Just a question about DEM as I can't see to find any documentation on the site.
It seems from a client perspective it only needs to talk to the SMB shares, and it find these via AD.
If correct then the systems from a FW perspective just need SMB access?
Assuming the above is correct the DEM management server doesn't need to be highly available as long as the file shares are.
ie you can patch the dem server and everything will work you just won't be able to modify settings while the system reboots after patching.
So FW rules for the DEM server would just be HTTPS in (for remote access to the management console) and SMB access to the share to change stuff?
Ty in advance
DEM Config file is stored in one of the SMB share that you define while configuring.
You can Install DEM application on any system and point it to the correct SMB share and you have a DEM console for making any changes (of course login to the system with a user that has permissions on Share).
I am not aware DEM can be accessed via https protocol as well.
The DEM agent only needs SMB access to the DEM configuration share and profile archive share. The Management Console only needs SMB access to the configuration share. There is no communication between the agent and the Management Console.
HTTPS does not apply (the DEM Management Console is a Windows application), and there are no other "protocol dependencies" either, apart from standard Windows stuff like AD access.