[Fusioninventory-user] DMZ deployment options
Benjamin Huntsman
BHuntsman at mail2.cu-portland.edu
Wed Oct 31 15:22:09 UTC 2012
Why not implement a small, stand-alone communication server front-end, based on a derivative of the OCS Communication Server, that can accept the inventory from the agent, and write it directly into the GLPI database? This way, you could have a host in the DMZ running the Communication Server, and have firewall rules only allowing traffic to port 443, and on the back-end, firewall rules only allowing MySQL DB connections in to the GLPI DB server?
The FusionInventory systems offers a lot of potential advantages, but due to these security concerns, I'm leaning toward sticking with OCS and a DMZ-based Communication Server.
Thanks!
________________________________________
From: fusioninventory-user-bounces+bhuntsman=mail2.cu-portland.edu at lists.alioth.debian.org [fusioninventory-user-bounces+bhuntsman=mail2.cu-portland.edu at lists.alioth.debian.org] on behalf of Gonéri Le Bouder [goneri at rulezlan.org]
Sent: Wednesday, October 31, 2012 3:45 AM
To: fusioninventory-user at lists.alioth.debian.org
Subject: Re: [Fusioninventory-user] DMZ deployment options
On Wed, Oct 31, 2012 at 08:53:14AM +0100, Guillaume Rousse wrote:
> Le 30/10/2012 20:55, Benjamin Huntsman a écrit :
> > So, is anything like that available, possible, or in the works?
> DMZ doesn't have any formal definition. What's your exact constraints, in
> term of network connections ?
Hi Benjamin and all,
I used a little script to collect inventory and store them in
a directory. After that, you can move these inventory files on another
machine outside of the DMZ and push them in the server with
fusioninventory-injectory.
I'd just created a page on the documentation regarding that:
http://www.fusioninventory.org/documentation/fi4g/dmz/
I think I will import collect.php in the agent source tree. For example
in the tools directory.
Best regards,
--
Gonéri
More information about the Fusioninventory-user
mailing list