First off, I just wanted to thank everyone for your contributions to this forum. The replies have helped me solve some issues in the past and I'm sure this will continue in the future.

I am a service provider and we have a number of clients that host their VMs with us. We currently backup their VMs for our protection (obviously) but we have requests from clients for a portal to manage their own backups. After some review, our plan is to implement an Enterprise Manager server and offer the web portal option through the Enterprise Manager server. Before we implement though, we are reviewing any best practices to ensure the system works properly. Here are some design considerations that we are considering, and I'd like some feedback as to recommendations:
- The B&R Server will be located in our MGMT Network, but should the EntMgr server sit there too, or in a DMZ?
- If the EntMgr server sits in the DMZ, a lot of ports need to be forwarded to B&R Server, vCenter Server and AD so I'm not sure which method is more secure
- If the EntMgr Server sits in the DMZ, am I good to just open up ports 9080 and 9443 to the world to expose the logon web site? Any other concerns with this type of setup?
I thank you all in advance for your responses and feedback and look forward to hearing from you soon.
Cheers,
R-Low