Some users have reported problems downloading files on the site. I've reproduced the problem and the technical team is looking into this. If you try to download and get an error, it's something we're trying to resolve.

chuq

We have released a new whitepaper you might be interested in:

Disaster Preparedness for Core Network Services
Resiliency and Control for Disaster Recovery Planning and Business Continuity

It's written by Cricket Liu, our VP of Architecture

Abstract

Infoblox Inc., the automated network control company, today announced new offerings to give customers greater control of their corporate IT networks with increased security and availability. 

The new products enable global organizations to better manage the demands put on their networks by forces such as bring-your-own-device (BYOD), cloud computing, migration to IPv6 and the evolving cyber-threat landscape.

The new products include:

• Infoblox DNS Firewall: Use your DNS infrastructure to stop the bad guys in their tracks.
• Infoblox Security Device Controller: See the power of automation for controlling network security device provisioning.
• Infoblox Trinzic 100 Network Edge Services Appliance: Provide reliable network services at edge locations.

These products deliver on the company’s strategy to help customers create a strategic control point in the network. The new products are integrated with the latest Infoblox portfolio of market-leading solutions for network control

Infoblox now offers an interface to NIOS based on REST (REpresentational State Transfer). This API, which we're calling WAPI (or Web-based API), is also called a RESTful web API and is available starting with NIOS release 6.6. This API can be used to query your NIOS environment or to build tools that interact with NIOS to automate your organization's work processes.

Today we are releasing some tutorial code to help you get started using WAPI to interface with NIOS. These first samples are written in Perl and should help developers working with our PAPI interface come up to speed with the RESTful API. There are also sample programs available that show how to use the API in Java and Javascript. Over time, we will continue to add code samples and examples to show how to work with the API or explain best practices on common uses, and to expand our samples to other languages.

The RESTful API does not require client software and will work with your grid master without a need for any additional hardware. Because the API lives on the grid master, it will scale as your network grows and it will it will take advantage of the redundancy and high availability you build into your grid.

It enables clients to work with NIOS releases. The API is versioned, so you can build tools with confidence that future releases of NIOS won't cause your applications to break. Existing versions of the API will be supported into some future releases to give you time to plan any updates to your applications and decide when to take advantage of the new capabilities.

The RESTful API uses HTTP methods for operations and supports input and output in JSON and XML, and it uses HTTPS (HTTP over SSL/TLS) as the transport mechanism. The server certificate used for the RESTful API is the same certificate used by NIOS for the GUI and PAPI.

The introduction to the WAPI and the sample code is available on bloxHub. If you have questions or suggestions about future topics to be covered in our tutorials, you can discuss them in the bloxHub forums. We'd love to hear your ideas on future code examples you'd find useful, how you are using the API to solve problems, and how you'd like to see the API grow and improve over time.

Register for this webinar to learn more about the Infoblox DNS Firewall solution and how it disrupts DNS queries going to Botnets.

Malware is infecting mobile and non-mobile and mitigating outbound communication to controlled server farms is critical to protecting business assets. As the market leader in DNS technologies, Infoblox provides the industry’s first true DNS Security solution. The Infoblox DNS Firewall disrupts DNS-based Malware communication with proactive blocking or redirection of outbound communication to disrupt infected clients’ ability to interact with the Botnets.

Learn about how the Infoblox DNS Firewall provides:

• Continual updating to block communication of infected devices with fast flux Botnet servers
• Industry standard Activity logging and reporting of bad DNS requests
• Comprehensive tracking of IP addresses targeting infected clients for timely remediation

This webinar will be presented by Edward O'Connell, Senior Product Marketing Manager for Infoblox.

There are two sessions available:

March 7, 2013 at 10AM Eastern Standard Time (Register)

March 7, 2013 at 5PM Eastern Standard Time (Register)

Register now for this 60 minute session for a presentation and Q&A session on our Infoblox solutions.

Q: Does the Network Auto-Discovery only use SNMP? Or what other ways to discover?

A: The network auto-discovery uses SNMP, CLI and/or syslog as way to discover and collect information from the network devices. The platform also uses network data like ARP to understand the relationship between devices.

Q: If the device doesn’t have SNMP, how does Network Automation identify these or are they just identified as an "unknown device"?

A: The platform uses a range of data including, but not limited to SNMP. The routing and ARP tables also help identify a new device on the network and attempt to determine the type of device. If not enough information is available at time of discovery, users will receive an alert of the new device.

