locked
Site design question RRS feed

  • Question

  • Hi All,

     I am looking at the possibility of designing a SCCM environment which for the most part is spread across two seperate networks which only connect back to each other a few times a month.

    What I am trying to achieve is having a remote site be managed by SCCM with regards to OS deployment, security patches and application updates etc and have technicians on site connect to the console and do basic management of collections and deployments. The tricky part comes into it when we need to maintain a replica of the remote site via a SCCM instance at head office.

    So if we download new patches, application updates, change deployment baselines and OS deployment task sequence then they can flow down to the remote site SCCM instance.

    The difficulty is the remote site only has physical connectivity back to head office once maybe twice a month during an outage window. My first thought would be to set up a CAS site and have two primary sites with one being at the remote location and one at head office. But because I haven’t deployed a CAS site before I am not sure what level of manageability each of the two primary sites have. At this stage I do not know if both sites are going to be sharing an AD domain or separated by two untrusted forests.

    So I suppose my question is would the remote primary site still continue to operate to a suitable level even though for the most part it will be disconnect from the CAS server?

    Would any changes we make at the head office primary site flow down to the remote location primary site with out to many issues once connectivity is restored e.g replication, time out errors?

    Please let me know if any of the above is unclear and thank you very much for your help.


    • Edited by DannyH26 Monday, January 18, 2016 7:17 AM
    Monday, January 18, 2016 4:42 AM

Answers

  • CAS and Primaries should be well connected. Also keep in mind that a full DRS replication will occur after x days (configurable, but can't remember that max. setting) of replication being down. A CAS and multiple primaries also need a two-way trust.
    You can set up a MP (with a  SQL replica) and DP in an untrusted forest, but you should test first what will happen if they are disconnected for such a long time.


    Torsten Meringer | http://www.mssccmfaq.de

    Monday, January 18, 2016 7:26 AM
  • Honestly and unfortunately for your scenario, ConfigMgr was not designed for disconnected scenarios like this. Using a CAS will certainly not work at Torsten pointed out and even an MP with SQL replica will be problematic at best -- I can't imagine it actually working. Your only true option here is two separate primary sites. You can then use the import/export functionality to minimize duplication of effort between the two sites and thus create "things" on one and export them to the other via media or the network.

    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Marked as answer by DannyH26 Monday, January 18, 2016 11:50 PM
    Monday, January 18, 2016 4:38 PM
  • The architecture of ConfigMgr CB (currently at build 1511) -- there is no such thing ConfigMgr 2016 and never will be -- does not fundamentally change to allow management of disconnected or even sporadically connected locations. I understand the intention of having a CAS, but it's just not a realistic goal for this type of scenario. Connectivity is always an assumption for management in ConfigMgr; no connectivity, no management.

    If you could schedule connectivity on a daily basis, you *may* be able to get a remote MP and SQL Replica to work for certain scenarios. I can't imaging it working reliably though or with any actual effectiveness.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Marked as answer by DannyH26 Monday, January 18, 2016 11:50 PM
    Monday, January 18, 2016 11:14 PM

All replies

  • CAS and Primaries should be well connected. Also keep in mind that a full DRS replication will occur after x days (configurable, but can't remember that max. setting) of replication being down. A CAS and multiple primaries also need a two-way trust.
    You can set up a MP (with a  SQL replica) and DP in an untrusted forest, but you should test first what will happen if they are disconnected for such a long time.


    Torsten Meringer | http://www.mssccmfaq.de

    Monday, January 18, 2016 7:26 AM
  • Honestly and unfortunately for your scenario, ConfigMgr was not designed for disconnected scenarios like this. Using a CAS will certainly not work at Torsten pointed out and even an MP with SQL replica will be problematic at best -- I can't imagine it actually working. Your only true option here is two separate primary sites. You can then use the import/export functionality to minimize duplication of effort between the two sites and thus create "things" on one and export them to the other via media or the network.

    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Marked as answer by DannyH26 Monday, January 18, 2016 11:50 PM
    Monday, January 18, 2016 4:38 PM
  • Thanks Torsten / Jason for your response. I kind of suspected it might be a long shot and I have since found out that connectivity of both networks could be scheduled to almost daily or a few times a week so I don't suppose that would change any thing? If a hard requirement is that there is a two way trust established then I think that is a show shopper because I don't think that is a possibility.  I have played around with the import and export functions and I know I can load WSUS patches / TS via Powershell but the intention of the CAS site was to manage both sites from the console.

    This site will not be going live for a while so is there any new features / architecture in SCCM 1511 or 2016 which might help?

    Thanks again for helping out.

     
    Monday, January 18, 2016 10:59 PM
  • The architecture of ConfigMgr CB (currently at build 1511) -- there is no such thing ConfigMgr 2016 and never will be -- does not fundamentally change to allow management of disconnected or even sporadically connected locations. I understand the intention of having a CAS, but it's just not a realistic goal for this type of scenario. Connectivity is always an assumption for management in ConfigMgr; no connectivity, no management.

    If you could schedule connectivity on a daily basis, you *may* be able to get a remote MP and SQL Replica to work for certain scenarios. I can't imaging it working reliably though or with any actual effectiveness.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Marked as answer by DannyH26 Monday, January 18, 2016 11:50 PM
    Monday, January 18, 2016 11:14 PM
  • I am looking to create a robust environment so after reading your comments I can put the idea of a CAS to bed I appreciate your honest feedback . So I will turn my efforts towards automating the importing / exporting process. I haven't read much about the new builds of SCCM so I thought I would ask the question.

    Thanks again.

    Monday, January 18, 2016 11:50 PM