https://community.intel.com/t5/Intel-vPro-Platform/Intel-EMA-and-Dual-Zoning-Homing/m-p/1685207#M12763 <P>Hi Sylvester,</P><P><BR /></P><P>Greetings!</P><P><BR /></P><P>We see that you are looking for Dual Homing / Zoning for utilizing both Internal trusted and External Untrusted communication as well with two NIC's.</P><P><BR /></P><P>In your scenario, you are considering dual-homing the Intel Endpoint Management Assistant (EMA) server to allow it to communicate with both internal and external networks. Dual-homing involves configuring a server with two network interfaces (NICs), each connected to different networks, to facilitate communication across distinct network zones. Here’s how you can approach this setup:</P><P><BR /></P><P>Considerations for Dual-Homing Intel EMA Server:</P><P><BR /></P><P>Network Configuration:</P><P>Trusted Network NIC: Connect one NIC to the trusted internal network where the SQL database resides. This NIC will handle secure communications with internal resources.</P><P>Untrusted Network NIC: Connect the second NIC to the untrusted external network, which might be used for communication with the Swarm Server or other external services.</P><P><BR /></P><P>Security Implications:</P><P>Isolation: Ensure that the two networks are properly isolated to prevent unauthorized access from the untrusted network to the trusted network.</P><P>Firewall Rules: Implement strict firewall rules to control traffic between the two networks, allowing only necessary communications.</P><P>Access Control: Use access control lists (ACLs) and security policies to manage which services and ports are accessible on each NIC.</P><P><BR /></P><P>Routing and DNS:</P><P>Routing Configuration: Configure routing rules to ensure that traffic is correctly directed through the appropriate NIC based on the destination network.</P><P>DNS Settings: Ensure that DNS settings are configured to resolve internal and external addresses correctly, depending on the network interface.</P><P><BR /></P><P>Network Security:</P><P>VPN or Tunneling: Consider using VPNs or secure tunneling protocols to encrypt traffic between the EMA server and external services, enhancing security.</P><P>Monitoring: Implement network monitoring to detect and respond to any suspicious activity on either network interface.</P><P><BR /></P><P>Azure Configuration:</P><P>Azure Networking: Utilize Azure’s networking features, such as Network Security Groups (NSGs) and Virtual Network (VNet) configurations, to manage and secure traffic between the EMA server and other resources.</P><P>Subnets: Place each NIC in separate subnets to maintain clear separation between trusted and untrusted networks.</P><P><BR /></P><P><BR /></P><P><BR /></P><P>Steps to Implement Dual-Homing:</P><P><BR /></P><P>Provision Additional NIC:</P><P>In Azure, provision an additional NIC for the EMA server and attach it to the appropriate virtual network.</P><P><BR /></P><P>Configure Network Interfaces:</P><P>Assign IP addresses and configure network settings for each NIC according to the requirements of the trusted and untrusted networks.</P><P><BR /></P><P>Set Up Security Rules:</P><P>Define firewall rules and security policies to control traffic flow between the two networks, ensuring that only authorized communications occur.</P><P><BR /></P><P>Test Connectivity:</P><P>Test connectivity to ensure that the EMA server can communicate with both internal and external resources as intended.</P><P><BR /></P><P>Monitor and Maintain:</P><P>Continuously monitor network traffic and security logs to ensure the setup remains secure and functional.</P><P>By carefully configuring dual-homing for the Intel EMA server, you can achieve the desired connectivity while maintaining security across different network zones. If you encounter any challenges, consulting with network security experts or Azure support can provide additional guidance.</P><P><BR /></P><P>Please feel free to revert any further queries!</P><P><BR /></P><P>Best Regards</P><P>Arun</P><P>Intel Customer Support Technician</P><P>intel.com/vPro</P><BR /> Thu, 24 Apr 2025 21:31:08 GMT Arun_Intel1 2025-04-24T21:31:08Z https://community.intel.com/t5/Intel-vPro-Platform/Intel-EMA-and-Dual-Zoning-Homing/m-p/1680140#M12753 <P>I have a scenario whereby my Intel EMA Server and my Swarm Server, which are both located in Azure, cannot simulataneously communicate with the SQL Database for security reasons.</P><P>&nbsp;</P><P>I want to understand if it would be possible to dual zone / dual home the Intel EMA Server to allow connectivity both internally as well as externally. One NIC would be on a trusted network, and the other NIC will be on the untrusted network.