How Do I Install a Notification Server in the DMZ?
search cancel

How Do I Install a Notification Server in the DMZ?

book

Article ID: 179236

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

Question
What considerations are there for installing a Notification Server in the DMZ?

Resolution

Answer
NOTE: Currently we do not support SMP Notification Server in the DMZ. There are plans for this type of approach in a future release.

In ITMS 7.5 we introduced Cloud Enabled Management (CEM) to provide this type of functionality. Please refer to the ITMS 8.6 User Guide or CEM 8.6 Whitepaper for further details.

If you require setting up a Notification Server in the DMZ even with the understanding that it is not supported, the following information is provided AS IS and is NOT intended to create a supported installation.

Items to consider

  • All communications between systems in the SMP platform are done by system name and a DMZ does not utilize DNS. DNS is needed in order to resolve the IP address of the Notification Server, Site Servers and clients. Therefore it is necessary to create Hosts files for every system in the DMZ to facilitate communications.
  • UNC package code bases should be disabled to systems in the DMZ since those won't work across the DMZ firewall.
  • Another consideration in a DMZ is not using network throttling, since ICMP (ping) would be turned off there. The policies would try testing the network with ping and could not download its packages (Patch, Inventory...) due to a perceived failure in communication.

Monitoring Servers in this arena:

  • As long as all appropriate communication can take place between the Notification Server and the target machine, you can monitor servers that are located in a DMZ.

Ensure that the following minimum level communication can take place:

  • TCP Port 80 (2-way) to all target servers for Altiris Agent to Notification Server communication
  • TCP Port 1011 (2-way) to all target servers for Monitor Solution's Performance Monitor to Monitor Agent communication
  • Proper name resolution or hostname entries for all target servers from the Notification Server
  • If the servers in the DMZ are members of a different domain than the Notification Server, the trusts between both domains must be properly configured

Additional Information

Cloud-enabled Management Whitepaper for ITMS 8.1

Cloud-enabled Management Whitepaper for ITMS 8.6

Attachments

DMZ Architecture.vsd get_app
Powered by Wolken Software