Hi Len, You could create a NAT rule and pass that through to your KMS server. I would set some ACLs on your firewall to only accept traffic from your public ip range (which is assigned to your tenant VMs/Virtual Routers). Sysprep can be used to point to the FQDN for that KMS server.
KMS agents activation usually use SRV records to find the KMS server. Maybe worth doing something funky with DNS to make it work (may be a little complicated as the dnssearch suffix for your tenants may be different). Thanks Paul --- Kind Regards Paul Sanders Mob: 07988 725 883 Mail: paul.sander...@googlemail.com On 5 April 2013 12:13, Oliver Leach <oliver.le...@tatacommunications.com>wrote: > You could write a script that runs once on boot, say after sysprep has > completed, that registers the Windows instance with a public facing KMS > server that is only accessible in your environment, for example, the public > IP ranges supplied in Cloudstack that your instances use as a source NAT to > access the internet. The lock down would be done on your firewall. > > The script could be a batch file or a vbs script and the command would > look like this: > > c:\windows\slmgr.vbs -skms <public-ip-address-of-kms-server> > > HTH > > Oliver Leach > Platform Architect > InstaCompute > Mobile +44 (0) 7787 690 607 > > > > -----Original Message----- > From: Len Bellemore [mailto:len.bellem...@controlcircle.com] > Sent: Friday, April 05, 2013 11:44 AM > To: users@cloudstack.apache.org > Subject: Windows Product Activation and KMS Server > > Hi Guys, > > Anyone have a solution for activating Windows instances using a KMS server? > > Given that the KMS server needs to be publicly available to Cloud users, > but not to general internet traffic, we need to make the KMS server > available in a semi-secure area. How do I get the instances to activate > against my KMS? > > Are people informing customers that they need to configure outbound > internet access on their virtual routers so that they can activate against > Microsoft's servers? How can I get them to authenticate on my KMS server > that is on my network? > > Thanks > Len >
