DMZ Server Installation

A DMZ (Demilitarized Zone) server provides a secure buffer zone between your internal network and external systems, enabling controlled communication for patch management, remote offices, and external integrations while maintaining network security.

A DMZ (Demilitarized Zone) server is a host or service placed within a DMZ network—a subnetwork that acts as a buffer between an organization's internal local-area network (LAN) and untrusted external networks, such as the Internet. The primary purpose of a DMZ server is to handle external-facing services, including web, email, DNS, and FTP servers, thereby adding an extra layer of security to the internal network.

By isolating these services in the DMZ, organizations can prevent direct access to their internal LAN, reducing the risk of unauthorized intrusion while enabling secure communication for ServiceOps features like patch management and remote office connectivity.

note

This document applies to Ubuntu (v22 and 24) and RedHat (v9.2 and 9.4) OS.

Pre-Installation

Prerequisites

This section outlines the requirements for setting up your DMZ server.

System Requirements

• Operating System: Ubuntu (v22 and 24) or RedHat (v9.2 and 9.4)
• Internet Connectivity: The system where the DMZ is installed must have access to the Internet
• Administrative Access: Root or sudo privileges for installation and configuration
• Network Access: Proper network configuration for DMZ zone

Network Requirements

• DMZ Port Access: Ensure that port 8085 is allowed through the firewall
• Network Isolation: Proper network segmentation for DMZ zone
• DNS Resolution: Proper DNS configuration for external communication
• Routing: Correct routing configuration for DMZ traffic

Security Requirements

• Firewall Configuration: Proper firewall rules for DMZ traffic
• Access Control: Restricted access to DMZ server
• Monitoring: Network monitoring and logging capabilities
• Backup Strategy: Backup and recovery procedures

Firewall Configuration

This section details the necessary firewall configurations for Ubuntu and RedHat.

Ubuntu Firewall Configuration

Checking Firewall Status

ufw status

Allowing Port 8085

ufw allow 8085

Verifying Configuration

ufw status numbered

RedHat Firewall Configuration

Checking Currently Allowed Ports

sudo firewall-cmd --list-ports

Allowing Port 8085 on Public Zone

`sudo firewall-cmd --zone=public --add-port=8085/tcp

Making Changes Permanent

sudo firewall-cmd --zone=public --add-port=8085/tcp --permanent
sudo firewall-cmd --reload

Verifying Configuration

sudo firewall-cmd --list-ports

Pre-Installation Checklist

This section details the checklist that helps preventing installation failures.

• DMZ Planning: Plan DMZ server deployment
• Internet Access: Verify internet connectivity
• Port 8085: Ensure port 8085 is accessible
• Security Configuration: Plan security configuration

---

Installation and Configuration

Installation Process

This section walks through the steps to install the DMZ server.

Step 1: Download the DMZ Server

1. Navigate to the ServiceOps Server where you want to install the DMZ server
2. Download the DMZ Server from the download links
3. Ensure the file is downloaded to a secure location

Step 2: Set Execution Permissions

1. Navigate to the directory containing the downloaded DMZ server file

2. Set execution permissions using the following command:

   chmod 777 MotadataDMZServer

Step 3: Execute the Installation

1. Run the executable file using the following command:

   ./MotadataDMZServer

2. The installation process will begin automatically
3. Monitor the installation progress through the terminal output

Step 4: Verify Installation

1. Check the service status using the following command:

   systemctl status ft-dmz-server

2. Verify that the service is running and active
3. Check for any error messages or warnings

Post-Installation Configuration

After installation, you may need to manage the service or verify network settings.

Service Management

Start the DMZ Server Service

sudo systemctl start ft-dmz-server

Stop the DMZ Server Service

sudo systemctl stop ft-dmz-server

Restart the DMZ Server Service

sudo systemctl restart ft-dmz-server

Enable Auto-Start on Boot

sudo systemctl enable ft-dmz-server

Check Service Logs

sudo journalctl -u ft-dmz-server -f

Network Configuration

Verify Port Listening

netstat -tlnp | grep 8085

Check Firewall Rules

# Ubuntu
sudo ufw status

# RedHat
sudo firewall-cmd --list-ports

Test Connectivity

telnet localhost 8085

ServiceOps Configuration

After installing the DMZ server, you need to configure it in ServiceOps.

