Le 31/10/2012 16:22, Benjamin Huntsman a écrit :
Why not implement a small, stand-alone communication server front-end, based on
a derivative of the OCS Communication Server, that can accept the inventory
from the agent, and write it directly into the GLPI database? This way, you
could have a host in the DMZ running the Communication Server, and have
firewall rules only allowing traffic to port 443, and on the back-end, firewall
rules only allowing MySQL DB connections in to the GLPI DB server?
Nothing prevents you from using multiple GLPI servers sharing the same
mysql database to achieve this setup. However, that's a bit twisted, and
doesn't offer any actual advantage over allowing your DMZ host to open
an https connection to the port 443 of a unique GLPI server outside the DMZ.
The FusionInventory systems offers a lot of potential advantages, but due to
these security concerns, I'm leaning toward sticking with OCS and a DMZ-based
Communication Server.
I fail to see any security advantage in OCS. Especially after reading
their source code.
--
BOFH excuse #64:
CPU needs recalibration
_______________________________________________
Fusioninventory-user mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/fusioninventory-user
