none
SCCM Native VS Mixed mode

    Question

  • Good Day,

     

    I am implementing SCCM 2007 R3 in my environment. I do not have a exisiting SMS implemetation.

    I will have one Central/Primary Site and 13 secondary sites. The primary site has about 200 users and the secondary sites ahve about 100 clients in each.

    I have no Internet clients. all my client will be ussing SCCm through my network and maybe some features (remote support) through VPN.

     All my sires are conencted over a MPLS.

    I do not have an exisitng CA or PKI infrastructure.

    1. I am planning on installing SCCM in mixed mode. Please advise on the pitfalls of doing this.

    2.Why would i implent a CA and setup SCCM in native mode in my specific environment?

    3. For native mode do i need a CA and PKI infrastructure or will a CA suffice.

     

    Thank you in advance.

     

     

     

     

     

    Friday, September 23, 2011 1:40 PM

Answers

  • Choose between native and mixed mode is the best document or article which can answer your question.

    http://technet.microsoft.com/en-us/library/bb632431.aspx

    My personally openion after looking at your above metioned points to go with Mixed mode.

     

    Or if you can wait for some more time. Just wait for the realse of SCCM 2012 and install that.


    Anoop C Nair - Twitter @anoopmannur

    MY BLOG:  http://anoopmannur.wordpress.com

    SCCM Professionals

    This posting is provided AS-IS with no warranties/guarantees and confers no rights.


    • Edited by Anoop C Nair Friday, September 23, 2011 1:57 PM
    • Marked as answer by Sabrina Shen Wednesday, September 28, 2011 8:41 AM
    Friday, September 23, 2011 1:49 PM
  • As someone that has never been in mixed mode I can tell you that you need to have a good person managing the CA.  Hopefully your company already has a CA setup.  If not you can use external certs with some modifications but as previously state Native mode can be a beast to troubleshoot.  It will also put a larger strain on the Primary's because all traffic is encrypted and must be decrypted by the server.  It adds a level of security that some people want but the biggest advantage is the internet based MP.  CA is part of a PKI infrastructure. 

    You need to do several things to move to Native mode. http://technet.microsoft.com/en-us/library/bb680464.aspx  using Fully Quallified Domain Names is also required so hopefully this is supported inside your network.

    It all comes down to what you want to accomplish and what security measures you want.  Otherwise you can stay in Mixed mode and upgrade to Native at a later date.


    http://www.sccm-tools.com http://sms-hints-tricks.blogspot.com
    • Marked as answer by Sabrina Shen Wednesday, September 28, 2011 8:41 AM
    Friday, September 23, 2011 3:36 PM

All replies

  • I wouldn't add the complexity of native mode unless I wanted to support internet based clients. I've been doing SCCM since the day it released and have yet to do a native mode install.

     


    John Marcum | http://myitforum.com/cs2/blogs/jmarcum/|
    Friday, September 23, 2011 1:47 PM
  • Choose between native and mixed mode is the best document or article which can answer your question.

    http://technet.microsoft.com/en-us/library/bb632431.aspx

    My personally openion after looking at your above metioned points to go with Mixed mode.

     

    Or if you can wait for some more time. Just wait for the realse of SCCM 2012 and install that.


    Anoop C Nair - Twitter @anoopmannur

    MY BLOG:  http://anoopmannur.wordpress.com

    SCCM Professionals

    This posting is provided AS-IS with no warranties/guarantees and confers no rights.


    • Edited by Anoop C Nair Friday, September 23, 2011 1:57 PM
    • Marked as answer by Sabrina Shen Wednesday, September 28, 2011 8:41 AM
    Friday, September 23, 2011 1:49 PM
  • As someone that has never been in mixed mode I can tell you that you need to have a good person managing the CA.  Hopefully your company already has a CA setup.  If not you can use external certs with some modifications but as previously state Native mode can be a beast to troubleshoot.  It will also put a larger strain on the Primary's because all traffic is encrypted and must be decrypted by the server.  It adds a level of security that some people want but the biggest advantage is the internet based MP.  CA is part of a PKI infrastructure. 

    You need to do several things to move to Native mode. http://technet.microsoft.com/en-us/library/bb680464.aspx  using Fully Quallified Domain Names is also required so hopefully this is supported inside your network.

    It all comes down to what you want to accomplish and what security measures you want.  Otherwise you can stay in Mixed mode and upgrade to Native at a later date.


    http://www.sccm-tools.com http://sms-hints-tricks.blogspot.com
    • Marked as answer by Sabrina Shen Wednesday, September 28, 2011 8:41 AM
    Friday, September 23, 2011 3:36 PM