No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionAccess V100R006C20 on FusionCloud V100R006C10 Software Installation Guide 11 (Microsoft AD)

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Connecting to Existing Microsoft AD

Connecting to Existing Microsoft AD

This section instructs software installation engineers to connect the newly deployed FusionAccess to the existing Microsoft AD. Microsoft AD can be deployed in the intranet of the EDC or deployed in the same VPC with FusionAccess

NOTE:

Ensure that the network where FusionAccess resides is communicating correctly with that where Microsoft AD resides.

Procedure

Scenario 1: Microsoft AD is deployed in the intranet of the customer's DC.

  1. Use DirectConnect or IPsec VPN to connect the customer's DC to the VPC. For details about the configuration.
  2. If a firewall is deployed between Microsoft AD and Workspace, enable the following ports on the firewall for Workspace to connect to Microsoft AD, as shown in Table A-3:

    Table A-3 Port list

    Role

    Port

    Protocol

    Description

    AD

    135

    TCP

    Remote Procedure Call (RPC) protocol

    This port is used by the Lightweight Directory Access Protocol (LDAP), Distributed File System (DFS), and Distributed File System Replication (DFSR).

    137

    UDP

    NetBIOS name resolution

    This port is used by the network login service.

    138

    UDP

    NetBIOS data gram service

    This port is used by services, such as the DFS and network login service.

    139

    TCP

    NetBIOS-SSN service

    This port is used for network basic input and output.

    445

    TCP

    NetBIOS-SSN service

    This port is used for network basic input and output.

    49,152-65,535

    TCP

    RPC dynamic port

    49,152-65,535

    UDP

    RPC dynamic port

    88

    TCP

    Kerberos key distribution center service

    88

    UDP

    Kerberos key distribution center service

    123

    UDP

    Port used by the NTP service

    389

    UDP

    LDAP server

    389

    TCP

    LDAP server

    464

    TCP

    Kerberos authentication protocol

    464

    UDP

    Kerberos authentication protocol

    500

    UDP

    isakmp

    593

    TCP

    RPC over HTTP

    636

    TCP

    LDAP SSL

    3268

    TCP

    LDAP global catalog server

    3269

    TCP

    LDAP global catalog server

    4500

    UDP

    IPsec NAT-T

    5355

    UDP

    llmnr

    9389

    TCP

    Active Directory Web service

    DNS

    53

    TCP

    DNS server

    53

    UDP

    DNS server

  3. After the configuration, verify the interconnection and ensure that the networks and ports are working correctly.

Scenario 2: Microsoft AD is deployed in the same VPC where FusionAccess resides.

In this scenario, you must add security group rules for Microsoft AD to enable some ports of Microsoft AD for FusionAccess so that FusionAccess can connect to Microsoft AD.

  1. Create a security group and add rules listed in Table A-4.

    Table A-4 Security group rules

    Transfer Direction

    Protocol

    Type

    Port Range

    Source

    Destination

    Inbound

    Any

    --

    --

    172.16.0.0/20 (Management subnet segment)

    --

    Inbound

    Any

    --

    --

    192.168.0.0/24 (Service subnet segment)

    --

  2. Apply the security group to AD server instances so that FusionAccess can communicate correctly with Microsoft AD.

    NOTE:

    If you want to minimize the number of enabled ports and protocols, you can add multiple inbound rules to the security group. For details about the ports that need to be enabled, see Table A-3.

  3. After the configuration, verify the interconnection and ensure that the networks and ports are working correctly.
Translation
Download
Updated: 2019-07-01

Document ID: EDOC1100021785

Views: 48318

Downloads: 104

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next