none
Choosing network location service and DCA URLs RRS feed

  • Question

  • Hi,

    I need to configure 2 internal URLs for DA, the NLS and the URL for connectivity status as part of the direct connectivity assistant.

    Is there a downside to using the same URL for the DA NLS and DCA ?

    Thanks


    IT Support/Everything

    Thursday, August 16, 2012 9:04 AM

Answers

  • I actually don't know if it supported to have NLS on the UAG server, pointing the DCA tests against the inside would probably work but I would not recommend it.

    Since this is a critical part of the infrastructure I would recommend putting it on another internal system that will be available all the time (On a HA IIS if you have one or the same webserver where you publish your CRLs?)

    Regarding the DCA Probe, it needs to be reachable over the DA tunnels and the purpose is to help you when troubleshooting.
    Putting it on an internal server will help you pinpoint possible problems (if it's related to the UAG or something inside it), if its on UAG you will only know if/that it works to connect there but nothing regarding the internal network/infrastructure.

    Best wishes,
    Jonas Blom


    Jonas Blom | Relevo AB | http://blog.nrpt.se

    • Marked as answer by Aetius2012 Thursday, August 16, 2012 2:19 PM
    Thursday, August 16, 2012 12:20 PM

All replies

  • Hi,

    Yes, you need to use two different URLS.

    The url for the NLS server will be blocked in your NRPT rules so that external clients cannot connect to it.

    (You can use two different urls that points to the same server though, it is only the URL/hostname for the NLS that will be blocked)

    Best wishes,
    Jonas Blom


    Jonas Blom | Relevo AB | http://blog.nrpt.se

    • Proposed as answer by Jonas Blom Thursday, August 16, 2012 9:36 AM
    Thursday, August 16, 2012 9:36 AM
  • Jonas,

    So could I set both URLs to point to the internal name of the UAG server? Ensuring that one uses a cname instead of the actual host name.

    Thanks


    IT Support/Everything

    Thursday, August 16, 2012 11:54 AM
  • I actually don't know if it supported to have NLS on the UAG server, pointing the DCA tests against the inside would probably work but I would not recommend it.

    Since this is a critical part of the infrastructure I would recommend putting it on another internal system that will be available all the time (On a HA IIS if you have one or the same webserver where you publish your CRLs?)

    Regarding the DCA Probe, it needs to be reachable over the DA tunnels and the purpose is to help you when troubleshooting.
    Putting it on an internal server will help you pinpoint possible problems (if it's related to the UAG or something inside it), if its on UAG you will only know if/that it works to connect there but nothing regarding the internal network/infrastructure.

    Best wishes,
    Jonas Blom


    Jonas Blom | Relevo AB | http://blog.nrpt.se

    • Marked as answer by Aetius2012 Thursday, August 16, 2012 2:19 PM
    Thursday, August 16, 2012 12:20 PM
  • Just a confirmation, no it is not supported to host the NLS website on the UAG box. (it is supported to do this in Server 2012 though)
    Thursday, August 16, 2012 8:11 PM