When installing the connection broker, I don't get a chance to change the default port of the service (from the default HTTPS port 443). I already have a service on my network at that port, and I'd like to move the broker to a different port. Is there a way to modify this?
By the same token (I think), I'm confused as to what purpose this configuration setting is for: In a running broker, you can go to Configuration, select your broker, and edit it's External URL field. I don't this this is for what I'm trying to do (move the port). So, what's it for?
I don't think this is possible. I've looked through all the xml files, and can't see this set anywhere. Also, I notice that ws_java_bridge.exe is the process listeneing on 443 so chances are it's hidden in a jar file or DLL somewhere.
I would agree that it should be an option to be able to change this though.
I may not have understood this, but it doesn't matter that there is another service on your network using HTTPS 443. Users access VDM Connection Server using a full URL (including server name/IP address) so as long as there isn't a service on the particular VDM Connection Server that was already listening on 443, you'll be fine. If anything is listening on 443 on the same server, this will be detected at installation time, and you'll get a good error message.
The purpose of configuring External URL is for situations where the VDM Connection server is being accessed from behind a NAT/Firewall etc. e.g. when accessing VDM from the Internet. In this case it is necessary to configure an external URL representing the URL that a client device needs to use when communicating with the VDM Connection Server (for the secure connection). The default external URL uses the fully qualified computer name, but if that is inside a corporate network or in a DMZ etc. that won't be accessible from the Internet using that URL. External URL allows you to overwrite the default. See page 40 of the admin guide at http://www.vmware.com/pdf/vdm20_manual.pdf for details on how to set that up.
Hope this helps.
So, Doug has it right; I have a single Internet point of presence, managed by a NAT firewall/router. I already publish one service through that firewall on port 443, and I'd like to publish this service on a different port. I thought that the External URL configuration item was related to this need, but I don't see how putting a URL in there makes any difference to how I publish the service externally.
I certainly see how how, internal on my LAN, having two hosts publishing services on port 443 is not a conflict.
For example, say my Internet presense is foo.mysite.com. In my router I forward all traffic to foo.mysite.com:443 (std HTTPS) to 192.168.1.20. Thus, I've 'published' the host 1.20 via that port. Now I'd like to get to my VDM2 broker at foo.mysite.com:9999. In my router I forward all traffic from port 9999 to 192.168.1.30. So, I need the broker to be listening on port 9999, hence my request to change it's port.
How does entering "foo.mysite.com:9999" into the broker's External URL field help me achieve this, if the broker is still working on (I think) port 443?
Can you configure your router to direct traffic to (say) vdm.foo.mysite.com:443 to the VDM Connection Server so that VDM listening port number reconfiguration is not required?
No, I can only define a single host name b/c I only have a singe IP address presence on the Internet. In my example, 'foo' is the host and 'mysite.com' is the network. I think in your example 'vdm' is the host and 'foo.mysite.com' is the network.
I think my answer might lie in either NAT tricks at the router or using the Security Server personality of the broker in a DMZ mode of some kind.
I take it that the answer is 'No, you can't change the default port'.
Some NAT routers give you the ability to listen externally on one port and then direct data over that port to a specific IP address and (different) port on the internal side. If you can do that, you should be able to give a unique external port number in the External URL field.
That's it- the answer was to put a rule in the router that allowed me to redirect incoming traffic on a unused port to VDM2's default port of 443. It looks like this:
foo.mysite.com:9990 TCP -> broker.internal.net:443 TCP
This works like a charm with two caveats:
1. You have to use the External URL field in the broker to identify the name you will use (in this example, External URL=https://foo.mysite.com:9990).
2. This breaks the broker for intrnal LAN use. You have to start using the external name all the time, which worked fine for me. Again, in this example, "broker.internal.net" stopped working as a VDM Server, and "foo.mysite.com port 9990" works fine.
If you want to publish to the web the recommended policy is to use a Security Server in the DMZ , do not push the port thru your firewall to the CS. Its possible but not a good idea. You could also set the SS up on port 80 in your DMZ..
VDI Beta Class Attended