[Fusioninventory-user] DMZ deployment options

Guillaume Rousse guillomovitch at gmail.com
Wed Oct 31 15:47:43 UTC 2012

Le 31/10/2012 16:22, Benjamin Huntsman a écrit :
> Why not implement a small, stand-alone communication server front-end, based on a derivative of the OCS Communication Server, that can accept the inventory from the agent, and write it directly into the GLPI database?  This way, you could have a host in the DMZ running the Communication Server, and have firewall rules only allowing traffic to port 443, and on the back-end, firewall rules only allowing MySQL DB connections in to the GLPI DB server?
Nothing prevents you from using multiple GLPI servers sharing the same 
mysql database to achieve this setup. However, that's a bit twisted, and 
doesn't offer any actual advantage over allowing your DMZ host to open 
an https connection to the port 443 of a unique GLPI server outside the DMZ.

> The FusionInventory systems offers a lot of potential advantages, but due to these security concerns, I'm leaning toward sticking with OCS and a DMZ-based Communication Server.
I fail to see any security advantage in OCS. Especially after reading 
their source code.

BOFH excuse #64:

CPU needs recalibration

More information about the Fusioninventory-user mailing list