VMware Horizon Community
ALEX_TSM
Enthusiast
Enthusiast
‎04-11-2017 01:33 PM
Jump to solution

Resolving the balancer DNS name on Access point if it is the same for internal and external connections

Hello, my configuration is:

F5 External vdi.mycomp.com 234.000.14.23 NAT to 192.168.1.3

AP1 ap1.mycomp.com 234.000.14.24 NAT to 192.168.1.4

AP2 ap2.mycomp.com 234.000.14.25 NAT to 192.168.1.5

F5 Internal vdi.mycomp.com as CNAME for vdi.dom.mycomp.com 172.20.12.3

CON1 con01.dom.mycomp.com 172.20.12.4

CON2 con02.dom.mycomp.com 172.20.12.5

As you can see, for our users it is enough to put the only one server name (vdi.mycomp.com) in their client and whatever they locate they can connect.

But, the question is - which IP address should be resolved on AP by using "nslookup vdi.mycomp.com" (172.20.12.3 or 192.168.1.3 or 234.000.14.23)?

Now, our DNS is always answers the IP 172.20.12.3 for vdi.mycomp.com if we put it on AP or on CON.

Everything seems works normal, but I don't think it is correct configurations.

Please help with it

0 Kudos
1 Solution

Accepted Solutions
markbenson
VMware Employee
VMware Employee
‎04-11-2017 02:23 PM
Jump to solution

There are 2 options here. UAG (AP) normally uses an internal DNS server to resolve names. You specify the DNS server with the "dns" keyword in the UAG PowerShell .ini file. SeeUsing PowerShell to Deploy VMware Unified Access Gateway (formerly known as Access Point)​.  You would expect UAG to resolve the names of your Connection Server hostnames to the 172 addresses.

If UAG doesn't have access to DNS you can either add hosts file entries (also in the .ini file) or configure proxyDestinationUrl in the [Horizon] section to reference an IP address (e.g. 172.20.12.3 instead of vdi.mycomp.com). Either way, proxyDestinationUrl is used on UAG to establish a connection to Connection Server(s).

The "split DNS" you've set up is good because internal users can connect to Connection Server(s) and external users can connect to UAG(s) with the same URL hostnames.

View solution in original post

0 Kudos
1 Reply
markbenson
VMware Employee
VMware Employee
‎04-11-2017 02:23 PM
Jump to solution

There are 2 options here. UAG (AP) normally uses an internal DNS server to resolve names. You specify the DNS server with the "dns" keyword in the UAG PowerShell .ini file. SeeUsing PowerShell to Deploy VMware Unified Access Gateway (formerly known as Access Point)​.  You would expect UAG to resolve the names of your Connection Server hostnames to the 172 addresses.

If UAG doesn't have access to DNS you can either add hosts file entries (also in the .ini file) or configure proxyDestinationUrl in the [Horizon] section to reference an IP address (e.g. 172.20.12.3 instead of vdi.mycomp.com). Either way, proxyDestinationUrl is used on UAG to establish a connection to Connection Server(s).

The "split DNS" you've set up is good because internal users can connect to Connection Server(s) and external users can connect to UAG(s) with the same URL hostnames.

0 Kudos