1).


108

8. In the bottom left panel, drag the Existing Network button (2) to the Design Canvas (3).


109

9. Click on the Existing_Network icon in the Design Canvas (1) and then the selector button for

“Parent network profile” (2).

10. Select the One to Many NAT network profile created previously and click OK.


110

11. Click on the icon for your machine in the Design Canvas and switch to the Network tab.

12. Click + New.

13. Expand the dropdown menu under the Network column and select your One to Many Nat

network profile.


111

14. Click OK.



112

16. Select your Infoblox property group and click OK.

17. Click Finish.

18. Provision the VM from the Catalog Item 1. Navigate to Catalog.

2. Click on the Request button for your One to Many NAT catalog item.

3. Set the parameters under the General and Properties tabs as required.


113

4. Click Submit.

5. Verify that the request has completed successfully.


The Infoblox Plugin for VMware performs IP address assignment with NIOS. This process

includes the creation of a new Network View (if one does not already exist) to support the

network for the NAT, along with any Fixed Addresses and the corresponding DNS record for

the VM instance.

To review the new Network View created for the external NAT network and IPAM details for

your VM:


114

1. In your Grid Manager GUI, navigate to Administration -> Network Views and review the

Network Views which are present.

2. To toggle between Network Views, switch to the Data Management tab and click on the

dropdown menu near the top-left of your Grid Manager GUI window.

3. Under the Data Management -> IPAM or DHCP tabs, open the network used for your VM

instance and verify the IP address which was allocated to that VM.


115


116

4. The Infoblox plugin for VMware also registers the VM in DNS. To review this, navigate to Data

Management -> DNS, open the zone used for the network the VM was created in and locate the

DNS record that was created.

5. Events executed by the plugin are also captured in the NIOS audit logs. To view these, navigate

to Administration -> Logs -> Audit Log. Filters can be used to simplify the view here.


117

De-provisioning

When a provisioned deployment is destroyed, the plugin takes care of any allocated IP

addresses or DNS records.


118

As resources are shut down and deleted, the Release workflow is triggered to clean up any

allocated IP addresses and DNS records.


119

19. Appendix

Adding Failover Endpoints

Additional endpoints used for the connection to Infoblox by the Infoblox IPAM plugin can be

added for high availability. When multiple endpoints are configured, the plugin will try the

endpoints in the configured priority order. To add additional endpoints:

1. In vRA, navigate to Infrastructure -> Endpoints -> Endpoints.

2. Select the Infoblox IPAM endpoint and click Edit.

3. In the Custom Properties section, click New.

Note: In each of the following steps, make sure to replace “x” with the next number for your

list of endpoints, incrementing this number as you configure additional endpoints.

4. Set the Name to “Infoblox.IPAM.Endpointx.Hostname”, the Value field to the name or IP

address of your Infoblox appliance and Encrypted to “No”.


6. Set the Name to “Infoblox.IPAM.Endpointx.Username”, the Value field to the username

for the connection to Infoblox and Encrypted to “No”.


8. Set the Name to “Infoblox.IPAM.Endpointx.Password”, the Value field to the password

for the connection to Infoblox and Encrypted to “Yes”.


10. Set the Name to “Infoblox.IPAM.Endpointx.Priority”, the Value field to the number for

the order that you want the plugin to use when considering its connection to Infoblox and

Encrypted to “No”.


120

Limiting the Search Results

By default, address space lookups will return up to 1000 results. These search results can be

limited by specifying the search result count in the Infoblox IPAM Endpoint custom

properties, or at the time of search.

20. Search Limit Custom Property

To limit the Search Result count:

1. In vRA, navigate to Infrastructure -> Endpoints -> Endpoints.

2. Select the Infoblox IPAM endpoint and click Edit.


4. Set the name to Infoblox.IPAM.GetIPRanges.maxResults, and the value to match the

maximum number of results that you want the plugin to return when looking up address

spaces.


121

This will now become the new default for address space lookups. If this number is exceeded,

the message “Not all data returned. Use filters to narrow results” will also be displayed to

inform the administrator that additional networks or ranges are available. Example:


122

Specifying Search Result Count during Network Profile Creation

21. Max Results

To limit the number of networks and ranges that are returned, use the “max” filter. Example:

22. Specifying Max Results and Network

To limit the number of results for a particular network, use the “max” and “network” or

“range” filters. Example:


123

23. Specifying Max Results and Network wildcard

A wildcard character can also be used in address space lookups. Example:

24. Search Using Regular Expression

Regular Expressions can be used in address space lookups. Example


124

25. Searching Using Type

The network types “range” or “network” can also be used to narrow down the results for

address space lookups. Example:

• To search for a range, use the filter type = range

• To search for network, use the filter type = network


125

Filtering by Max results, Extensible attributes and Type

Extensible Attributes (EA’s) are a great way of labeling resources in Infoblox, providing an

effective mechanism to easily locate address spaces (and other objects).

• EA names and values can also be used in searches. Example:

• EA’s can also be tagged with “ea:”. Example:


126

• If a wrong EA is specified, an error will be displayed. Example:

Infoblox is leading the way to next-level DDI with its Secure Cloud-Managed Network Services. Infoblox brings next-level security,

reliability and automation to on-premises, cloud and hybrid networks, setting customers on a path to a single pane of glass for network

management. Infoblox is a recognized leader with 50 percent market share comprised of 8,000 customers, including 350 of the

Fortune 500.

Corporate Headquarters | 3111 Coronado Dr. | Santa Clara, CA | 95054

+1.408.986.4000 | 1.866.463.6256 (toll-free, U.S. and Canada) | [email protected] | www.infoblox.com

© 2018 Infoblox, Inc. All rights reserved. Infoblox logo, and other marks appearing herein are property of Infoblox, Inc. All other marks are the

property of their respective owner(s).

https://www.youtube.com/user/InfobloxInc

https://www.linkedin.com/company/infoblox/

https://twitter.com/infoblox

https://www.facebook.com/Infobloxinc/

Date post:	03-Jul-2020
Category:	Documents
Upload:	others
View:	8 times
Download:	0 times

Infoblox Deployment Guide - Infoblox IPAM Plug-in 4.4.1 ...€¦ · Infoblox Plugin does DNS...

Documents