Q: On slide 21 you mentioned track who made a change, but we still use a 3 level user change policy so you can only see at which level the violation was made, not who made the change, how does that work?

A: If users leverage the change automation component within NetMRI, there are unique user names and access rights associated with each person. If the changes occur through CLI or another platform, NetMRI will collect the information from that change. However, if there is one "name" or "account" (such as everyone uses Admin), the user will be the same, but will still track what changed in each configuration.

Q: As an existing Infoblox customer what are all the licensing options / modules for the features discussed today?

A: For existing Network Automation customers (including Switch Port Manager and Automation Change Manager), there is an upgrade license based on the number of managed devices to enable the NetMRI/compliance functionality. Typically, the same appliance can handle the new functionality, but please check with your account rep to ensure proper sizing. If you’re a customer of Triznic DDI (our DNS, DHCP and/or IP address management solution), you need to purchase a new appliance and device licenses.

Q: When will you support Allied Telesyn devices?

A: We currently support the Allied Telesyn 8200 switches.

Q: How do you get info from devices that are not in control of the network team, such as laptops?

A: NetMRI manages layer 2 and 3 network devices and has the ability to detect end-points (but not manage laptops and servers). The system detects them once they connect to the network.

Q: Are the templates configured to implement (and interpret) different compliance standards - e.g. PCI DSS?

A: Yes, there are different embedded templates including PCI DSS, SANS, DISA STIG and NSA that can be leveraged as is, or customized based on your needs.

Q: How does this automation in Infoblox differ from the blueprints created in VMware vFabric Application Director?

A: This is a comprehensive solution that includes not only discovery, but change automation and compliance.

Q: Is NetMRI IPv6 ready?

A: Yes.

Q: Are tracked network changes classified into compliant changes and non-compliant changes?

A: All changes are detected and archived. If a new change goes against a defined rule or policy, you will receive an alert notification of the policy violation with drill down details.

Q: Does NetMRI have the ability to add users with READ ONLY access?

A: Yes, NetMRI has multiple user-based access controls including ability to make no changes, request but not improve changes, full admin rights and a number of other options.

Q: Are these policy templates downloadable from somewhere?

A: The policy templates are continually updated and are available during our normal release cycle. For example, our 6.6 release updated over 100 rules for the current DISA STIG standard.

Q: Can the reporting of changes be tied to a change management system?

A: Yes, NetMRI has both and in-bound and out-bound API that allows integration into change management systems as well as other platforms.

The Bloxhub community is about a year old and we are putting plans in place on how to improve it over the next year. We want your help in shaping those changes. 

We have created a short survey we'd like all users of Bloxhub to answer for us. The survey is anonymous and will only take a few minutes, but it will help us better understand what you need from the site and what we're doing well and where we need to improve. 

Please go to https://www.surveymonkey.com/s/bloxhubsurvey and give us your thoughts. 

Thanks!

Chuq Von Rospach

Bloxhub Community Manager

With the release of NIOS 6.6 Infoblox now offers a second API for access to the DNS/DHCP/IPAM system. One way to programmatically access this interface is to use the Python programming language. Below is an example of how one might use the Python interpreter in interactive mode. 

To successfully run this you will need to have Python installed. Most Mac OS X systems and Linux systems will already have it installed and deploying on Windows is fairly straightforward. You can find details on how to get Python installed at the official Python website:

http://www.python.org

Also, for this exercise you will need to install the requests module. I installed it on my local machine by using the pip tool and running this command:

sudo pip install requests

Once everything is setup start the Python interpreter by running the following command:

python

Now see the code example below. Cut and paste each line into the interpreter at the >>> prompt.

# Import the requests and json modules

import requests
import json

# Setup your URL and object type

url = "https://10.60.68.5/wapi/v1.0/"
object_type = "network"

# Create a new network in the system

# Define the object

new_object = {'network':'10.1.5.0/24'}

response = requests.post(url + object_type, verify=False, data=json.dumps(new_object), auth=('admin', 'infoblox'))

print response.text

# Search for the object

# Create a search string for the exact network

search_string = {'network':'10.1.5.0/24'}

response = requests.get(url + object_type, verify=False, data=json.dumps(search_string), auth=('admin', 'infoblox'))

print response.text

# Do it again with a regex search

search_string = {'network~':'^10\.1\.5'}

response = requests.get(url + object_type, verify=False, data=json.dumps(search_string), auth=('admin', 'infoblox'))

print response.text

# Modify the object

# View the object before being modified using a reference

return_results = json.loads(response.content)

for item in return_results:
    object_reference = item['_ref']

response = requests.get(url + object_reference, verify=False, auth=('admin', 'infoblox'))

print response.text

# Change the object

modify_comment = {'comment':'Sample'}

response = requests.put(url + object_reference, verify=False, data=json.dumps(modify_comment), auth=('admin', 'infoblox'))

