Publish SSP to the internet

All replies

• 

  

  0

  Sign in to vote

  Hi Marek,

  SSP2.0 does authentication of users using Active directory and the way we do VM connect is through RDP via host so the external user would need access to the host for successful connect.

   

  Hence scenario of SSP on internet is not supported currently.

  Thanks,

  • Marked as answer by Yogesh C Tuesday, April 26, 2011 5:02 PM
  • Unmarked as answer by Marek ChmelMVP Tuesday, April 26, 2011 5:37 PM

  Tuesday, April 26, 2011 5:02 PM
• 

  

  0

  Sign in to vote

  I dont mind authentication to ActiveDirectory, its published for internal users with user accounts, so this would not be the problem.

  But the windows with VM Connection is doing wrong DNS resolution, that is my quiestion, if there is a way how to fix/bypass such a bug.

  Marek

  ---

  Marek Chmel, WBI Systems (MCTS, MCITP, MCT, CCNA)

  Tuesday, April 26, 2011 5:40 PM
• 

  

  0

  Sign in to vote

  Hi Marek,

  Can you please explain more on  - "windows with VM Connection is doing wrong DNS resolution?"  Also is it possible to give example of your scenario explaining topology of your environment?

   

  Thanks

   

  Tuesday, April 26, 2011 6:08 PM
• 

  

  0

  Sign in to vote

  Topology is quite simple

  TMG -> SSP -> Hyper-V

  When I connect to the SSP (ssp.company.com) published via TMG I can see the portal with correspondent VMs.

  But when I want to connect to any VM using VM Connect, not RDP, the published site tries to find local name of the hyper-v server hyperv.company.local, which cannot be found obviously because its the internal name.

  Thanks.

  ---

  Marek Chmel, WBI Systems (MCTS, MCITP, MCT, CCNA)

  Tuesday, April 26, 2011 6:26 PM
• 

  

  0

  Sign in to vote

  Hi Marek,

  SSP on internet is not verified scenario. but Let’s consider example for your scenario.   

  ·         In ssp.company.lcl network, You have installed SSP2.0 portal. SSP2.0 has Portal component -> talks to Engine Machine -> talks to VMM via Service account -> then to Host machines.   

  ·         Now you published ssp.company.lcl an made ssp.company.com

  ·         User U1  - External user try to access ssp.company.com.

   

  Scenario 1: Opening SSP2.0 portal -> Virtual machine page -> Listing of VM

  Status of SSP : Working

  Reason:  U1 tries to contact website which is possible. Website is able to talk to Engine machine and VMM hence You are able to see list of VMs

   

  Scenario 2: Connect VM Operation getting failed -> Open SSP2.0 portal -> Virtual machine page -> Listing of VM -> Try to connect

  Status : Operation failed.

  Reason: U1 is using machines from external world to connect to ssp.company.lcl ->  Active X got installed on U1 machine -> for connect operation- This active X instead of going through Website directly goes to host for connect operation ->  As Hyper V and U1 are on different network -> it is not working. 

  Workaround : You can check if somehow you can provide direct connection of host to U1 user machine.

   

  Let me know if it works.

   

  Thanks

  Yogesh

   

  • Marked as answer by Yogesh C Monday, May 9, 2011 9:11 PM

  Wednesday, April 27, 2011 10:53 PM
• 

  

  0

  Sign in to vote

  You can try this

   

  http://ahmedhusseinonline.com/2010/11/publishing-scvmm-ssp-using-uag-part-1-of-3/

  http://ahmedhusseinonline.com/2010/12/publishing-scvmm-ssp-using-uag-part-2-of-3/

  http://ahmedhusseinonline.com/2010/12/publishing-scvmm-ssp-using-uag-part-3-of-3/

  I never tested it but you can try it

  ---

  Mohamed Fawzi | http://fawzi.wordpress.com
  

  Wednesday, May 11, 2011 11:08 PM
• 

  

  0

  Sign in to vote

  Hi Marek,
  a client asked me to publish the ssp to the Internet and after some testing, here’s how we did it.
  
  1. Place your hyper-v hosts in a dmz
  
  2. Create a separate domain that is trusted to your internal domain. This domain must be public (eg. .com) and use split dns. Ssp passes the fqdn to the active-x so should be resolvable from the outside. Add your hyper-v hosts to this domain.
  
  3. Reserve 1 external ip per hyper-v host on your Isa/tmg and point the fqdn on the outside DNS to these ip’s.
  
  4. Create a publishing rule for port 2179 per external ip ad point to your internal hyper-v host and presto. Ssp through regular tmg.
  
  I'd wish they would allow for a ts-gateway option in vmm for this though. It would make things a lot simpler
  
  Kind regards.
  Marco
  
  
  

  • Edited by Marco L Friday, October 5, 2012 10:18 PM
  • Proposed as answer by derdi Tuesday, October 23, 2012 1:13 PM
  • Unproposed as answer by derdi Tuesday, October 23, 2012 1:13 PM
  • Proposed as answer by Marco L Tuesday, September 3, 2013 8:15 PM

  Friday, October 5, 2012 10:08 PM
• 

  

  0

  Sign in to vote

  Marco:

  Can you clarify what you mean by creating a publishing rule for port 2179?

  Brian

  Tuesday, September 3, 2013 4:41 PM
• 

  

  0

  Sign in to vote

  Hi Brian,

  You will need 1 external ip per hyper-v host. for each externa ip you will need to create a non web publishing rule on port 2179 that points to the hyper-v server. check out this diagram:

  

  If you need anymore help, please let me know.

  Kind regards,

  Marco

  Tuesday, September 3, 2013 8:28 PM