Installing and Configuring Cisco HCS for Contact Center 9.2(1)
Configure Customer Instance Network Infrastructure
Downloads: This chapterpdf (PDF - 1.34MB) The complete bookPDF (PDF - 13.31MB) | The complete bookePub (ePub - 5.3MB) | Feedback

Configure Customer Instance Network Infrastructure

Contents

Configure Customer Instance Network Infrastructure

Implement UCS Platform

In HCS for Contact Center, virtualization of all Unified Computing (UC) applications and key third-party components use Cisco Unified Computing System (UCS) hardware as the platform. The HCS virtualization integrates the UCS platform and SAN, and virtualizes the target UC applications. The following sections describes the deployment of the Service Provider (SP) virtualization infrastructure.

Set Up Basic UCS Connectivity

Cisco UCS 6100 Series Fabric Interconnects is a core part of UCS that provides network connectivity and management capabilities for attached blades and chassis. The Cisco UCS 6100 Series offers line-rate, low-latency, lossless 10 Gigabit Ethernet, and Fibre Channel over Ethernet (FCoE) functions.

The Interconnects provide the management and communication support for the Cisco UCS B-Series blades and the UCS 5100 Series blade server chassis. All chassis and all blades attached to the interconnects becomes part of a single, high availability management domain. By supporting a unified fabric, the Cisco UCS 6100 Series provides LAN and SAN connectivity for all blades in its domain.

You will require the following connections for a working UCS:

  • Console connection on the 6100 Series switch.
  • At least one 10 Gbps connection between the 6100 Series switch and the Fabric Extender 2104 on the chassis.
  • At least one 10 Gbps connection on the 6100 Series switch for the northbound interface to a core router or switch (could be a port-channel connection).
  • At least one FCoE connection between the 6100 Series switch and a Multilayer Director Switch (MDS) switch.
  • Cluster link ports connected between the 6100 Series switches in a high availability deployment.

Basic Configuration for UCS

Unified Computing System Manager (UCSM) provides centralized management capabilities, creates a unified management domain, and serves as the central nervous system of the UCS. UCSM delivers embedded device-management software that manages the system from end to end as a single logical entity through a GUI, a CLI, or, an XML API.

UCS Manager resides on a pair of Cisco UCS 6100 Series fabric interconnects using a clustered, active-standby configuration for High Availability (HA). The software participates in server provisioning, device discovery, inventory, configuration, diagnostics, monitoring, fault detection, auditing, and statistics collection.

After 6100 Series initial configuration, you can configure UCS from the GUI. You can launch the GUI from a URL that is reachable to the configured 6100 Management IP address.

Configure 6100 Server Ports

Complete the following procedure to configure 6100 server ports on UCS Manager.

Procedure
    Step 1   Choose Equipment > Fabric Interconnect A(B) > Fixed Module > Unconfigured Ports > Port #.
    Step 2   Click the General tab.
    Step 3   Click the Configure as Server Port option.

    Configure 6100 Uplink Ethernet Ports

    Complete the following procedure to configure 6100 uplink ethernet ports.

    Procedure
      Step 1   Choose Equipment > Fabric Interconnect A(B) > Fixed Module > unconfigured Ports > Port #.
      Step 2   Click the General tab.
      Step 3   Click the Configure as Uplink Port option.

      Configure Uplink FC Ports

      You must define the ports that are capable of passing Fibre Channel (FC) traffic as Fibre Channel uplink ports using the SAN configuration tab of the UCS Manager.

      Acknowledge Chassis

      Any time there is a change in the number of links between the 6100 series switch and the blade server chassis, you must perform a chassis acknowledgment to make the UCS Manager aware of the link change which causes a rebuild of its connectivity data.

