ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
What should be considered when installing the Altiris Agent on a server in the DMZ?
book
Article ID: 181463
calendar_today
Updated On:
Products
IT Management Suite
Issue/Introduction
Question What should be considered when installing the Altiris Agent on a server in the DMZ?
Environment
ITMS 7.x, 8.x
Resolution
Answer Communications:
The Altiris Agent communicates over Port 80 or Port 443, by default. Port 80 or Port 443 must be opened, or another port utilized.
Networking:
A DMZ does not utilize DNS. DNS is needed in order for the client to resolve the IP address of the Notification Server. And so it's necessary to put the Notification Server Name into the system's Windows\System32\drivers\etc\Hosts file.
Other items to consider:
Define an Notification Server Site for the DMZ subnets, and not assign any Package Server to that site (unless of course there is a Package Server in the DMZ).
UNC package codebases should be disabled to systems in the DMZ since those won't work across the DMZ firewall.
Another consideration in a DMZ is not using network throttling, since ICMP (ping) would be turned off there. The policies would try testing the network with ping and could not download its packages (Patch, Inventory...)
Additional Information
179610 "Installing Altiris Agent to a workstation outside a DMZ"