none
Direct Gateway HISP DNS config for HealthVault + Office365 Exchange/Sharepoint Online Integration

    Question

  • To HealthVault Teams,

    Please forgive if this has been addressed in an earlier submission..

    Am currently working on Direct Protocol Implementation with HealthVault and Office 365-Sharepoint and Exchange online for meaningful use stage2.

    As we have no formal HISP to join at this point, this is a simulation/build own HISP scenario…

    We gather that perhaps the Azure VM would include Server 2008R2 native DNS, Active Directory, WCF, SMTP, SQL Server and have pointed our ISP (networkSolutions- A record) to the Public IP Address supplied by Azure (internal xxx.xxx.xxx.04 config as Native DNS Server) and ports 53, 25 opened…(tested the Developer version- db/smtp/dns/config/certs established, no issues occurred).

    Native DNS server was configured for Direct.example.com with Forward Zone with host.direct.example.com and Network solutions (ns1.xxx.com, ns2.xxx.com) name servers

    However, have not been able to get the Enterprise version of Direct Gateway DNS Responder to hookup to the DNS Services on the VM and up to the ISP when we do NSLookup(config console confirmed domain and dns setup) (failed exchange online test via the Direct Gateway –AgentConsole -dns_resolve direct.example.com mx -) Page 10 of Mr.Emani's September 2011 publication.

    We have configured a Virtual Network (FrontEndSegment) where this VM is residing as a resource and VN DNS reference to External Network Solutions DNS servers (nsxx.xxx.com).

    We have read in an update that there may be limitation in Azure VMs, and approach your team for insight/guidance on whether we are on the correct path? Perhaps we have missed a configuration process on the Native Server 2008 DNS portion?

    According to an earlier document, the HISP only required Windows Server 2003/above and accredited domain registration for an apache-tomcat deployment...

    References>

    http://api.nhindirect.org/java/site/assembly/stock/1.3.1/users-guide/depl-hisp-only.html

    <cite>blogs.msdn.com/.../1680.Office365-and-Direct-HOWTO.docx</cite>

    We thank you for your time and expertise,

    julia

    Monday, June 03, 2013 7:05 AM

Answers

  • Followup Update to above as of June 07, 1:28am>

    Final Notes>

    The VM DNS Name entry supplied by Azure (xxxx.cloudapp.net) is placed as a new name Entry (ie. Direct) within the GoDaddy NameServer Section under main domain (example.com). 

    The updates to the VM Gateway Configuration were reflected on the Agent Console, zoneedit, and exchange online validation.

    The DNS Resolver IP address for the Gateway Part II was configured to point to our domain NSxx.xxxxxx.com (ISP GoDaddy Name Server) address.

    The Implementation appears to function configured as a standalone VM for above scenario.

    This concludes our thread on this section.

    Thank you,

    j

    • Marked as answer by j_chi Friday, June 07, 2013 8:57 AM
    Friday, June 07, 2013 8:57 AM

All replies

  • Hi Julia,

    The Win Server 2008R2 DNS server does not support DNS CERT records which are needed to support Direct protocol messaging. The Direct .NET reference implementations includes an implementation of a DNS server that can be used for hosting CERT records. I'd recommend using this DNS server along with the rest of the .NET Direct stack. While I haven't tried hosting this on an Azure VM myself, this setup should run fine on an Azure VM.

    Hope this helps.

    Monday, June 03, 2013 5:43 PM
    Owner
  • Hi Mr.Emami,

    Thank you for your time, expertise and assistance in reviewing our question on standalone HISP simulation.

    Yes, thank you for clarification that we don't need to load the Native DNS Service inaddition to Direct Gateway DNS, we have attempted both scenarios on 2 separate VMS using the most recent package download & Instructions from April 24, 2013 >Direct-1.2.0.3-NET35.EXE + Reference 1

    If so, may we clarify on page 9> Enterprise Setup -Direct Project.Net Gateway>Configure Gateway PartII> Entry of DNS Resolver IP Address > would that be the Network Solutions Name Server IP address (NS1.xxx.com) for our domain(www.example.com) or can we leave it at 0.0.0.0 (default)? (Reference2)

    --------------Notes>ISP Configuration -----------

    ISP Network Solutions "A record" Entries

    (www.example.com) NS1.xxx.com, NS2.xxx.com < "A" record defined in Network Solutions ISP

    (direct.example.com) XXX.XXX.xx< "A" record defined in Network Solutions ISP pointing to public Ip Address supplied by Azure (internal ip xxx.xxx.04)

    -------------References-----------------

    Reference 1> http://wiki.directproject.org/CSharp+Setup+Instructions

    Reference 2>http://wiki.directproject.org/Enterprise+Installation+Instructions

    Thank you again,

    julia

    Monday, June 03, 2013 7:56 PM
  • Followup Update to above as of June 06, 2013 1:30pm>

    Our initial Issue encounter with dns_resolve with Exchange Online on Page 10 of Mr.Enami's September Publication is resolved by:

    Switching ISP Provider from Network Solutions to GoDaddy.

    Onward to next Section..

    Thanks again for teams' patience and support.

    j

    Thursday, June 06, 2013 9:01 PM
  • Followup Update to above as of June 07, 1:28am>

    Final Notes>

    The VM DNS Name entry supplied by Azure (xxxx.cloudapp.net) is placed as a new name Entry (ie. Direct) within the GoDaddy NameServer Section under main domain (example.com). 

    The updates to the VM Gateway Configuration were reflected on the Agent Console, zoneedit, and exchange online validation.

    The DNS Resolver IP address for the Gateway Part II was configured to point to our domain NSxx.xxxxxx.com (ISP GoDaddy Name Server) address.

    The Implementation appears to function configured as a standalone VM for above scenario.

    This concludes our thread on this section.

    Thank you,

    j

    • Marked as answer by j_chi Friday, June 07, 2013 8:57 AM
    Friday, June 07, 2013 8:57 AM
  • Hello, I am setting up a similar infrastructure for MU2 certification/testing. I have a developer stand alone CSharp instance setup @ Azure'smu2win.cloudapp.net

    Now, for my setup to respond to Internet queries, I need some help in understanding the DNS entries that is required. I have registered a domain name mmdportal.com and I would like to use direct.mmdportal.com as the domain for this setup. Where should this domain name be pointed to in DNS for it to be visible on the Internet? We will be our own HISP also. This being the case, can you please throw some light on these example domains and how they should map to my scenario?:

    direct.example.com -> direct.mmdportal.com

    ns.example-hisp.com -> ???

    inbound.example-hisp.com -> ???

    What should be the response for:

    dig -t ns direct.mmdportal.com

    Thanks and appreciate your help.

    Dkor

    Friday, July 26, 2013 12:23 PM