      Configure Server Management IP Address Pool

      The UCSM server management IP address pool assigns an external IP addresses for each of the blade servers installed. UCS Manager uses the IP addresses in a management IP pool for external access to a server through the following:

      • KVM Console
      • Serial over LAN
      • IPMI
      Complete the following procedure to configure server management IP address pool.
      Procedure
        Step 1   Choose Administration > Communication Management > Management IP Pool.
        Step 2   Right-click and select Create Block of IP Addresses.

        Configure UCS LAN

        The enabled Uplink Ethernet ports in UCS 6100 series switch forwards traffic to the next layer in the network. You can configure the LAN properties such as VLANs, MAC Pools, and vNIC templates within the LAN view in the UCS Manager.

        Complete the following procedures to create VLANs and MAC pools.

        Add VLANs

        In the Cisco UCS, a named VLAN creates a connection to a specific external LAN. The VLAN isolates traffic to that external LAN, which includes broadcast traffic. The name that you assign to a VLAN ID adds a layer of abstraction that you can use to globally update all servers associated with service profiles that use the named VLAN. You do not need to reconfigure servers individually to maintain communication with the external LAN. Complete the following procedure to add VLANs.

        Procedure
          Step 1   Click the LAN tab and then right-click the VLANs.
          Step 2   Enter the name or designation of the VLANs being added and the VLAN IDs to use.

          A decision on how the named VLAN is accessible by the 6100 Series switches completes the UCS VLAN additions.


          Create MAC Pools

          A MAC pool is a collection of network identities, or MAC addresses, that are unique in Layer 2 (L2) and available to be assigned to a vNIC on a server. If you use MAC pools in service profiles, you do not have to manually configure the MAC addresses to be used by the server associated with the service profile.

          To assign a MAC address to a server, you must include the MAC pool in a vNIC policy. The vNIC policy is then included in the service profile assigned to that server. Complete the following procedure to create a MAC pool.
          Procedure
            Step 1   Click the LAN tab.
            Step 2   Right-click Pools .
            Step 3   Select Create MAC Pool.

            Configure UCS SAN

            Each UCS 6120 fabric interconnect has an open slot to add expansion modules that add Fibre Channel ports for SAN connectivity. You can enable these ports and their attributes through the SAN scope of the UCS Manager.

            Complete the following procedures to configure SAN properties such as VSANs, Fibre Channel uplink ports, World Wide Node Name (WWNN) pools, World Wide Port Name (WWPN) pools, and Virtual Host Bus Adapter (vHBA) templates, within the SAN view in the UCS Manager.

            Create VSANs

            A named VSAN creates a connection to a specific external SAN. The VSAN isolates traffic to that external SAN, including broadcast traffic. The traffic on one named VSAN knows that the traffic on another named VSAN exists, but cannot read or access that traffic.

            Like a VLAN name, the name that you assign to a VSAN ID adds a layer of abstraction that allows you to globally update all servers associated with service profiles that use the named VSAN. You do not need to reconfigure the servers individually to maintain communication with the external SAN. You can create more than one named VSAN with the same VSAN ID.

            In a cluster configuration, you can configure a named VSAN to be accessible only to the FC uplinks on one fabric interconnect or to the FC uplinks on both fabric interconnects. Complete the following procedure to create VSAN.

            Procedure
              Step 1   Click the SAN tab.
              Step 2   Right-click the VSANs and select create VSAN.
              Step 3   Configure the following to complete the VSAN configuration:
              1. Enter a name for the VSAN.
              2. Enter the VSAN interaction with Interconnect fabric(s).
              3. Enter a VSAN ID.
              4. Enter the FCoE VLAN.

              Associate VSAN with an FC Uplink Port

              After you create a VSAN, you must associate it with a physical FC interface. Complete the following procedure to associate VSAN with an FC uplink port.
              Procedure
                Step 1   Click the Equipment tab.
                Step 2   Open the target FC port and select the desired VSAN from the drop-down list
                Step 3   Click Ok and save the changes.

