Pull Server for DMZ computers

Can anyone tell me the best place to place a pull server on a network? Am I wrong in thinking that it would be more secure to keep the pull server in my core network and open up HTTPS to my DMZ clients rather than keeping a separate DMZ pull server in the DMZ to serve DMZ computers?
I’m thinking if a computer in the DMZ got compromised they could have the potential also get on to the pull server to see all the MOF’s of my DMZ servers. I mean I says this is a DMZ but its a zone that is basically servers with specific opened ports to the outside world (HTTPS, FTP, SMTP ETC ETC) not every port.

It’d be good to have the pull server behind a firewall, yes. The risks of someone getting to it in a way that lets them see all your MOFs is minimized; you can further protect by not making those a shared folder and by permission them appropriately.

Do you have many servers in DMZ? If not, do you really need them to use Pull model ? It may be better to have them in push mode and keep DMZ isolated.

About 200 or so.

Do you have inbound ports open?
You mentioned ‘outside ports’