Administrator Guide
NOTE: Dell recommends that you set up tenant access isolation before you replace self-signed certicates and congure AD FS,
or another security token service. In the process of setting up tenant portal access on an isolated network, you change the fully
qualied domain name (FQDN) of the tenant portal in the tenant portal settings. It is best to make the change rst, before you
undertake the other procedures.
Sample naming convention
IMPORTANT: Your domain name should be the same as the DNS zone in which your DHCS stamp resides. For example, if your
domain name is
mycompany.local
, and you are using a DNS zone other than
mycompany.local
, you have a disjointed namespace.
The use of disjointed namespaces has not been tested in the DHCS stamp. Dell recommends that you do not use a disjointed
namespace within the DHCS stamp.
Examples in this section use the following sample names and addresses:
• Management network: VLAN 100
• Tenant access network: VLAN 110
• Management network address: 10.10.55.0/26
• Internal network range: 10.0.0.0/8
• Dell Hybrid Cloud System for Microsoft stamp prex: DHCS
• Internal domain name—in which the DHCS stamp is deployed: contoso.local
• External domain name: contoso.com
• Tenant portal VM internal IP address: 10.10.55.14
• Tenant portal VM internal FQDN: dhcsapt01.contoso.local
• Tenant portal VM external IP address: 172.31.1.5
• Tenant portal VM external FQDN: cloudportal.contoso.com
Network requirements
The following diagram illustrates the network conguration for isolated tenant portal access, with examples:
Administration
37