                Create WWNN Pools

                A World Wide Node Name (WWNN) pool is one of two pools used by the FC vHBAs in the UCS. You can create separate pools for WWNNs assigned to the server and World Wide Port Names (WWPNs) assigned to the vHBA. The pool assigns WWNNs to servers. If you include a WWNN pool in a service profile, the associated server is assigned a WWNN from that pool.

                Procedure
                  Step 1   Click the SAN tab.
                  Step 2   Choose Pools, select WWNN pools and expand it.
                  Step 3   Choose WWNN Pool node-default
                  Step 4   Right-click the Create WWN Block.
                  Step 5   Enter the pool size and click OK.

                  Create WWPN Pools

                  A WWPN is the second type of pool used by Fibre Channel vHBAs in the UCS. WWPN pool assigns WWPNs to the vHBAs. If a pool of WWPNs is included in a service profile, the associated server is assigned a WWPN from that pool.

                  Procedure
                    Step 1   Click the SAN tab.
                    Step 2   Choose Pools, select WWPN pools and expand it.
                    Step 3   Choose WWPN Pool node-default.
                    Step 4   Right-click Create WWPN Block.
                    Step 5   Enter the pool size and click OK.

                    Configure UCS Server

                    Cisco UCS Manager uses service profiles to provision servers and their I/O properties. Server, network, and storage administrators creates the service profiles and stores in the Cisco UCS 6100 Series fabric interconnects. Service profiles are centrally managed and stored in a database on the fabric interconnect.

                    Service profile provides the following services:
                    • Service profiles are the central concept of Cisco UCS and thus each service profile ensures that the associated server hardware is configured to support the applications that it hosts.
                    • The service profile maintains the server hardware configurations, interfaces, fabric connectivity, and server, and network identity. This information is stored in a format that you can manage through Cisco UCS Manager.
                    Service profile provides the following advantages:
                    • Simplifies the creation of service profiles and ensures consistent policies within the system for a given service or application as service profile templates are used. This approach makes easy to configure one server or 320 servers with thousands of virtual machines, decoupling scale from complexity.
                    • Reduces the number of manual steps that need to be taken, helping reduce the chance for human error, improving consistency, and reducing server and network deployment times.
                    • Dissociates hardware specific attributes from the design. If a specific server in the deployment is replaced, the service profile associated with the old server is applied to the newly installed server allowing for near seamless replacement of hardware if needed.

                    Configure MDS

                    Configure the following MDS to place the UCS server blade vHBAs and SAN Port World Wide Name (PWWN) under the same zone and activate the zoneset.

                    Configure MDS-A

                    The CLI configuration for MDS-A is as follows:
                    fcalias name scale-esxi-c5b1-vHBA0 vsan 600
                        member pwwn 20:00:00:25:b5:02:13:7e
                    fcalias name cx4-480-spb-b0 vsan 600
                        member pwwn 50:06:01:68:46:e0:1b:e0
                    fcalias name cx4-480-spa-a1 vsan 600
                        member pwwn 50:06:01:61:46:e0:1b:e0
                    zone name zone33 vsan 600
                        member fcalias cx4-480-spb-b0
                        member fcalias cx4-480-spa-a1
                        member fcalias scale-esxi-c5b1-vHBA0
                    zoneset name scale_zoneset vsan 600
                        member zone33
                    zoneset activate name scale_zoneset vsan 600
                    

                    Configure MDS-B

                    The CLI configuration for MDS-B is as follows:
                    fcalias name scale-esxi-c5b1-vHBA1 vsan 700
                        member pwwn 20:00:00:25:b5:02:13:6e
                    fcalias name cx4-480-spa-a0 vsan 700
                        member pwwn 50:06:01:60:46:e0:1b:e0
                    fcalias name cx4-480-spb-b1 vsan 700
                        member pwwn 50:06:01:69:46:e0:1b:e0
                    zone name zone33 vsan 700
                        member fcalias cx4-480-spa-a0
                        member fcalias cx4-480-spb-b1
                        member fcalias scale-esxi-c5b1-vHBA1
                    zoneset name scale_zoneset vsan 700
                        member zone33
                    zoneset activate name scale_zoneset vsan 700
                    

                    ESX Boot from SAN

                    Complete the following procedures to configure for booting from SAN:

                    Configure UCS

                    Complete the following procedure to configure the UCS.

