In your hybrid cloud environment, you can deploy DNS forwarding proxy as a service on an on-prem host and connect it to BloxOne Threat Defense Cloud, so you can take advantage of the security features that BloxOne Threat Defense Cloud offers. You can deploy DNS forwarding proxies as a service on virtual machines using the Docker or OVA package that Infoblox provides. You can also deploy a DNS forwarding proxy using HTTP Proxy to forward DNS queries to BloxOne Cloud.
Depending on your network infrastructure, you can configure MTU (Maximum Transmission Unit) for your on-prem hosts. MTU is the largest size packet, specified in octets (eight-bit bytes), that can be sent in a single layer network transaction. MTU configuration is supported for both IPv4 and IPv6 networks, and the default is set to 1500. You can overwrite the default to adjust the MTU to a smaller or larger unit based on your network requirements. You can also enable or disable path MTU discovery. The default is enabled. Note that you can configure MTU only for OVA deployments when you first deploy an OVA on-prem host. For information, see ESXi OVA Deployment Using vCenter and vCenter OVA Deployment to ESXi Using ovftool. After deployment, you can adjust the MTU value through the Cloud Service Portal or Device UI. However, you can enable or disable path MTU discovery only through the Device UI. For more information, see Viewing and Modifying On-Prem Host Configuration and Troubleshooting On-Prem Hosts.
Infoblox provides the Docker Container and OVA deployment packages, so you can deploy on-prem hosts in a virtual infrastructure of your choice. Note that you can run multiple services on an on-prem host, including DNS forwarding proxies. Virtual on-prem hosts are automatically created when you use a join token to connect them to BloxOne Threat Defense Cloud. For information about join tokens, see Managing Join Tokens for On-Prem Hosts.
Depending on your preferred environment, you can download the Docker or OVA package from the Cloud Services Portal. BloxOne Threat Defense supports the following deployment methods:
- Bare-Metal Docker Deployment
- VM Infrastructure (Hyper-V, KVM) Docker Deployment
- ESXi OVA Deployment Using vCenter
- vCenter OVA Deployment to ESXi Using ovftool
- Deploying OVA as an OVF Template on ESXi
Infoblox recommends that you use Docker version 19.03.5 to avoid an issue in which the Docker container might re-deploy continuously, resulting in multiple deployments of the on-prem host. In addition, Kubernetes is not supported.
Before you start your on-prem host deployment, ensure that you review the following topics to ensure that your environment supports the deployment:
This page has no comments.