locked
Secondary Site vs. Distribution Point for untrusted domain RRS feed

  • Question

  • hello, I want to migrate from sccm 2007 to 2012 and wonder how to manage this :

    I have 8 untrusted AD with less than 100 clients (hosted servers for external companies ).

    Actually the sccm 2007 design is -

    a central primary site in the corporate domain

    8 child primary sites (one in each untrusted domain) - Firewall between the untrusted  domains and corporate domain allowing only the child site server to talk with the corporate site.

    I think that a site for less than 100 machines is overwhelming, so I wonder if I can achive the same goal with only a DP with the  MP role

      but I read that it is not possible to "assign" a mp to a set of client only - so maybe impossible to avoid corporate client trying to talk to the MP in untrusted domain?

    Security doesn't want to open firewall for all clients in untrusted site to Talk to the corporate MP.

    So is it possible with a secondary site ? (but I read :you can't have a hierachy spanning untrusted domains/Forest in 2012. Only site systems (not sites) can be deployed in untrusted forests/domains).

    Is there another solution , or Am I missing something ?

    Thanks in advance


    Eric Delmotte



    Friday, February 1, 2013 4:53 PM

Answers

All replies