                    Procedure
                      Step 1   Log in to the UCS Manager.
                      Step 2   Click the Servers tab and choose the service profile that corresponds to the server for configuring the boot from SAN.
                      Step 3   Click the Servers tab. Choose Policies > Boot Policies to create a boot policy with SAN storage parameters.
                      Step 4   Assign this boot policy to the service profile of the server and click OK.
                      Step 5   Click Yes in the dialog box Modify Boot Policy.

                      The server reboots after saving the boot policy.


                      View Multilayer Director Switch

                      Complete the following procedure to view the Multilayer Director Switch (MDS).

                      Procedure
                        Step 1   Log in into your MDS (Telnet or SSH).
                        Step 2   Enter the login ID and password.
                        Step 3   Enter the following command and press Enter:

                        show flogi database

                        You should see a port name for each interface.

                        Step 4   Match the port name in the database with the name listed in the UCS Manager under the HBA WWPN.
                        Note   

                        If you do not find the matching port in the database, you need to select a valid VSAN in the UCS Manager.


                        Configure SAN

                        Complete the following procedure to configure the SAN.

                        Procedure
                          Step 1   Verify that the WWPN number and WWNN number of the host are visible in SAN.

                          The WWPN and WWNN in SAN should match with the numbers in UCS Manager.

                          Step 2   Configure a LUN on SAN for the server to boot (use 20 GB to 50 GB).
                          Step 3   Create a storage group in SAN. Add the specific host to this storage group for access.

                          The host ID of the LUN associated to the host should be same as the LUN ID used on the boot policy in UCS Manager (usually 0).


                          Install ESX

                          Complete the following procedure to install the ESX.

                          Procedure
                            Step 1   Choose Virtual Media, click Add Image and browse to the path and select ESXi iso image.
                            Step 2   Click Open.
                            Step 3   Check the check box Mapped. Server boots from the ISO image.
                            Step 4   Access the KVM console of the server from UCS Manager and edit the boot order in the BIOS to the new SAN configuration.
                            Step 5   Install ESXi on the LUN.

                            It should now reboot and come up booting from the SAN.

                            Step 6   Reuse the boot policy on all servers that needs to boot from SAN.
                            Step 7   If you install ESXi on the local disk, make sure to remove the disks or clear the ESXi data on them.

                            Deploy Nexus 1000v

                            VMware vSphere provisions Nexus 1000V platform using and the Nexus 1000V CLI. The following sections describe how to prepare and install the Cisco Nexus 1000V software.

                            Nexus 1000V Installation Prerequisites

                            Before you deploy the Nexus 1000v, your system must meet the following requirements.

                            • VMware vCenter Server 5.0 is installed.
                            • All Hosts must be running ESXi 5.0.
                            • Two ESXi hosts are available to run the primary and standby Virtual Supervisor Module (VSM) VM.
                            • Each host should have least two physical NICs.
                            • The uplink should be a trunk port carrying all VLANs configured on the ESX host.
                            • Ensure that the inter-switch trunk links carry all relevant VLANs, including control, packet and Native VLANs.
                            • On the host running the VSM VM, the control and packet VLANs are configured through the VMware switch and the VMNIC.

                            Add Hosts to vCenter

                            Complete the following procedure to add hosts to vCenter.

                            Procedure
                              Step 1   Add hosts using the vSphere client, using the Add Host Wizard. Enter the IP address of the host and the username/password of the ESXi server, which was configured when the ESXi software was loaded on the host.
                              Step 2   Assign a license to the Host.
                              Step 3   Review the options you have selected and click then Finish to add the Host

                              What to Do Next

                              After you add a host, confirm by navigating to the path Home > Inventory > Hosts.

