I have a situation where management wants to isolate all of our enclave networks but still patch with the main BigFix server that’s on our main network. Just one of those enclave networks WILL be allowed to reach out and communication bidirectionally to my main BigFix server on our main corporate network. And from within the chosen enclave network, it will be allowed to talk to all the remaining enclave networks. What do I need to do to accomplish this?
So, it will look something like this…
#0 MY CORP NETWORK (MAIN BF SERVER)
#1 Enclave network that will be allowed to communicate bidirectionally to CORP network main BF server ( maybe a relay?)
#2 through #7 enclaves allowed to report to the #1 server in the first enclave network. These servers are NOT allowed to talk to BF main server directly, only to #1 network.
My question really is, what type of server needs to be in the first enclave that’s allowed to talk bidirectionally to the main BigFix server? Will a relay work, with all other enclave network servers configured to point to that relay server, or do I need something else? Like maybe a DSA server?
Did that make sense? Currently all these servers connect to my BF server, but management wants tighten down the network enclaves a bit… so, I’m trying to figure out the best way to continue patching with BF.
Thanks in advance!