Configure network settings based on your needs and requirements.
In this task you will configure network settings for your instance, including security groups (firewall rules) and network interfaces. For a BAM instance, you will need to configure the eth0 interface. For a BDDS instance, BlueCat recommends that all customers configure two interfaces (eth0 and eth1) regardless of their need for Dedicated Management.
- For clean installations of BlueCat DNS for AWS, the eth1 interface of your AWS instance will be mapped to the Management interface (eth2) on your DNS/DHCP Server.
To configure instance details:
- Navigate to the Network settings section of the instance configuration page.
Set the following options to suit your requirements:
- VPC—Select a VPC. Note: BlueCat strongly recommends connecting to your VPC using a VPN connection when working in a mixed environment where part of your DNS, DHCP and IPAM (DDI) infrastructure is on the premises and part of it is on the AWS cloud. For more details about AWS VPN connections, refer to https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html.
- Subnet—Select or create a subnet.
- Auto-assign public IP—Leave this option as Disable.
- VPC—Select a VPC.
Under Firewall (security groups), create a security
group (or select an existing group if you have already created one). Loading a
verified BlueCat AMI from the AWS Marketplace will automatically generate the
recommended minimum set of firewall rules in the Inbound security groups
rules section. The following minimum set of firewall rules are
recommended for BlueCat Address Manager for AWS and BlueCat DNS for AWS.
BlueCat Address Manager for AWS BlueCat DNS for AWS
- HTTP port 80
- HTTPS port 443
- SSH port 22
- Custom UDP Rule with port number 10045 for notifications
- SSH port 22
- Custom UDP Rule with port number 123 for NTP (inbound only) and 161 for SNMP (inbound only)
- Custom TCP Rule with port number 10042 for secure management and connectivity between BlueCat DNS for AWS and BlueCat Address Manager for AWS
- Custom TCP and UDP Rule with port number 53 for DNS
- Custom UDP Rule with port number 67 for
DHCPNote: UDP port 67 is only required for running DHCP in VPC with remote clients.
Modify the security group name and description as needed, and add any necessary
additional firewall rules by selecting Add security group rule.
Note: For more information about BlueCat appliance service ports, refer to Network requirements in the Address Manager Administration Guide.
- Expand the Advanced network configuration section.
- Under Network interface 1, enter a Description and Primary IP address for the BAM or BDDS eth0 interface.
BlueCat DNS for AWS only: Select Add network
interface to add a second interface for Dedicated Management
- BlueCat recommends that all customers add the eth1 interface even if they don't wish to enable Dedicated Management.
- Add the eth1 interface at this step if the subnet is attached to the same VPC. If you have the public and private subnets on different VPCs, you must create the AWS instance with only eth0 configured. You must then add the eth1 interface after the instance has been configured and assign it to the second subnet attached to the other VPC.
- The subnet associated to eth0 and eth1 must be in the same availability zone.
- BlueCat DNS for AWS only: Select a subnet and enter a Description and Primary IP for the Dedicated Management (eth1) interface.
- Proceed to the Configure storage section to continue with instance setup.