                              Set Up VEM on Each ESX Server

                              Complete the following procedure to configure the Virtual Ethernet Module (VEM) on each ESx server:

                              Procedure
                                Step 1   Access the ESX server ssh console.
                                Step 2   Copy .vib file from %Nexus%\VEM\ to a /tmp directory of ESx server.
                                Step 3   Enter the following command:
                                esxcli software vib install -v /tmp/cross_cisco-vem-v140-4.2.1.1.5.1.0-3.0.1.vib
                                After the successful installation, the following message appears:
                                /tmp # esxcli software vib install -v /tmp/cross_cisco-vem-v140-4.2.1.1.5.1.0-3.0.1.vib
                                Installation ResultMessage: Operation finished successfully.
                                Reboot Required: false
                                VIBs Installed: Cisco_bootbank_cisco-vem-v140-esx_4.2.1.1.5.1.0-3.0.1
                                VIBs Removed: Cisco_bootbank_cisco-vem-v131-esx_4.2.1.1.4.1.0-3.0.4
                                VIBs Skipped:

                                Install Cisco Nexus VSM

                                Complete the following procedure to install the Cisco Nexus Virtual Supervisor Module (VSM).

                                Procedure
                                  Step 1   Mount the Nexus 1000V ISO image to the local system.
                                  Step 2   Navigate to %Nexus%\VSM\Installer_App> folder using Command prompt.
                                  Step 3   Enter the following command to launch the Nexus 1000V Installation Management.

                                  java -jar Nexus1000V-install.jar

                                  Step 4   Enter the following details and click Next:
                                  1. vCenter IP
                                  2. Port
                                  3. vCenter Credential
                                  Step 5   Select the host from vCenter inventory on which VSM needs to be installed and click Next:
                                  1. Select OVA file to create VSM.
                                  2. Select the OVA image from the location %Nexus%\VSM\Install.
                                  3. Enter the virtual name.
                                  4. Select a datastore.
                                  5. Click Next.
                                  Step 6   Configure Network:
                                  1. Choose L2 from Configure port groups for L2.
                                  2. Select appropriate VLANs for port groups.
                                  3. Click Next.
                                  Step 7   Configure VSM:
                                  1. Configure VSM with the native VLAN ID and network settings.
                                  2. To begin the installation, click Next.
                                  Step 8   Review Configuration. System checks the configuration status.
                                  Step 9   Configure Migration:
                                  1. Click Yes to migrate the host and its network to the Distributed Virtual Switch (DVS).
                                  2. Click Next.
                                  Step 10   DVS Migration starts performing the migration check on the ESX server.
                                  Step 11   Verify that the Nexus1000v virtual machines are created in vCenter.

                                  Copy the license file to bootflash and enter the following command to install the license bootflash:

                                  install license bootflash:<license filename>.lic
                                  			 

                                  Configure Cisco Nexus

                                  Complete the following procedure to configure the Cisco Nexus 1000V switch for Cisco HCS for Contact Center.


                                  Note


                                  Complete all configuration steps in enable > configuration terminal mode.


                                  Procedure
                                    Step 1   Configure the Nexus port profile uplink:
                                    port-profile type ethernet n1kv-uplink0			 
                                    vmware port-group			 
                                    switchport mode trunk			 
                                    switchport trunk
                                    allowed vlan <vlan ID's>			 
                                    channel-group auto mode on mac-pinning 
                                    no shutdown			 
                                    system vlan <vlan ID> # Customer specific native vlan ID identified in the switch			 
                                    state enabled
                                    			  
                                    Step 2   Configure the public VM port profiles:
                                    port-profile type vethernet Visible-VLAN		 
                                    vmware port-group
                                    switchport mode access			 
                                    switchport access vlan
                                    <vlan ID> # Customer specific public vlan ID defined in the switch 
                                    no shutdown
                                    state enabled
                                    			 
