/build/static/layout/Breadcrumb_cap_w.png

Is it safe to have the Kacev1000 on the DMZ so it can be publicly facing?

We have been having issues reaching a lot of our mobile devices with KACE scripts and updates. We want to put our KACE SMA on the DMZ so we can have our mobile devices be able to make receive scripts from the KACE appliance. Is this a viable way of doing that? Or is that too insecure?


0 Comments   [ + ] Show comments

Answers (4)

Posted by: jleitsch 3 years ago
Purple Belt
0

It is entirely viable as long as you follow best practice at the firewalls. We do not have a DMZ but instead use NAT for our appliance with only the public IP port 443 forwarded. This allows for agent communication and User/Admin interface from the outside also.

Here are the port/url requirments
https://support.quest.com/kb/111775/which-network-ports-and-urls-are-required-for-the-kace-sma-appliance-to-function



Posted by: KevinG 3 years ago
Red Belt
0

You may want to refer to this knowledge base article.  Best Practices for Securing your SMA (267753)

https://support.quest.com/kb/267753/best-practices-for-securing-your-sma


Posted by: anonymous_132002 3 years ago
White Belt
0

Been doing this all along, though, currently exploring limiting the admin portal to trusted IPs using the ACL

Posted by: Hobbsy 3 years ago
Red Belt
0

Perfectly safe, particularly if you upgrade to v11 of the SMA which introduces token authentication for any device checking in

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