Bomgar Appliance Network Infrastructure

DNS: Each Bomgar Appliance needs a physical connection to the network and a separate IP address. Additionally, a Domain Name System (DNS) record for each appliance is recommended, along with the DNS A Record or a Canonical Name (CNAME) record pointing to the appliance. Since any customers you support using Bomgar use the public portal name you give them to request remote support, the simple yet descriptive name is the best approach. For instance, a company named 'Example' might use support.example.com for their DNS record.

Some companies have network standards and guidelines for DNS names that may increase the complexity of the site name. For instance, the 'Example' company might require every DNS name to include the geographical region and department within the name, such as usa.hr.example.com. This name is difficult to use and remember. In this instance, the best practice is to create a CNAME that ultimately points to the appliance and public site. The CNAME is usa.hr.example.com, as shown below:

support.example.com

CNAME

usa.hr.example.com

usa.hr.example.com

A

192.0.2.23

Here is one more example, using the common foo bar terminology:

foo.example.com

CNAME

bar.example.com

bar.example.com

A

192.0.2.23

Deployment Options

Appliance in the DMZ

DMZ Deployment (recommended): Deploying the appliance into a perimeter-based DMZ segment meets security best practice standards and is Bomgar's recommended location for the secure deployment of the device. A DMZ, or de-militarized zone, is a network that is protected by access control mechanisms. Access control may be provided by a firewall device, a router, or a switch that provides port and address filtering capabilities. The purpose of the DMZ is to limit access to systems that are deployed within it. In the case of the Bomgar Appliance, the DMZ will limit connectivity to the device and allow access only to the appropriate ports.

Appliance external deployment

External Deployment: In situations where a DMZ does not exist and is not possible due to technical or business constraints, the Bomgar Appliance may be deployed external to the perimeter firewall. The appliance consists of a hardened operating system and applications that are designed to be directly accessible.

 

 

Appliance internal deployment

Internal Deployment: Deploying the Bomgar Appliance on an internal network segment is ideal when the support base is completely internal or accessible through a VPN. No firewall changes are required because the device and all of the supported clients are internal to the firewall. In environments where the supported users or systems are external to the firewall, Bomgar recommends this deployment location only in the event that a DMZ does not exist or when the appliance cannot be deployed externally. An internal deployment of the appliance requires numerous changes to the environment and a solid understanding of perimeter firewall controls and Network Address Translation.