locked
SCCM 2012 SP1, multiple SUP roles. Design question. RRS feed

  • Question

  • Hi

    We have a customer that are moving all of there IT infrastructure to our datacenter. At the customers locations there will be installed one physical server to handle DHCP, Read-Only DC and so on. 

    I'm responsible for looking at the SCCM portion of the project. What we want to accomplish is that, we want at the datacenter the SCCM Primary Site server and at the customer locations we want to be able to distribute Software Updates to clients from that location that they client are currently in. This is because don't want all of the clients to download software update content directly from the datacenter over the VPN tunnel.

    I've been looking at the documentation and found the following on the matter and want to hear is you have any comments on this design.

    What I have thought about:

    - At the customer locations I'll install a SCCM Secondary Sites on each server that's on the customer premises.

    - Install the SUP and DP role on the Secondary Sites.

    - Create Distribution Groups with all of the DP points in it.

    Would this be the correct way to do accomplish it?

    Kind Regards

    Hans Chr. Andersen

    Monday, October 14, 2013 7:23 AM

Answers

  • What we want to accomplish is that, we want at the datacenter the SCCM Primary Site server and at the customer locations ...


    So "datacenter" and "customer location" are equal domain-wise? If so: you could place the standalone primary site server in the datacenter and a DP, MP and SUP at the customer's location.

    Torsten Meringer | http://www.mssccmfaq.de


    Monday, October 14, 2013 8:21 AM
  • Clients do not download software updates from the software update point. Clients only receive software update metadata from the software update point. Update content is downloaded from distribution points.

    Installing a secondary site will most likely generate more traffic through sql replication then you will see from those clients retrieving software update metadata once per week.

    without knowing specifically the number of clients in each remote site and the available bandwidth etc at each site, my guess (seeing as you have 200 clients in total) is that you will be fine with a single software update point at the datacentre and a distribution point at each remote site. Depending if the remote sites have a local internet break out you could also consider a cloud based DP.

    Monday, October 14, 2013 9:20 AM

All replies

  • What about the number of clients, forest/domain/trust configuration(s)?

    Torsten Meringer | http://www.mssccmfaq.de

    Monday, October 14, 2013 7:51 AM
  • They are 200 clients in total.
    There are only one single domain with no trust to other domains.

    Monday, October 14, 2013 8:02 AM
  • What we want to accomplish is that, we want at the datacenter the SCCM Primary Site server and at the customer locations ...


    So "datacenter" and "customer location" are equal domain-wise? If so: you could place the standalone primary site server in the datacenter and a DP, MP and SUP at the customer's location.

    Torsten Meringer | http://www.mssccmfaq.de


    Monday, October 14, 2013 8:21 AM
  • Yes, datacenter and customer location are in the same domain. 

    Okay, so you don't need to have a Secondary Site to get the clients to download software updates from the customer location?

    I just understood from the SCCM documentation that in order to control bandwith and get clients to use the other SUP roles you would need a secondary site. If you didn't the SUP role would only be a fail-tolerant if the main SUP role failed. Or am I wrong?

    Monday, October 14, 2013 8:27 AM
  • Secondary sites should be used if upward traffic is a concern, but 200 clients do not produce a huge amount.
    You can also set up multiple SUPs (per primary), but I think that this might be overkill for 200 clients only.

    Torsten Meringer | http://www.mssccmfaq.de

    Monday, October 14, 2013 9:11 AM
  • Clients do not download software updates from the software update point. Clients only receive software update metadata from the software update point. Update content is downloaded from distribution points.

    Installing a secondary site will most likely generate more traffic through sql replication then you will see from those clients retrieving software update metadata once per week.

    without knowing specifically the number of clients in each remote site and the available bandwidth etc at each site, my guess (seeing as you have 200 clients in total) is that you will be fine with a single software update point at the datacentre and a distribution point at each remote site. Depending if the remote sites have a local internet break out you could also consider a cloud based DP.

    Monday, October 14, 2013 9:20 AM
  • Okay, if it's only meta data that will be downloaded from the Primary Site, then it's okay. 

    So I'm good with only deploying the DP role to the customer location servers and distributing the software updates to them. Then the clients will pick up the software update or other application packages from the local DP. If i understand you correctly?

    Monday, October 14, 2013 11:35 AM
  • That's correct. Alternative - as already mentioned: place the client facing roles (MP, DP, SUP) in the customer's location.

    Torsten Meringer | http://www.mssccmfaq.de

    Monday, October 14, 2013 12:07 PM