VMware Cloud Community
Raducanu
Enthusiast
Enthusiast
‎09-30-2016 12:35 AM

VMware vRA 7 Architecture / Internet Facing / User Accounts

Hello Everybody,

i have a question regarding an internet facing vRA 7 deployment.

As far as i understood the documentation, the only services which must be avaiable from the public internet are:

- VMware vRA Appliance Web Server (Port 443)

- VMware vRA Appliance VMRC Proxy (Port 8444)

All other services and ports are internal only.

User Accounts required to work with vRA are local user accounts within the vRA tennants or directory services (LDAP, ADS etc) connected to the the tennents.

I'd like to show you a drawing from our small deployment:

architektur.png

For Understanding: DNS zone xxx.server.yyy.de is only resolving inside corporate network and no public DNS zone. DNS record privatecloud.yyy.de is a public DNS record resolvable from the internet.

Is this a valid configuration?

0 Kudos
1 Reply
GrantOrchardVMw
Commander
Commander
‎09-30-2016 04:29 PM

The appliance cert contains both the internal and external names from what I can see, which is the main area that things may fall apart.

The other area of concern is that the appliance will redirect queries to it's "hostname", which will be your publicly resolvable DNS. I'm not sure from your description if it will be resolvable internally or not, but this will need to be resolved by your IaaS host.

Grant http://grantorchard.com
0 Kudos