SCSP - Management Server topology to maintain zone-segregation of endpoints
Struggling to find any information about SCSP management server topologies to maintain segregation (as distinct from high-availability)
I am working with a client that has both public facing and highly restrictive systems, and currently has a high degree of segregation between them (e.g. no direct connections from a low security zone to a high security zone, management must reside in a zone which is at least as secure as the zones it is managing)
If the standard SCSP topology was used, agents in both low and high security zones could initiate connections to the same management server. This introduces the possibility that tomcat and/or network stack vulnerabilties could be exploited and used to cross between zones. While this risk is probably low, it would be preferable to avoid it by using separate management servers for low and high zones. It would be preferable to maintain a single pane of administration (i.e. shared database) to avoid additional operational management complexity. i.e. Agents in each security zone connect to management servers in that security zone, all management servers connect to single database in a database zone as per http://www.symantec.com/docs/TECH112965
Are there any existing patterns for this kind of topology, or an alternative solution that would address this risk?