Greetings everyone, i am trying to create a Proof Of Concept and i would like to achieve the following architecture : 3 load balanced servers with roles DS,API,AWCM in DMZ Example: --> ServerDS01.awlab.local --> ServerDS02.awlab.local --> ServerDS03.awlab.local Load Balanced VIP --> ServerDS.awlab.com 3 load balanced servers with the Admin Console role in the internal network. Example: --> ServerCN01.awlab.local --> ServerCN02.awlab.local --> ServerCN03.awlab.local Load Balanced VIP --> ServerCN.awlab.com All the above servers will be out of the domain. SQL database will be in the internal network with AlwaysON AG (Server in the AD Domain) Following the documentation of best practices (https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/1907/WS1_Installation.pdf) it is not clear which is the URL of the Admin console and which is the URL of the device services that has to be used during the installation of WS1. The documentation states that i have to use the internal FQDN of the server for the Admin console (CN) and the external FQDN for the Device Services (DS) URL So this means that the first time i will launch the installer on the first Admin Console server i will have to put his FQDN and not the load balancer FQDN? (ex. ServerCN01.awlab.local ) and for Devices services URL the FQDN of the first Device Services server ? (ServerDS01.awlab.local) or the load balanced FQDN of the DS ? I have checked other sites that advice to use the same URL on both Admin console and Device Services and then ' play'  with the CNAME of the device services in order to avoid AWCM problems... (https://digital-work.space/display/AIRWATCH/AirWatch+Install) From your experiences which URL has to be used in each installation ? Thank you in advance for your answer. Regards, Nicolas