Administrator Guide
Figure 11. Isolated tenant portal network conguration
Here are the network requirements for this conguration:
1 Tenant access network as a separate VLAN. You must create a tenant access network as a separate VLAN, for example, VLAN 110,
tagged to all ports of the network switches where DHCS servers are connected.
2 A DNS server that tenants use for name resolution. Typically, this is a dierent DNS server from the DNS that supports the Active
Directory Domain Services (AD DS) infrastructure for DHCS servers, for example, contoso.com.
Ensure that the tenant DNS server can resolve internet addresses. This is needed for certicate revocation checks when accessing
the tenant portal over SSL. If tenants cannot resolve internet addresses, the tenant portal may take up to 30 seconds to load.
3 An external FQDN for the tenant portal VM. This fully qualied domain name (FQDN) is the name that tenants use to access the
tenant portal, for example, cloudportal.contoso.com. Create a Host (A) record on the tenant DNS server that points to the external IP
address of the tenant portal VM. (For the external IP address, pick an IP address from the IP subnet that you want to use for the
tenant access VLAN.)
The external FQDN of the tenant portal VM must be resolvable by clients on the tenant access network and the management
network. Therefore, you must congure a DNS zone with a DNS entry for the external FQDN and IP address of the tenant portal VM
on both management and tenant DNS servers.
38
Administration