Hi
I have a complicated question so I hope I can explain it clearly. I have a request from management to put JIRA, Confluence in the DMZ. We also want Stash and Bamboo linked to JIRA.. We would like to use CROWD for single sign on in the DMZ. Has anyone had to setup this type of configuration and if so what steps did you take to ensure a secure environment? Should we just have all these products internal? Stash and Bamboo, regardless of where they reside will need to access data internallyy–if they are put in the DMZ there would be holes in the firewall that could cause a breach in security.
Any input on ways that you have ensured a secure environment would be greatly appreciated.
Thanks
Kathy
Hi Kathy,
Should we just have all these products internal?
No, since Stash and Bamboo has source codes from the software that you are developing, I recommend you to keep this inside of your network. Just run applications into your DMZ if they don’t have confidential information.
Also, the DMZ configuration will depends of your network architecture and if you are thinking to use two or three legged DMZ.
I agree with Balazs that a Reverse proxy might be less painful and more useful on this case than a DMZ.
Regards,
Renato Rudnicki
sounds like you're going to have some holes in your firewall no matter how you do it. Not that that necessarily means it's not secure.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Instead of putting these servers in the DMZ and thus making them available on the internet, I would suggest to set up a reverse proxy to access these resources from the outside. This way there is only one contact point towards the internet and any security holes in Jira/Stash/Bamboo/whatever else are not directly available to exploit from the outside.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.