'Re: [Sisuite-users] Installing in a DMZ environment'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sisuite-users
Subject:    Re: [Sisuite-users] Installing in a DMZ environment
From:       Jason White <jason () jw2 ! org>
Date:       2003-08-28 2:42:06
[Download RAW message or body]

* Stroehmann, James (james.stroehmann@il.proquest.com) [030826 09:28]:
> There are a couple of ways to do this:

> 1) DMZ DHCP server. Have a dhcp server on the dmz that only systems on the
> DMZ lan can make requests to. This is probably the most secure way to do it.
> You could probably utilize one of the already existing servers out there to
> accomplish this.

Yeah, this might be an option.  We also use IBM's NIM (Network Installation
Manager) for AIX in our secure zone, and we're struggling with the
same issues of installing AIX in the DMZ.  NIM is basically a BOOTP
server, and the installation is similar to that of SIS and PXE.

> 2) have the router do "ip-helper". This will allow the router to appear as a
> DHCP server while it is just forwarding requests. (similar to
> port-forwarding, but probably less secure)

Might be tougher to sell, but could be possible.  

> 3) have a management network behind your DMZ. Some people have a management
> network that is only accessible from their DMZ specifically set up for
> things like backups, dhcp, etc.

To me, this would be a great option if we were only consistent with
our hardware.  Some boxes have dual NIC's for this purpose, and others
don't.  

> 4) Look into configuring the pxe boot process to have a static ip and
> next-server without going to the dhcp server. (no idea if this is doable)

Similar to #1, where we stick a PXE/DHCP/BOOTP server in the DMZ.

5) Re-wire the box during installation.  ;-)  I actually did this on
one box, and of course it worked fine.  I just had to re-IP the box
manually after it was built.

I guess I just wanted to make sure that I wasn't missing something,
and it sounds as if I'm not -- it's not designed to work out of the
box in this type of environment.

Thanks for your replies...

-J




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Sisuite-users mailing list
Sisuite-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sisuite-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic