DNS and Medulla Relay views in the DMZ

In a Medulla architecture, arelay can be placed in the DMZ to allow external devices to access the platform without directly exposing the internal Medulla server if you do not have a VPN.

Since the Medulla agent configuration is unique across the entire network, it supports only a single domain name. To allow machines to reach the server from both the private network and the outside via this single address, the use of a single domain name coupled with DNS views (Split-Horizon) or a Round-Robin is required.

DNS Views

Principle

A DNS view allows different responses to be provided for the same name depending on the origin of the request.

Internal workstations → internal Medulla server
External workstations → Medulla relay in the DMZ

Benefits

Only one DNS name to configure
No configuration differences on the workstations
The internal Medulla server is not exposed
Clear and secure architecture

Key points

DNS views automatically route endpoints to the correct Medulla access point, while maintaining a single name and simple configuration.

Reference article on Bind9: https://kb.isc.org/docs/aa-00851

Round-Robin

Additionally, if you do not wish to configure DNS Views, you can opt for an alternative solution by implementing a Round-Robin mechanism. This mechanism distributes requests across multiple IP addresses associated with the same domain name, ensuring a balanced distribution of connections.

To do this, you need to follow two steps:

Define the internal IP address of the main Medulla server.
Define the public IP address of the DMZ relay server.

Network requirements for Medulla SaaS

Client Accounts (Status & Visibility)

Deployment (broadcasting)

Packages

Remote Maintenance & Getting Started

Deployment (broadcasting)

Remote Maintenance & Getting Started

FLUX Test

Firewall

IMAGING Prerequisites

Active Directory

I already have a PXE server on my network. Is that a problem?

Simplified flowchart of Medulla

OIDC

DNS and Medulla Relay views in the DMZ

Filter machine types by GLPI ID

Your GLPI with Read-Only User

Disable convergence for the Extract drivers package

Configuration Guide: OIDC Authentication and User Synchronization

Increase the connection timeout to the interface

Activation Support / WSUS / CVE

Change the server's FQDN

Change the SSH port between Server and Client

GLPI - Connect an external GLPI

Network requirements for Medulla Private SaaS

Client Accounts (Status & Visibility)

Deployment (broadcasting)

Packages

Console & Administration

Remote Maintenance & Getting Started

Client Accounts (Status & Visibility)

Packages

Console & Administration

Remote Maintenance & Getting Started

Set the agent to Debug

Windows Agent Issue

Introduction

ACLs

ACLs continued

Console & Administration

Deployment (broadcasting)

Packages

Updates (Windows Updates)

Imaging menus

Client Accounts (Status & Visibility)

GPO

Reconfigure my agent

Generate Windows and Linux agents

Agents for the MINT Linux distribution

Uninstalling the Medulla Agent (Versions prior to 5.5.2)

Uninstalling Medulla Agent Version 5.5.2 and later

Architecture and Deployment of Medulla Relay Servers

Procedure for adding relays to Medulla Dedicated SaaS

Medulla Update - 5.4.x to 5.5.x

DNS and Medulla Relay views in the DMZ

DNS Views

Principle

Benefits

Key points

Round-Robin