VMware Horizon Community
asgroi
Contributor
Contributor
‎02-14-2008 02:27 PM
Jump to solution

Can Connect to VM's Internally or Externally But Not Both?

So we are testing VDI and have come across a problem. We can connect to our VM's internally fine if we have "Direct Connect to virtual desktop" Set to "Yes" but then we cant connect externally with our security server, and when we change "Direct Connect to virtual desktop" to "No" we work great externally but internally we get the error "A connection to the VDM Server could not be established. The Tunnel Initiation failed." What gives?! Any help would be great, thanks.

0 Kudos
1 Solution

Accepted Solutions
nkrick
Enthusiast
Enthusiast
‎02-15-2008 07:52 AM
Jump to solution

What global settings are you using? In order to connect externally, you have to have "Direct Connect..." set to "No."

When you connect from external, are you using a Security Server? If so, are you also going through the Security Server when you connect from internal? If you use the security server when connecting from internal, you need to make sure the servername (FQDN) that you use matches the "External URL" that you have set on the Security Server. Also, make sure your firewall will allow your internal clients to go out through the firewall and then back into your network.

The best thing to do is to point your FQDN in internal DNS to your internal VDM server and point the same FQDN in external DNS to the Security Server. But, when internal, you should be able to connect directly to the internal VDM server using a different FQDN than the "External URL." So, when you are external you would use "hostname.mycompany.com" to connect and when you are internal you would use "servername.internaldomainname.com." I prefer the first solution I mentioned (use the same FQDN and point to different servers in internal and external DNS) because then your users don't need to know different URL's to access the VDM depending on whether they are external or internal.

View solution in original post

0 Kudos
3 Replies
markbenson
VMware Employee
VMware Employee
‎02-15-2008 07:46 AM
Jump to solution

To connect to VDM Connection server externally (e.g. from the Internet with the VDM Connection Server behind NAT/Firewalls etc.) you must use the secure tunnel (i.e. don't use direct connections).

You can set this up with or without a VDM Security Server. See the diagrams in the VDM Intro document http://www.vmware.com/pdf/vdm20_intro.pdf for deployment scenarios with and without a VDM Security Server. You'll need to configure an externally resolvable URL on the VDM Connection Server or VDM Security Server. See the section on page 40 of the VDM Admin Guide http://www.vmware.com/pdf/vdm20_manual.pdf on "Setting an Externally Resolvable Name on a Connection Server" for instructions on how to do this.

If you set up the environment to support external users, internal users can use the same environment - they'll access it just as if they are coming in from the Internet as long as you ensure they can access the VDM Connection server using the External URL you have set up.

An alternative way is to have two VDM Connection servers. One to support internal and one to support external. One would be installed as a standard instance and the other would be installed as a replica. Only the one supporting external users would need the External URL set. Both are valid deployment options. There's some diagrams in the VDM Intro document that show these various deployment options.

BTW - for specific VDM questions it is better to post on the new VDM specific forum under Desktop products.

Hope this is useful.

Mark.

nkrick
Enthusiast
Enthusiast
‎02-15-2008 07:52 AM
Jump to solution

What global settings are you using? In order to connect externally, you have to have "Direct Connect..." set to "No."

When you connect from external, are you using a Security Server? If so, are you also going through the Security Server when you connect from internal? If you use the security server when connecting from internal, you need to make sure the servername (FQDN) that you use matches the "External URL" that you have set on the Security Server. Also, make sure your firewall will allow your internal clients to go out through the firewall and then back into your network.

The best thing to do is to point your FQDN in internal DNS to your internal VDM server and point the same FQDN in external DNS to the Security Server. But, when internal, you should be able to connect directly to the internal VDM server using a different FQDN than the "External URL." So, when you are external you would use "hostname.mycompany.com" to connect and when you are internal you would use "servername.internaldomainname.com." I prefer the first solution I mentioned (use the same FQDN and point to different servers in internal and external DNS) because then your users don't need to know different URL's to access the VDM depending on whether they are external or internal.

0 Kudos
asgroi
Contributor
Contributor
‎02-19-2008 08:49 AM
Jump to solution

Thanks nkrick, that was it. My internal 'A' record was pointing externally. Changed it to point internally and all is well. :smileycool:

0 Kudos