[Fusioninventory-user] DMZ deployment options

Benjamin Huntsman BHuntsman at mail2.cu-portland.edu
Wed Oct 31 15:22:09 UTC 2012

Why not implement a small, stand-alone communication server front-end, based on a derivative of the OCS Communication Server, that can accept the inventory from the agent, and write it directly into the GLPI database?  This way, you could have a host in the DMZ running the Communication Server, and have firewall rules only allowing traffic to port 443, and on the back-end, firewall rules only allowing MySQL DB connections in to the GLPI DB server?

The FusionInventory systems offers a lot of potential advantages, but due to these security concerns, I'm leaning toward sticking with OCS and a DMZ-based Communication Server.

From: fusioninventory-user-bounces+bhuntsman=mail2.cu-portland.edu at lists.alioth.debian.org [fusioninventory-user-bounces+bhuntsman=mail2.cu-portland.edu at lists.alioth.debian.org] on behalf of Gonéri Le Bouder [goneri at rulezlan.org]
Sent: Wednesday, October 31, 2012 3:45 AM
To: fusioninventory-user at lists.alioth.debian.org
Subject: Re: [Fusioninventory-user] DMZ deployment options

On Wed, Oct 31, 2012 at 08:53:14AM +0100, Guillaume Rousse wrote:
> Le 30/10/2012 20:55, Benjamin Huntsman a écrit :
> >    So, is anything like that available, possible, or in the works?
> DMZ doesn't have any formal definition. What's your exact constraints, in
> term of network connections ?
Hi Benjamin and all,

I used a little script to collect inventory and store them in
a directory. After that, you can move these inventory files on another
machine outside of the DMZ and push them in the server with

I'd just created a page on the documentation regarding that:

I think I will import collect.php in the agent source tree. For example
in the tools directory.

Best regards,

More information about the Fusioninventory-user mailing list