# View the object after being modified. Note the new comment field

response = requests.get(url + object_reference, verify=False, auth=('admin', 'infoblox'))

print response.text

# Delete the object

response = requests.delete(url + object_reference, verify=False, auth=('admin', 'infoblox'))

print response.text

# Search again to see if it is gone

response = requests.get(url + object_reference, verify=False, auth=('admin', 'infoblox'))

print response.text

There has been a great deal of interest in the new NIOS REST based API and we have had tons of questions about how it works. One common request is how to work with the host object via the new API. Here are some basic examples on how to create, search for and delete a host via the REST API:

Create a host:

curl -k -u admin:infoblox -H "Content-Type: application/json" -X POST https://10.65.16.12/wapi/v1.0/record:host -d '{ "ipv4addrs":[{"configure_for_dhcp": false,"ipv4addr": "10.10.10.12"}],"name": "newhost.bloxdemo.com","view": "default"}'

Search for the host that was just created:

curl -k -u admin:infoblox -X GET https://10.65.16.12/wapi/v1.0/record:host -d name~=newhost

The search returns a reference (_ref) for the host:

[
    {
        "_ref": "record:host/ZG5zLmhvc3QkLl9kZWZhdWx0LmNvbS5ibG94ZGVtby5uZXdob3N0:newhost.bloxdemo.com/default", 
        "ipv4addrs": [
            {
                "_ref": "record:host_ipv4addr/ZG5zLmhvc3RfYWRkcmVzcyQuX2RlZmF1bHQuY29tLmJsb3hkZW1vLm5ld2hvc3QuMTAuMTAuMTAuMTIu:10.10.10.12/newhost.bloxdemo.com/default", 
                "configure_for_dhcp": false, 
                "host": "newhost.bloxdemo.com", 
                "ipv4addr": "10.10.10.12"
            }
        ], 
        "name": "newhost.bloxdemo.com", 
        "view": "default"
    }
]

Delete the host using the reference:

curl -k -u admin:infoblox -X DELETE https://10.65.16.12/wapi/v1.0/record:host/ZG5zLmhvc3QkLl9kZWZhdWx0LmNvbS5ibG94ZGVtby5uZXdob3N0

If you missed our recent webinar on Automating Network Security Policy Enforcement, don't worry. We've recorded it and it's now available. It's recommended for anyone trying to come to grips with the complexity of trying to manage and audit a modern network infrastructure. 

This webinar is 24 minutes long. If you have trouble viewing the embedded video above, look at it here. We've also posted the Q&A for this webinar.   

It’s long been assumed that every fingerprint, like every snowflake is absolutely unique and no two are alike. While for all practical or statistical purposes this statement is 100% true in human biology or snowflakes, in the world of digital technology and endpoint devices – it is NOT the case. In fact, while every device connecting to your network has a unique identifier (MAC Address), they also have a DHCP signature or fingerprint that actually identifies the device type. But these fingerprints (unlike human fingerprints) are finite and can be classified. What’s even better is that when a device tries to get on a wireless network, it offers this signature (as a numerical combination) to the DHCP server. This hand-shake and signature sharing between the device and the network is unique and very few networking technology companies have thought to take advantage it – until now.

Infoblox has built technology to capture device fingerprinting information and provide this in a very readable, useful, and actionable way to the network administrator. The technology is called DHCP Fingerprinting (think endpoint fingerprinting) and it provides network administrators with the unique device type associated with an end-point seeking access to your wireless network. With DHCP Fingerprinting, network administrators can for the first time have device type information (iOS, Android, Xbox, Linksys router etc.) for all of the devices on their wireless network. They can automatically group these, see connection history, and do trend analysis. And perhaps more importantly, they can take action or create policies based on device type.

Have you been asked to do things like this on your network yet?

• Don’t like video game consoles on your network? DONE, you can now identify them and keep them off the network.
• You issue your contractors iPads and they are only device allowed on your network? No problem, you can set policies that only allow iPads.
• Want to track connection history of devices on your network over time – check.
• Want to keep android devices off the network for fear of Malware – check.
• Want to correlate device type with IP address in your IPAM database? DONE, automatically…

Now controlling your network has never been easier. With Infoblox's DHCP  fingerprinting, you can. No Mobile Device Manager required; no agents on the device, no software licensing – if you are a DDI customer, just turn it on and you’re on your way…

Like human fingerprints, the possibilities are limitless……

Infoblox DHCP Fingerprinting technology is unique, and it’s available as a no-charge feature in Infoblox DDI 6.7 – a family of appliances that provide network control technologies (DNS, DHCP, IP Address Management).

With the release of NIOS 6.7 Infoblox has introduced some new functionality to the REST API which customers may find useful. In some cases the addition, modification or removal of an object triggers the need to restart a Grid services such as DNS or DHCP. Here is a basic example on how to restart services via the REST API:

Search for the Grid to get the reference:

curl -k -u admin:infoblox -X GET https://192.168.1.2/wapi/v1.1/grid

The search returns a reference (_ref) for the Grid:

    [
        {
            "_ref": "grid/b25lLmNsdXN0ZXIkMA:Infoblox"
        }
    ]
    

Restart services using the reference:

curl -k -u admin:infoblox -X POST https://192.168.1.2/wapi/v1.1/grid/b25lLmNsdXN0ZXIkMA:Infoblox?_function=restartservices -H "Content-Type:application/json" -d '{"restart_option": "RESTART_IF_NEEDED", "service_option": "ALL", "member_order": "SEQUENTIALLY", "sequential_delay": '1'}'

For those of you who weren't able to attent out Quarterly Customer Update webinar on June 19th, a replay of it is now available. We have also compiled the Q&A from the webinar and included it here for you.

1. The feed data must be compatible with Infoblox DNS Firewall RPZ (see documentation for information).
2. You will responsible for keeping the data up-to-date.
3. Infoblox Technical Support will be limited in how much it can help in the event of problem with the feed being used by DNS Firewall.

A large educational institution on the East Coast functions as an ISP to parts of its large network.  They wanted to determine which devices changed in the past 2 hours so that the NOC can be proactively enabled and do a configuration comparison faster for troubleshooting purposes.

The .netmri.yml file with the user's credentials needs to be in the home directory of your local Linux machine. This file enables credential passing between the local machine and the NetMRI API.  For additional information, please consult the NetMRI API Guide that is posted in the technical documentation section of Infoblox's Support site.

  use NetMRI::API;

  # comment this out if you are running HTTP only
  $ENV{'PERL_LWP_SSL_VERIFY_HOSTNAME'} = 0;

  # Configure .netmri.yml with your
  # url: http://netmri
  # username: admin
  # password: secret
  my $netmri = new NetMRI::API({api_version => "2.7"});

  #this will query Network Analysis Changes to grab the information need to parse
  my @changes = $netmri->broker->ChangeSummaryNetworkAnalysisGrid->index({
  starttime => "2 hours ago",
  endtime => "now",
  });

  #For each change in the ChangesSummaryNetworkAnalysisGrid, we will only look for Change Method
  # contains "Config" and save the config to a file with DeviceName as the file name
  foreach my $change (@changes) {
  if ( $change->ChangeMethod =~  /Config/ ) {
  my $text =  $netmri->broker->device->saved_config_text(DeviceID=>$change->DeviceID)
      ->{saved_config_text};
  #The statement below will get the device name that NetMRI uses, and will save the config
  # file to that device name
  my $save = $change->DeviceName;
  open (CONFIG, "> $save");
  print CONFIG $text;
  close (CONFIG);
  }
  };

The Infoblox Security Device Controller ensures accuracy and shortens the time needed to deploy new services with automated discovery and more. It can proactively maintain policies and rules that reduce risk and automate tasks.

Attend the webinar to see how you can:

• Automate discovery and topology mapping
• Improve policy/rule management to reduce risk
• Get alerts on policy/path violations for quick remediation and compliance adherence
• Simplify setup, test and schedule new policies/rules provisioning processes

Replay

More information about SDC

We have released a number of new DSBs for NetMRI 6.6.1 and 6.6.2 to add support for new devices from Fortinet, H3C and Huawei.

