Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

NIOS DNS DHCP IPAM

Reply

Network Container "next available network" conflicting with vDiscovery

New Member
Posts: 1
1830     0

Background: we're working to configure a fully automated process that would allow for spinning up new AWS accounts and tie it to vRealize Automation for the deployment of servers. To support this, I have configured a network container in Infoblox Grid Master. An Ansible script reaches out and grabs the next available /24 network from the container and uses it to create the AWS account. The ansible script then proceeds to create a new VPC and several /28 subnets inside it for each of the various roles (web, app, DB, etc.). I then make a WAPI call to Infoblox and spin up a new vDiscovery task (code below) for this new AWS account using a new AWS "Infoblox user" service account. VRA needs this discovery completed so that it can relate the new subnets with IP ranges in the network profile. 

 

Problem: At the moment, the vDiscovery fails if I attempt to have it merge the discovered data with the existing network "default" view. It will work if I let the vDiscovery spin up a new network view, but the Network team does not want that as it creates a bit of confusion. Now the 'default' view of the network container shows that the subnet mostly unused, but the new network view shows the new subnets and 'used' IP addresses. 

 

Overlapped VPCs encountered with direct network view mapping option, entire discovered dataset discarded. (Overlapping with existing NIOS objects)

 

 

JSON for the new vDiscovery task:

{
  "auto_consolidate_managed_vm": true,
  "public_network_view": "default",
  "member": "infoblox.localdomain",
  "name": "NewAWSCloudAccount",
  "username": "AWSAccountAccessKey",
  "auto_consolidate_managed_tenant": true,
  "private_network_view_mapping_policy": "DIRECT",
  "password": "itsAsecret",
  "private_network_view": "default",
  "protocol": "HTTPS",
  "update_metadata": true,
  "port": 443,
  "merge_data": true,
  "auto_consolidate_cloud_ea": true,
  "driver_type": "AWS",
  "public_network_view_mapping_policy": "DIRECT",
  "fqdn_or_ip": "ec2.us-west-2.amazonaws.com"
}

Question

  1. Is this the best way to be configuring the environment for my project? Network Container with large subnet range. vDiscovery set to run against each new AWS account that is created. 
  2. If I continue with this, how do I get the vDiscovery data to correctly merge with the network container object? 

 

----------------
lok'tar ogar
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Businesses are investing heavily into securing company resources from cyber-attacks form cybercrimin