Secure Mobile Access 12.4 CMS Administration Guide

GTO Service Names and DNS Delegations

To establish a GTO service, you must choose a GTO service name and establish DNS delegations.

Choosing a GTO Service Name

The GTO service name is a delegated DNS zone, which means you must control the parent zone and make a delegation from it to one or more SMA appliances under the GTO service.

If your organization controls the example.com DNS zone, the access.example.com or vpn.example.com could be appropriate GTO service names.

Establishing the GTO Service Name Delegations in DNS

A GTO service name delegation is a DNS subzone delegation. It requires NS records that identify the authoritative server names for the subzone, and corresponding glue-A record that provides IP addresses for those authoritative server names.

DNS delegations must be created for the following components on each of the managed appliances:

  • Primary GTO service
  • Custom FQDN
  • Custom Workplace Sites
  • Outlook Anywhere
  • Active Sync

The authoritative servers themselves are SMA appliances that are part of the GTO service and are identified by their public IP addresses and the NS record names in the following format:

<DNSname>.ns.<GTOserviceName>

For example, the following two DNS records in the zone configuration of example.com could establish a delegation for the GTO service and SMA appliance described above:

access.example.com. 86400 IN NS node1.ns.access.example.com

node1.ns.access.example.com. 86400 IN A 123.231.55.77

In a typical GTO deployment with multiple SMA appliances, it is important to establish at least two such delegations. This ensures that the GTO service remains available if any one the SMA appliances is brought down for maintenance (or a network outage).

At least one authoritative server (SMA appliance) must be running at any given moment. Otherwise, users are not be able to connect.

Additional authoritative servers can provide redundancy and improved performance for some users. You should limit GTO service delegations to about three. Ideally, they should be geographically distributed.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.