Jason,
Security methodology for DMZs varies quite a bit for different companies.
In some, there are ZERO connections from DMZ to LAN, in others it's just
restricted to acceptable levels of risk. With Puppet, there's no full-blown
Push method I'm aware of that you can use (you could possibly
Good day,
We are looking at managing our infrastructure in the dmz as we do our
internal nodes with puppet.
We are running multiple masters with foreman as our enc. R10k ensure the
manifests on all masters are updated regularly.
Does anyone have suggestion to integrate the dmz into our current
Hi.
We're thinking of ways to get our DMZ nodes managed by puppet, and in
the absence of a full-fledged push model we are thinking about
pointing puppets in our DMZ network at a bastion host running squid to
proxy back to our puppet master.
In this scenario, the single bastion host would have
On Thu, Oct 20, 2011 at 12:46 PM, Geoff Galitz ggal...@shutterstock.com wrote:
We're thinking of ways to get our DMZ nodes managed by puppet, and in
the absence of a full-fledged push model we are thinking about
pointing puppets in our DMZ network at a bastion host running squid to
proxy back
On Thu, Oct 20, 2011 at 12:46 PM, Geoff Galitz
ggal...@shutterstock.com wrote:
We're thinking of ways to get our DMZ nodes managed by puppet, and in
the absence of a full-fledged push model we are thinking about
pointing puppets in our DMZ network at a bastion host
running squid to
proxy
On Feb 11, 2011, at 20:00, Daniel Pittman wrote:
On Fri, Feb 11, 2011 at 00:40, Thorsten Biel thorsten.b...@porsche.de wrote:
On Feb 11, 2011, at 07:25, John Warburton wrote:
How do people get around the common rule that DMZ servers should not
initiate network connections back to the
On Mon, Feb 14, 2011 at 01:35, Thorsten Biel thorsten.b...@porsche.de wrote:
On Feb 11, 2011, at 20:00, Daniel Pittman wrote:
= On Fri, Feb 11, 2011 at 00:40, Thorsten Biel
thorsten.b...@porsche.de wrote:
On Feb 11, 2011, at 07:25, John Warburton wrote:
How do people get around the common rule
On Thu, Feb 10, 2011 at 22:25, John Warburton jwarbur...@gmail.com wrote:
Does anyone have any experiences with puppet in the DMZ they can share?
We looked at how to integrate puppet into a network that needed
medical-in-confidence certification back in Australia, which is
probably about the
Hi,
On Feb 11, 2011, at 07:25, John Warburton wrote:
Does anyone have any experiences with puppet in the DMZ they can share?
At my puppet master training (Hi Hunter), it was mentioned some people
compile their catalogs inside, then ship them out to servers in the DMZ to be
applied.
You can put a puppet server in the DMZ that you deploy puppet manifest
changes to via SSH, then only allow 8140 access to the dmz boxes. I
would say shipping catalogs out there is sort of overkill. You can also
make this master use a separate CA, etc. I think a few simple measures
like this
On Fri, Feb 11, 2011 at 00:40, Thorsten Biel thorsten.b...@porsche.de wrote:
On Feb 11, 2011, at 07:25, John Warburton wrote:
Does anyone have any experiences with puppet in the DMZ they can share?
[…]
How do people get around the common rule that DMZ servers should not
initiate network
On Feb 10, 2011, at 10:25 PM, John Warburton wrote:
Curse GW Bush and his 'Axis of Evil' - my google searches are contaminated
with hits to Korea, and other such fun...
Does anyone have any experiences with puppet in the DMZ they can share?
At my puppet master training (Hi Hunter), it
12 matches
Mail list logo