Administrator Guide
4 The local routing table of the tenant portal VM must have required routes. There is no requirement for the tenant access network
to route to the management network. However, you must congure the local routing table of the tenant portal VM to correctly route
trac to both the tenant access network and the management network, and to domain controllers for the internal domain (for
example, contoso.local) that may be on dierent networks routable to the management network. The step-by-step instructions in the
next section show how to congure this.
Conguring the tenant portal
Follow these steps to congure the tenant portal for tenant access through an isolated network:
1 Make sure that DNS is congured as described in Network requirements. In particular, make sure a static Host (A) record was created
on the DNS servers in both the management and the tenant access networks.
2 Congure the physical network devices with a separate VLAN-based network to use for the tenant access network.
3 Follow the steps in Create tenant VM networks to create a tenant access network. This should be a unique network from VM
networks that you create for tenant VM use. When you congure runbook parameters, specify the external (tenant-facing) DNS
server and DNS sux.
4 In the VM console, do the following:
a Open the VMs and Services workspace. Click VM Networks, and verify that the tenant network was created successfully.
b In the navigation tree, click All Hosts. In the VMs pane, right-click the tenant portal VM <
Prex
>APT01, and then click Shut
Down. Click Yes to conrm.
c After the VM shuts down, right-click the VM, and then click Properties.
d Click the Hardware Conguration tab, click New on the toolbar (the green plus sign), and then click Network adapter.
e In the Connectivity area of the new network adapter details, click Connected to a VM network. Click Browse, select the tenant
network you created earlier, and then click OK.
f Wait until the VM conguration updates. Then, right-click the VM, and click Power On.
g After the VM starts, right-click the VM, point to Connect or View, and then click Connect via Console. Log in with a user
account that has administrative rights.
5 On the tenant portal VM, open an elevated Windows PowerShell session and congure IP properties of the new connection.
The following example commands disable dynamic DNS registration on the new connection, congure a new IP address on the new
interface, and congure a static local routing table as described earlier in Network requirements. The example assumes that there are
no DHCP servers on either of the networks. Replace the values in this example with values specic to your network.
a Assigns the variable $if1 to the network interface on which the default gateway is congured (in this case, the interface on the
management network).
$if1 = Get NetRoute DestinationPrefix 0.0.0.0/0 | Select Expand ifIndex
b Assigns the variable $if2 to the interface that is being used for the tenant access network.
$if2 = Get-NetIPAddress -AddressFamily IPv4 SuffixOrigin Link | Select Expand ifIndex
c Disables dynamic DNS registration on the new connection.
Set-DnsClient -InterfaceIndex $if2 -RegisterThisConnectionsAddress $false
d Congures a new IP address on the new interface.
New-NetIPAddress InterfaceIndex $if2 IPAddress 172.31.1.5 PrefixLength 24
e Congures a static route to the management network’s gateway address.
New-NetRoute DestinationPrefix
10.0.0.0/8
NextHop
10.10.55.1
InterfaceIndex $if1
f Removes the existing default gateway.
Remove-NetRoute DestinationPrefix 0.0.0.0/0 Confirm:$false
g Congures a default route 0.0.0.0/0 to the default gateway of the tenant access network.
New-NetRoute DestinationPrefix 0.0.0.0/0 NextHop 172.31.1.1 InterfaceIndex $if2
6 On the tenant portal VM, in an elevated Windows PowerShell session, run the following commands to congure tenant portal settings.
Replace the values in this example with values specic to your network.
$sql = 'DHCSSQLIN01\SQLIN01'
$fqdn = 'cloudportal.contoso.com'
Administration
39