7 Replies Latest reply on Mar 16, 2016 9:39 AM by lfah2000

    Move SVA and Offload Scan Servers with Agent Handlers in a DMZ

    McDuff

      Hello

       

      Wondering if anyone has had any experience using MOVE SVA and Offload Scan Servers with Agent Handlers which are located in a DMZ and clients that are in an untrusted network and untrusted domain.

       

      Currently, without MOVE, all clients in an untrusted network talk only with their Agent Handler (located in a DMZ), and the Agent Handler in turn has firewall rules opened to the domain controller, SQL server, and ePO server.

       

      My question is, if we decide to install MOVE on these clients, will these clients also have to talk directly with their SVA Manager and OSS server, or will this communication occur via the Agent Handler?  If clients need to talk directly to the SVA Manager and OSS servers, should these servers be in the DMZ?  If clients need to talk directly to these servers, and the servers are not in the DMZ, wouldn't that mean we'd have to open up ports between the clients and the SVA and OSS, which would defeat the purpose of the Agent Handler?

       

      Any advice would be appreciated.