what is DMZ?
DMZ --> De militarized Zone (out of the secure network)
I believe the Blade infrastructure should work just as fine as in the network, setting up the infrastructure with Stricter RBAC and proper authentication (encryption) should work fine.
I think that you wanted to place your Appserver in the DMZ. Are you planning to have only the Appserver in DMZ or including the targets? Will your regular environment has the target servers? I feel that having a secured RBAC will be sufficient for you. Anyways, we might use only the 4750, 9840, 9841, and 9842 ports between the Appserver and the target. So, even if it
Since I've heard the term used differently by different customers, please clarify exactly how you're thinking about your DMZ. If you're talking about a traditional, Internet facing DMZ, then for the LOVE OF GOD don't put your BL infrastructure in there!
right - it really depends what you are trying to prevent and what 'nothing' in "ensure that nothing from our regular environment could be sent over to the DMZ, and vice versa." means.
you put bsa in the central/normal env.
you create a rbac role that can see/mange/deploy to the DMZ servers. no other role can see those servers, or any of the bsa content that this role creates. so only content that this role created can get pushed to the dmz servers. is that ok and not part of the 'nothing' above ?
the agents never initiate a connection to the appserver it's always a response back from a communication initiated from the appserver, so there is no communication from the dmz to anywhere in this scenario.
what is the concern w/ shared content here? many customers have a DMZ and they will use the same patching and other jobs to target the dmz systems as well as their internal systems because for the purposes of patching and other deploys they are the same.