                                    Step 3   Configure the private VM port profiles:
                                    port-profile type vethernet Private-VLAN
                                    vmware port-group
                                    switchport mode access
                                    switchport access vlan
                                    <vlan ID> # Customer specific private vlan ID defined in the switch
                                    no shutdown
                                    state enabled
                                    			 

                                    Create Domain Controller Server

                                    Create Virtual Machine for Domain Controller

                                    Procedure
                                      Step 1   Create a new virtual machine from vCenter.
                                      Step 2   On the Name and Location page, provide a name for Domain Controller.
                                      Step 3   In the Disk format field, choose Thick provisioned format.
                                      Step 4   Enter the Virtual Machine specifications as specified in Table 1.

                                      Install Microsoft Windows Server 2008 R2 Standard Edition

                                      To install Microsoft Windows Server 2008 R2 Standard Edition, see Install Microsoft Windows Server.

                                      Install Antivirus Software

                                      For third-party applications installation, see Install Antivirus Software.

                                      Set Up the Domain Controller

                                      Complete the following procedure to set up the domain controller.

                                      Procedure
                                        Step 1   Choose Start > Run > and enter dcpromo.exe.
                                        Step 2   Click Next to launch the Active Directory Domain Services Wizard.
                                        Step 3   In Operating System Compatibility page, Click Next.
                                        Step 4   In Choose Deployment Configuration Page, Choose Create a new domain in a new forest radio button. Click Next.
                                        Step 5   In Name the Forest Root Domain page, enter the fully qualified domain name (FQDN). Click Next.
                                        Step 6   In Set Forest Functional Level page, Choose Windows Server 2008 R2 from drop-down list. Click Next.
                                        Step 7   In Additional Domain Controller Options page, Choose DNS Server. Click Next.
                                        Step 8   In Location for Database, Log Files, and SYSVOL page, Choose the default folders. Click Next.
                                        Step 9   Enter the Password that meets the criteria detailed on the Directory Services Restore Mode Administrator Password page. Click Next.
                                        Step 10   Review and click Next in Summary page.
                                        Step 11   Click Finish and Restart Windows when prompted.

                                        Associate Virtual Machine with New Domain

                                        Complete the following procedure to associate the virtual machine with the new domain.

                                        Procedure
                                          Step 1   Log in to the machine using the local Administrator account.
                                          Step 2   Right-click My Computer and choose Properties > Network Identification Tab > Properties.
                                          Step 3   Click Domain. Remove the machine from the old domain and reboot.
                                          Step 4   Log in to the machine again using the local Administrator account.
                                          Step 5   Right-click My Computer and choose Properties > Network Identification Tab > Properties.
                                          Step 6   Click Domain, then enter the Fully Qualified Domain Name and click OK.
                                          Step 7   Enter the Domain Administrator username and password.
                                          Step 8   Reboot the server and log in to the domain.

                                          Associate Unified CCE with New Domain

                                          Complete the following steps to associate the Unified CCE with the new domain.

                                          Procedure
                                            Step 1   Open the Domain Manager application from the Cisco Unified CCE Tools folder.
                                            Step 2   Choose Start > Programs > Cisco Unified CCE Tools > Domain Manager.
                                            Step 3   Choose the Domain Name.
                                            Step 4   Add the Cisco Root organizational unit (OU).
                                            Step 5   Add a Facility organizational unit (OU).
                                            Step 6   Add an Instance organizational unit (OU).
                                            Step 7   Configure the following to change the domain for Unified CCE applications:
                                            1. Run Web Setup.
                                            2. Choose Instance Management.
                                            3. Select the Instance to be modified, then click Change Domain.

                                              The Change Domain page opens displaying the currently configured domain and the new domain name.

                                            4. Click Save.

                                              A query is sent to confirm that you want to change the domain.

                                            5. Click Yes.

                                              The Instance List page appears.

                                            Note   

                                            Verify the change of Domain in Administrator and Workstation Database (AWDB) and instance name in all Unified CCE components.


