> Here is a case where you trust the machines, but do not trust Joe. > > Commonly, trusted servers are deployed on network segments that are > separate from untrusted users - via Ethernet segments or VLANs. It > is also possible to use VPNs to provide functional separation of > servers from users, if separate Ethernet tiers is not possible.
Sure, but in this case some users still needs access to these servers. But I was thinking about have those servers logging into the gateway/authpf via some boot script and then keeping that connection open. >> And what about other kinds of access? Now I get a brand new box in >> that needs a fresh installation of some Linux distribution that we >> install over HTTP. This new box doesn't come with a SSH console and >> the install disk doesn't provide a console with SSH during >> installation. > The provisioning if performed on the untrusted network, would require > the distribution server to be accessible. Simple enough with a pass > rule to your organization's deployment server. We don't run with a deployment server, but maybe this is one use case in which all the different OS'es we use could be deployed over network boot. However, we do a lot of testing on many different distributions etc., but maybe in this particular case a isolated segment can be created. Kind regards.