Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

Amazon Web Services


AWS Infoblox Grid w/o HA Pairs - upgrades and license renewals

Posts: 8
4083     1

Hi all,


We're researching what is involved in migrating our current VMWare Grid into AWS. The fact that HA pairs don't exist in AWS does make me scratch my head a bit. In our VMWare Grid, we are providing DNS/NTP and DHCP services.


How do you handle upgrades and maintenance that requires member downtime? Is it possible for these tasks to be executed without downtime without the concept of HA pairs? We've never ran our members in standalone configuration before, so this change in deployment seems a bit hard to swallow. Are we supposed to take advantage of AWS HA services instead or is downtime inevitable? FWIW, in AWS we will only be providing DNS/NTP services.


Can the concept of Grid Master Candidates be leveraged for upgrades?

Re: AWS Infoblox Grid w/o HA Pairs - upgrades and license renewals

Posts: 65
4083     1

For the DNS/NTP servcies, you can leverage AWS HA, by deploying Grid members to different availability zones, behind a network load balancer. When scheduling upgrades/maintenance, use upgrade goups to ensure they are not down at the same time.

Re: AWS Infoblox Grid w/o HA Pairs - upgrades and license renewals

Posts: 8
4084     1

Thanks for the quick overview of what's possible!


I think we are so accustomed to having always available Infoblox members that we relied on the fact that the offered services we had never went down on a per member basis. If we design the DNS resolver usage properly, such as from the DHCP lease perspective, then DNS service downtime won't really be an issue. From an Infoblox DHCP service perspective, we will continue to use this service on-premise which means we'll continue to leverage Infoblox HA. Once we start to retire our on-premise services completely, then we'll be DNS only, which should be resilient enough to accommodate per member downtime for upgrades and such, assuming proper configuration of primary/secondary DNS servers.


IOW, I think we'll forego AWS HA and load balancers. Upgrade Groups are definitely something we will leverage though! Thanks again.


Showing results for 
Search instead for 
Did you mean: 

Recommended for You