I am going to deploy CWMS for customer. The deployment should enable public access and support 50 concurrent users. The admin VM is placed in internal network and IRP VM is placed in DMZ network. Non-Split Horizon DNS is used. My questions are as below:
Internal domain: abc.lan
External domain: abc.org
webEX user site url: meeting.abc.org
webEX admin site url: meetingadmin.abc.org
admin vm ip: 172.16.225.42
IRP ip is 192.168.106.176
The Private vip for WebEX admin site url is : 172.16.225.50
The public vip for WebEX meeting site url is : 192.168.106.177
Public ip which will be mapped /NATed to 192.168.106.177 is 184.108.40.206(fake)
1) Which ip shoud be added on internal DNS and external DNS for WebEx user meeting url?
192.168.106.177 (public vip) or 220.127.116.11? (public real ip)
2) Can I use internal domain (abc.lan) as the domain name configured on vTS, conductor, TMS and CWMS ?
Since meeting.abc.org will be used as the WebEX user site url. will there be any conflict on domain name?
Thank for very much!!
1) Either will work for internal users (if your network allows it). Likely it makes more sense that they go directly to the public vip (192.168.106.177) instead of being nat'ed.
2) Believe this may be ok yes, can't immediately think of why this would be a problem.
So, should I map public VIP (192.168.106.177) to internal DNS for internal users and 18.104.22.168 to external DNS for internet users?
in the deployment it asks for the meeting url (meeting.abc.com)
in a non split horizon dns situation this must resolve to the public ip.. but then the IRP host ip must be in the same subnet as the public vip, so question is..
how then do you use a DMZ ? I can't just put public ips on these two boxes, I have to NAT
You can use simple NAT-ing.
That way, your internal DNS will resolve WebEx Site URL to Public VIP on IRP Eth1 adapter (which will be in DMZ subnet), while external DNS will resolve WebEx Site URL to public IP you configure on your Firewall which you will NAT to Public VIP on IRP Eth1 adapter .
I hope this helps.
We are about to deploy CWMS for one of my customers.
We have decided to deploy Non-Split Horizon DNS since we don't have a DMZ DNS.
My customer has separate domains for internal and external DNS: On internal DNS we have domain : tatainternal.net . the external domain is tata.com
tata.com is not resolvable from internal DNS.
My DNS records are as follow:
admin1: cwms1.tatainternal.net --> 10.12.15.10 LAN
admin2: cwms2.tatainternal.net --> 10.12.15.11 LAN
adminvip: cwmsadmin.tatainternal.net --> 10.12.15.12 LAN (private VIP)
irp1: irp1.tatainternal.net --> 10.12.16.10 DMZ
irp2: irp2.tatainternal.net --> 10.12.16.11 DMZ
irpvip: ????webex url site --> 10.12.16.12 DMZ
My question is regarding the webex url site for internal users. Since we are using Non split horizon the webex url will resolve to public VIP (DMZ) using internal DNS. But since tata.com domain is not configured on internal DNS i am confused about the A record that we must configure.
For external users, there is no problem, we will use for example : meeting.tata.com on external DNS resolving to a Public IP natted to the public VIP on DMZ.