ESX server is on DMZ to be on HP hardware and VC(2.5) on the internal LAN. Server based licensing to be used and the Flex lic server is on the same server as VC

Ability to deploy software on ESX by use of ILO by Admins (both Console & Virtual media access)

Ability for the app support to remote to VM's in DMZ to manage VM's only and deploy sofware. Preferably if app support can load the app themselves and if not possible admin does if for them. mstsc/landesk/sms/dameware,etc is not allowed.

Ability to deploy software from Altiris RDP server which is inside the internal LAN

DNS name resolution to be allowed.

Company operates a strict policy and ports need to be kept to a bare minimum

******************************************************************************************************************************************************************************************************

Current Ports to be opened and solution that i can think off

ESX to Flex lic server (27000 &27010), ESX to Vcenter/Web (443 and 903/UDP), VI to ESX(902&903), ILO to ESX(23 &17988), DNS(53 TCP/UDP)

Other than adding IP helper ipaddresses on Switches is there any ports required for altiris RDP server VM deployment? Is the risk of using RDP more than the benefit?

App support team to be given access via "Generating Remote Console URL" for VM's on VC. And admin teams put the software for them on VM's. Is there a better solution to this?

If we used host based licensing, would 27000 and 27010 still needs to be open on the firewall

Suggest any ports that can be added or removed, or anything else usefull. Thanking you