Differences

This shows you the differences between two versions of the page.

--- infoblox_nios:cloud_network_automation [2023/04/12 14:22] – bstafford
+++ infoblox_nios:cloud_network_automation [2025/02/14 18:13] (current) – [Infoblox Cloud Network Automation] bstafford
@@ Line 1: / Line 1: @@
 ====== Infoblox Cloud Network Automation ======
+[[https://docs.infoblox.com/space/nios90/280273510/Configuring+vDiscovery+Jobs|Documentation for DNS - vDiscovery]].
+[[https://docs.infoblox.com/space/nios90/280758966/Deploying+Cloud+Network+Automation|Documentation for CNA - CP]].
+[[https://docs.infoblox.com/space/vniosazure/37486690|Create Azure Service Account]].
+[[https://docs.infoblox.com/space/NAIG/37650904/vDiscovery+on+AWS+VPCs|Create AWS Service Account]].
+[[https://docs.infoblox.com/space/vniosgcp/35483395|Create GCP Service Account]].
 Cloud Network Automation, which includes two major components: the Grid Master that has a Cloud Network Automation license installed and one or more Cloud Platform Appliances that provide the ability to process API requests.
 The following valid licenses are part of the Cloud Network Automation solution:
-  * Cloud Network Automation license on the Grid Master and Grid Master Candidate. You cannot apply the CNA license on a Grid Member. So long as the GM and GMC appliances are licensed with CNA, you can have any member run the discovery tasks. In fact, you could get away with just licensing the GM. If you only licence the GMC, you will not get the Cloud Tab in the GUI nor will you be able to update NIOS with vDiscovery. If you only licence the GM, you will loose the Cloud tab when (if) you promote the GMC to GM.
+  * Cloud Network Automation license on the Grid Master and Grid Master Candidate. You cannot apply the CNA license on a Grid Member. So long as the GM and GMC appliances are licensed with CNA, you can have any member run the discovery tasks. In fact, you could get away with just licensing the GM. If you only licence the GMC, you will not get the Cloud Tab in the GUI nor will you be able to update NIOS with vDiscovery. If you only licence the GM, you will loose the Cloud tab when (if) you promote the GMC to GM. Testing shows that you "can" install a CNA licence on a non-GM, non-GMC member. However, you don't need to because only the GM "has" to have the license and only the GMC's "should" have the licence in addition to the GM.
-  * Cloud Platform license on the Cloud Platform AppliancesThe license you install on the Grid Master enables the Cloud user interface functions in Grid Manager and Tenant permissions.
+  * If you promote a GMC that doesn't have CNA, you will loose access to the cloud tab and vDiscovery for the cloud will only pull basic data. However, the data already pulled still exists on the Grid and can be see in the IPAM metadata. When you promote the original GM back, the Cloud tab becomes visible again.
+  * Cloud Platform license on the Cloud Platform Appliances. The license you install on the Grid Master enables the Cloud user interface functions in Grid Manager and Tenant permissions.
 When Cloud Platform Appliances are used without the Cloud Network Automation license, cloud API requests are sent either to the Cloud Platform Appliances or to the Grid Master. However, the Cloud tab in Grid Manager is not available on the Grid Master for viewing cloud objects created through cloud API requests.
@@ Line 13: / Line 24: @@
   * Multi-Grid Manager
   * Reporting
+=====Overlap=====
+When a VPC imports a subnet that matches the parent VPC, the importing tool drops the VPC container and it imports the network.
+Since the two objects overlap, there is no actual information loss, so warning messages originating from this problem can be safely ignored.
 ===== GCP =====
 By default, vDiscovery for GCP has to use Google’s DoH server to resolve names. It cannot use the resolver on NIOS. If NIOS does not allow DoH from NIOS to Internet, it won't work. Infoblox support said that it is possible to specify other DNS in Google service account JSON file generated via GCP console, but they did not inform how to do it (question for GCP support).
+===== Deleting Subnets =====
+Remember, subnets discovered will not be deleted in NIOS after they are deleted from the cloud.
+===== Azure =====
+You must copy the client secret in Azure when creating it. The Value corresponds to the Client Secret in NIOS when you configure vDiscovery jobs. If you copy the Secret ID or incorrect Value, the Azure vDiscovery job will fail and return:  If you get it wrong when configuring vDiscovery, you will get HTTP Status Code: 401. [[https://support.infoblox.com/s/article/8916|KB article 8916]].
+<code>invalid_client (HTTP Status Code: 401)</code>
+If you get the following error with vDiscovery for Azure, it is likely that the client secret has expired <code>unauthorized_client (HTTP Status Code: 400) ret=DRIVER_ERROR</code>