Step 1: Access Proxy Server Configuration

1. Log in to ServiceOps as an administrator
2. Navigate to Admin > Organization > Proxy Server Configuration
3. Click the Add Proxy Server button

Step 2: Configure DMZ Server

1. Enter the following details:

   • Name: Enter a unique name for the DMZ server
   • Proxy Server Type: Select "DMZ"
   • Host: Enter the DMZ server IP address
   • Port: Enter port number 8085
   • Enable File Storage on DMZ: Activate this flag to download patch files on the DMZ server and transfer them to the File Server for deployment

2. Click Test Connection to verify connectivity

3. Click Add to save the configuration

Step 3: Enable DMZ Server

1. Once added, the DMZ server will appear in the list
2. Ensure the server is enabled (enabled by default)
3. The DMZ server will now be available for selection in:
   • Patch Settings > Update Patch Database
   • Patch Settings > Patch Storage Configuration (Remote office)
   • Admin > Patch Management > Remote Offices

Operations and Maintenance

Usage Scenarios

The DMZ server is useful in several key scenarios.

Patch Management

The DMZ server is particularly useful for patch management scenarios:

1. External Patch Downloads: Download patches from external repositories through the DMZ
2. Remote Office Distribution: Distribute patches to remote offices via the DMZ server
3. Security Isolation: Keep patch repositories isolated from internal networks

Remote Office Management

For organizations with multiple remote offices:

1. Centralized Control: Manage remote offices from a central location
2. Secure Communication: Enable secure communication between remote offices and central systems
3. Patch Distribution: Distribute patches and packages through the DMZ server

External Integrations

For external system integrations:

1. API Access: Provide secure API access to external systems
2. Webhook Support: Enable webhook communication through the DMZ
3. Third-party Integrations: Support integrations with external services

Troubleshooting

This section provides solutions for common issues and useful diagnostic commands.

Common Issues

Service Not Starting

Problem: DMZ server service fails to start

Solution:

# Check service status
sudo systemctl status ft-dmz-server

# Check logs for errors
sudo journalctl -u ft-dmz-server -n 50

# Restart the service
sudo systemctl restart ft-dmz-server

Port Access Issues

Problem: Port 8085 is not accessible

Solution:

# Check if port is listening
netstat -tlnp | grep 8085

# Check firewall rules
sudo ufw status  # Ubuntu
sudo firewall-cmd --list-ports  # RedHat

# Allow port if needed
sudo ufw allow 8085  # Ubuntu
sudo firewall-cmd --zone=public --add-port=8085/tcp --permanent  # RedHat

Network Connectivity Issues

Problem: DMZ server cannot communicate with external systems

Solution:

1. Verify internet connectivity
2. Check DNS resolution
3. Verify firewall rules
4. Test network connectivity to external systems

Diagnostic Commands

Check Service Status

systemctl status ft-dmz-server

View Service Logs

journalctl -u ft-dmz-server -f

Check Network Connectivity

# Test local port
telnet localhost 8085

# Test external connectivity
ping google.com

# Check DNS resolution
nslookup google.com

Verify File Permissions

ls -la MotadataDMZServer

Security Best Practices

Follow these best practices to ensure your DMZ server is secure.

Network Security

1. Isolation: Ensure proper network isolation for DMZ zone
2. Access Control: Restrict access to DMZ server to authorized personnel only
3. Monitoring: Implement network monitoring and logging
4. Regular Updates: Keep DMZ server updated with security patches

Configuration Security

1. Strong Authentication: Use strong authentication for DMZ server access
2. Encryption: Enable encryption for sensitive communications
3. Logging: Enable comprehensive logging for audit trails
4. Backup: Regular backup of DMZ server configuration

Operational Security

1. Access Management: Implement proper access controls
2. Incident Response: Have incident response procedures in place
3. Regular Audits: Conduct regular security audits
4. Documentation: Maintain detailed documentation of DMZ configuration

---

Further Reading

Related Topics

• File Server Installation: For file server installation and configuration
• System Requirements: For detailed system requirements
• Security Best Practices: For security configuration guidelines

Next Steps

After successfully installing and configuring the DMZ server:

1. Test Connectivity: Verify DMZ server connectivity with external systems
2. Configure ServiceOps: Set up DMZ server in ServiceOps proxy configuration
3. Test Patch Management: Verify patch download and distribution through DMZ
4. Monitor Performance: Set up monitoring for DMZ server performance
5. Document Configuration: Create detailed documentation of your DMZ setup