Here is the full list of these new releases:

• Fortinet fgt100D Firewall
• Fortinet fgt3040B Firewall
• Fortinet fgt311B Firewall 
• Fortinet fgt311C Firewall
• Fortinet fgt3810A Firewall
• H3C s2126-ei Switch-Router
• H3C s2403TP-EA Switch-Router
• H3C S3552F-EA Switch-Router
• H3C s5500-28F-EI Switch-Router
• H3C s7502e Switch-Router
• Huawei ne40E-X8 Router
• Huawei s2326TP-EI Switch
• Huawei s2403H-EI Switch
• Huawei s3026 Switch
• Huawei s3352P-EI Switch
• Huawei S3526 Switch

Have you upgraded to NIOS 6.7? If so, you now have DHCP Fingerprinting available, providing visibility to what types of devices are on your network. You can create Smart Folders to quickly see information about these devices. Smart Folders are an extremely powerful and flexible way to quickly gain visibility and organize IPAM data.

To begin, after logging into the Infoblox Grid, navigate to:

1. Smart Folders > My Smart Folders, and click Create.
2. Change the Name to “Microsoft Windows Devices”
3. Select the search criteria: DHCP Fingerprint Class - equals - Windows.
4. Click Apply.

Very shortly, you should see clients populate in the Smart Folder if you have Microsoft Windows devices on your network.

Click Save.

Now create several other Smart Folders, using the following information:

Name: Gaming Console Devices
Search criteria: DHCP Fingerprint Class equals Gaming Consoles

Name: Apple Mac OS Devices
Search criteria: DHCP Fingerprint Class equals Macintosh

Name: Router and Wireless Access Point Devices
Search criteria: DHCP Fingerprint Class equals Routers and APs

Name: Smartphone, PDA, Tablet Devices
Search criteria: DHCP Fingerprint Class equals Smartphones/PDAs/Tablets

Here are two more recommended Smart Folders:

Name: Conflicts
Search criteria: Conflict equals Yes

Name: Unmanaged
Search criteria: Unmanaged equals Yes

The Conflicts Smart Folder will show discovered devices that do not match existing IP address data.

The Unmanaged Smart Folder will show discovered IP addresses that do not have corresponding records on the grid (A records, PTR records, fixed addresses, host records, leases, etc.).

When you are done, the Smart Folders should appear like this:

New installations of NIOS 6.7 (or later) have these Smart Folders pre-configured. They are not automatically created when upgrading to NIOS 6.7, to avoid potential conflicts with existing user created Smart Folders.

There are quite a few additional DHCP Fingerprint Smart Folders that you could create. Choose DHCP Fingerprint Class, and examine the Choose One dropdown list to see all the available classes. Choose DHCP Fingerprint and examine the Choose One dropdown list to see all the available individual devices.

We are happy to announce the availability of Infoblox Trinzic DDI With NIOS 6.8.

This release includes a number of new features:

Access Control Using Named ACLs (Access Control Lists)

To effectively manage your core network services, you can grant legitimate hosts access to specific operations on the appliance using an ACL (access control list) or anonymous ACEs (access control entries). You can now configure a named ACL and apply it to multiple operations, such as file distribution and DNS zone transfers.

Inheritable Extensible Attributes

You can now enable the inheritance of extensible attributes. When you enable the inheritance of an extensible attribute, all descendants in the inheritance chain can inherit the attribute so you do not have to configure it at the object levels. For example, if you define an inheritable extensible attribute for a network, DHCP ranges and fixed addresses in the network can inherit the same attribute and its value. You can also define other options for inheritable extensible attributes. The appliance currently supports the Network View -> Network Container -> Network -> Range -> Host/Fixed Address/Reservation inheritance chain.

Multiple Status Dashboards

In addition to the default dashboard, you can now configure your own status dashboards to which you add widgets that help you manage core network services and data. Configuring multiple dashboards helps organize widgets in a meaningful way and improves dashboard and widget performance. This feature is especially useful when you have a Grid serving a large number of Grid members.

Additional Objects in Infoblox RESTful Web API

In this release, the RESTful Web API has been enhanced to support additional objects. For more information about the new objects, refer to the Infoblox RESTful API Documentation.

Full details on this release are available from the release notes, available for download off of the Infoblox Support Site

Implementing Quality of Service Using DSCP

You can implement DiffServ (Differentiated Services) on the appliance by configuring the DSCP (Differentiated Services Code Point) value. When you configure the DSCP value for DiffServ, the appliance sets priorities for all outgoing IP traffic. It implements QoS (quality of service) rules so you can effectively classify and manage your critical network traffic. To ensure that core network services, such as DNS services, continue to operate in the event of network traffic congestion, you can set the DSCP value for the entire Grid and override it at the member level.

