1 of 1 people found this helpful
An excellent question! You can absolutely replace the DMZ console if you change to the Cloud Agent. The only downside is you would need to reinstall the agent from the internal console to the agents that will be going in and out of the environment. You can also use the cloud provisioning feature to install an agent completely outside your environment.
So, a little bit on the security of the feature. The Console and Agent talk to the Cloud so neither has to open an inbound port. The ProtectCloud acts as the proxy between the two. Communication between console\cloud and agent\cloud is HTTPS web service calls using a token to provide mutual authentication. All policy and result data is encrypted so only the console and the agent can decrypt. The Cloud cannot decrypt your data only ensure delivery to authorized agents\console. All data is encrypted in transit and at rest. Results are picked up every 15 minutes so there is only a small windows of the results data being at rest before the console picks it up.
Hopefully this answers your questions.