none
What is the best practice for installing SCCM 2012 SP1 for internet/intranet based clients

    Question

  • We have a need to send software distribution, software updates, and Allow remote control for clients for both the internet and intranet.

    I have seen people talk about Direct Access but it is not in scope for this project.  I have also seen adding a box out in the DMZ for internet clients only.  What about certs and pki?  I found the following link but is it still relevant for my SCCM version?

    http://technet.microsoft.com/en-us/library/bb693602

    Is there a similar page for SCCM 2012?  If there is i have not found it yet.

    I have an intranet only environment set up today. Can somebody point me in the right direction on the best practice and how to add internet based clients?

    It is an SCCM 2012 SP1, Server 2012, SQL 2012, WSUS 6.X env.  Latest and greatest.

    Update. i just found this thread 

    http://social.technet.microsoft.com/Forums/en-US/97871685-ff53-404c-b9f9-3980b9a849f0/internet-based-client-management-server-in-sccm-2012-sp1

    So i should be able to create a site in the dmz, for internet facing clients.  But what I am a bit confused about is how does the dmz site get the deployments info from the internal site?  How do the 2 talk, or do they?


    Cyndy


    Wednesday, July 24, 2013 6:05 PM

All replies

  • Remote Tools is not supported for internet clients.  The MP/DP in the DMZ is deployed as a site server just like any other server.  Just have to make sure they can communicate.  On smaller clients, they were ok with just forwarding ports to the internal servers. 

    Here is the link I have used to set up IBCM in CM2012.

    http://technet.microsoft.com/en-us/library/gg682023


    • Edited by Mike H Leach Thursday, July 25, 2013 8:04 PM IBCM
    Thursday, July 25, 2013 8:03 PM
  • That first link to the ConfigMgr 2007 documentation can still be applied to ConfigMgr 2012.

    You can create a site fully in your DMZ, or put an MP/DP in your DMZ. The MP needs to be able to communicate with SQL for the site so if your site is in the intranet there needs to be either a replica for the MP, or the MP needs a direct communication channel. There does not need to be domain trust between the two networks.

    I hope this helps a bit.


    Check out my Configuration Manager blog at http://aka.ms/ameltzer

    Monday, July 29, 2013 7:54 PM
  • This is more what I was looking for thanks.

    Still doing some more research.  So I may have more questions down the line.

    I would think the Site in the intranet, and MP/DP in the dmz is a more secure way to configure the environment?


    Cyndy

    Monday, August 05, 2013 4:57 PM