1 Reply Latest reply on Mar 18, 2013 6:32 AM by Steffen Kreis

    Provisioning inside a DMZ

    Cliff Hungerford

      We're in negotiations with our Information Security department to use App servers in our internal network to build within our DMZ's.  We know we need to open up port 9831 to allow the newly-built servers to "check-in" for their post-build process, but can anyone provide details of what actually happens during the "check-in" process? 


      Our security office want to know exactly what vulnerabilities we'd be facing by opening a port to our internal network from our less-secure DMZs.



        • 1. Re: Provisioning inside a DMZ
          Steffen Kreis

          Hi Cliff,


          from my understanding this port (9831) is used during the provisioning process by the BMI binary to communicate with the BL-Appserver and receive instructions for each setp in the process (Pre-Install, Disk-Partion, etc etc....)


          According to some snippets from here https://docs.bmc.com/docs/display/public/bsa82/Configuring+DHCP

          this communication done via SSL.



          Which OS are you trying to provision, and will there be any BL infra components inside the DMZ ?

          As if not, you will need to open much more ports in order to get a full provisioning-process working


          Some examples:

          - DHCP & PXE: 67, 68, 69 UDP

          - Windows-Share: 138,139,445 TCP ( if you provision Windows OS)

          - RSCD agent: 4750 TCP



          1 of 1 people found this helpful