How Do I Install a Notification Server in the DMZ?
search cancel

How Do I Install a Notification Server in the DMZ?

book

Article ID: 179236

calendar_today

Updated On:

Products

IT Management Suite Client Management Suite

Issue/Introduction

What considerations are there for installing a Notification Server in the DMZ?

NOTE: We do not support putting the SMP or Notification Server in the DMZ.  Cloud Enabled Management was introduced so that the SMP does not need to be in the DMZ.

Resolution

NOTE: We do not support putting the SMP or Notification Server in the DMZ.  Cloud Enabled Management was introduced so that the SMP does not need to be in the DMZ.

In ITMS 7.5 we introduced Cloud Enabled Management (CEM) to provide this type of functionality. Please refer to the ITMS 8.6 User Guide or Cloud-enabled Management for ITMS Whitepaper for further details.

If you require setting up a Notification Server in the DMZ even with the understanding that it is not supported, the following information is provided AS IS and is NOT intended to create a supported installation.

Items to consider

  • All communications between systems in the SMP platform are done by system name and a DMZ does not utilize DNS. DNS is needed in order to resolve the IP address of the Notification Server, Site Servers and clients. Therefore it is necessary to create Hosts files for every system in the DMZ to facilitate communications.
  • UNC package code bases should be disabled to systems not in the DMZ since those won't work across the DMZ firewall.
  • Another consideration in a DMZ is not using network throttling, since ICMP (ping) would be turned off there. The policies would try testing the network with ping and could not download its packages (Patch, Inventory...) due to a perceived failure in communication.

Monitoring Servers in this arena:

  • As long as all appropriate communication can take place between the Notification Server and the target machine, you can monitor servers that are located in a DMZ.

Ensure that the following minimum level communication can take place:

  • TCP Port 80 / 443 (2-way) to all target servers for Altiris Agent to Notification Server communication
  • TCP Port 1011 (2-way) to all target servers for Monitor Solution's Performance Monitor to Monitor Agent communication
  • Proper name resolution or hostname entries for all target servers from the Notification Server
  • If the servers in the DMZ are members of a different domain than the Notification Server, the trusts between both domains must be properly configured

Additional Information

Attachments

DMZ Architecture.vsd get_app