Dell Security Management Server and Dell Security Management Server Virtual Split DNS Recommendations

Yhteenveto: Dell Data Security protected devices may reside at times internal to the network, and other times external to the network, it is recommended that administrators implement split DNS.

Tämä artikkeli koskee tuotetta Tämä artikkeli ei koske tuotetta Tämä artikkeli ei liity tiettyyn tuotteeseen. Tässä artikkelissa ei yksilöidä kaikkia tuoteversioita.
Tutustu muihin resursseihin

Oireet

Affected Products:

  • Dell Security Management Server
  • Dell Security Management Server Virtual

Syy

Not Applicable

Tarkkuus

Split DNS is an approach where the protected endpoints are configured to connect to a single server alias name that resolves to different locations depending on where the name request is made. To configure the environment in this way, each server requires an SSL certificate with both the shared alias name and the server's name configured in the Subject Alternative Name (SAN) field. The SAN may contain the FQDN or hostname of all servers and aliases to reduce the number of certificates to manage.

Example:

  • Front-end server:
    • Internal name:
      • ddsfe.domain.com
    • IP:
      • 172.16.5.12
    • SAN names on certificate:
      • dds.domain2.com
      • ddsfe.domain.com
  • Back-end server:
    • Internal name:
      • ddsbe.domain.com
    • Alternate internal a-record:
      • dds.domain2.com
    • IP:
      • 172.16.5.10
    • SAN names on certificate:
      • dds.domain2.com
      • ddsbe.domain.com
  • Router:
    • Ports:
      • 8443, 8888, 8000, 8081 are pointing from external -> 172.16.5.12 (the front-end server)
  • Registrar:
    • External hostname:
      • dds.domain2.com - pointing to external IP

Clients are configured to with the dds.domain2.com alias, when installing Dell Data Security. When the device is internal to the network, the dds.domain2.com alias resolves to the back-end server. When external to the network, dds.domain2.com is routed to the external IP, hits the router, and any traffic coming from 8443, 8888, 8000, or 8081 is directed to 172.16.5.12, which is the front-end server. Since both servers have a validated name on their SSL certificate, the entire process is fully trusted.

For more information about network requirements, reference these following Knowledge Base articles:

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Tuotteet, joihin vaikutus kohdistuu

Dell Encryption
Artikkelin ominaisuudet
Artikkelin numero: 000129439
Artikkelin tyyppi: Solution
Viimeksi muutettu: 11 huhtik. 2024
Versio:  8
Etsi vastauksia kysymyksiisi muilta Dell-käyttäjiltä
Tukipalvelut
Tarkista, kuuluuko laitteesi tukipalveluiden piiriin.