This section includes information on locating Address Manager in your network, such as factors affecting the placement of Address Manager and DNS/DHCP Server appliances in your network as well as the required and optional ports used by Address Manager and DNS/DHCP Server.
Address Manager should always be installed in a trusted part of the network. If you require remote access to Address Manager within the trusted part of the network, the use of a virtual private network (VPN) is recommended. Topology designs should take into account that Address Manager is designed for use on the internal network and does not contain its own firewall.
DNS/DHCP Server appliances contain a packet-filtering firewall that is dynamically configured according to the services in use on the appliance. Therefore, DNS/DHCP Server appliances can be safely deployed in any part of the network. DNS/DHCP Server is designed to be secure for use on hostile network segments, such as in DMZ environments.
Address Manager needs to be accessible to administrators and it needs to contact other servers. Address Manager also must be able to receive notifications from the servers it is managing. Address Manager and DNS/DHCP Server both require communication on various TCP and UDP ports depending on the services that are configured on the appliances. For information on services and ports, refer to Address Manager service ports and DNS/DHCP Server firewall requirements.
Address Manager makes possible many different types of server topologies. Traditional DNS best practices still apply to much of the topology of a Address Manager-designed network. Beyond the recommendation that Address Manager reside in a trusted part of the network, the rest of the topology can change.