Configuring DNS for management appliance access

You can access management appliances like vCenter Server, NSX Manager, and HCX on a private cloud from on-premises workstations. To do so, you must configure DNS address resolution so that management appliances can be addressed by their hostnames and IP addresses.

When configuring address resolution for multiple private clouds, you can set up global address resolution using Cloud DNS. If you only plan to have a single private cloud, or don't intend to use Cloud DNS, then follow the steps in Address resolution without using Cloud DNS.

Global address resolution using Cloud DNS

VMware Engine lets you use a Cloud DNS zone in your project as a single DNS resolution endpoint for all connected management appliances in a peered Virtual Private Cloud (VPC) network. You can do this even if your private clouds are deployed across different regions.

This feature requires you to complete Cloud DNS setup before you create your private cloud. For setup assistance with existing private clouds, contact Cloud Customer Care.

To resolve addresses from a peered VPC network using Cloud DNS, do the following:

Enable the Cloud DNS API in your project. If you use Shared VPC to connect to VMware Engine, enable the API in the project that owns the shared VPC (the host project).
Peer the VPC network where you plan to use Cloud DNS with VMware Engine. For details on VPC peering, see Setting up private services access.

To resolve addresses from an on-premises network using Cloud DNS, do the following:

Perform the steps above for address resolution from a peered VPC network.
Enable inbound DNS forwarding on the VPC network
Identify the DNS server addresses to use on-premises
Create a conditional forwarder on your on-premises DNS server to resolve gve.goog

Address resolution without using Cloud DNS

To resolve addresses without using Cloud DNS, get the IP address of your private cloud's DNS server and configure the DNS:

Access the VMware Engine portal.
Go to Resources
Click the name of the private cloud you want to connect to.
On the Summary page for the private cloud, under Private cloud DNS servers, click Copy to copy the private cloud DNS server IP address.
Use one of the following options for the DNS configuration:
- Create a zone on the DNS server for gve.goog
- Create a conditional forwarder on your on-premises DNS server to resolve gve.goog

Create a zone on the DNS server for `gve.goog`

You can set up a zone as a stub zone and point to the DNS servers on the private cloud for name resolution. This section provides information on using a BIND DNS server or a Microsoft Windows DNS server.

Create a zone on a BIND DNS server

The specific file and parameters to configure can vary based on your individual DNS setup.

For example, for the default BIND server configuration, edit the /etc/named.conf file on your DNS server and add the following zone information:

zone "gve.goog"
{
    type stub;
    masters { IP address of DNS servers; };
    file "slaves/FILE_NAME.db";
};

Create a zone on a Microsoft Windows DNS server

Right-click the DNS server and select New zone.
Select Stub zone and click Next.
Select the appropriate option depending on your environment and click Next.
Select Forward lookup zone and click Next.
Enter the zone name and click Next.
Enter the IP addresses of the DNS servers for your private cloud that you obtained from the VMware Engine portal.
Click Next as needed to complete the setup.

Create a conditional forwarder

A conditional forwarder sends all DNS name resolution requests to the designated server. With this setup, any request to *.gve.goog is forwarded to the DNS servers located on the private cloud. The following sections show how to set up forwarders on different types of DNS servers.

Create a conditional forwarder on a BIND DNS server