KACE SMA in DMZ
Is anyone running their appliance in a DMZ? It makes me paranoid, but I find it tedious to log in to the VPN from my phone, to access the mobile app to check on tickets, etc.
this is an usual setup. Just make sure the right ports are open or forwarded (for check in and using the webui port 80 and 443 are needed, if you put the SMA outside of your intranet you should invest into a SSL certificate and use 443 only)
I had used Quest's KACE as a Service, where they host it for you, for 5 years. While not in the DMZ exactly, it's completely outside of the network, and you have to have a VPN tunnel to connect internally to do things like LDAP authentication. We did not had any problems with it, but we also have almost all the security options checked. 2FA was not one of them, but only one person had admin rights, and they were good about their password. That was me.