Open Satellite Server to the world?

Latest response

Hi,
At my work we have folks who have RHEL systems at home. I have been asked to open our firewall so that they can be managed with our Satellite Server. I'm "new" to Satellite, so I'm a little nervous about opening our Satellite server to "the world" -- is this actually ok?
-dave

Responses

I think it is a matter of your security posture on the subject and what you are using Satellite for? Are you provisioning systems for people? or just supplying errata? Are you providing configuration management? If it's just errata, then have them subscribe to the Red Hat Hosted Subscription Manager; they can pull updates that way.

If you have to expose Satellite to the internet I would at least suggest exposing a capsule in a DMZ or Secured Network at a minimum and not expose the Satellite server itself.

If it was me and I was asked to do this? I would probably create an a separate organization for these systems and have them served by a capsule exposed.

But it all depends on your level of risk aversion.

Hi David,

If I did understand it correctly, you have a company who runs RHEL and some colleges asked you to give them access to the system from their home machines. It is a matter of whom you trust in and when you trust those "folks", then you might consider to let them in - but this is something that you'll definitely have to decide yourself and well, to be honest, I wouldn't agree to something like that.

Regards,
Christian

Noooo! Don't Do It, Dave! Why?

1) You've got to poke holes in your firewall that are not justified by the business. How would you explain it if your company were hacked through one of those (bidirectional) open ports?

2) Those firewall holes will be pointing AT YOUR SATELLITE SERVER.

3) You don't own the machines that will be getting the RPM updates, and those machines have nothing to do with your business.

4) You KNOW the first time something blows up on the home machines, you'll be on the hook to provide a solution, right?

5) Why are they not running CentOS at home?

"No good deed goes unpunished", as my late father in law used to say...

James

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.