Mario, for the use case in question, the one step migration is to burn updates to optical media, both so that they have a record of the transfer, and so they don't use re-writable media.
I believe that the approval process will involve updating reference non-air-gapped host(s) to prove the updates don't break their software, then burn media and update the air-gapped satellite. I'm blissfully outside of their adminisphere. Thanks, Allan On 2015/10/28 15:17, Mario Obejas wrote: > I assume you are already versed in how to sync up a repository of > reference rpms, etc, in the classical case. > > For an air gapped target, two methods. > A. Some of our folks in classified areas would use EPEL to procure the > rpms, transport manually through the air gap, sync once a <period> or on > a rare special event basis. > > The hurdle was always higher though to get program approval to actually > update anything. If that is not an issue, and you have a well documented > process (where are you getting the updates, how are you ensuring > non-tamper when transporting manually, etc), the process can be > straightforward though it has the one required manual step. > > B. If you can automate one way transfers through a VPN or equivalent to > eliminate the manual transfer, I have seen that done for transporting > patches and updates to a nontrusted network. > > ------------------------------------------------------------------------ > *From:* Allan West <[email protected]> > *To:* [email protected] > *Sent:* Wednesday, October 28, 2015 9:50 AM > *Subject:* [lopsa-tech] Air-Gapped Satellite Server? > > I am interested in chatting off-list with anyone who has deployed an > air-gapped Red Hat Satellite server. A unit at $WORK has a need to > update RHEL boxes in their air-gap systems, and they're looking for > information on the most straight forward way to do so. > > If there's a simpler / cheaper means than deploying a Satellite server, > I'd be interested to know, but the requirement is for Red Hat Enterprise > Linux. > Thanks, Allan > _______________________________________________ > Tech mailing list > [email protected] <mailto:[email protected]> > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > > _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
