Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Enabling IPAM and DNS registration with AWS

When creating a network blueprint for an Amazon Web Services (AWS) environment, you can enable external IP address management (IPAM) and domain name system (DNS) registration. Currently, embedded TrueSight Network Automation (formerly called BMC Network Automation), Infoblox, and VitalQIP is supported for IPAM. Infoblox is also supported as a third-party DNS.

Before you begin, you must configure TrueSight Orchestrator (formerly called BMC Atrium Orchestrator) for Infoblox and VitalQIP.

The overall process for enabling IPAM and DNS registration is:

  1. Set up IPAM and DNS as described below and in Enabling-IP-address-management (and its subtopics).
  2. Configure the Amazon Web Services (AWS) provider type.
  3. Set up a network blueprint (with DNS and IPAM enabled).
  4. Set up the logical hosting environment (LHE).
  5. Create a service blueprint. (See Building-service-blueprints-for-Amazon-Web-Services and Building-service-blueprints.)
  6. Create the service offering,

Enabling IPAM

When you create a network blueprint for an AWS environment, you can enable external IPAM through integration with TrueSight Network Automation. IPAM allows you to consistently manage IP addressing of servers throughout your on-premises and AWS environments.

Before you begin using IPAM, see Configuring TrueSight Network Automation to support third party IPAM solution and Creating and configuring TrueSight Orchestrator modules to communicate with other third party IPAM systems

Once enabled, this IPAM integration allows the virtual machines (VMs) provisioned and onboarded through BMC Cloud Lifecycle Management to acquire the IP addresses from the IPAM solution. When the VMs are decommissioned or offboarded, the IP addresses are released back to the IPAM solution.

To enable IPAM when you create a network blueprint for AWS, select the isolation boundary in the Network Designer workspace, and then select the Enable External IPAM check box. (When you create a logical data center for AWS, you can disable IPAM if you choose.)

Notes

  • If you are onboarding an existing VM for IPAM, make sure that your logical hosting environment (LHE) is enabled with IPAM integration.
  • When an LHE using IPAM is created, BMC reserves the first three IP addresses apart from first address (which is the subnet ID). BMC also reserves the last address, which is broadcast IP address. For example, if the subnet is defined with the range 10.0.1.0/24, the first three IP addresses will be 10.0.1.1, 10.0.1.2, and 10.0.1.3. Here, the subnetID is 10.0.1.0, and the broadcast address is 10.0.1.255. 

Enabling DNS registration

Additionally, when creating a network blueprint, you can add a domain name system or server (DNS) in your network. This can help you manage servers in off-premises cloud providers through TrueSight Server Automation, which stores IP addresses as a host name. TrueSight Server Automation enrolls Amazon instances by its host name instead of IP addresses when provisioning. 

Enabling DNS registration also allows for changes to IP addresses for these servers in cloud environments (for example, dynamic public IPs in AWS). When an associated dynamic public IP address changes for a VM instance, the entry in the DNS is updated, allowing TrueSight Server Automation to automatically resolve the name to correct the IP address.

Notes

  • When you restart a service offering instance, the DNS entry of the server is initially removed, and the entry is immediately added back with the host name and a new public IP address.
  • If your DNS is not working and the host name in TrueSight Server Automation is not getting resolved (for the Windows OS, a Windows icon indicates this), flush your DNS cache.

Before you start with DNS registration

Before you get started, you must configure TrueSight Orchestrator for DNS registration and install Bind9 where your TrueSight Orchestrator server is installed. See Configuring TrueSight Orchestrator for automatic DNS registration.

If you are adding DNS, configure the performDnsOperation setting to true in the TrueSight Network Automation global.properties file. (On Windows, this file is usually in C:\BCA-Networks-Data. On UNIX, the file is usually in /opt/bmc.)

Configuring DNS cache on the TrueSight Server Automation (formerly called BMC Server Automation) server

If a VM is restarted from BMC Cloud Lifecycle Management, and the VM has a dynamic public IP address (and the same IP address is registered in the DNS), the following workflow occurs:

  1. When the VM is stopped, the VM is deregistered from the DNS server.
  2. When the VM is started again, the machine is registered in the DNS with the new dynamic public IP that AWS allocates.
  3. The UpdateServerProperties job, which is run automatically updates TrueSight Server Automation with the new dynamic public IP (from step 2).
  4. On Microsoft Windows Server 2012, complete one of the following steps to ensure that this job runs successfully. Note that the steps might differ based on your operating system.
    • If the VM is started after the DNS cache expiration time, no additional configuration is required.

    • If the VM is started before the DNS cache expiration time, disable the DNS cache on the TrueSight Server Automation server:

      1. Start the Registry Editor (regedit.exe). 
      2. Locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters.
      3. Select Edit > New > DWORD (32-bit) Value, and add the following values:

        • Value: MaxCacheTTL
        • Data Type: DWORD
        • Data value: 0

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*