</P> Thu, 03 Apr 2025 08:54:31 GMT https://community.intel.com/t5/Intel-vPro-Platform/Intel-EMA-and-Dual-Zoning-Homing/m-p/1680140#M12753 Sylvester 2025-04-03T08:54:31Z https://community.intel.com/t5/Intel-vPro-Platform/Intel-EMA-and-Dual-Zoning-Homing/m-p/1685207#M12763 <P>Hi Sylvester,</P><P><BR /></P><P>Greetings!</P><P><BR /></P><P>We see that you are looking for Dual Homing / Zoning for utilizing both Internal trusted and External Untrusted communication as well with two NIC's.</P><P><BR /></P><P>In your scenario, you are considering dual-homing the Intel Endpoint Management Assistant (EMA) server to allow it to communicate with both internal and external networks. Dual-homing involves configuring a server with two network interfaces (NICs), each connected to different networks, to facilitate communication across distinct network zones. Here’s how you can approach this setup:</P><P><BR /></P><P>Considerations for Dual-Homing Intel EMA Server:</P><P><BR /></P><P>Network Configuration:</P><P>Trusted Network NIC: Connect one NIC to the trusted internal network where the SQL database resides. This NIC will handle secure communications with internal resources.</P><P>Untrusted Network NIC: Connect the second NIC to the untrusted external network, which might be used for communication with the Swarm Server or other external services.</P><P><BR /></P><P>Security Implications:</P><P>Isolation: Ensure that the two networks are properly isolated to prevent unauthorized access from the untrusted network to the trusted network.</P><P>Firewall Rules: Implement strict firewall rules to control traffic between the two networks, allowing only necessary communications.</P><P>Access Control: Use access control lists (ACLs) and security policies to manage which services and ports are accessible on each NIC.</P><P><BR /></P><P>Routing and DNS:</P><P>Routing Configuration: Configure routing rules to ensure that traffic is correctly directed through the appropriate NIC based on the destination network.</P><P>DNS Settings: Ensure that DNS settings are configured to resolve internal and external addresses correctly, depending on the network interface.</P><P><BR /></P><P>Network Security:</P><P>VPN or Tunneling: Consider using VPNs or secure tunneling protocols to encrypt traffic between the EMA server and external services, enhancing security.</P><P>Monitoring: Implement network monitoring to detect and respond to any suspicious activity on either network interface.</P><P><BR /></P><P>Azure Configuration:</P><P>Azure Networking: Utilize Azure’s networking features, such as Network Security Groups (NSGs) and Virtual Network (VNet) configurations, to manage and secure traffic between the EMA server and other resources.</P><P>Subnets: Place each NIC in separate subnets to maintain clear separation between trusted and untrusted networks.</P><P><BR /></P><P><BR /></P><P><BR /></P><P>Steps to Implement Dual-Homing:</P><P><BR /></P><P>Provision Additional NIC:</P><P>In Azure, provision an additional NIC for the EMA server and attach it to the appropriate virtual network.</P><P><BR /></P><P>Configure Network Interfaces:</P><P>Assign IP addresses and configure network settings for each NIC according to the requirements of the trusted and untrusted networks.</P><P><BR /></P><P>Set Up Security Rules:</P><P>Define firewall rules and security policies to control traffic flow between the two networks, ensuring that only authorized communications occur.</P><P><BR /></P><P>Test Connectivity:</P><P>Test connectivity to ensure that the EMA server can communicate with both internal and external resources as intended.</P><P><BR /></P><P>Monitor and Maintain:</P><P>Continuously monitor network traffic and security logs to ensure the setup remains secure and functional.</P><P>By carefully configuring dual-homing for the Intel EMA server, you can achieve the desired connectivity while maintaining security across different network zones. If you encounter any challenges, consulting with network security experts or Azure support can provide additional guidance.</P><P><BR /></P><P>Please feel free to revert any further queries!</P><P><BR /></P><P>Best Regards</P><P>Arun</P><P>Intel Customer Support Technician</P><P>intel.com/vPro</P><BR /> Thu, 24 Apr 2025 21:31:08 GMT https://community.intel.com/t5/Intel-vPro-Platform/Intel-EMA-and-Dual-Zoning-Homing/m-p/1685207#M12763 Arun_Intel1 2025-04-24T21:31:08Z https://community.intel.com/t5/Intel-vPro-Platform/Intel-EMA-and-Dual-Zoning-Homing/m-p/1687183#M12822 <P>Hi Sylvester,</P><P><BR /></P><P>Greetings!</P><P><BR /></P><P>Thank you for contacting Intel, please feel free to revert for any further query!</P><P><BR /></P><P>Thanks &amp; Regards</P><P>Arun</P><P>Intel Customer Support Technician</P><BR /> Fri, 02 May 2025 23:01:38 GMT https://community.intel.com/t5/Intel-vPro-Platform/Intel-EMA-and-Dual-Zoning-Homing/m-p/1687183#M12822 Arun_Intel1 2025-05-02T23:01:38Z