Is it possible to setup a proxy release agent for on-prem TFS 2018?

0
votes

I am looking for a way to use onprem TFS 2018 release pipeline for deploying a web solution to a cluster of multiple servers in a locked down PCI environment.

For security reasons we cannot link target servers to TFS server directly, i.e. connecting multiple release agents directly. Instead I am looking for a way to create something like a proxy agent in the PCI environment which would sit between TFS and end point release agents and pass all commands and packages from TFS to them. Does TFS allow this kind of configuration? Is there any workable alternative for my scenario?

Many thanks

1
tfsreleaserelease-management

1 Answers

0
votes

Yes, kind of. You can't use deployment groups in this kind of scenario and there's no way around it. But you can still do deployments.

Install an agent on a machine that has network access to both TFS and to your secured environments. That agent can then retrieve artifacts from TFS and push them to your secured environments.

You can then use tasks like "Windows Machine File Copy" and "Run PowerShell on Target Machine" to stage the artifacts on the secured servers and run configuration/installation scripts on them. If you're not using Windows, the same thing applies except you'll have to use the tasks that are more specifically keyed to non-Windows environments like SSH File Copy.