I need opinions. We would like to stand up a Blade Center in our DMZ. We would like the management connections run to our main network so we can manage the frame itself. The VCs for the blades will follow the traditional set up of a DMZ. they will be run through the firewalls. The blades are stateless. All data is stored on a SAN.
So I'm in a discussion with my network people. They feel that since the chassis lives in the DMZ, all connections to the chassis should stop there and it should be physically cut off from the network.
My position is that the management connections don't "expose" a security risk. Therefore, we would be fine running those connections outside the firewall.
I also know that you can't see nor move the data that lives on SAN via the management ports.
Is there anyone that is using a blade chassis in there DMZ that can shed some light on this?
I have to believe that we are not the only people using a blade chassis this way.