Several issues related to network topology are relevant in planning the SSH Tectia Manager deployment. The Management Server needs to be accessible by the Management Agents running on the managed hosts, and needs to have a fully qualified domain name (FQDN). The management connection from the Management Agents to the Management Server is constantly open (although traffic can be minimal if no management operations are being performed), which poses some restrictions on the connection type.

Question 9: Where should the Management Server be located so that it is accessible to all the targeted managed hosts?

If all the managed hosts are in the same internal network, the Management Server may be located in the internal network. If some hosts connect from outside the network (for example, a branch office), the Management Server may need to be installed in the demilitarized zone (DMZ).

Question 10: Is DNS available throughout the targeted environment? SSH Tectia Manager uses DNS name lookups and needs a connection to functional domain name services.

Question 11: Are there firewalls between the targeted managed hosts and the planned location of the Management Server? The management connection uses TCP port 17235, which needs to be opened on possible firewalls. The connection is opened from the managed host to the Management Server.

Question 12: How is the network segmented?

Network segmentation may have relevance to the host groups created in SSH Tectia Manager, if network operations are typically performed or authorized per network segment.

Question 13: Is dynamic host configuration protocol (DHCP) used in the environment?

Managed hosts are identified by a unique identifier. In case information such as the IP address of a host changes, no duplicate entries appear on the Management Server. However, the Management Agent currently does not report changes to the host IP address unless it is restarted.

Question 14: If the managed hosts are geographically distributed, how are they connected to the network?

The management connection must be constantly open for the Management Agents to be able to access the Management Server. This may make, for example, hosts behind ISDN connections unsuitable for management.