locked
SCCM 2012 - Deploy Endpoint Updates via SCCM Client - within Customer Cloud RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Architecture:

    Hyper-V Infra running 2012 (not R2)

    Management VLAN with SCCM 2012 SP1 installed within own Management domain

    VMM Managed Customer domain - not trusted and on a different VLAN - we cannot setup a trust

    Guys,

    I need to deploy an SCCM client from our Management domain onto VMs hosted in the Customers domain which is not trusted. We are responsible for patching and AV updating the Customer VMs within our cloud environment. Anyone got a walkthrough or any good instructions on how I go about doing this? What ports do I need to open between the VLANs, how I get the client on there, how I get the Customer VMs within a collection in SCCM etc.

    Doesn't seem to be easy but surely its doable?!?

    Many thanks

    Wednesday, December 11, 2013 11:36 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    The first I would say is to be very careful about the words you choose as there is some ambiguity in your above description that makes a huge difference. For example you said "trust": are you talking about domain trusts? From the context I'd say no, but that's not clear. You also said "domain", do you really mean domain in a separated untrusted forest? Also, just because it's a separate VLAN doesn't imply traffic can't flow -- I suspect that's your intention of saying it's not trusted, but it's honestly not clear.

    This all sounds like semantics, but it truly, truly does make a difference in how things are architected.

    Another important piece of information needed is whether there is any NATing going between the VLANs and whether or not there will be additional VLANs with similar requirements.

    Jason | http://blog.configmgrftw.com

    Thursday, December 12, 2013 2:24 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Jason,

    We are the hosting company, so we have our own forest.

    Our customer is provisioned - vanilla built VMs, they then setup their own forest on an allocated VLAN. No NATing at the moment and yes we will be adding further Customers onto the Cloud as and when, so need a repeatable solution.

    Basically I want to:

    Discover systems outside of the "Management" VLAN within SCCM

    Deploy client to discovered VMs

    Deploy SCEP updates

    Thursday, December 12, 2013 5:06 PM