Due to how certificates work, the powerschool servers must reside in the remc1.net domain. We use a redirect on webservices.remc1.net to move users into the correct place. The reason we do this instead of just using a CNAME to point from ps.SCHOOLDOMAIN.org to psschool.remc1.net is that the CNAME keeps the ps.SCHOOLDOMAIN.org URL (alias style) so the *.remc1.net cert will not work since the URL is SCHOOLDOMAIN.net. The redirect below changes the URL in the end user's browser; when they type in ps.SCHOOLDOMAIN.org, it will actually change the URL to psschool.remc1.net.
The PS redirect file is located on web6, /etc/apache2/sites-enabled/010-powerschoolRedirects.conf
Example
I will use the CCISD as an example. On the CCISD website there is a link to PowerSchool which points to http://powerschool.copperisd.org. This is a CNAME to webservices.remc1.net. Inside webservices there is a virtual host that does a redirect to pscopperisd.remc1.net. pscopperisd will differ from the inside and the outside. On the inside DNS this is CNAMEed to the current PowerSchool server (at time of writing that is ps2copperisd.remc1.net). On the outside that is an A record to the one public IP that is held by the PowerSchool server for the CopperISD. I have also inserted CNAMES for all the ps1, ps2, ectetc. on the outside to point towards it's A record.
As you can see, the way the virtual host is setup will cause the same name to be resolved on the outside as well as the inside. On the outside the VIP will never change, so that's the A record. Where as on the inside the host may so that's the CNAME. . You will need to reload apache on the web server in order for the new virtual host config to take hold.
So, in short, the 2 things you need to change to drop a new PowerSchool server in will be:
- The inside IP for the virtual IP on the fortigate
- Add a new DNS record for the new server
- The inside DNS CNAME
Configs for example purposes:
Outside | Inside |
---|
psadams.remc1.net. IN A 208.68.25.14 ps1adams.remc1.net. IN CNAME psadams.remc1.net. ps2adams.remc1.net. IN CNAME psadams.remc1.net. ps3adams.remc1.net. IN CNAME psadams.remc1.net. psbaraga.remc1.net. IN A 208.68.24.157 ps1baraga.remc1.net. IN CNAME psbaraga.remc1.net. ps2baraga.remc1.net. IN CNAME psbaraga.remc1.net. psbessemer.remc1.net. IN A 208.68.25.30 ps1bessemer.remc1.net. IN CNAME psbessemer.remc1.net. ps2bessemer.remc1.net. IN CNAME psbessemer.remc1.net. pscia.remc1.net IN A 208.68.26.36 pscopperisd.remc1.net. IN A 208.68.25.46 ps1copperisd.remc1.net. IN CNAME pscopperisd.remc1.net. ps2copperisd.remc1.net. IN CNAME pscopperisd.remc1.net. pscts.remc1.net. IN A 208.68.25.60 ps1cts.remc1.net. IN CNAME pscts.remc1.net. ps2cts.remc1.net. IN CNAME pscts.remc1.net. psdollarbay.remc1.net. IN A 208.68.25.81 ps1dollarbay.remc1.net. IN CNAME psdollarbay.remc1.net. ps2dollarbay.remc1.net. IN CNAME psdollarbay.remc1.net.
psetc.remc1.net. IN A 208.68.25.100 ps1etc.remc1.net. IN CNAME psetc.remc1.net. ps2etc.remc1.net. IN CNAME psetc.remc1.net. psfp.remc1.net. IN A 204.38.48.161 ps1fp.remc1.net. IN CNAME psfp.remc1.net. ps2fp.remc1.net. IN CNAME psfp.remc1.net.
psgoisd.remc1.net. IN A 208.68.25.124 ps1goisd.remc1.net. IN CNAME psgoisd.remc1.net. ps2goisd.remc1.net. IN CNAME psgoisd.remc1.net.
pshan.remc1.net. IN A 208.68.25.150 ps1han.remc1.net. IN CNAME pshan.remc1.net. ps2han.remc1.net. IN CNAME pshan.remc1.net.
pshoughton.remc1.net. IN A 208.68.25.129 ps1houghton.remc1.net. IN CNAME pshoughton.remc1.net. ps2houghton.remc1.net. IN CNAME pshoughton.remc1.net.
