I know several companies which use an Agent Handler (Whitepaper) in their DMZ. But this can easily be seen as a security issue, so this risk has to be thoroughly calculated.
Apart from that, I don't know any other possibility than that the roadwarriors have to VPN into the company at least once a day.
As Frank said, an Internet facing Agent Handler is probably your best bet unless you require all systems to be VPN connected.
If you do place an Agent Handler either internally or externally, they must have a low-latency connection to SQL. This is because the Agent Handler is maintaining an always active connection to the SQL database. Also, when new versions of ePO come out, your ePO server and Agent Handlers must always be on the same version. Additionally, you do add the burden of patching an additional server, along with any patches provided by Intel Security.
Review the white paper that Frank linked to, and evaluate if adding an Internet facing agent handler is right for you.
Thanks a lot frank - very helpful!
I guess this will help us managing not-(corporate-LAN)-connected systems. BTW: VPN is possible and available but we prefer secure Citrix Thin Client based remote access providing a secure desktop as part of the secured internal infra.
Re the security issues - do you see more then the normal consideration in terms of having servers in the DMZ providing any kind of services (so harding and tiering etc)?
Thanks a lot tomz2.
If we go for the Agent I assume the IT Team will consider it as it is a known topic in the community.
As soon as I got the product hint from frank I reviewed additional information and got some additional information on that. Also the white-paper is a good starting point but not very detailed.
Apart from normal DMZ consideration, you should take into account, that the Agent Handler also has full access to the ePO database, so potential security issues with ePO (Agent Handler is nothing more than a "simple" ePO) must be addressed ASAP.
Edit: You could also contact support. Perhaps they can provide hardening hints.