I have a complicated question so I hope I can explain it clearly. I have a request from management to put JIRA, Confluence in the DMZ. We also want Stash and Bamboo linked to JIRA.. We would like to use CROWD for single sign on in the DMZ. Has anyone had to setup this type of configuration and if so what steps did you take to ensure a secure environment? Should we just have all these products internal? Stash and Bamboo, regardless of where they reside will need to access data internallyy–if they are put in the DMZ there would be holes in the firewall that could cause a breach in security.
Any input on ways that you have ensured a secure environment would be greatly appreciated.
Instead of putting these servers in the DMZ and thus making them available on the internet, I would suggest to set up a reverse proxy to access these resources from the outside. This way there is only one contact point towards the internet and any security holes in Jira/Stash/Bamboo/whatever else are not directly available to exploit from the outside.
Should we just have all these products internal?
No, since Stash and Bamboo has source codes from the software that you are developing, I recommend you to keep this inside of your network. Just run applications into your DMZ if they don’t have confidential information.
Also, the DMZ configuration will depends of your network architecture and if you are thinking to use two or three legged DMZ.
I agree with Balazs that a Reverse proxy might be less painful and more useful on this case than a DMZ.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG