CA Service Management

We are looking to stand up a server or two in the DMZ for Service Catalog. Our issue is the shared location for the file store is on the internal network. We are trying to figure out our options and I was wondering anyone has set this kind of arrangement up. We are not able to use an account to run as the service as there is no trust between our DMZ and Internal networks. Is there another way we can do authentication to the file store from Catalog?

Hi Benjamin,

Access rules between these zones would be a security risk so your option here is to connect to the DMZ servers from the LAN using the public IP of the firewall.

So, the traffic will go out to the WAN and then from the WAN to the DMZ as if you were connecting from outside.

To achieve this you can create a loopback NAT policy to translate the source IP of the LAN PC's to the WAN interface IP and then translate to the server.

This is the most secure way to communicate.

You might as well want to involved you networks team to provide a better understanding of these environments for communication, if not Google it.

Thats a good idea. I would assume it means our entire catalog environment would be in the DMZ with this method, though. I am working on getting our various teams involved to discuss all this. Thank you.