How System Manager will work without PORT 80 to Open

Question

Problem Statement: We are using System Manager Service for patching our servers, but we are facing one challenge , The process of upgrading the servers are same like updating and patching server via downloading packages from UBUNTU repo over https .i.e. on PORT 80, but we can't open the port 80 as a security compliance on our servers.

Pls help and guide us, then how SMS will upgrade the servers and patch them. if PORT 80 is closed then "defaultbasepatchline" fails over the servers.

Thanks.

Pls help and guide us, then how SMS will upgrade the servers and patch them.
if PORT 80 is closed then "defaultbasepatchline" fails over the servers.

Thanks.

Answer

I'm guessing you mean port 80 outbound, so the host can connect to the repo and and download the packages? (Also do you mean port 443, since you mention HTTPS?) If allowing outbound traffic from your hosts to the internet isn't acceptable for your security compliance, you might be able to work around this by setting up a web proxy host in your VPC (e.g. running Squid). You can configure rules on the host to only allow clients to connect to trusted URLs, such as Ubuntu's repos, and then configure the clients to connect via that proxy.

You don't need port 80 open inbound (or any ports open inbound) for any component of SSM to operate, assuming that your firewall is stateful and allows return packets for connections which are created outbound.

How System Manager will work without PORT 80 to Open

관련 콘텐츠