Port Redundancy Support on IB-4030

This release adds port redundancy support for the Infoblox-4030 appliance. You can now configure the LAN2 port to be a redundant port for LAN1 on an Infoblox-4030 appliance to provide fault tolerance in your network. Port redundancy supports both IPv4 and IPv6 transports.

DNS Response Logging

In addition to DNS queries, you can also capture DNS responses in the syslog or export them in a capture file through the Infoblox reporting solution.

NOTE: Enabling DNS query or response logging in the syslog will significantly affect system performance. Ensure that your system has sufficient CPU capacity before you enable this feature. Alternatively, if you have a Reporting license, you can capture DNS query and response information and forward it to an external server. For more information, see the “Infoblox Reporting Solution” chapter in the Infoblox NIOS Administrator Guide.

Support for Recurring Discovery

When you configure a network discovery, you can now define a recurrence pattern that repeats on a regular basis. The appliance automatically starts the recurring discovery based on the configured schedule.

Restrictions on Recursive Deletions of Networks and Zones

You can now restrict recursive deletions of networks and zones to specific groups of users through the Infoblox GUI. Users who can perform recursive deletions are presented with the options of deleting a parent object only or deleting the parent object and all its child objects, when they delete a network container or DNS zone.

Notice and Consent Banner

You can now configure and publish a notice and consent banner as the first login screen that includes specific terms and conditions you want end users to accept before they log in to the Infoblox Grid. When you enable the notice and consent banner, users must accept the terms and conditions displayed on the consent screen before accessing the login screen of Grid Manager.NIOS 6.8.0 Release Notes

DNS Firewall Enhancements

This release supports the following Infoblox DNS firewall enhancements:

• Enhances DNS firewall to function in a multi-tiered recursion architecture.
• Improves reporting by reducing the indexing interval for RPZ events.
• Removes the ability to enable implicit pass-through logging.
• Improves syslog filtering to display RPZ events in the syslog.

10 Gigabit Ethernet Card Support on Infoblox Appliances

This release adds support for an optional 10 gigabit Ethernet card on the following Infoblox appliances: Trinzic 1410, Trinzic 1420, Trinzic 2210, Trinzic 2220, Infoblox-4010, Trinzic Reporting 1400, 2200, and 4000 appliances. Infoblox offers this factory-installed card option that accepts SFP+ modules for either 10 gigabit RJ-45 copper or 10 gigabit optical interfaces. For more information about this option, contact your Infoblox representatives.

CHANGES TO DEFAULT BEHAVIOR

In this release, DNS responses and DNS queries are stored in the same file. To reflect this implementation, the file name reporting-query-[nnnnnn] has been changed to capture-dns-[nnnnnn], where [nnnnnn] represents the timestamp when the file is created. The file continues to reside in the /storage/reporting-capture-date/ folder. To avoid backward compatibility issues, ensure that you update your scripts to handle both file naming conventions.

There is a lot of useful information in an Infoblox DDI grid, all nicely collected for you in IPAM (IP Address Management). Navigating through the user interface to get the desired information works just fine, but if there is a large amount of information, or if you want to see a combination of information neatly organized in a particular way, you should consider using Smart Folders.

Smart Folders are an extremely powerful and flexible way to gain visibility to just the information you need to see. Simply stated, Smart Folders are customized searches that dynamically update as objects are created or changed. There is a large amount of search criteria that can be used for Smart Folders, so results can be very specifically tailored. Infoblox supports two scopes of Smart Folders; Global Smart Folders (visible to all users), and My Smart Folders (separate private space for each user).

Using “Extensible Attributes” (metadata attached to an object) in combination with Smart Folders further increases the ability to refine the visibility of your information, and is highly recommended. Extensible attributes are completely customizable, and are an excellent way to help identify the individual components of your infrastructure. But even without Extensible Attributes, there is a lot that Smart Folders can do to help organize your data.

In this discussion, we’ll create some Extensible Attributes (EAs), attach some of them to objects, and then create some Smart Folders that use EAs, and some that don’t.

Let’s start by creating some Extensible Attributes.

To create a new EA, access Extensible Attributes from the Administration tab:



In this example, we have servers located in several co-location facilities, and want to keep track of the location and function of these servers.