psironwood.remc1.net. IN A 208.68.25.160 ps1ironwood.remc1.net. IN CNAME psironwood.remc1.net. ps2ironwood.remc1.net. IN CNAME psironwood.remc1.net.
psll.remc1.net. IN A 208.68.25.178 ps1ll.remc1.net. IN CNAME psll.remc1.net. ps2ll.remc1.net. IN CNAME psll.remc1.net.
psoasd.remc1.net. IN A 208.68.25.212 ps1oasd.remc1.net. IN CNAME psoasd.remc1.net. ps2oasd.remc1.net. IN CNAME psoasd.remc1.net. psremc1.remc1.net. IN A 208.68.24.29 powerschool.remc1.net. IN CNAME psremc1.remc1.net. ps1remc1.remc1.net. IN CNAME psremc1.remc1.net. ps2remc1.remc1.net. IN CNAME psremc1.remc1.net. pswakefield.remc1.net. IN A 208.68.25.237 ps1wakefield.remc1.net. IN CNAME pswakefield.remc1.net. ps2wakefield.remc1.net. IN CNAME pswakefield.remc1.net. pswatersmeet.remc1.net. IN A 208.68.25.241 ps1watersmeet.remc1.net. IN CNAME pswatersmeet.remc1.net. ps2watersmeet.remc1.net. IN CNAME pswatersmeet.remc1.net.
| ;PowerSchool DNS CNAME psadams IN CNAME ps19adams psbaraga IN CNAME ps19baraga psbessemer IN CNAME ps19bessemer pscia IN CNAME ps19cia pscopperisd IN CNAME ps19copperisd pscts IN CNAME ps19cts psdollarbay IN CNAME ps19dollarbay psetc IN CNAME ps19etc psfp IN CNAME ps19fp psgoisd IN CNAME ps19goisd pshan IN CNAME ps2han pshoughton IN CNAME ps19houghton psironwood IN CNAME ps2ironwood psll IN CNAME ps19ll psoasd IN CNAME ps19oasd psremc1 IN CNAME ps19remc1-01 pswakefield IN CNAME ps19wakefield pswatersmeet IN CNAME ps19watersmeet psstanton IN CNAME ps19stanton ;New Powerschool servers ps3adams IN A 172.16.30.1 ps2baraga IN A 172.16.30.2 ps2bessemer IN A 172.16.30.3 ps2copperisd IN A 172.16.30.4 ps2cts IN A 172.16.30.5 ps2dollarbay IN A 172.16.30.6 ps2etc IN A 172.16.30.7 ps2fp IN A 172.16.30.8 ps2goisd IN A 172.16.30.9 ps2han IN A 172.16.30.10 ps2houghton IN A 172.16.30.11 ps2ironwood IN A 172.16.30.12 ps2ll IN A 172.16.30.13 ps2oasd IN A 172.16.30.14 ps2remc1 IN A 172.16.30.15 ps2wakefield IN A 172.16.30.16 ps3watersmeet IN A 172.16.30.17 ps2stanton IN A 172.16.30.18 ;old powerschool servers ps1adams.remc1.net. IN CNAME ps2adams.remc1.net. ps2adams.remc1.net. IN A 172.16.20.177 ps1baraga.remc1.net. IN A 172.16.20.174 ps1bessemer.remc1.net. IN A 172.16.20.145 ps1copperisd.remc1.net. IN A 172.16.20.144 ps1cts.remc1.net. IN A 172.16.20.143 ps1dollarbay.remc1.net. IN A 172.16.20.142 ps1etc.remc1.net. IN A 172.16.20.153 ps1fp.remc1.net. IN A 172.16.20.6 ps1goisd.remc1.net. IN A 172.16.20.141 ps1han.remc1.net. IN A 172.16.20.172 ps1houghton.remc1.net. IN A 172.16.20.140 ps1ironwood.remc1.net. IN A 172.16.20.139 ps1ll.remc1.net. IN A 172.16.20.171 ps1oasd.remc1.net. IN A 172.16.20.148 ps1remc1.remc1.net. IN A 172.16.20.137 ps1wakefield.remc1.net. IN A 172.16.20.147 ps1watersmeet.remc1.net. IN A 172.16.20.138 ps1stanton.remc1.net. IN A 172.16.20.159 |
|
|