locked
SCCM 2012 CAS Server required? RRS feed

  • General discussion

  • Hi,

    Appreciate some advice please.

    I am trying to determine if I need a CAS Server or not. Some say I don't if I don't have more than 100,000 clients but I think I do due to geographical / bandwidth issues.

    This is my environment: I have 3 sites.

    Site one is head office - the primary site where most of our IT team is based.

    Site two is geographically quite close and is connected by a 10M link with low latency. There are only a dozen clients in this site so this site could easily run off the primary site.

    Site three is geographically quite distant so latency is quite high and there are quite a few clients in this site - about 60. There is an IPSEC VPN connection to this site.

    I want the ability to have a Software Update point in the third site so that all windows updates are downloaded direct to this site and do not have to come from site across the VPN to preserve WAN bandwidth.

    I also want the ability to manage the third site separately. I don't want to have to duplicate effort for software distribution though so I want the ability to create packages in the primary site but apply them to the third site and have them transferred to a DP in the third site.

    In SCCM 2007 this would be a Child Primary Site configuration.

    I think for 2012 I require a CAS, a primary site in site one and a primary site in site two to achieve this.

    I believe this will allow me to achieve the requirements I have set out above. 

    Can someone please confirm that I do need a CAS to achieve this?

    Thanks,

    Paul

    Friday, October 19, 2012 2:45 AM

All replies

  • I don't think, you've any requirement to have (if I understand you correctly) a CAS. Stand alone primary server along with Remote DPs or Secondary server (if you're very concerned about the site THREE upward flow - status msgs, Delta Inventory etc...) would be sufficient. 

    More detailed post is available from Rob HERE


    Anoop C Nair - @anoopmannur :: MY Site:  www.AnoopCNair.com :: FaceBook:  ConfigMgr(SCCM) Page :: Linkedin:  Linkedin<

    Friday, October 19, 2012 3:33 AM
  • Agree with Anoop, you don't need a CAS in your environment.

    Primary sites are not for bandwidth management anymore, neither they are for administrative delegation. In 2012, primary sites are just units of scale. Unless you plan to reach 100k clients, you need a Primary site and two DPs in your remote sites.

    Windows update binaries are downloaded from a DP, not from SUP. Clients talk to SUP, however, to retrieve update metadata. This is not much WAN traffic, but if you want to isolate even this, consider installing a secondary site in your site three.

    Use RBAC for delegation of administration for site three. You can create a scope (a collection) with site three clients, and delegate control for separate management of site three, while being able to centrally manage the whole environment.

    Hope this helps.


    Andy

    Friday, October 19, 2012 3:56 AM
  • Thanks for your response Anoop.

    ok - data flow was my main concern - as well as duplication of effort so that is taken care of.

    We have an administrator in the remote office. With this topology, I assume this remote administrator will need to use the console in the primary site to manage clients in his site - such as deploying software updates?


    Friday, October 19, 2012 4:32 AM
  • We have an administrator in the remote office. With this topology, I assume this remote administrator will need to use the console in the primary site to manage clients in his site - such as deploying software updates?


    The best option to have console access via RDS or Citrix.

    Anoop C Nair - @anoopmannur :: MY Site:  www.AnoopCNair.com :: FaceBook:  ConfigMgr(SCCM) Page :: Linkedin:  Linkedin<

    Friday, October 19, 2012 4:57 AM
  • No need for a CAS, as Anoop is suggestiong use RDP or another remote solution when accessing the console.

    Kent Agerlund | My blogs: blog.coretech.dk/kea and SCUG.dk/ | Twitter: @Agerlund | Linkedin: Kent Agerlund | Mastering ConfigMgr 2012 The Fundamentals

    Friday, October 19, 2012 5:48 AM
  • So if I install a secondary site in site three, that will give me the ability to have a SUP in that office which will allow me to download updates direct to that secondary server and not have to transfer them from the primary server?

    This was a problem with my initial design in 2007 and I ended up having to change the server in site three to be a child primary site so that I could download the updates directly from the internet to that server.

    So if someone can please confirm that, I would really appreciate it.

    Thanks

    Monday, October 22, 2012 4:46 AM
  • Software Updates (binaries) are downloaded from DP. Meta data is download from WSUS data base for the first scan after that it will download only additional; meta data. 

    Anoop C Nair - @anoopmannur :: MY Site:  www.AnoopCNair.com :: FaceBook:  ConfigMgr(SCCM) Page :: Linkedin:  Linkedin<

    Monday, October 22, 2012 6:52 AM