Does a Proxy in a DMZ need access to the central file share?
I'm setting up a proxy only in a DMZ (SAML auth, passes everything else through to Central node). The machine isn't part of the domain as part of the DMZ security. Of course we're also trying to minimise the ports & services which need holes in the firewall between the internal network and the DMZ (as well as the DMZ and the web of course).
What does a Proxy need access to in the central file share?
ArchivedLogs - as of Sept release I assume it doesn't need access to this if you're using the logging database.
Apps / CustomData / StaticContent - only the Engine needs access to these, right? Or does the Proxy need access to Extensions or anything?
I'm wondering if we need to open up file sharing at all...
I am also in similar situation, recommended architecture is to place IIS Server with Reverse proxy, by a consultant. I would like to know if we place QS Proxy server ... will I be able add this node to the central node in local network. What are the ports to be opened from Proxy server in DMZ to central node and from central node to this proxy?