                                            Add Second Customer Instance in Single Blade for 500 Agent Deployment

                                            Perform the following procedure to add a second customer instance for a single blade in a 500 agent deployment model.

                                            Procedure
                                              Step 1   Create new Data Stores (if needed) and associate the corresponding LUNs.
                                              Step 2   Create and configure a new VLAN on UCS Manager:
                                              1. Log in to UCS Manager console and click LAN.
                                              2. Navigate to Create VLANs.
                                              3. Enter the following VLAN Details:
                                                • Name
                                                • ID
                                                • Fabric and Sharing type
                                              4. Click Servers tab and select VNIC.
                                              5. Select Ethernet and click Modify VLANs.
                                              6. Verify the VLANs that you want to associate with a particular server.
                                              Step 3   Enter the following commands in the Nexus prompt to configure Nexus to add one more VLAN:
                                              • config t
                                              • vlan <VLAN ID>
                                              • no shut
                                              • end
                                              Step 4   Refer to Configure Cisco Nexus section to add one more Public & Private VM port profiles. For more information, see Configure Cisco Nexus.
                                              Step 5   Configure the following details to associate the second 500-agent virtual machines with the new VLAN:
                                              1. Log in to the Vcenter Server using VMware Infrastructure Client.
                                              2. Select a VM.
                                              3. Select Edit Settings.
                                              4. Select Network Adapters.
                                              5. Select the newly created VM port profile from the list.
                                              6. Click OK.

                                              Create Two-Way External Trust

                                              You must create a two-way trust between the service provider and the customer domain controllers for each customer instance for Unified CCDM. Before you create a two-way external trust you must Create Conditional Forwarders and Create Forwarders in both the service provider domain controller and the customer domain controller.

                                              Complete the following procedure to create a two-way external trust between the service provider domain controller and the customer domain controller.

                                              Create Conditional Forwarders

                                              Complete the following procedure to create conditional forwarder.

                                              Procedure
                                                Step 1   Go to DNS Manager.
                                                Step 2   Click the Conditional Forwarder.
                                                Step 3   Right-click and select New Conditional Forwarder.
                                                Step 4   Enter the DNS domain name.
                                                Step 5   In the IP address field, click and enter the NAT IP address of the customer domain.
                                                Step 6   Click OK and then click Apply.

                                                Create Forwarders

                                                Complete the following procedure to create forwarders.

                                                Procedure
                                                  Step 1   Go to DNS Manager.
                                                  Step 2   Right-click the domain name.
                                                  Step 3   Click Properties.
                                                  Step 4   Click the Forwarders tab and then click Edit.
                                                  Step 5   In the IP address field, click and enter the NAT IP address of the customer domain.
                                                  Step 6   Click OK and then click Apply.

                                                  Create Two-Way External Trust

                                                  Complete the following procedure to create a two-way external trust between the service provider domain controller and the customer domain controller.

                                                  Procedure
                                                    Step 1   Under Active Directory Domains and Trusts, right-click the domain.
                                                    Step 2   Right-click Properties.
                                                    Step 3   Click the Trust tab and then click New Trust.
                                                    Step 4   Click Next.
                                                    Step 5   Enter the customer domain name in the Name field and click Next.
                                                    Step 6   Select the option External Trust and then click Next.
                                                    Step 7   Select the option Two-way Trust and then click Next.
                                                    Step 8   Select the option Both this domain and specified domain and then click Next.
                                                    Step 9   Enter the authentication user name for the customer and a password for the specified domain and click Next.

                                                    You must have the administrator privileges to create the trust.

                                                    Step 10   Select the option Domain-wide authentication and then click Next until you reach Confirm Outgoing Trust screen.
                                                    Step 11   Select the option Yes, confirm the outgoing trust and then click Next.
                                                    Step 12   Select the option Yes, confirm the incoming trust and then click Next.
                                                    Step 13   Click Finish.