What is the process of building a primary site for Config Manager 2012? RRS feed

  • Question

  • Hello All,

                I am an SCCM engineer. My organization has one Config Mgr 2012 Central Administration Site and three primary sites.

    I am assigned for this project and I have to build a new Primary Site.

    Introduction : They are  looking to extend the existing configuration management environment to provide the same functionality as in the Corporate environment. 

    Business Requirements: 

    • To manage SCCM clients (desktops and laptops) that are part of the SDE Dev, Build and Test Extension networks.
    • To provide same SCCM functionality in SDE environment (specific location yet to be confirmed)  as is available today in Corporate environment.
    • To utilize the existing SCCM infrastructure and processes wherever possible in order to simply management.
    • The solution should be scalable to cater for any future growth (other locations to be part of the SDE environment) either naturally or via acquisitions without the need to re-architect the environment.
    • The solution needs to provide a secure management, patching and machine build/rebuild environment.
    • To provide access to SDE SCCM administrator(s) only to SDE specific objects in the SCCM console. No other SCCM console users/administrators should have access to the SDE objects.

    Technical Requirements:

    • The Configuration Manager Site systems should only be deployed on a virtual platform.
    • To utilize an existing PKI setup to create certificates to be used for the SDE environment.
    • To configure site system roles to utilize certificates for communication with the endpoints.
    • The capability to simplify and enhance administrative tasks, processes and procedures related to the management of SDE endpoints without the need to introduce over-engineered and complex workflows.
    • The capability to manage and enforce role-based access policies and user-based delegation to the administrative tools.
    • The capability to install and build a bare-metal endpoint with a Windows based operating system over the SDE network via a PXE boot mechanism.
    • Discovery and capture of hardware information related to the endpoints that exist in SDE.
    • Discovery and capture of software information related to installed application packages and their version and type.
    • The capability to remotely control managed endpoints from a central administration point (subject to end-user authorisation) and without need to install any additional software packages.
    • The capability to deploy updates and hotfixes to managed workstations and endpoints through an automated and policy-based workflow using SCCM and WSUS.

    This is the overview. I do no have any idea where to start. 

    May I know the process of accomplishing this task and any additional information that can be found on the internet?

    Thanks In advance.

    Thursday, September 10, 2015 8:41 PM


All replies

  • Hi,

    The current latest version of Configuration Manager now supports 150 000 clients (2012 R2 SP1 or 2012 SP2), unless you have more clients than this then there is no real need for a CAS.

    I would check out the Windows noob guides, they are really well put together and have loads of great information.


    You can use role based administration to limit who has access to what.

    for PKi setups I always use this website


    It is exactly the same wording as the technet site but with the added bonus of pictures.

    Setup a lab first, get a little familiar with installing a primary site.

    • Edited by Richard.Knight Thursday, September 10, 2015 9:35 PM
    • Proposed as answer by Joyce L Monday, September 21, 2015 9:59 AM
    • Marked as answer by Joyce L Wednesday, September 30, 2015 8:26 AM
    Thursday, September 10, 2015 9:24 PM
  • Thanks Richard..  I will work on these guides. My organization has around 30000 clients.

    They want me to install a primary site. I guess it is all in the link you provided.


    Monday, September 14, 2015 3:48 PM
  • Thanks Richard..  I will work on these guides. My organization has around 30000 clients.

    They want me to install a primary site. I guess it is all in the link you provided.


    Like already noted, with those numbers you definitely do not need CAS.
    Wednesday, September 16, 2015 2:39 AM
  • While there is a fair bit of information there there needs to be some clarification.

    1) are: SDE Dev, Build and Test Extension networks in a different domain and forest from Corporate?

    2) Are these networks Fire-walled off from the corporate environment?

    3) Is the primary just supposed to be a new primary added to the existing CAS?

    4) is this to be separate to meet some government compliance requirements that would cause challenges if it applied to the whole environment?

    If these are all within the same network as the existing systems, there should not really be a need to spin up another Primary.  As long as the systems can be identified in some manner to place them into appropriate collections (naming standard, AD attribute, Domain) it should be possible to segregate the systems in the existing hierarchy using role based administration and collection limiting.


    Wednesday, September 16, 2015 3:24 AM