locked
Can I create a virtaul machine and point it as External DNS while setting up edge server? RRS feed

  • Question

  • Hello

    I have 1 DC 1 SFB 1 Edge server...installing another virtual machine with TMG evaluation..i dont have any public ip...when asked my internet provider gave me 1 public ip address(i guess it it of network switch which I have or dont know)

    what i did is created virtual internal switch..added dc and SFB FE to it...1 physical network switch...

    While trying to setup this test environment I came acress this External DNS stuff...what is it? is it the internet provider who gives tht? Can I create a virtual machine by myself and point it as external DNS? If yes what should be its configuration.

    Can I do all testing of this SFB in testing environment or do I really need to buy public ips and stuff for testing as well

    Thursday, October 20, 2016 10:35 AM

Answers

  • Hi Lexi,

    As Holger suggested you need at least 2 IPs to enjoy all available features from External network like internet.

    Now if your service provider gave you an IP Address, It would be PAT IP. You have to ensure that all Lync related communication arriving on this ip address would be forwarded to edge server and vice versa.  Make sure you take care about the security aspects by putting edge server between two firewalls as well.

    Coming to DNS, if your sip address looks like user@domain.com, you must have purchased "domain.com" from some vendor like GoDaddy. You can add DNS entries like "sip.domain.com" on vendor site. You should purchase a public certificate for Edge services as well from some vendor like DigiCert.

    If you want to try it out on a actual test setup, Create 2 virtual NIC cards on edge server, provide ip address on different subnet to them. One should be from internal subnet. Assign an ip address in the other subnet to a client machine. Use internal CA to create certificate and import CA certificate in trusted root certificate on both Edge server and Client. you can create a DNS server on external subnet and create dns entries there for External client. or Go with host file entries.

    Hope this would help :)

    MvH

    • Proposed as answer by Alice-Wang Friday, October 21, 2016 7:23 AM
    • Marked as answer by Alice-Wang Thursday, November 10, 2016 9:54 AM
    Thursday, October 20, 2016 12:17 PM

All replies

  • At least you will need two public IP one for Edge and one for Webservices.

    Best deployment for testing are 4 public IP's

     

    regards Holger Technical Specialist UC

    Thursday, October 20, 2016 10:41 AM
  • Hi Lexi,

    As Holger suggested you need at least 2 IPs to enjoy all available features from External network like internet.

    Now if your service provider gave you an IP Address, It would be PAT IP. You have to ensure that all Lync related communication arriving on this ip address would be forwarded to edge server and vice versa.  Make sure you take care about the security aspects by putting edge server between two firewalls as well.

    Coming to DNS, if your sip address looks like user@domain.com, you must have purchased "domain.com" from some vendor like GoDaddy. You can add DNS entries like "sip.domain.com" on vendor site. You should purchase a public certificate for Edge services as well from some vendor like DigiCert.

    If you want to try it out on a actual test setup, Create 2 virtual NIC cards on edge server, provide ip address on different subnet to them. One should be from internal subnet. Assign an ip address in the other subnet to a client machine. Use internal CA to create certificate and import CA certificate in trusted root certificate on both Edge server and Client. you can create a DNS server on external subnet and create dns entries there for External client. or Go with host file entries.

    Hope this would help :)

    MvH

    • Proposed as answer by Alice-Wang Friday, October 21, 2016 7:23 AM
    • Marked as answer by Alice-Wang Thursday, November 10, 2016 9:54 AM
    Thursday, October 20, 2016 12:17 PM
  • Hello thanks I want to tryt his below bit of urs

    "If you want to try it out on a actual test setup, Create 2 virtual NIC cards on edge server, provide ip address on different subnet to them. One should be from internal subnet. Assign an ip address in the other subnet to a client machine. Use internal CA to create certificate and import CA certificate in trusted root certificate on both Edge server and Client. you can create a DNS server on external subnet and create dns entries there for External client. or Go with host file entries."

    Can you please explain a bit more about this method of urs please.

    Monday, October 24, 2016 11:51 AM
  • Hi Lexi ,

    the answer is yes.


    Continuous plan Do review is key to success.
    Please mark as answer \Helpful if its . My Linkedin Profile

    Monday, October 24, 2016 12:30 PM
  • Hi Lexi,

    First of all I am considering its a test environment.

    Say your FE IP is 192.168.2.3/24

    Create a new virtual machine using Hyper-V and create 2 virtual NIC cards. Provide ip adderss 192.168.2.6/24 to NIC 1 and 10.10.1.10/24 to NIC 2. Install efge services on this. Import internal CA on this machine. You can create external edge certificate using internal ca, just like you create internal certificate for edge.

    If you want a DNS server create a new VM, provide IP 10.10.1.11/24, and provide all requires edge DNS entries there.

    On the external client machine provide IP address as 10.10.1.101/24, DNS as 10.10.1.11. Also make sure you added internal CA in trusted root certificates.

    Thursday, October 27, 2016 8:08 AM