Infoblox released a high availability (HA) cluster feature for their vNIOS marketplace image (DNS server and more) around August 2025.
This is an active/passive cluster and it works by adding an additional NIC to two Infoblox VMs and then adding permissions to the VMs so that they can move a virtual cluster IP between them. There is no witness server.
The main differences between a standalone Infoblox VM and an HA cluster Infoblox VM are:
- 1 x additional NIC per VM. The standard is two NICs, so three NICs in total (included in bicep template)
- Note that the virtual machine SKU must support 3 NICs. Standard_DS12_v2 will work but Standard_DS11_v2 will not, just as an example.
- The new NIC should be added in the same subnet as LAN-1 (so the data interface, not the management interface)
- Using a SAMI must be enabled for the VM (included in bicep template)
- A custom RBAC must be created (separate step) and assigned to the Infoblox VMs via s SAMI (system-assigned managed identity) (included in bicep template).
- If you are assigning the SAMI at resource group level, ensure that the RG containing the VNet is also added. This can be done in Bicep by referencing a module (as opposed to nested ARM templates (included in bicep template)
- In NIOS (this is a post-deployment step once VM is up and running), configure a DNS resolver in the Grid Properties Editor, see link.
Previously, Infoblox had official ARM templates that could be used to deploy the marketplace images, but this is no longer the case. Their recommendation is to either deploy from portal via clickOps, use CLI, or alternatively go through the deployment steps in the portal and then export the automation templates at the last step immediately before deploying (this information we have gotten by asking the vendor directly).
However, these ARM templates include some unnecessary resources and checks which make them unnecessarily complex. The fact that they have a mandatory dedicated storage account for boot diagnostics and are not using managed storage accounts, indicates that they are not putting a lot of effort into these templates.
An alternative that we are trying out currently is to deploy the marketplace image via the portal using clickOps and then once deployed, we export the bicep file of what has actually been deployed. It takes a bit more effort to modify the template (NICs and NSGs have to be added manually) but it simplifies the templates in the end.
Bicep files
Here are examples of bicep file, param file, and a module that is used to add permissions to an additional resource group if required:
- https://github.com/norregaard/Azure/blob/main/Infoblox/infobloxvm001.bicep
- https://github.com/norregaard/Azure/blob/main/Infoblox/infobloxvm001.parameters.json
- https://github.com/norregaard/Azure/blob/main/Infoblox/SAMI_roleAssignment.bicep
Note, that in the bicep file the NSG is commented out. This is because we already have an NSG associated at the subnet level which makes an additional NSG at NIC level redundant. But if you don't have an NSG already, then use the one in the file.
Links to documentation
In the following will be listed relevant links for installation instructions from Infoblox:
General info around vNIOS with High Availability option (including how to assign the custom RBAC to the SAMI)
Other info
The marketplace image terms and conditions must be accepted up front before vNIOS can be deployed. It is done at subscription level, see link for more info.
