[Fusioninventory-user] DMZ deployment options
Guillaume Rousse
guillomovitch at gmail.com
Wed Oct 31 15:47:43 UTC 2012
Le 31/10/2012 16:22, Benjamin Huntsman a écrit :
> Why not implement a small, stand-alone communication server front-end, based on a derivative of the OCS Communication Server, that can accept the inventory from the agent, and write it directly into the GLPI database? This way, you could have a host in the DMZ running the Communication Server, and have firewall rules only allowing traffic to port 443, and on the back-end, firewall rules only allowing MySQL DB connections in to the GLPI DB server?
Nothing prevents you from using multiple GLPI servers sharing the same
mysql database to achieve this setup. However, that's a bit twisted, and
doesn't offer any actual advantage over allowing your DMZ host to open
an https connection to the port 443 of a unique GLPI server outside the DMZ.
> The FusionInventory systems offers a lot of potential advantages, but due to these security concerns, I'm leaning toward sticking with OCS and a DMZ-based Communication Server.
I fail to see any security advantage in OCS. Especially after reading
their source code.
--
BOFH excuse #64:
CPU needs recalibration
More information about the Fusioninventory-user
mailing list