Pull Server for DMZ computers

Welcome Forums DSC (Desired State Configuration) Pull Server for DMZ computers

This topic contains 4 replies, has 3 voices, and was last updated by

 
Participant
1 year, 12 months ago.

  • Author
    Posts
  • #66661

    Participant
    Points: 0
    Rank: Member

    Can anyone tell me the best place to place a pull server on a network? Am I wrong in thinking that it would be more secure to keep the pull server in my core network and open up HTTPS to my DMZ clients rather than keeping a separate DMZ pull server in the DMZ to serve DMZ computers?
    I'm thinking if a computer in the DMZ got compromised they could have the potential also get on to the pull server to see all the MOF's of my DMZ servers. I mean I says this is a DMZ but its a zone that is basically servers with specific opened ports to the outside world (HTTPS, FTP, SMTP ETC ETC) not every port.

  • #66697

    Keymaster
    Points: 1,811
    Helping HandTeam Member
    Rank: Community Hero

    It'd be good to have the pull server behind a firewall, yes. The risks of someone getting to it in a way that lets them see all your MOFs is minimized; you can further protect by not making those a shared folder and by permission them appropriately.

  • #66714

    Participant
    Points: 1
    Rank: Member

    Do you have many servers in DMZ? If not, do you really need them to use Pull model ? It may be better to have them in push mode and keep DMZ isolated.

  • #66732

    Participant
    Points: 0
    Rank: Member

    About 200 or so.

    • #66894

      Participant
      Points: 1
      Rank: Member

      Do you have inbound ports open?
      You mentioned 'outside ports'

The topic ‘Pull Server for DMZ computers’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort