Knowledge Base

 
Reset Search
 

 

Article

NetCloud Perimeter: Configure NetCloud Engine ADConnect

« Go Back

Information

 
Content

NetCloud Perimeter: Configuring ADConnect

Products Supported: NetCloud Perimeter


Quick Links

Summary

What is AD Connect?

How to Use AD Connect

Considerations

Configuration

Known Issues

Related Articles


Summary

This article describes the steps necessary to configure NetCloud Perimeter ADConnect.

What is AD Connect?

  • Clients tied to an Active Directory domain receive most of their services through the magic of DNS. As long as they use an AD server (running the DNS role, of course) for name resolution, clients can fully participate in the domain.

  • NetCloud Perimeter's AD Connect app allows the network administrator to set the DNS servers for client computers on their NetCloud Perimeter network.

  • When a client connects to the NetCloud Perimeter network, it is assigned the Domain DNS servers via DHCP. When the client disconnects from the NetCloud Perimeter network, it goes back to using its original DNS servers.

How to Use AD Connect

  • Active Directory member servers running the DNS role should be selected. In most deployments, these are the domain controllers.

  • NOTE: Only computers marked as Resources are eligible to be selected within the AD Connect app.

Considerations

  • Services on the NetCloud Perimeter network. -

    • All computers hosting services (file shares, for example) that the network administrator wishes to make available across the NetCloud Perimeter network must be running the NetCloud Perimeter software. It’s not enough to just have the AD DNS server connected to NetCloud Perimeter. Once the names are resolved, the client still has to have connectivity to the server.
  • All DNS servers in the domain MUST have NetCloud Perimeter client installed.

    • Active Directory automates many network administration functions, including IP address registration and directory replication. This is a very good thing for busy IT professionals. Whenever a computer gets a new IP address (like they do when they connect to NetCloud Perimeter) they register that address with the AD DNS servers so they can all perform the correct name resolution.

    • Servers marked as DNS servers in the AD Connect app are aware of both networks (the local LAN and the NetCloud Perimeter network) and are able to distinguish between local and NetCloud Perimeter lookups. So, a remote computer looking for the file server will get the NetCloud Perimeter IP address but a client in the office will get the LAN IP address.

    • If you have DNS servers not running NetCloud Perimeter, you can run into trouble. If a LAN connected computer which is not a part of your NetCloud Perimeter network gets a NetCloud Perimeter IP via DNS lookup, then it will be unable to access the resource.


Configuration

This simple app lets you specify which AD Name Servers to use over NetCloud Perimeter, so that your remote machines know how to reach your domain controllers. In just three steps, you can provide domain access for remote machines, without policy updates, DNS changes, or firewall configuration. Once you apply this change, all the devices on this network will be pushed down the DNS setting on the NetCloud Perimeter Virtual Interface. (All the PC's must be running 300 and above to get the DNS setting)

Note: This article will be reformatted after the release of our next NetCloud Perimeter update

Note: ADConnect will not apply to NetCloud Gateway routers, or the external devices behind them.

Three Step Overview:

  1. Install the NetCloud Perimeter client on your Domain Controller(s), and your remote machines

  2. Convert the device to a server

    User-added image

  3. Specify your Name Servers, and you’re done. Your remote machines now have full domain access, from anywhere.

    User-added image
    Key features:

  • NetCloud Perimeter networks are 100% compatible with Active Directory domains and services
  • Extend domain services to members and devices anywhere
  • Domain membership is maintained over time, without the need for periodic domain "check-ins."

Note: After you enable ADConnect, you will need to setup a SmartZone to ensure optimal routing of local traffic.


Known Issues

  • Linux Clients

    • Some Linux distributions may employ unusual methods of name resolution. In these cases, the assignment of nameservers via DHCP may fail and the NetCloud Perimeter-connected Linux server may not use the Active Directory DNS servers for name resolution

    • On CentOS devices, the previously used DNS servers are not reinstated when the ADConnect app is disabled.

    • 32-bit Debian devices do not use the DNS servers offered via DHCP, and therefore require manual DNS configuration.

  • More than tree DNS servers

    • In a domain with more than three member servers running the DNS role, there is currently no way to configure all of the servers in the ADConnect app. As long as they are running the NetCloud Perimeter client it will still filter DNS to prevent machines not running NetCloud Perimeter to get a NetCloud Perimeter IP response.
  • Sub-optimal routing

    • In some circumstances when a NetCloud Perimeter-connected client computer (probably a laptop) is used both in and out of an office location where Active Directory domain servers reside, the client will connect to the domain server via the NetCloud Perimeter IP address even when they are in the office. This results in the traffic flowing through NetCloud Perimeter's cloud servers and returning to the office – connections are successful but bandwidth may be limited. This is solved by using NetCloud Perimeter SmartZones.

Related Articles/Links


Published Date: 07/14/2017

This article not have what you need? Not find what you were looking for? Think this article can be improved? Please let us know at suggestions@cradlepoint.com.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255