systemcentercommunity
Your community resource for Microsoft's System Center family of products
Forums » Operations Manager » System Center Operations Manager 2007 » SCOM Gateway in the DMZ

SCOM Gateway in the DMZ

Previous | Next
Latest post 12-01-2009 10:52 AM by DesparateDan. 0 replies.

  • 12-01-2009 10:52 AM

    SCOM Gateway in the DMZ

    Reply |Contact

     

    (Sorry for the long long long post below)

    Please could you help with the customer query we have below.

     

    Customer Scenario

     

    Our customers servers that are in Domain-B require to be monitored remotely from a SCOM Management Group in Domain-A

     

    There are no trusts between Domain-A and Domain-B

     

    Our customer does not want to allow a SCOM gateway server in Domain B to communicate directly with the SCOM Management Group in Domain-A as this goes against the customers security policy.

     

    Our customer is insisting that we install the SCOM gateway servers in the customer DMZ in their own workgroup to provide remote monitoring.

     

    Based on the above scenario please could you advise on the following options we now believe we have.

     

    Option 1

     

    Option 1 would be as follows.

     

    We install a SCOM gateway server in a workgroup in the customers DMZ and we install agents and certificates on each server in Domain-B to be monitored . The servers in Domain-B communicate with the Gateway server in the DMZ. Then the Gateway server in the DMZ communicates back to the SCOM management group in Domain-A.

     

    This option is not desirable  to us as there are 60 plus servers and we are concerned about the initial deployment time and then managing the certificates when they expire in the future.

     

    In summary SCOM communication path is as flows.

     

    Agents & certs on servers in domain-B  à standalone gateway server in DMZ  à  SCOM management group in Domain-A.

     

     

    Option 2

     

    Option 2 would be as follows but we do not know if it is technically achievable.

     

    We install a SCOM gateway server in a workgroup in the customers DMZ and then we install a gateway server in the customers Domain-B. We then install agents on the servers in Domain-B to be monitored and these agents communicate directly with the SCOM gateway server in Domain-B.

     

    The SCOM gateway server in Domain-B then communicates with the gateway server in the workgroup in the customers DMZ. Then the  SCOM gateway server in the workgroup in the customers DMZ then communicates back to the SCOM management  group in Domain-A

     

    In summary SCOM communication path is as flows.

     

    Agents on servers in domain-B  à  gateway server in domain-B à standalone gateway server in DMZ  à SCOM management group in Domain-A

     

     

    Thanks in advance.

     

     

     
    Filed under:
Page 1 of 1 (1 items) | RSS
Copyright @ 2008 Silect Software Inc.
Powered by Community Server (Commercial Edition), by Telligent Systems
Microsoft System Center Operations Manager Management Pack Configuration Manager Configuration Pack DCM Desired Configuration Monitoring