Ravager0
Contributor
Contributor

DEM Firewall ports and HA

Just a question about DEM as I can't see to find any documentation on the site.

It seems from a client perspective it only needs to talk to the SMB shares, and it find these via AD.

If correct then the systems from a FW perspective just need SMB access?

 

Assuming the above is correct the DEM management server doesn't need to be highly available as long as the file shares are.

ie you can patch the dem server and everything will work you just won't be able to modify settings while the system reboots after patching.

So FW rules for the DEM server would just be HTTPS in (for remote access to the management console) and SMB access to the share to change stuff?

Ty in advance

 

Labels (1)
0 Kudos
2 Replies
VaseemMohammed
Enthusiast
Enthusiast

DEM Config file is stored in one of the SMB share that you define while configuring.
You can Install DEM application on any system and point it to the correct SMB share and you have a DEM console for making any changes (of course login to the system with a user that has permissions on Share).
I am not aware DEM can be accessed via https protocol as well.

0 Kudos
DEMdev
VMware Employee
VMware Employee

Hi @Ravager0,

The DEM agent only needs SMB access to the DEM configuration share and profile archive share. The Management Console only needs SMB access to the configuration share. There is no communication between the agent and the Management Console.

HTTPS does not apply (the DEM Management Console is a Windows application), and there are no other "protocol dependencies" either, apart from standard Windows stuff like AD access.