Create a CoLo EA, of type List. This will limit the EA to only the values on the list. Create CoLo #1, CoLo #2, CoLo #3, CoLo #4 values for the CoLo list. Click Next, take a look at the other optional settings, then click Save & Close.

Similarly, create a Cabinet list, with values Cabinet #1, Cabinet #2, Cabinet #3, Cabinet #4. Similarly, create a Deployment list, with values Production, Staging, QA.

Similarly, create an Application list, with values Oracle, SharePoint, Exchange, but let’s only allow a Host to be associated with these values. Before saving, click the Add (+) button in the Restrict to Specific Object Types box. The Admin Group object is automatically added. Click to the right of this object to expose the down arrow. Click on the down arrow to show the available list of objects.



Select Host, then Save & Close. This EA (Application) can now only be assigned to Hosts.

Let’s assign some the EAs we created to some objects.

In our example grid, we have a 10.15.0.0/16 IPv4 parent network, with four child /24 networks within it, containing production, staging, and QA application servers. Using Data Management > IPAM, we browsed to each Host, and added EAs. Here is an example for server oraprod1.myzone.com:



It is a good idea to assign EAs to your objects as you create them. Every wizard that adds an object contains a step to add EAs. Adding them “as you go” is easy and quick. Adding them later (after you have many objects) would be more time consuming. EAs can be individually configured to be mandatory, to enforce proper data entry.

Now, let’s create some Smart Folders in My Smart Folders, using our example data.

Click Create, specify these filter criteria for our production Oracle servers, and click Apply, to see the results in the editor window:

The results look good, so click Save. You’ll see the name populate in My Smart Folders, and the Finder window. The Finder window (on the left) is the quickest and easiest method to navigate much of the grid’s data, including Smart Folders.

Now, let’s create a Smart Folder that shows all the staging servers:

Smart Folders are dynamic. If we add another object that matches a Smart Folder’s criteria, it will automatically appear in the Smart Folder.

Let’s create another Oracle staging server using Data Management > IPAM, making sure to assign EAs:

Using the Finder (on the left), locate the Staging Servers Smart Folder created earlier – the new staging server appears:

As you can see, using EAs along with Smart Folders makes it easy to keep track of important objects, but Smart Folders can still be used even without EAs.

Let’s create a Smart Folder that doesn’t use EAs, and will contain all our email servers. Email servers have MX records, so we can leverage this to create a Smart Folder.

Click Create, specify these filter criteria for our email servers, and click Apply, to see the results in the editor window:

Click Save.

Now let’s create another Smart Folder that doesn’t use EAs, and will contain all the IPv4 DNS reverse zones on the grid.

Click Create, specify these filter criteria for our reverse zones, and click Apply, to see the results in the editor window:

Click Save.

Try creating additional Smart Folders. Take a look at the available search criteria to get additional ideas on how to provide useful dynamic windows to your IPAM data using Smart Folders. Remember, the ways you can organize your data is almost limitless if you also use Extensible Attributes along with Smart Folders.

Consult the NIOS Administrator Guide (available in the Infoblox DDI user interface) for additional useful information regarding Smart Folders and Extensible Attributes.

This script will grab the CDP neighbor name and add it to the interface that it's configured on.

Script-Filter:
    $vendor eq "Cisco" and $sysdescr like /IOS/
    
    
########################################################################
Action:
    Execute Command Batch
    
Action-Commands:
    sh int trunk | inc trunking
    
Output-Triggers:
Parse Output
########################################################################
    
Trigger:
    Parse Output
    
Trigger-Variables:
    #This regex finds the interfaces
    $cdpport /((Gi|Fa)+\d+(\/\d{1,2}|\/\d{1,2}\/\d+|\/\d{1,2}\.\d+|\/\d{1,2}\:\d+)?|\w+-\w+\d{1,3})/
    
Trigger-Template:
    [[$cdpport]]\s.+on\s.+802.1q\s.+trunking\s.+
    
Trigger-Commands:
    sh cdp ne $cdpport
    
Output-Triggers:
    Show CDP
    
#####################
Trigger:
    Show CDP
    
Trigger-Variables:
    $cdpname /\w.+/
    
Trigger-Template:
Device.+
[[$cdpname]]\..+\..+
.+
    
Trigger-Commands:
    DEBUG: conf t
    DEBUG: int $cdpport
    DEBUG: desc $cdpname