If the server on the DMZ is not on a domain (sometimes machines on DMZ are on workgroup, strange but true) then you'll have to use an SQL user for your database
Ok, my DMZ is in a workgroup not its own domain and yes there are security reasons for this but I came to this environment with this setup already
Now, the question is...should I create a local SQL user for this type of setup (i.e. - Solution 1) or go with Solution 2?
At this point, I'm not sure which one would be better for my environment, easier/harder to configure or maintain, etc.
Well there's a difference between using an Agent Handler or an ePO Server in a DMZ environment because Agent Handler needs less open ports to work.
If you have a look at this withe paper (page 13 and 14) you'll see how it works and what ports need to be opened:
And for the SQL user have a look at this, I think it may help:
That did it!
Awesome, thanks for referring me to these documents. I found that I was missing opening up the SQL port 1433 thru the firewall from the DMZ back to internal network, so the diagram of ports used and their direction paths helped a lot.
Then the other document explaining the creation and use of a local SQL account was dead on and after applying both configurations that these documents explained, I was able to successfully install the Agent Handler in my DMZ.
Thanks for all your help!